[OpenSIPS-Users] Error in auth module

Bogdan-Andrei Iancu bogdan at voice-system.ro
Thu Jun 11 09:06:55 CEST 2009 

Hi Iñaki,

have you check with ngrep if the second REGISTER (with the same nonce) 
is by chance a retransmission of the first one ? maybe everuthing is ok, 
you just have retransmissions and they generated the nonce re-used problem.

Regards,
Bogdan

Sergio Gutierrez wrote:
> Hello Iñaki.
>
> Thanks for your answer.
>
> I am facing the problem both with Grandstream HT-487 and with Zoiper 
> softphone.
>
> Thanks and regards.
>
> Sergio.
>
> On Wed, Jun 10, 2009 at 4:12 PM, Iñaki Baz Castillo <ibc at aliax.net 
> <mailto:ibc at aliax.net>> wrote:
>
>     El Miércoles, 10 de Junio de 2009, Sergio Gutierrez escribió:
>     > Hello to all members.
>     >
>     > I am running OpenSIPS 1.5.1 with MySQL authentication and
>     authorization
>     > backend; after some minutes of running, I am getting the
>     following error in
>     > log:
>     >
>     > Jun 10 16:00:55 [25744] DBG:auth:reserve_nonce_index: second= 13,
>     > sec_monit= 1,  index= 5
>     > Jun 10 16:00:55 [25744] DBG:auth:build_auth_hf: nonce index= 5
>     > Jun 10 16:00:55 [25744] DBG:auth:build_auth_hf:
>     'Proxy-Authenticate: Digest
>     > realm="200.13.225.250",
>     > nonce="4a2f928500000005acf87663581a317e2716f2ae64017424"
>     > Jun 10 16:00:55 [25744] DBG:auth:check_nonce: comparing
>     > [4a2f928500000005acf87663581a317e2716f2ae64017424] and
>     > [4a2f928500000005acf87663581a317e2716f2ae64017424]
>     > Jun 10 16:00:55 [25744] DBG:auth:post_auth: nonce index= 5
>     > Jun 10 16:00:55 [25744] DBG:auth:check_nonce: comparing
>     > [4a2f928500000005acf87663581a317e2716f2ae64017424] and
>     > [4a2f928500000005acf87663581a317e2716f2ae64017424]
>     > Jun 10 16:00:55 [25744] DBG:auth:post_auth: nonce index= 5
>     > Jun 10 16:00:55 [25744] DBG:auth:is_nonce_index_valid: nonce
>     already used
>     > Jun 10 16:00:55 [25744] DBG:auth:post_auth: nonce index not valid
>     >
>     > With this, calls fail as I am checking authorization at INVITE.
>     Register
>     > works without any problem.
>     >
>     > Any hint on this?
>
>     It means that, even if the digest response is valid, it's has been
>     already
>     used (most probably by the same UA). This is configurable in
>     OpenSIPS: you can
>     set OpenSIPS to allow multiple usage of same digest response or not.
>
>     Usually, a SIP device sends a request, receives a challenge,
>     generates the
>     digest response and resends the same requests with credentials.
>     The next time the device sends a request, it directly adds the
>     previous
>     credentials. The server can accept it (since it's valid and hasn't
>     yet expires
>     in the server) or can refuse it by replying 401/407 with a new
>     digest nonce.
>     Then the UA should generate a new request containing credentials
>     according to
>     this nonce.
>
>     Your UA seems not to do it. Which phone are you using?
>
>
>
>
>     --
>     Iñaki Baz Castillo <ibc at aliax.net <mailto:ibc at aliax.net>>
>
>     _______________________________________________
>     Users mailing list
>     Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
>
> -- 
> Sergio Gutiérrez
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

More information about the Users mailing list