Hi Henning,

 

Iā€™m a numbskull ā€“ I was editing the wrong config file.

 

Thanks for your help!

 

Jawaid

 

 

From: Henning Westerholt <hw@gilawa.com>
Date: Friday, November 17, 2023 at 3:01 AM
To: SRList SRList via sr-users <sr-users@lists.kamailio.org>
Cc: Jawaid Bazyar <bazyar@gmail.com>
Subject: RE: auth_check : sip user / authentication user mismatch

 

Hello,

 

according to the module docs it should be:

 

                if (!auth_check("$fd", "subscriber", ā€œ0ā€)) { // default 1, change to 0 to skip check

 

You missed some quotes in your example below. Please give it a try.

 

Cheers,

 

Henning

 

From: Jawaid Bazyar via sr-users <sr-users@lists.kamailio.org>
Sent: Donnerstag, 16. November 2023 22:37
To: SRList SRList via sr-users <sr-users@lists.kamailio.org>
Cc: Jawaid Bazyar <bazyar@gmail.com>
Subject: [SR-Users] auth_check : sip user / authentication user mismatch

 

Hi, I am trying to register an endpoint as follows:

 

REGISTER sip:siptest.booger.net SIP/2.0

Via: SIP/2.0/UDP X.X.X.X.76:31114;branch=z9hG4bK223420485;rport

From: sip:1720XXXXXXX@siptest.booger.net;tag=962873337

To: sip:1720XXXXXXX@siptest.booger.net

Call-ID: 2053687751-32761-1@EH.BJI.BAE.HG

CSeq: 2067 REGISTER

Contact: sip:1720XXXXXXX@X.X.X.X:31114;reg-id=2;+sip.instance="<urn:uuid:00000000-0000-1000-8000-000B82A1C58B>"

Authorization: Digest username="654fe87c-67ff-42dd-8d5e-79786a99713c", realm="siptest.booger.net", nonce="ZVaJtmVWiIrsuWc5hkzM3MUUUs8MgRFR", uri=sip:siptest.booger.net, response="119a3b6426cdcfa037bf1825b69139a5", algorithm=MD5

X-Grandstream-PBX: true

Max-Forwards: 70

User-Agent: Grandstream GXP2170 1.0.11.64

Supported: path

Expires: 120

MAC: 00:0b:82:a1:c5:8b

Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER, UPDATE, MESSAGE

Content-Length: 0

 

Note that the Authorization username differs from the To-From username. This is intentional, as I am testing use of randomly generated credential .

This worked with this endpoint directly against Asterisk, for instance.


However, registering against Kamailio now, I am getting:

 

Nov 16 21:24:26 vs-rs01 /usr/sbin/kamailio[584855]: DEBUG: {1 2067 REGISTER 2053687751-32761-1@EH.BJI.BAE.HG} auth_db [authorize.c:503]: auth_check(): authentication username mismatch with from/to username

 

Even though I have this set in the config:

 

                if (!auth_check("$fd", "subscriber", 0)) { // default 1, change to 0 to skip check

 

0 is supposed to mean no user checks performed.

 

I am doing this because I want to use the complex credentials for authentication, but want the endpoint to tell me the phone number in an INVITE to/from, instead of putting in the extremely long credential.

 

Is there a way to get Kamailio to accept different SIP User ID and Authentication ID fields?

 

Thanks,

 

Jawaid