[OpenSIPS-Users] Cannot get registration to work with v3.2.8??

Bogdan-Andrei Iancu bogdan at opensips.org
Tue Sep 6 08:40:46 UTC 2022


Hi Bob,

The key log is this one:
Aug 30 18:19:05 [17809] DBG:auth:pre_auth: credentials with given realm 
not found

Basically OpenSIPS says it does not find the "digilink.net" realm in the 
provided auth header in REGISTER. As a quick experiment, could you use 
the empty string "" for realm (instead of "digilink.net") in the 
www_authorize/challenge() functions ?

Best regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
   https://www.opensips.org/events/Summit-2022Athens/

On 8/31/22 4:31 AM, Bob Atkins wrote:
> Hi.
>
> Have been a long time OpenSER user in a production environment.
> I managed to convert to OpenSIPS v3.2.8 on a CentOS 7 system and is 
> working based on IP authentication however, I just cannot get sip 
> registrations to work that used to work fine with OpenSER. I'm using a 
> SPA112 running 1.4.1(SR5) as a test device. This device registers just 
> fine with Asterisk and OpenSER v1.1 with exactly the same credentials 
> but no matter what I have tried it just won't register with OpenSIPS 
> v3.2.8.
>
> I am using auth_db and mysql. I have verified that all sql data is 
> correct.
>
> I have been banging my head against the screen for hours to no avail.
>
> In reviewing the debug and log output I can clearly see that something 
> is wrong because the user name and domain are both <null>?
>
> www_authorize returns [-4] which means (no credentials) - credentials 
> were not found in request.
>
> There is no reason why the credentials should not be there - they have 
> certainly not been consumed before this point.
>
> This same device registers just fine with /_*exactly *_/the same 
> credentials to both OpenSER v1.1 and asterisk servers.
>
> Would be grateful if anyone can shed some light on this because it 
> seems to me that something inside auth or auth_db is broken and not 
> extracting the registration credentials from the REGISTER message.
>
> This code worked just fine in OpenSER v1.1
>
> if (method=="REGISTER") {
>    #xlog("L_INFO","[$rm][$ft][$tt] Processing registration");
>    if (!www_authorize("digilink.net", "subscriber")) {
>    #xlog("L_INFO","[$rm][$ft][$tt] Challenging peer");
>     www_challenge("digilink.net", "0");
>     exit;
> };
>
> xlog("L_INFO","[$rm][$ft][$tt] Registered $fu from $si");
> save("location");
> exit;
> };
>
> This is the code in the OpenSIPS 3.2.8 config that is failing:
>
> Here are the module loads and various defines:
>
> loadmodule "options.so"
> loadmodule "textops.so"
> #### SIGNALING module
> loadmodule "signaling.so"
>
> #### StateLess module
> loadmodule "sl.so"
>
> #### Transaction Module
> loadmodule "tm.so"
> modparam("tm", "enable_stats", 1)
> modparam("tm", "fr_timeout", 9)
> modparam("tm", "fr_inv_timeout", 120)
> modparam("tm", "restart_fr_on_each_reply", 0)
> modparam("tm", "onreply_avp_mode", 1)
>
> #### Record Route Module
> loadmodule "rr.so"
> /* do not append from tag to the RR */
> modparam("rr", "append_fromtag", 1)
>
> loadmodule "uac.so"
> #modparam("uac","restore_mode","auto")
> modparam("uac","rr_from_store_param","dns_uac_param")
> modparam("uac","restore_mode","none")
>
> #### MAX ForWarD module
> loadmodule "maxfwd.so"
>
> #### SIP MSG OPerationS module
> loadmodule "sipmsgops.so"
>
> #### FIFO Management Interface
> loadmodule "mi_fifo.so"
> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
> modparam("mi_fifo", "fifo_mode", 0666)
>
> #### USeR LOCation module
> loadmodule "usrloc.so"
> modparam("usrloc", "nat_bflag", "NAT")
> modparam("usrloc", "working_mode_preset", 
> "single-instance-sql-write-back")
> modparam("usrloc", "db_url", "mysql://opensips:??????@localhost/opensips")
>
> loadmodule "nathelper.so"
> modparam("nathelper", "received_avp", "$avp(rcv)")
> modparam("nathelper", "natping_interval", 30) # Ping interval 30 s
> modparam("nathelper", "ping_nated_only", 1)    # Ping only clients 
> behind NAT
>
> #### MYSQL module
> loadmodule "db_mysql.so"
>
> loadmodule "avpops.so"
>
> #### AUTH Db module
> loadmodule "auth.so"
> loadmodule "auth_db.so"
> modparam("auth_db", "calculate_ha1", 1)
> modparam("auth_db", "user_column", "username")
> modparam("auth_db", "password_column", "password")
> modparam("auth_db", "use_domain", 0)
> modparam("auth_db", "db_url", 
> "mysql://opensips:??????@localhost/opensips")
> modparam("auth_db", "load_credentials", "")
>
> #### REGISTRAR module
> loadmodule "registrar.so"
> modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")
> modparam("registrar", "min_expires", 120)
> modparam("registrar", "max_expires", 3600)
> modparam("registrar", "default_expires", 3600)
> modparam("registrar", "max_contacts", 5)
> modparam("registrar", "received_avp", "$avp(rcv)")
>
> #### Pike DOS protection
> loadmodule "pike.so"
> modparam("pike", "sampling_time_unit", 3)
> modparam("pike", "reqs_density_per_unit", 20)
>
> #### DIALOG module
> loadmodule "dialog.so"
> modparam("dialog", "dlg_match_mode", 1)
> modparam("dialog", "default_timeout", 21600)  # 6 hours timeout
> modparam("dialog", "db_mode", 0)
> modparam("dialog", "profiles_with_value", "trunkCalls")
>
> #### ACCounting module
> loadmodule "acc.so"
> /* what special events should be accounted ? */
> modparam("acc", "report_cancels", 1)
> modparam("acc", "early_media", 1)
> /* by default we do not adjust the direct of the sequential requests.
>    if you enable this parameter, be sure to enable "append_fromtag"
>    in "rr" module */
> modparam("acc", "detect_direction", 0)
> modparam("acc", "acc_callid_column", "sip_callid")
> modparam("acc", "acc_sip_code_column", "sip_status")
> modparam("acc", "acc_method_column", "sip_method")
> modparam("acc", "acc_to_tag_column", "totag")
> modparam("acc", "acc_from_tag_column", "fromtag")
> modparam("acc", "extra_fields", "db:sip_from; sip_to; in_uri; out_uri; 
> username; from_uri; to_uri; domain; du")
> modparam("acc", "db_url", "mysql://opensips:??????@localhost/opensips")
> loadmodule "proto_udp.so"
>
> ---- [snip] ----
>
> if (is_method("REGISTER")) {
>     xlog("L_INFO", "REGISTER: [$tu] request");
>     xlog("L_INFO","[$rm][$ft][$tt] Processing registration");
>
>     $var(x)=www_authorize("digilink.net", "subscriber");
>     xlog("L_INFO", "REGISTER: www_authorize returned [$var(x)] to 
> authenticate with [$rU]$ru credential");
>     if (!$var(x)) {
>         xlog("L_INFO","[$rm][$ft][$tt] Challenging peer");
>         www_challenge("digilink.net", "auth,auth-int", 
> "MD5,MD5-sess,SHA-256,SHA-256-sess");
>         exit;
>     } else {
>         xlog("L_ALERT", "REGISTER: URI [$tu] - FAILED");
>         xlog("L_ALERT", "REGISTER: URI [$tu] - FAILED! User is not 
> authorized to authenticate with [$rU]$ru credential");
>         exit;
>     }
>
>     xlog("L_INFO", "REGISTER: URI [$tu] - Succeeded");
>     xlog("L_INFO","[$rm][$ft][$tt] Registered $fu from $si");
>     save("location");
>     exit;
> }
> Debug out shows:
>
> Aug 30 18:19:05 [17809] DBG:core:parse_msg: SIP Request:
> Aug 30 18:19:05 [17809] DBG:core:parse_msg:  method: <REGISTER>
> Aug 30 18:19:05 [17809] DBG:core:parse_msg:  uri: <sip:23.253.166.155>
> Aug 30 18:19:05 [17809] DBG:core:parse_msg:  version: <SIP/2.0>
> Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=ffffffffffffffff
> Aug 30 18:19:05 [17809] DBG:core:parse_via_param: found param type 
> 232, <branch> = <z9hG4bK-18367abe>; state=16
> Aug 30 18:19:05 [17809] DBG:core:parse_via: end of header reached, state=5
> Aug 30 18:19:05 [17809] DBG:core:parse_headers: via found, 
> flags=ffffffffffffffff
> Aug 30 18:19:05 [17809] DBG:core:parse_headers: this is the first via
> Aug 30 18:19:05 [17809] DBG:core:_parse_to: end of header reached, 
> state=10
> Aug 30 18:19:05 [17809] DBG:core:_parse_to: display={"PPC Fax"}, 
> ruri={sip:3105738133 at 23.253.166.155}
> Aug 30 18:19:05 [17809] DBG:core:get_hdr_field: <To> [43]; 
> uri=[sip:3105738133 at 23.253.166.155]
> Aug 30 18:19:05 [17809] DBG:core:get_hdr_field: to body ["PPC Fax" 
> <sip:3105738133 at 23.253.166.155>
> ]
> Aug 30 18:19:05 [17809] DBG:core:get_hdr_field: cseq <CSeq>: <86682> 
> <REGISTER>
> Aug 30 18:19:05 [17809] DBG:core:get_hdr_field: content_length=0
> Aug 30 18:19:05 [17809] DBG:core:get_hdr_field: found end of header
> Aug 30 18:19:05 [17809] DBG:core:receive_msg: After parse_msg...
> Aug 30 18:19:05 [17809] DBG:core:receive_msg: preparing to run routing 
> scripts...
> Aug 30 18:19:05 [17809] DBG:pike:mark_node: search on branch 205 
> (top=0x7fde48de8f80)
> Aug 30 18:19:05 [17809] DBG:pike:mark_node: only first 1 were matched!
> Aug 30 18:19:05 [17809] DBG:pike:pike_check_req: src IP 
> [205.147.62.19],node=0x7fde48de8f80; hits=[3,1],[0,0] node_flags=2 
> func_flags=8
> Aug 30 18:19:05 [17809] DBG:maxfwd:is_maxfwd_present: value = 70
> Aug 30 18:19:05 [17809] DBG:core:parse_to_param: tag=1584d16f8a45809ao1
> Aug 30 18:19:05 [17809] DBG:core:parse_to_param: end of header 
> reached, state=11
> Aug 30 18:19:05 [17809] DBG:core:_parse_to: end of header reached, 
> state=29
> Aug 30 18:19:05 [17809] DBG:core:_parse_to: display={"PPC Fax"}, 
> ruri={sip:3105738133 at 23.253.166.155}
> Aug 30 18:19:05 [17809] SIP message size: 572 bytesAug 30 18:19:05 
> [17809] DBG:core:comp_scriptvar: int 27: 572 / 2048
> Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=78
> Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=200
> Aug 30 18:19:05 [17809] DBG:rr:find_first_route: No Route headers found
> Aug 30 18:19:05 [17809] DBG:rr:loose_route: There is no Route HF
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20: 205.147.62.19
> Aug 30 18:19:05 [17809] Unknown source [205.147.62.19]: 
> [sip:3105738133 at 23.253.166.155] request
> Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=ffffffffffffffff
> Aug 30 18:19:05 [17809] DBG:core:parse_params: Parsing params 
> for:[expires=300]
> Aug 30 18:19:05 [17809] REGISTER: [sip:3105738133 at 23.253.166.155] 
> request from sip:23.253.166.155 at 205.147.62.19
> Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=14000
> Aug 30 18:19:05 [17809] DBG:core:pv_get_authattr: no 
> [Proxy-]Authorization header
> Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=14000
> Aug 30 18:19:05 [17809] DBG:core:pv_get_authattr: no 
> [Proxy-]Authorization header
> Aug 30 18:19:05 [17809] 
> [REGISTER][1584d16f8a45809ao1][<null>]@[<null>] - Processing registration
> Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=4000
> Aug 30 18:19:05 [17809] DBG:auth:pre_auth: credentials with given 
> realm not found
> Aug 30 18:19:05 [17809] REGISTER: www_authorize returned [-4] to 
> authenticate with [<null>]sip:23.253.166.155 credential
> Aug 30 18:19:05 [17809] REGISTER: URI [sip:3105738133 at 23.253.166.155] 
> - FAILEDAug 30 18:19:05 [17809] REGISTER: URI 
> [sip:3105738133 at 23.253.166.155] - FAILED! User is not authorized to 
> authenticate with [<null>]sip:23.253.166.155 credential
> Aug 30 18:19:05 [17809] DBG:core:destroy_avp_list: destroying list (nil)
> Aug 30 18:19:05 [17809] DBG:core:receive_msg: cleaning up
>
>
> ----
>
>
>
> Thank you,
> Bob
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220906/90bf7d87/attachment-0001.html>


More information about the Users mailing list