[asterisk-bugs] [Asterisk 0012157]: Global Register vs Global Authentication error
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Aug 5 17:56:09 CDT 2008
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=12157
======================================================================
Reported By: csabka
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 12157
Category: Channels/chan_sip/Registration
Reproducibility: always
Severity: major
Priority: normal
Status: new
Asterisk Version: SVN
SVN Branch (only for SVN checkouts, not tarball releases): 1.4
SVN Revision (number only!): 106328
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 2008-03-06 05:28 CST
Last Modified: 2008-08-05 17:56 CDT
======================================================================
Summary: Global Register vs Global Authentication error
Description:
I have a problem with global authentication based on username.
(I've tried also with match_auth_username=yes option, but nothing
changed)
The problem is the following:
I have two SIP account with different password at the same ITSP. If I
register it:
register=<user1>:<secret1>@sip.itsp.dom/<user1>
register=<user2>:<secret2>@sip.itsp.dom/<user2>
It works fine:
sip show registry
Host Username Refresh State
sip.itsp.dom:5060 <user1> 105 Registered
sip.itsp.dom:5060 <user2> 105 Registered
After I delete the secret from the register line, like this:
register=<user1>@sip.itsp.dom/<user1>
register=<user2>@sip.itsp.dom/<user2>
and add global authentication:
[authentication]
auth = <user1>:<secret1>@<realm>
auth = <user2>:<secret2>@<realm>
then:
Host Username Refresh State
sip.itsp.dom:5060 <user1> 105 Registered
sip.itsp.dom:5060 <user2> 120 Auth. Sent
After I change the order of global authentication
[authentication]
auth = <user2>:<secret2>@<realm>
auth = <user1>:<secret1>@<realm>
then:
Host Username Refresh State
sip.itsp.dom:5060 <user1> 120 Auth. Sent
sip.itsp.dom:5060 <user2> 105 Registered
I have also tried if I didn't delete the secret from register, but the
same result as above. Note that the realm is totally different from
sip.itsp.dom.
I found an interesting "solution". If I change my ITSP's password to the
same for all my accounts (user2's secret to the same as user1) then it
works.
Summary: This can only work if user[n] to user[n+1] has the same password:
secret[n]=secret[n+1]
Regards:
Csaba Lack
======================================================================
----------------------------------------------------------------------
(0091116) kpfleming (administrator) - 2008-08-05 17:56
http://bugs.digium.com/view.php?id=12157#c91116
----------------------------------------------------------------------
As Olle has said, this is expected behavior given the design of realm-based
authentication in Asterisk today. The 'user' part of the authentication
information in that section is the name to be provided to the endpoint
requesting authentication; the same username will always be provided to any
endpoint requesting authentication for that realm, regardless of what sort
of connection (REGISTER, INVITE, SUBSCRIBE, etc.) prompted it or which user
account might be associated with that service.
If your provider actually supported realm-based authentication, they would
provide you a single user name that would be used for all your services
with them, and Asterisk could be configured to use that. Since they are
providing separate authentication for each service, you'll have to
configure Asterisk that way.
Issue History
Date Modified Username Field Change
======================================================================
2008-08-05 17:56 kpfleming Note Added: 0091116
======================================================================
More information about the asterisk-bugs
mailing list