Hi All I have a typical requirement, where I have a forwarding SBC between an endpoint and kamailio as shown below.
Endpoint ----> SBC ------> Kamailio
From endpoint I am sending REGISTER request. It reaches SBC. SBC sends the
REGISTER request to Kamailio, Kamailio challenges it (401), and challenge response is received at endpoint through SBC.
Next endpoint adds authorization header and sends REGISTER to SBC, SBC forwards it to Kamailio.
Now Kamailio again responds with 401.
When we analysed Kamailio logs, we can see Kamailio log authorization response token and response token that was sent by Endpoint are same.
So my question is, why Kamailio sends 401 repeatedly even if it received proper Authorization header.
Is it because Kamailio received REGISTER from IP address different from endpoint.
Please guide, how can I avoid this issue.
Thanks Austin
On Monday 14 September 2015 11:22:10 Austin Einter wrote:
So my question is, why Kamailio sends 401 repeatedly even if it received proper Authorization header.
Log the return code from the *_authenticate function and see why kamailio is challenging again (e.g. http://kamailio.org/docs/modules/stable/modules/auth_db.html#auth_db.f.www_a... )
I took SBC from my test scenario. Then I found same issue, Kamalio challanges repeatedly.
One of the reason I suspect is, in my case for REGISTER message to uri and from uri are different. Can that cause Kamailio to challenge it repeatedly.
Thanks Austin
On Mon, Sep 14, 2015 at 11:22 AM, Austin Einter austin.einter@gmail.com wrote:
Hi All I have a typical requirement, where I have a forwarding SBC between an endpoint and kamailio as shown below.
Endpoint ----> SBC ------> Kamailio
From endpoint I am sending REGISTER request. It reaches SBC. SBC sends the REGISTER request to Kamailio, Kamailio challenges it (401), and challenge response is received at endpoint through SBC.
Next endpoint adds authorization header and sends REGISTER to SBC, SBC forwards it to Kamailio.
Now Kamailio again responds with 401.
When we analysed Kamailio logs, we can see Kamailio log authorization response token and response token that was sent by Endpoint are same.
So my question is, why Kamailio sends 401 repeatedly even if it received proper Authorization header.
Is it because Kamailio received REGISTER from IP address different from endpoint.
Please guide, how can I avoid this issue.
Thanks Austin
I took SBC *out* from my test scenario. So it is just endpoint -> Kamailio.
Then I found same issue, Kamalio challanges repeatedly.
One of the reason I suspect is, in my case for REGISTER message to uri and from uri are different. Can that cause Kamailio to challenge it repeatedly.
On Mon, Sep 14, 2015 at 6:36 PM, Austin Einter austin.einter@gmail.com wrote:
I took SBC from my test scenario. Then I found same issue, Kamalio challanges repeatedly.
One of the reason I suspect is, in my case for REGISTER message to uri and from uri are different. Can that cause Kamailio to challenge it repeatedly.
Thanks Austin
On Mon, Sep 14, 2015 at 11:22 AM, Austin Einter austin.einter@gmail.com wrote:
Hi All I have a typical requirement, where I have a forwarding SBC between an endpoint and kamailio as shown below.
Endpoint ----> SBC ------> Kamailio
From endpoint I am sending REGISTER request. It reaches SBC. SBC sends the REGISTER request to Kamailio, Kamailio challenges it (401), and challenge response is received at endpoint through SBC.
Next endpoint adds authorization header and sends REGISTER to SBC, SBC forwards it to Kamailio.
Now Kamailio again responds with 401.
When we analysed Kamailio logs, we can see Kamailio log authorization response token and response token that was sent by Endpoint are same.
So my question is, why Kamailio sends 401 repeatedly even if it received proper Authorization header.
Is it because Kamailio received REGISTER from IP address different from endpoint.
Please guide, how can I avoid this issue.
Thanks Austin
Hi! Daniel suggested you the right way to understand what is going on.
Use something like this (use your appropriate PV instead of mine), and the reason of repeatedly challenging will reveal to you:
if (!pv_www_authenticate("$td", "$avp(password)", "0")) { $var(retcode) = $retcode; xlog("L_WARN", "www_authenticate error for user [ $au ], retcode: $retcode\n") }
Cheers!
-- View this message in context: http://sip-router.1086192.n5.nabble.com/Authentication-issue-during-registra... Sent from the Users mailing list archive at Nabble.com.
-
Austin Einter -
Daniel Tryba -
Vasiliy Ganchev