Thanks for the update. I did notice that parameter, but I don't want to disable it. I guess for now I will just accept the higher load of authing every register. I also found that I had a device that was not behaving right either. I will look into this one further. Sorry for the flood of emails, I was really banging my head the other day on this one.<br>
<br>-dg<br>
<br><br><div class="gmail_quote">On Fri, Apr 2, 2010 at 11:38 PM, Bogdan-Andrei Iancu <span dir="ltr"><<a href="mailto:bogdan@voice-system.ro">bogdan@voice-system.ro</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Hi Daniel,<br>
<br>
it it because the nonce reusage - opensips (by default) uses a nonce for<br>
a single authentication, after that it reports it as stale.<br>
If you want to disable this behaviour (to enable nonce reusage), see the<br>
auth param "disable_nonce_check" :<br>
<a href="http://www.opensips.org/html/docs/modules/1.6.x/auth.html#id228317" target="_blank">http://www.opensips.org/html/docs/modules/1.6.x/auth.html#id228317</a><br>
<br>
Regards,<br>
Bogdan<br>
<div class="im"><br>
Daniel Goepp wrote:<br>
> Ah...I see what that retcode is anyway, 2^32 = 4294967296, so those<br>
> are really just -4 first, no credentials, then -3 stale nonce<br>
><br>
> -dg<br>
><br>
><br>
> On Fri, Apr 2, 2010 at 1:50 PM, Daniel Goepp <<a href="mailto:dan@goepp.net">dan@goepp.net</a><br>
</div><div class="im">> <mailto:<a href="mailto:dan@goepp.net">dan@goepp.net</a>>> wrote:<br>
> ><br>
> > A quick follow up on this, I enabled some logging, but the retcode<br>
> is not making any sense to me (probably because I'm using it wrong).<br>
> ><br>
> > From my config:<br>
> ><br>
> > xlog ("REGISTER $fu");<br>
> > # authenticate the REGISTER requests (uncomment to<br>
> enable auth)<br>
> > if (!www_authorize("", "subscriber"))<br>
> > {<br>
> > xlog ("Not authorized - challenging, error:<br>
> $retcode");<br>
> > www_challenge("", "1");<br>
> > exit;<br>
> > }<br>
> ><br>
> > Then in the log:<br>
> ><br>
> > Apr 2 13:49:38 ip-10-160-23-47 /usr/local/sbin/opensips[30180]:<br>
</div>> REGISTER <a href="mailto:sip%3A1001@vidtel.com">sip:1001@vidtel.com</a> <mailto:<a href="mailto:sip%253A1001@vidtel.com">sip%3A1001@vidtel.com</a>><br>
<div class="im">> > Apr 2 13:49:38 ip-10-160-23-47 /usr/local/sbin/opensips[30180]: Not<br>
> authorized - challenging, error: 4294967293<br>
> > Apr 2 13:49:38 ip-10-160-23-47 /usr/local/sbin/opensips[30182]:<br>
</div>> REGISTER <a href="mailto:sip%3A1001@vidtel.com">sip:1001@vidtel.com</a> <mailto:<a href="mailto:sip%253A1001@vidtel.com">sip%3A1001@vidtel.com</a>><br>
<div class="im">> > Apr 2 13:49:58 ip-10-160-23-47 /usr/local/sbin/opensips[30180]:<br>
</div>> REGISTER <a href="mailto:sip%3A1001@vidtel.com">sip:1001@vidtel.com</a> <mailto:<a href="mailto:sip%253A1001@vidtel.com">sip%3A1001@vidtel.com</a>><br>
<div class="im">> > Apr 2 13:50:18 ip-10-160-23-47 /usr/local/sbin/opensips[30182]:<br>
</div>> REGISTER <a href="mailto:sip%3A1001@vidtel.com">sip:1001@vidtel.com</a> <mailto:<a href="mailto:sip%253A1001@vidtel.com">sip%3A1001@vidtel.com</a>><br>
<div class="im">> > Apr 2 13:50:18 ip-10-160-23-47 /usr/local/sbin/opensips[30182]: Not<br>
> authorized - challenging, error: 4294967292<br>
> > Apr 2 13:50:18 ip-10-160-23-47 /usr/local/sbin/opensips[30180]:<br>
</div>> REGISTER <a href="mailto:sip%3A1001@vidtel.com">sip:1001@vidtel.com</a> <mailto:<a href="mailto:sip%253A1001@vidtel.com">sip%3A1001@vidtel.com</a>><br>
<div class="im">> > Apr 2 13:50:38 ip-10-160-23-47 /usr/local/sbin/opensips[30182]:<br>
</div>> REGISTER <a href="mailto:sip%3A1001@vidtel.com">sip:1001@vidtel.com</a> <mailto:<a href="mailto:sip%253A1001@vidtel.com">sip%3A1001@vidtel.com</a>><br>
<div class="im">> > Apr 2 13:50:58 ip-10-160-23-47 /usr/local/sbin/opensips[30180]:<br>
</div>> REGISTER <a href="mailto:sip%3A1001@vidtel.com">sip:1001@vidtel.com</a> <mailto:<a href="mailto:sip%253A1001@vidtel.com">sip%3A1001@vidtel.com</a>><br>
<div class="im">> > Apr 2 13:50:58 ip-10-160-23-47 /usr/local/sbin/opensips[30180]: Not<br>
> authorized - challenging, error: 4294967292<br>
> > Apr 2 13:50:58 ip-10-160-23-47 /usr/local/sbin/opensips[30182]:<br>
</div>> REGISTER <a href="mailto:sip%3A1001@vidtel.com">sip:1001@vidtel.com</a> <mailto:<a href="mailto:sip%253A1001@vidtel.com">sip%3A1001@vidtel.com</a>><br>
<div class="im">> ><br>
> > Also I'm running 1.6.2-tls compiled today from latest 1_6 branch in SVN.<br>
> ><br>
> > -dg<br>
> ><br>
> ><br>
> > On Fri, Apr 2, 2010 at 1:40 PM, Daniel Goepp <<a href="mailto:dan@goepp.net">dan@goepp.net</a><br>
</div><div class="im">> <mailto:<a href="mailto:dan@goepp.net">dan@goepp.net</a>>> wrote:<br>
> >><br>
> >> I'm having some trouble with nonce expiring I believe. The problem<br>
> is that every other one of my endpoint registrations is doing an auth<br>
> challenge w/401.<br>
> >><br>
> >> From my config:<br>
> >> modparam("registrar", "default_expires", 60)<br>
> >> modparam("registrar", "min_expires", 60)<br>
> >> modparam("registrar", "max_expires", 60<br>
> >><br>
> >> modparam("auth", "nonce_expire", 3600)<br>
> >><br>
> >> From this I would expect the devices to try to register every 60<br>
> seconds, and get challenged every hour with a new nonce.<br>
> >><br>
> >> Comments on why OpenSIPS is challenging every other registration?<br>
> >><br>
> >> Thanks<br>
> >><br>
> >> -dg<br>
> ><br>
><br>
</div>> ------------------------------------------------------------------------<br>
><br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
><br>
<br>
<br>
--<br>
Bogdan-Andrei Iancu<br>
<a href="http://www.voice-system.ro" target="_blank">www.voice-system.ro</a><br>
<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote></div><br>