16 Nov
2023
16 Nov
'23
4:36 p.m.
Hi, I am trying to register an endpoint as follows:
REGISTER sip:siptest.booger.net SIP/2.0
Via: SIP/2.0/UDP X.X.X.X.76:31114;branch=z9hG4bK223420485;rport
From: sip:1720XXXXXXX@siptest.booger.net;tag=962873337
To: sip:1720XXXXXXX@siptest.booger.net
Call-ID: 2053687751-32761-1(a)EH.BJI.BAE.HG
CSeq: 2067 REGISTER
Contact:
sip:1720XXXXXXX@X.X.X.X:31114;reg-id=2;+sip.instance="<urn:uuid:00000000-0000-1000-8000-000B82A1C58B>"
Authorization: Digest username="654fe87c-67ff-42dd-8d5e-79786a99713c",
realm="siptest.booger.net", nonce="ZVaJtmVWiIrsuWc5hkzM3MUUUs8MgRFR",
uri=sip:siptest.booger.net, response="119a3b6426cdcfa037bf1825b69139a5",
algorithm=MD5
X-Grandstream-PBX: true
Max-Forwards: 70
User-Agent: Grandstream GXP2170 1.0.11.64
Supported: path
Expires: 120
MAC: 00:0b:82:a1:c5:8b
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER, UPDATE, MESSAGE
Content-Length: 0
Note that the Authorization username differs from the To-From username. This is
intentional, as I am testing use of randomly generated credential .
This worked with this endpoint directly against Asterisk, for instance.
However, registering against Kamailio now, I am getting:
Nov 16 21:24:26 vs-rs01 /usr/sbin/kamailio[584855]: DEBUG: {1 2067 REGISTER
2053687751-32761-1(a)EH.BJI.BAE.HG} auth_db [authorize.c:503]: auth_check(): authentication
username mismatch with from/to username
Even though I have this set in the config:
if (!auth_check("$fd", "subscriber", 0)) { // default
1, change to 0 to skip check
0 is supposed to mean no user checks performed.
I am doing this because I want to use the complex credentials for authentication, but want
the endpoint to tell me the phone number in an INVITE to/from, instead of putting in the
extremely long credential.
Is there a way to get Kamailio to accept different SIP User ID and Authentication ID
fields?
Thanks,
Jawaid
17 Nov
17 Nov
3:01 a.m.
Hello,
according to the module docs it should be:
if (!auth_check("$fd", "subscriber", “0”)) { //
default 1, change to 0 to skip check
You missed some quotes in your example below. Please give it a try.
Cheers,
Henning
From: Jawaid Bazyar via sr-users <sr-users(a)lists.kamailio.org>
Sent: Donnerstag, 16. November 2023 22:37
To: SRList SRList via sr-users <sr-users(a)lists.kamailio.org>
Cc: Jawaid Bazyar <bazyar(a)gmail.com>
Subject: [SR-Users] auth_check : sip user / authentication user mismatch
Hi, I am trying to register an endpoint as follows:
REGISTER sip:siptest.booger.net SIP/2.0
Via: SIP/2.0/UDP X.X.X.X.76:31114;branch=z9hG4bK223420485;rport
From: sip:1720XXXXXXX@siptest.booger.net;tag=962873337
To: sip:1720XXXXXXX@siptest.booger.net
Call-ID: 2053687751-32761-1@EH.BJI.BAE.HG<mailto:2053687751-32761-1@EH.BJI.BAE.HG>
CSeq: 2067 REGISTER
Contact:
sip:1720XXXXXXX@X.X.X.X:31114;reg-id=2;+sip.instance="<urn:uuid:00000000-0000-1000-8000-000B82A1C58B>"
Authorization: Digest username="654fe87c-67ff-42dd-8d5e-79786a99713c",
realm="siptest.booger.net", nonce="ZVaJtmVWiIrsuWc5hkzM3MUUUs8MgRFR",
uri=sip:siptest.booger.net, response="119a3b6426cdcfa037bf1825b69139a5",
algorithm=MD5
X-Grandstream-PBX: true
Max-Forwards: 70
User-Agent: Grandstream GXP2170 1.0.11.64
Supported: path
Expires: 120
MAC: 00:0b:82:a1:c5:8b
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER, UPDATE,
MESSAGE
Content-Length: 0
Note that the Authorization username differs from the To-From username. This is
intentional, as I am testing use of randomly generated credential .
This worked with this endpoint directly against Asterisk, for instance.
However, registering against Kamailio now, I am getting:
Nov 16 21:24:26 vs-rs01 /usr/sbin/kamailio[584855]: DEBUG: {1 2067 REGISTER
2053687751-32761-1@EH.BJI.BAE.HG<mailto:2053687751-32761-1@EH.BJI.BAE.HG>} auth_db
[authorize.c:503]: auth_check(): authentication username mismatch with from/to username
Even though I have this set in the config:
if (!auth_check("$fd", "subscriber", 0)) { // default
1, change to 0 to skip check
0 is supposed to mean no user checks performed.
I am doing this because I want to use the complex credentials for authentication, but want
the endpoint to tell me the phone number in an INVITE to/from, instead of putting in the
extremely long credential.
Is there a way to get Kamailio to accept different SIP User ID and Authentication ID
fields?
Thanks,
Jawaid
9:25 a.m.
Hi Henning,
I’m a numbskull – I was editing the wrong config file.
Thanks for your help!
Jawaid
From: Henning Westerholt <hw(a)gilawa.com>
Date: Friday, November 17, 2023 at 3:01 AM
To: SRList SRList via sr-users <sr-users(a)lists.kamailio.org>
Cc: Jawaid Bazyar <bazyar(a)gmail.com>
Subject: RE: auth_check : sip user / authentication user mismatch
Hello,
according to the module docs it should be:
if (!auth_check("$fd", "subscriber", “0”)) { //
default 1, change to 0 to skip check
You missed some quotes in your example below. Please give it a try.
Cheers,
Henning
From: Jawaid Bazyar via sr-users <sr-users(a)lists.kamailio.org>
Sent: Donnerstag, 16. November 2023 22:37
To: SRList SRList via sr-users <sr-users(a)lists.kamailio.org>
Cc: Jawaid Bazyar <bazyar(a)gmail.com>
Subject: [SR-Users] auth_check : sip user / authentication user mismatch
Hi, I am trying to register an endpoint as follows:
REGISTER sip:siptest.booger.net SIP/2.0
Via: SIP/2.0/UDP X.X.X.X.76:31114;branch=z9hG4bK223420485;rport
From: sip:1720XXXXXXX@siptest.booger.net;tag=962873337
To: sip:1720XXXXXXX@siptest.booger.net
Call-ID: 2053687751-32761-1(a)EH.BJI.BAE.HG
CSeq: 2067 REGISTER
Contact:
sip:1720XXXXXXX@X.X.X.X:31114;reg-id=2;+sip.instance="<urn:uuid:00000000-0000-1000-8000-000B82A1C58B>"
Authorization: Digest username="654fe87c-67ff-42dd-8d5e-79786a99713c",
realm="siptest.booger.net", nonce="ZVaJtmVWiIrsuWc5hkzM3MUUUs8MgRFR",
uri=sip:siptest.booger.net, response="119a3b6426cdcfa037bf1825b69139a5",
algorithm=MD5
X-Grandstream-PBX: true
Max-Forwards: 70
User-Agent: Grandstream GXP2170 1.0.11.64
Supported: path
Expires: 120
MAC: 00:0b:82:a1:c5:8b
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER, UPDATE, MESSAGE
Content-Length: 0
Note that the Authorization username differs from the To-From username. This is
intentional, as I am testing use of randomly generated credential .
This worked with this endpoint directly against Asterisk, for instance.
However, registering against Kamailio now, I am getting:
Nov 16 21:24:26 vs-rs01 /usr/sbin/kamailio[584855]: DEBUG: {1 2067 REGISTER
2053687751-32761-1(a)EH.BJI.BAE.HG} auth_db [authorize.c:503]: auth_check(): authentication
username mismatch with from/to username
Even though I have this set in the config:
if (!auth_check("$fd", "subscriber", 0)) { // default
1, change to 0 to skip check
0 is supposed to mean no user checks performed.
I am doing this because I want to use the complex credentials for authentication, but want
the endpoint to tell me the phone number in an INVITE to/from, instead of putting in the
extremely long credential.
Is there a way to get Kamailio to accept different SIP User ID and Authentication ID
fields?
Thanks,
Jawaid
415
days inactive
416
days old
2 comments
2 participants
participants (2)
-
Henning Westerholt -
Jawaid Bazyar