<div dir="ltr">Hi List, <div><br></div><div>I'm trying to make the SIP Registering working for my customers with two Opensips 1.9 servers sharing the same DNS name.</div><div><br></div><div>Here is a schematic : </div>
<div><br></div><div> /=====> Registrar Server 1</div><div>SIP Phone =====> Access SBC </div><div> \=====> Registrar Server 2</div>
<div><br></div><div><br></div><div>I've got the same opensips.cfg on both servers, and here are some interesting points of the config : </div><div><br></div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
loadmodule "auth_db.so"<br># ----- auth_db params -----<br>modparam("auth_db", "calculate_ha1", yes)<br>modparam("auth_db", "use_domain", no)<br>modparam("auth_db", "user_column", "username")<br>
modparam("auth_db", "password_column", "password")<br>modparam("auth_db", "password_column_2", "ha1b")<br>modparam("auth_db", "db_url","mysql://****************************************** ")<br>
modparam("auth_db", "load_credentials", "$avp(password)=password")<br><br># ----------------- module auth ---------------<br>loadmodule "auth.so"<br># ----- auth params -----<br>modparam("auth","username_spec","$var(username)")<br>
modparam("auth","password_spec","$avp(password)")<br>modparam("auth","calculate_ha1",1)<br><b>modparam("auth","disable_nonce_check", 1)</b></blockquote>
<div><br></div><div><br></div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
if (is_method("REGISTER"))<br> {<br> xlog("L_INFO","$ci -- New REGISTER received from $si with Contact : $ct\n");<br> <br> if (!www_authorize("", "subscriber"))<br>
{<br> if ($rc < 0)<br> {<br> switch ($rc)<br> {<br> case -5:<br> xlog("L_INFO","$ci -- REGISTER Failed because of : Generic Error");<br>
break;<br> case -4:<br> xlog("L_INFO","$ci -- REGISTER Failed because of : No Credentials");<br> break;<br> case -3:<br>
xlog("L_INFO","$ci -- REGISTER Failed because of : Stale nonce");<br> break;<br> case -2:<br> xlog("L_INFO","$ci -- REGISTER Failed because of : Valid User but Wrong Password");<br>
break;<br> case -1:<br> xlog("L_INFO","$ci -- REGISTER Failed because of : Invalid User");<br> break;<br> }<br>
}<br> www_challenge("", "0");<br> exit;<br> }<br><br> if (!save("location"))<br> {<br> xlog("L_INFO","$ci -- error with save_location from $au\n");<br>
}<br> else<br> {<br> xlog("L_INFO","$ci -- save_location is OK from $au\n");<br> }<br><br> exit;<br> }</blockquote></div><div><br></div><div><br></div>
<div>So, as you can see, I configured the auth module with "disable_nonce_check" parameter, because of my "loadbalanced" architecture as it's said in the documentation (<a href="http://www.opensips.org/html/docs/modules/1.9.x/auth.html#id250075">http://www.opensips.org/html/docs/modules/1.9.x/auth.html#id250075</a>) .</div>
<div><br></div><div>But, when a SIP Phone tries to register, the first Register (without any credentials) is sent to the 1st Registrar. It's answered with a 401 Unauthorized containing a nonce.</div><div>Then, the 2nd Register (with credentials, and the previously given nonce) is sent to the 2nd Registrar; but it's still answered with a 401. </div>
<div><br></div><div>Thanks to the return code of www_authorize, I see that it's for the "Stale Nonce" reason, even if "disable_nonce_check" is set to 1 ...</div><div><br></div><div>Maybe there's a misconfiguration, or a bug; so, I need your help :-)</div>
<div><br></div><div>Thanks a lot, </div><div><br></div><div><br clear="all"><div><b><div><span style="font-weight:normal">Bien cordialement, </span></div><div><span style="font-weight:normal">Best Regards, </span></div><div>
<span style="font-weight:normal"><br></span></div></b><b>Kevin MATHY</b> |<b> </b>Ingénieur VoIP<br><div><div><b><br></b></div></div></div>
</div></div>
<br>
<img src="http://www.hexanet.fr/sites/files/hexanet/files/20130205_signature_hexanet.gif">