[OpenSIPS-Users] Cannot get registration to work with v3.2.8??
Bela H
hobe69 at hotmail.com
Thu Sep 8 07:39:01 UTC 2022
Bob,
OpenSIPS calculates: HA1 field in DB is an MD5 hash of "username:domain:password"
At least works for me 😉
From: Bob Atkins<mailto:bob at digilink.net>
Sent: Thursday, 8 September 2022 19:32
To: Bogdan-Andrei Iancu<mailto:bogdan at opensips.org>; OpenSIPS users mailling list<mailto:users at lists.opensips.org>
Subject: Re: [OpenSIPS-Users] Cannot get registration to work with v3.2.8??
Iancu,
I'm not sure what the point of this would be. Even if it showed that OpenSIPS was calculating incorrectly - then what?
The device registers just fine with both asterisk and OpenSER v1.1 with exactly the same parameters.
The device is calculating the response correctly for 2 other systems.
OpenSIPS is clearly getting it wrong. The question is why? Or even how. This is a pretty basic calculation.
---
Bob
On 9/7/2022 11:16 PM, Bogdan-Andrei Iancu wrote:
Hi Bob,
Use the below to double check which party is failing in computing the right auth response.
https://openplatform.xyz/sip_register_digest_authentication.html
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Summit 27-30 Sept 2022, Athens
https://www.opensips.org/events/Summit-2022Athens/
On 9/7/22 10:46 PM, Bob Atkins wrote:
Iancu,
Thank you!! You identified the problem. Turns out that I had failed to add the IP for the OpenSIPS proxy to a firewall that was blocking the response from this new sip server (facepalm) to the device :-(
So, once I fixed the firewall I thought that would be it... Not my luck.
Now it is challenging and rejecting! The HA1 is failing to compare! But the passwords are correct! Now I am really mystified.
I created identical DB entries for this unit in both the original OpenSER system and the OpenSIPS system.
Registration to the OpenSER system works perfectly - HA1 validates. When I change the sip server to the new system, to OpenSIPS system fails due to mismatched HA1. Whaaa.... ?!?!
Mismatched HA1 would imply a password failure but I have absolutely, positively verified the passwords in both database entries and the only thing I change on the device is the sip server. It should just register on the new system. I have attached packet capture of the transaction between the device and teh OpenSIPSs system.
I have absolutely, positively copied and pasted (no trailing nl or spaces) and verified that the passwords are the same in both databases and also the same on the device.
OpenSER DB subscriber entery
phplib_id
username
domain
password
first_name
last_name
phone
email_address
datetime_created
datetime_modified
confirmation
flag
sendnotification
greeting
ha1
ha1b
allow_find
timezone
rpid
domn
uuid
customerID
customerName
3105738133
3105738133
digilink.net
XXXXXXXX
PPC Home
Fax
3105738133
7/5/2012 16:36
11/7/2021 13:58
o
0
\N
\N
\N
\N
72
DigiLink Internet Services
OpenSIPS DB subscriber entry
id
username
domain
password
cr_preferred_carrier
first_name
last_name
phone
email_address
datetime_created
datetime_modified
confirmation
flag
sendnotification
greeting
allow_find
timezone
customerID
customerName
ha1
ha1_sha256
ha1_sha512t256
rpid
1
3105738133
digidial
XXXXXXXX
\N
PPC Home
Fax
3105738133
bob at planeparts.com<mailto:bob at planeparts.com>
7/5/2012 16:36
11/7/2021 13:58
0
72
DigiLink Internet Services
\N
Registration code:
OpenSER system:
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
if (method=="REGISTER") {
#xlog("L_INFO","[$rm][$ft][$tt] Processing registration");
if (!www_authorize("digilink.net", "subscriber")) {
#xlog("L_INFO","[$rm][$ft][$tt] Challenging peer");
www_challenge("digilink.net", "0");
exit;
};
xlog("L_INFO","[$rm][$ft][$tt] Registered $fu from $si");
save("location");
exit;
};
==============
OpenSIPS system
#### AUTH Db module
loadmodule "auth.so"
loadmodule "auth_db.so"
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "use_domain", 1)
modparam("auth_db", "user_column", "username")
modparam("auth_db", "password_column", "password")
modparam("auth_db", "load_credentials", "")
if (is_method("REGISTER")) {
xlog("L_INFO", "REGISTER: [$tu] request from [$si]");
xlog("L_INFO","[$ft][$au]@[$ad] - Processing registration");
xlog("L_INFO", "REGISTER: www_authorize returned [$var(x)] to authenticate with [$rU]$ru credential");
if (!www_authorize("digilink.net", "subscriber")) {
xlog("L_INFO","CHALLENGE: [$ft][$tt]");
www_challenge("digilink.net","auth","MD5");
exit;
} else {
xlog("L_ALERT", "REGISTER: URI [$tu][$rU]$ru credential from [$si] - FAILED!");
sl_send_reply(403, "Not Authorized!");
exit;
}
xlog("L_INFO", "REGISTER: URI [$tu] - [$rm][$ft][$tt] Registered $fu from $si");
save("location");
exit;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220908/8494bbb6/attachment-0001.html>
More information about the Users
mailing list