[Asterisk-Users] SIP authentication problem

Kurt Bauer bauer at cc.univie.ac.at
Mon Sep 6 03:11:10 MST 2004


Hi,

I have the following setup:

                E100P
  SER <----> * <-----> PBX

This works just fine, except when there are users on both boxes (ie. SER 
and asterisk), whose usernames are the same, although the realm is 
different.

An example:
user 'kb at sip.univie.ac.at' wants to call some extension in the PBX, but as 
user 'kb at troubadix.univie.ac.at' exists too, * tries to authenticate the 
user, which it shouldn't do, at least I guess so.

Shouldn't asterisk differentiate between the realms ie. userA at realm1 != 
userA at realm2 ?

Find attached, the relevant part of the logged sip communication and the 
sip.conf.

If you have any hints, please let me know. Thanks in advance,

best regards,
Kurt


<example sip.log>

Sip read:
INVITE sip:+431427714070 at troubadix.univie.ac.at:5060 SIP/2.0
Max-Forwards: 10
Record-Route: 
<sip:01427714070 at 83.136.32.160;ftag=000cce3a7be800087fd8099f-62cc5396;lr=on>
Via: SIP/2.0/UDP 83.136.32.160;branch=z9hG4bK1cba.998c27f1.0
Via: SIP/2.0/UDP 131.130.220.101:5060;branch=z9hG4bK03521c86
From: "Kurt Bauer" 
<sip:kb at sip.univie.ac.at>;tag=000cce3a7be800087fd8099f-62cc5396
To: <sip:01427714070 at sip.univie.ac.at>
Call-ID: 000cce3a-7be80009-7e283912-7bd31d9c at 131.130.220.101
Date: Mon, 06 Sep 2004 10:01:57 GMT
CSeq: 102 INVITE
User-Agent: CSCO/7
Contact: <sip:kb at 131.130.220.101:5060>
Expires: 180
Content-Type: application/sdp
Content-Length: 253

v=0
o=Cisco-SIPUA 23148 13380 IN IP4 131.130.220.101
s=SIP Call
c=IN IP4 131.130.220.101
t=0 0
m=audio 30596 RTP/AVP 0 8 18 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15

15 headers, 11 lines
Using latest request as basis request
Sending to 83.136.32.160 : 5060 (non-NAT)
Found RTP audio format 0
Found RTP audio format 8
Found RTP audio format 18
Found RTP audio format 101
Peer audio RTP is at port 131.130.220.101:30596
Found description format PCMU
Found description format PCMA
Found description format G729
Found description format telephone-event
Capabilities: us - 0x10f(G723|GSM|ULAW|ALAW|G729A), peer - 
audio=0x10c(ULAW|ALAW|G729A)/video=0x0(EMPTY), combined - 
0x10c(ULAW|ALAW|G729A)
Non-codec capabilities: us - 0x1(G723), peer - 0x1(G723), combined - 
0x0(EMPTY)
Reliably Transmitting (no NAT):
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 83.136.32.160;branch=z9hG4bK1cba.998c27f1.0
Via: SIP/2.0/UDP 131.130.220.101:5060;branch=z9hG4bK03521c86
From: "Kurt Bauer" 
<sip:kb at sip.univie.ac.at>;tag=000cce3a7be800087fd8099f-62cc5396
To: <sip:01427714070 at sip.univie.ac.at>;tag=as6191c2dd
Call-ID: 000cce3a-7be80009-7e283912-7bd31d9c at 131.130.220.101
CSeq: 102 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
Contact: <sip:+431427714070 at 131.130.220.100>
Proxy-Authenticate: Digest realm="troubadix.univie.ac.at", nonce="5276f268"
Content-Length: 0


 to 83.136.32.160:5060
Scheduling destruction of call 
'000cce3a-7be80009-7e283912-7bd31d9c at 131.130.220.101' in 15000 ms
Found user 'kb'
troubadix*CLI>

Sip read:
ACK sip:+431427714070 at troubadix.univie.ac.at:5060 SIP/2.0
Via: SIP/2.0/UDP 83.136.32.160;branch=z9hG4bK1cba.998c27f1.0
From: "Kurt Bauer" 
<sip:kb at sip.univie.ac.at>;tag=000cce3a7be800087fd8099f-62cc5396
Call-ID: 000cce3a-7be80009-7e283912-7bd31d9c at 131.130.220.101
To: <sip:01427714070 at sip.univie.ac.at>;tag=as6191c2dd
CSeq: 102 ACK
User-Agent: Sip EXpress router(0.8.12-tcp_nonb-tls (i386/linux))
Content-Length: 0


8 headers, 0 lines

</example sip.log>

-->note the "SIP/2.0 407 Proxy Authentication Required"


<sip.conf>
;
; SIP Configuration for Asterisk
;
[general]

port=5060
bindaddr=0.0.0.0
realm=troubadix.univie.ac.at
disallow=all
allow=ulaw
allow=alaw
allow=g729
allow=g723.1
allow=gsm
 

 

[at43_in]
type=peer
host=sip.at43.at
context=at43
insecure=very
deny=0.0.0.0/0.0.0.0
permit=83.136.32.160/255.255.255.255

</sip.conf>




More information about the asterisk-users mailing list