[asterisk-users] connecting multiple servers with iax - authentication fails

Joshua Colp jcolp at digium.com
Tue Oct 10 09:09:41 MST 2006 

Tim Panton wrote:
> 
> On 9 Oct 2006, at 17:36, Benko wrote:
> 
>> Hello!
>>
>> I'm having a problem which actually looks banal. I'm trying to
>> connect 3 servers via iax with each other. However, i've not been
>> successfull so far. Asterisk always tries to authenticate the calling
>> user with the credentials of the last entry in iax.conf, not the ones
>> that would actually belong to the calling user.
>>
>> e.g. Server1 has peer/user entries for Server2 and Server3(in this
>> order), Server2 now tries to call Server1, but is asked for the
>> credentials of Server3(Because Server3 is the last entry in iax.conf),
>> which doesn't work of course.
>>
>> The IAX debug for this example is attached(iax_server2.txt).
>>
>> Please also take a look at the attached iax.conf-files for each server,
>> maybe i've missed some setting...
>>
>> Currently i workaround this issue by using the same secret for all
>> servers, this is not very practicable however...
>>
>> The asterisk versions in use are 1.2.9.1 on server3 and server2 and
>> 1.4.0-beta2 on server1.
>>
>> This guy seems to have had the same problem, unfortunately he received
>> no answer:
>> http://lists.digium.com/pipermail/asterisk-users/2003-August/011960.html
>>
>>
>> thx
>> christian
>> <iax.conf.server1.txt>
>> <iax.conf.server2.txt>
>> <iax.conf.server3.txt>
>> <iax_debug_server2.txt>
> 
> It is a bit hard to tell what is going on because you have blanked the
> IP addresses in the config files to all the same value.
> If you specify an IP address in the host= line , asterisk will use
> the from IP address of a 'new' to try and find a matching entry, and
> ignore the username sent in the message.
> 
> At a guess you have the IP addresses of  servers 1 or 3  wrong in 
> iax.conf on server2
> 
> Tim.
> 
> Tim Panton
> 
> www.mexuar.com
> 
> 
> 
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users

I would also like to point out that it is good practice to specify the 
username you want to authenticate as. If it is not given (ie: not given 
by the username option in peer, or on the Dial line) then the remote 
Asterisk box will "guess" who you want to authenticate as which may be 
incorrect. This will cause an authentication failure.

-- 
Joshua Colp
Software Developer
Digium, Inc.

More information about the asterisk-users mailing list