<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font face="monospace">Hi Bob,<br>
<br>
The key log is this one:<br>
</font><font face="monospace"><font face="monospace">Aug 30 18:19:05
[17809] DBG:auth:pre_auth: credentials with given realm not
found<br>
<br>
Basically OpenSIPS says it does not find the "</font></font><font
face="monospace"><font face="monospace"><font face="monospace">digilink.net"</font>
realm in the provided auth header in REGISTER. As a quick
experiment, could you use the empty string "" for realm (instead
of </font></font><font face="monospace"><font face="monospace"><font
face="monospace">"digilink.net") in the </font></font></font><font
face="monospace"><font face="monospace"><font face="monospace">www_authorize/challenge</font>()
functions ?<br>
<br>
</font>Best regards,<br>
</font>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com">https://www.opensips-solutions.com</a>
OpenSIPS Summit 27-30 Sept 2022, Athens
<a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2022Athens/">https://www.opensips.org/events/Summit-2022Athens/</a></pre>
<div class="moz-cite-prefix">On 8/31/22 4:31 AM, Bob Atkins wrote:<br>
</div>
<blockquote type="cite"
cite="mid:cc5dc276-86ab-2a1d-42f0-543ee539488f@digilink.net">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
Hi.<br>
<br>
Have been a long time OpenSER user in a production environment.<br>
I managed to convert to OpenSIPS v3.2.8 on a CentOS 7 system and
is working based on IP authentication however, I just cannot get
sip registrations to work that used to work fine with OpenSER. I'm
using a SPA112 running 1.4.1(SR5) as a test device. This device
registers just fine with Asterisk and OpenSER v1.1 with exactly
the same credentials but no matter what I have tried it just won't
register with OpenSIPS v3.2.8.<br>
<br>
I am using auth_db and mysql. I have verified that all sql data is
correct.<br>
<br>
I have been banging my head against the screen for hours to no
avail.<br>
<br>
In reviewing the debug and log output I can clearly see that
something is wrong because the user name and domain are both
<null>? <br>
<br>
www_authorize returns [-4] which means (no credentials) -
credentials were not found in request.<br>
<br>
There is no reason why the credentials should not be there - they
have certainly not been consumed before this point. <br>
<br>
This same device registers just fine with <i><u><b>exactly </b></u></i>the
same credentials to both OpenSER v1.1 and asterisk servers.<br>
<br>
Would be grateful if anyone can shed some light on this because it
seems to me that something inside auth or auth_db is broken and
not extracting the registration credentials from the REGISTER
message.<br>
<br>
This code worked just fine in OpenSER v1.1<br>
<br>
<font face="monospace">if (method=="REGISTER") {<br>
#xlog("L_INFO","[$rm][$ft][$tt] Processing registration");<br>
if (!www_authorize("digilink.net", "subscriber")) {<br>
#xlog("L_INFO","[$rm][$ft][$tt] Challenging peer");<br>
www_challenge("digilink.net", "0");<br>
exit;<br>
};<br>
<br>
xlog("L_INFO","[$rm][$ft][$tt] Registered $fu from $si");<br>
save("location");<br>
exit;<br>
};</font><br>
<br>
This is the code in the OpenSIPS 3.2.8 config that is failing:<br>
<br>
Here are the module loads and various defines:<br>
<br>
<font face="monospace">loadmodule "options.so"<br>
loadmodule "textops.so"<br>
#### SIGNALING module<br>
loadmodule "signaling.so"<br>
<br>
#### StateLess module<br>
loadmodule "sl.so"<br>
<br>
#### Transaction Module<br>
loadmodule "tm.so"<br>
modparam("tm", "enable_stats", 1)<br>
modparam("tm", "fr_timeout", 9)<br>
modparam("tm", "fr_inv_timeout", 120)<br>
modparam("tm", "restart_fr_on_each_reply", 0)<br>
modparam("tm", "onreply_avp_mode", 1)<br>
<br>
#### Record Route Module<br>
loadmodule "rr.so"<br>
/* do not append from tag to the RR */<br>
modparam("rr", "append_fromtag", 1)<br>
<br>
loadmodule "uac.so"<br>
#modparam("uac","restore_mode","auto")<br>
modparam("uac","rr_from_store_param","dns_uac_param")<br>
modparam("uac","restore_mode","none")<br>
<br>
#### MAX ForWarD module<br>
loadmodule "maxfwd.so"<br>
<br>
#### SIP MSG OPerationS module<br>
loadmodule "sipmsgops.so"<br>
<br>
#### FIFO Management Interface<br>
loadmodule "mi_fifo.so"<br>
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")<br>
modparam("mi_fifo", "fifo_mode", 0666)<br>
<br>
#### USeR LOCation module<br>
loadmodule "usrloc.so"<br>
modparam("usrloc", "nat_bflag", "NAT")<br>
modparam("usrloc", "working_mode_preset",
"single-instance-sql-write-back")<br>
modparam("usrloc", "db_url", "mysql://opensips:</font><font
face="monospace"><font face="monospace">??????</font>@localhost/opensips")<br>
<br>
loadmodule "nathelper.so"<br>
modparam("nathelper", "received_avp", "$avp(rcv)")<br>
modparam("nathelper", "natping_interval", 30) # Ping interval 30
s<br>
modparam("nathelper", "ping_nated_only", 1) # Ping only
clients behind NAT<br>
<br>
#### MYSQL module<br>
loadmodule "db_mysql.so"<br>
<br>
loadmodule "avpops.so"<br>
<br>
#### AUTH Db module<br>
loadmodule "auth.so"<br>
loadmodule "auth_db.so"<br>
modparam("auth_db", "calculate_ha1", 1)<br>
modparam("auth_db", "user_column", "username")<br>
modparam("auth_db", "password_column", "password")<br>
modparam("auth_db", "use_domain", 0)<br>
modparam("auth_db", "db_url", "mysql://opensips:</font><font
face="monospace"><font face="monospace">??????</font>@localhost/opensips")<br>
modparam("auth_db", "load_credentials", "")<br>
<br>
#### REGISTRAR module<br>
loadmodule "registrar.so"<br>
modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")<br>
modparam("registrar", "min_expires", 120)<br>
modparam("registrar", "max_expires", 3600)<br>
modparam("registrar", "default_expires", 3600)<br>
modparam("registrar", "max_contacts", 5)<br>
modparam("registrar", "received_avp", "$avp(rcv)")<br>
<br>
#### Pike DOS protection<br>
loadmodule "pike.so"<br>
modparam("pike", "sampling_time_unit", 3)<br>
modparam("pike", "reqs_density_per_unit", 20)<br>
<br>
#### DIALOG module<br>
loadmodule "dialog.so"<br>
modparam("dialog", "dlg_match_mode", 1)<br>
modparam("dialog", "default_timeout", 21600) # 6 hours timeout<br>
modparam("dialog", "db_mode", 0)<br>
modparam("dialog", "profiles_with_value", "trunkCalls")<br>
<br>
#### ACCounting module<br>
loadmodule "acc.so"<br>
/* what special events should be accounted ? */<br>
modparam("acc", "report_cancels", 1)<br>
modparam("acc", "early_media", 1)<br>
/* by default we do not adjust the direct of the sequential
requests.<br>
if you enable this parameter, be sure to enable
"append_fromtag"<br>
in "rr" module */<br>
modparam("acc", "detect_direction", 0)<br>
modparam("acc", "acc_callid_column", "sip_callid")<br>
modparam("acc", "acc_sip_code_column", "sip_status")<br>
modparam("acc", "acc_method_column", "sip_method")<br>
modparam("acc", "acc_to_tag_column", "totag")<br>
modparam("acc", "acc_from_tag_column", "fromtag")<br>
modparam("acc", "extra_fields", "db:sip_from; sip_to; in_uri;
out_uri; username; from_uri; to_uri; domain; du")<br>
modparam("acc", "db_url",
"mysql://opensips:??????@localhost/opensips")<br>
loadmodule "proto_udp.so"<br>
<br>
---- [snip] ----<br>
</font><br>
<font face="monospace">if (is_method("REGISTER")) {<br>
xlog("L_INFO", "REGISTER: [$tu] request");<br>
xlog("L_INFO","[$rm][$ft][$tt] Processing registration");<br>
<br>
$var(x)=www_authorize("digilink.net", "subscriber");<br>
xlog("L_INFO", "REGISTER: www_authorize returned [$var(x)]
to authenticate with [$rU]$ru credential");<br>
if (!$var(x)) {<br>
xlog("L_INFO","[$rm][$ft][$tt] Challenging peer");<br>
www_challenge("digilink.net", "auth,auth-int",
"MD5,MD5-sess,SHA-256,SHA-256-sess");<br>
exit;<br>
} else {<br>
xlog("L_ALERT", "REGISTER: URI [$tu] - FAILED");<br>
xlog("L_ALERT", "REGISTER: URI [$tu] - FAILED! User is
not authorized to authenticate with [$rU]$ru credential");<br>
exit;<br>
}<br>
<br>
xlog("L_INFO", "REGISTER: URI [$tu] - Succeeded");<br>
xlog("L_INFO","[$rm][$ft][$tt] Registered $fu from $si");<br>
save("location");<br>
exit;<br>
}</font><br>
Debug out shows:<br>
<br>
<font face="monospace">Aug 30 18:19:05 [17809] DBG:core:parse_msg:
SIP Request:<br>
Aug 30 18:19:05 [17809] DBG:core:parse_msg: method:
<REGISTER><br>
Aug 30 18:19:05 [17809] DBG:core:parse_msg: uri: <a
class="moz-txt-link-rfc2396E" href="sip:23.253.166.155"
moz-do-not-send="true"><sip:23.253.166.155></a><br>
Aug 30 18:19:05 [17809] DBG:core:parse_msg: version:
<SIP/2.0><br>
Aug 30 18:19:05 [17809] DBG:core:parse_headers:
flags=ffffffffffffffff<br>
Aug 30 18:19:05 [17809] DBG:core:parse_via_param: found param
type 232, <branch> = <z9hG4bK-18367abe>; state=16<br>
Aug 30 18:19:05 [17809] DBG:core:parse_via: end of header
reached, state=5<br>
Aug 30 18:19:05 [17809] DBG:core:parse_headers: via found,
flags=ffffffffffffffff<br>
Aug 30 18:19:05 [17809] DBG:core:parse_headers: this is the
first via<br>
Aug 30 18:19:05 [17809] DBG:core:_parse_to: end of header
reached, state=10<br>
Aug 30 18:19:05 [17809] DBG:core:_parse_to: display={"PPC Fax"},
ruri={<a class="moz-txt-link-freetext"
href="sip:3105738133@23.253.166.155" moz-do-not-send="true">sip:3105738133@23.253.166.155</a>}<br>
Aug 30 18:19:05 [17809] DBG:core:get_hdr_field: <To> [43];
uri=[<a class="moz-txt-link-freetext"
href="sip:3105738133@23.253.166.155" moz-do-not-send="true">sip:3105738133@23.253.166.155</a>]<br>
Aug 30 18:19:05 [17809] DBG:core:get_hdr_field: to body ["PPC
Fax" <a class="moz-txt-link-rfc2396E"
href="sip:3105738133@23.253.166.155" moz-do-not-send="true"><sip:3105738133@23.253.166.155></a><br>
]<br>
Aug 30 18:19:05 [17809] DBG:core:get_hdr_field: cseq
<CSeq>: <86682> <REGISTER><br>
Aug 30 18:19:05 [17809] DBG:core:get_hdr_field: content_length=0<br>
Aug 30 18:19:05 [17809] DBG:core:get_hdr_field: found end of
header<br>
Aug 30 18:19:05 [17809] DBG:core:receive_msg: After parse_msg...<br>
Aug 30 18:19:05 [17809] DBG:core:receive_msg: preparing to run
routing scripts...<br>
Aug 30 18:19:05 [17809] DBG:pike:mark_node: search on branch 205
(top=0x7fde48de8f80)<br>
Aug 30 18:19:05 [17809] DBG:pike:mark_node: only first 1 were
matched!<br>
Aug 30 18:19:05 [17809] DBG:pike:pike_check_req: src IP
[205.147.62.19],node=0x7fde48de8f80; hits=[3,1],[0,0]
node_flags=2 func_flags=8<br>
Aug 30 18:19:05 [17809] DBG:maxfwd:is_maxfwd_present: value = 70<br>
Aug 30 18:19:05 [17809] DBG:core:parse_to_param:
tag=1584d16f8a45809ao1<br>
Aug 30 18:19:05 [17809] DBG:core:parse_to_param: end of header
reached, state=11<br>
Aug 30 18:19:05 [17809] DBG:core:_parse_to: end of header
reached, state=29<br>
Aug 30 18:19:05 [17809] DBG:core:_parse_to: display={"PPC Fax"},
ruri={<a class="moz-txt-link-freetext"
href="sip:3105738133@23.253.166.155" moz-do-not-send="true">sip:3105738133@23.253.166.155</a>}<br>
Aug 30 18:19:05 [17809] SIP message size: 572 bytesAug 30
18:19:05 [17809] DBG:core:comp_scriptvar: int 27: 572 / 2048<br>
Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=78<br>
Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=200<br>
Aug 30 18:19:05 [17809] DBG:rr:find_first_route: No Route
headers found<br>
Aug 30 18:19:05 [17809] DBG:rr:loose_route: There is no Route HF<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:comp_scriptvar: ip 20:
205.147.62.19<br>
Aug 30 18:19:05 [17809] Unknown source [205.147.62.19]: [<a
class="moz-txt-link-freetext"
href="sip:3105738133@23.253.166.155" moz-do-not-send="true">sip:3105738133@23.253.166.155</a>]
request<br>
Aug 30 18:19:05 [17809] DBG:core:parse_headers:
flags=ffffffffffffffff<br>
Aug 30 18:19:05 [17809] DBG:core:parse_params: Parsing params
for:[expires=300]<br>
Aug 30 18:19:05 [17809] REGISTER: [<a
class="moz-txt-link-freetext"
href="sip:3105738133@23.253.166.155" moz-do-not-send="true">sip:3105738133@23.253.166.155</a>]
request from <a class="moz-txt-link-freetext"
href="sip:23.253.166.155" moz-do-not-send="true">sip:23.253.166.155</a>
at 205.147.62.19<br>
Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=14000<br>
Aug 30 18:19:05 [17809] DBG:core:pv_get_authattr: no
[Proxy-]Authorization header<br>
Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=14000<br>
Aug 30 18:19:05 [17809] DBG:core:pv_get_authattr: no
[Proxy-]Authorization header<br>
Aug 30 18:19:05 [17809]
[REGISTER][1584d16f8a45809ao1][<null>]@[<null>] -
Processing registration<br>
Aug 30 18:19:05 [17809] DBG:core:parse_headers: flags=4000<br>
Aug 30 18:19:05 [17809] DBG:auth:pre_auth: credentials with
given realm not found<br>
Aug 30 18:19:05 [17809] REGISTER: www_authorize returned [-4] to
authenticate with [<null>]<a class="moz-txt-link-freetext"
href="sip:23.253.166.155" moz-do-not-send="true">sip:23.253.166.155</a>
credential<br>
Aug 30 18:19:05 [17809] REGISTER: URI [<a
class="moz-txt-link-freetext"
href="sip:3105738133@23.253.166.155" moz-do-not-send="true">sip:3105738133@23.253.166.155</a>]
- FAILEDAug 30 18:19:05 [17809] REGISTER: URI [<a
class="moz-txt-link-freetext"
href="sip:3105738133@23.253.166.155" moz-do-not-send="true">sip:3105738133@23.253.166.155</a>]
- FAILED! User is not authorized to authenticate with
[<null>]<a class="moz-txt-link-freetext"
href="sip:23.253.166.155" moz-do-not-send="true">sip:23.253.166.155</a>
credential<br>
Aug 30 18:19:05 [17809] DBG:core:destroy_avp_list: destroying
list (nil)<br>
Aug 30 18:19:05 [17809] DBG:core:receive_msg: cleaning up<br>
</font><font face="monospace"><br>
</font><br>
----<br>
<br>
<br>
<br>
Thank you,<br>
Bob<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>