[asterisk-users] connecting multiple servers with iax - authentication fails

Benko benkokakao at gmail.com
Mon Oct 9 09:36:48 MST 2006 

Hello!

I'm having a problem which actually looks banal. I'm trying to
connect 3 servers via iax with each other. However, i've not been
successfull so far. Asterisk always tries to authenticate the calling
user with the credentials of the last entry in iax.conf, not the ones
that would actually belong to the calling user.

e.g. Server1 has peer/user entries for Server2 and Server3(in this
order), Server2 now tries to call Server1, but is asked for the
credentials of Server3(Because Server3 is the last entry in iax.conf),
which doesn't work of course.

The IAX debug for this example is attached(iax_server2.txt).

Please also take a look at the attached iax.conf-files for each server,
maybe i've missed some setting...

Currently i workaround this issue by using the same secret for all
servers, this is not very practicable however...

The asterisk versions in use are 1.2.9.1 on server3 and server2 and
1.4.0-beta2 on server1.

This guy seems to have had the same problem, unfortunately he received
no answer:
http://lists.digium.com/pipermail/asterisk-users/2003-August/011960.html


thx 
christian
-------------- next part --------------
[general]
register => server3:12345678 at server2.domain.org
bindport=4569                   ; bindport and bindaddr may be specified

bindaddr=10.1.99.157
bandwidth=high
allow=all
disallow=lpc10

jitterbuffer=no
forcejitterbuffer=no
autokill=yes


[server3]
type=peer
auth=md5
user=server3
secret=thirdsecret321
qualify=yes
host=XXX.XXX.XXX.XXX
context=iax_server3

[server3]
type=user
auth=md5
user=server3
secret=thirdsecret321
qualify=yes
host=XXX.XXX.XXX.XXX
context=iax_server3



[server2]
type=peer
auth=md5
user=server2
secret=othersecret123
qualify=yes
host=XXX.XXX.XXX.XXX
context=iax_server3

[server2]
type=user
auth=md5
user=server2
secret=othersecret123
qualify=yes
host=XXX.XXX.XXX.XXX
context=iax_server3
-------------- next part --------------
[general]
bindport=4569
bindaddr=213.208.4.99
bandwidth=high
allow=all
disallow=lpc10
jitterbuffer=no
forcejitterbuffer=no
tos=lowdelay
autokill=yes

[server1]
type=user
auth=md5
user=server1
secret=othersecret123
qualify=yes
host=dynamic
context=iax_server3

[server1]
type=peer
auth=md5
user=server1
secret=othersecret123
qualify=yes
host=dynamic
context=iax_server3


[server3]
type=user
auth=md5
user=mgw1
secret=12345678
qualify=yes
host=XXX.XXX.XXX.XXX
context=iax_server3

[server3]
type=peer
auth=md5
user=server3
secret=12345678
qualify=yes
host=XXX.XXX.XXX.XXX
context=iax_server3
-------------- next part --------------
[general]
bindport=4569
bindaddr=0.0.0.0
delayreject=yes
bandwidth=high
allow=all                        ; same as bandwidth=high
allow=alaw
disallow=ulaw
disallow=lpc10                  ; Icky sound quality...  Mr. Roboto.
jitterbuffer=no
forcejitterbuffer=no




[server1]
type=peer
auth=md5
secret=thirdsecret321                  ; redundant when already embedded in Dial string
qualify=yes
host=81.XXX.XXX.XXX
user=server1       ; redundant when already embedded in Dial string
context=iax_server1

[server1]
type=user
auth=md5
secret=thirdsecret321                  ; redundant when already embedded in Dial string
qualify=yes
host=81.XXX.XXX.XXX
user=server1       ; redundant when already embedded in Dial string
context=iax_server1




[server2]
type=peer
auth=md5
secret=12345678                  ; redundant when already embedded in Dial string
qualify=yes
host=XXX.XXX.XXX.XXX
user=server2       ; redundant when already embedded in Dial string
context=iax_server3 ;yes, this context is the same as in iax.conf.server2.txt


[server2]
type=user
auth=md5
secret=12345678                  ; redundant when already embedded in Dial string
qualify=yes
host=XXX.XXX.XXX.XXX
user=server2       ; redundant when already embedded in Dial string
context=iax_server3 ;yes, this context is the same as in iax.conf.server2.txt
-------------- next part --------------
Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX     Subclass: NEW    
   Timestamp: 00015ms  SCall: 00006  DCall: 00000 [81.XXX.XXX.XXX:4569]
   VERSION         : 2
   CALLED NUMBER   : 004989153213126
   CODEC_PREFS     : ()
   CALLING NUMBER  : 49896272423
   CALLING PRESNTN : 34
   CALLING TYPEOFN : 0
   CALLING TRANSIT : 0
   CALLING NAME    : server1
   LANGUAGE        : en
   FORMAT          : 4
   CAPABILITY      : 4194175
   ADSICPE         : 2
   DATE TIME       : 2006-10-09  17:18:34

Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX     Subclass: AUTHREQ
   Timestamp: 00002ms  SCall: 00030  DCall: 00006 [81.XXX.XXX.XXX:4569]
   AUTHMETHODS     : 2
   CHALLENGE       : 757581300
   USERNAME        : server3

Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX     Subclass: AUTHREP
   Timestamp: 00040ms  SCall: 00006  DCall: 00030 [81.XXX.XXX.XXX:4569]
   MD5 RESULT      : 94975d6e1044df7ddcafee71463fbfd9
server2*CLI> 
Oct  9 17:15:53 NOTICE[11866]: chan_iax2.c:7229 socket_read: Host 81.XXX.XXX.XXX failed to authenticate as server1
Tx-Frame Retry[000] -- OSeqno: 001 ISeqno: 002 Type: IAX     Subclass: REJECT 
   Timestamp: 00027ms  SCall: 00030  DCall: 00006 [81.XXX.XXX.XXX:4569]
   CAUSE           : No authority found
   CAUSE CODE      : 50
server2*CLI>

More information about the asterisk-users mailing list