[asterisk-users] connecting multiple servers with iax -
authentication fails
Benko
benkokakao at gmail.com
Mon Oct 9 09:36:48 MST 2006
Hello!
I'm having a problem which actually looks banal. I'm trying to
connect 3 servers via iax with each other. However, i've not been
successfull so far. Asterisk always tries to authenticate the calling
user with the credentials of the last entry in iax.conf, not the ones
that would actually belong to the calling user.
e.g. Server1 has peer/user entries for Server2 and Server3(in this
order), Server2 now tries to call Server1, but is asked for the
credentials of Server3(Because Server3 is the last entry in iax.conf),
which doesn't work of course.
The IAX debug for this example is attached(iax_server2.txt).
Please also take a look at the attached iax.conf-files for each server,
maybe i've missed some setting...
Currently i workaround this issue by using the same secret for all
servers, this is not very practicable however...
The asterisk versions in use are 1.2.9.1 on server3 and server2 and
1.4.0-beta2 on server1.
This guy seems to have had the same problem, unfortunately he received
no answer:
http://lists.digium.com/pipermail/asterisk-users/2003-August/011960.html
thx
christian
-------------- next part --------------
[general]
register => server3:12345678 at server2.domain.org
bindport=4569 ; bindport and bindaddr may be specified
bindaddr=10.1.99.157
bandwidth=high
allow=all
disallow=lpc10
jitterbuffer=no
forcejitterbuffer=no
autokill=yes
[server3]
type=peer
auth=md5
user=server3
secret=thirdsecret321
qualify=yes
host=XXX.XXX.XXX.XXX
context=iax_server3
[server3]
type=user
auth=md5
user=server3
secret=thirdsecret321
qualify=yes
host=XXX.XXX.XXX.XXX
context=iax_server3
[server2]
type=peer
auth=md5
user=server2
secret=othersecret123
qualify=yes
host=XXX.XXX.XXX.XXX
context=iax_server3
[server2]
type=user
auth=md5
user=server2
secret=othersecret123
qualify=yes
host=XXX.XXX.XXX.XXX
context=iax_server3
-------------- next part --------------
[general]
bindport=4569
bindaddr=213.208.4.99
bandwidth=high
allow=all
disallow=lpc10
jitterbuffer=no
forcejitterbuffer=no
tos=lowdelay
autokill=yes
[server1]
type=user
auth=md5
user=server1
secret=othersecret123
qualify=yes
host=dynamic
context=iax_server3
[server1]
type=peer
auth=md5
user=server1
secret=othersecret123
qualify=yes
host=dynamic
context=iax_server3
[server3]
type=user
auth=md5
user=mgw1
secret=12345678
qualify=yes
host=XXX.XXX.XXX.XXX
context=iax_server3
[server3]
type=peer
auth=md5
user=server3
secret=12345678
qualify=yes
host=XXX.XXX.XXX.XXX
context=iax_server3
-------------- next part --------------
[general]
bindport=4569
bindaddr=0.0.0.0
delayreject=yes
bandwidth=high
allow=all ; same as bandwidth=high
allow=alaw
disallow=ulaw
disallow=lpc10 ; Icky sound quality... Mr. Roboto.
jitterbuffer=no
forcejitterbuffer=no
[server1]
type=peer
auth=md5
secret=thirdsecret321 ; redundant when already embedded in Dial string
qualify=yes
host=81.XXX.XXX.XXX
user=server1 ; redundant when already embedded in Dial string
context=iax_server1
[server1]
type=user
auth=md5
secret=thirdsecret321 ; redundant when already embedded in Dial string
qualify=yes
host=81.XXX.XXX.XXX
user=server1 ; redundant when already embedded in Dial string
context=iax_server1
[server2]
type=peer
auth=md5
secret=12345678 ; redundant when already embedded in Dial string
qualify=yes
host=XXX.XXX.XXX.XXX
user=server2 ; redundant when already embedded in Dial string
context=iax_server3 ;yes, this context is the same as in iax.conf.server2.txt
[server2]
type=user
auth=md5
secret=12345678 ; redundant when already embedded in Dial string
qualify=yes
host=XXX.XXX.XXX.XXX
user=server2 ; redundant when already embedded in Dial string
context=iax_server3 ;yes, this context is the same as in iax.conf.server2.txt
-------------- next part --------------
Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass: NEW
Timestamp: 00015ms SCall: 00006 DCall: 00000 [81.XXX.XXX.XXX:4569]
VERSION : 2
CALLED NUMBER : 004989153213126
CODEC_PREFS : ()
CALLING NUMBER : 49896272423
CALLING PRESNTN : 34
CALLING TYPEOFN : 0
CALLING TRANSIT : 0
CALLING NAME : server1
LANGUAGE : en
FORMAT : 4
CAPABILITY : 4194175
ADSICPE : 2
DATE TIME : 2006-10-09 17:18:34
Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX Subclass: AUTHREQ
Timestamp: 00002ms SCall: 00030 DCall: 00006 [81.XXX.XXX.XXX:4569]
AUTHMETHODS : 2
CHALLENGE : 757581300
USERNAME : server3
Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass: AUTHREP
Timestamp: 00040ms SCall: 00006 DCall: 00030 [81.XXX.XXX.XXX:4569]
MD5 RESULT : 94975d6e1044df7ddcafee71463fbfd9
server2*CLI>
Oct 9 17:15:53 NOTICE[11866]: chan_iax2.c:7229 socket_read: Host 81.XXX.XXX.XXX failed to authenticate as server1
Tx-Frame Retry[000] -- OSeqno: 001 ISeqno: 002 Type: IAX Subclass: REJECT
Timestamp: 00027ms SCall: 00030 DCall: 00006 [81.XXX.XXX.XXX:4569]
CAUSE : No authority found
CAUSE CODE : 50
server2*CLI>
More information about the asterisk-users
mailing list