Hi Stagg,
set the debug level to 6 and you will get the logs from openser - this
will help you identify why the auth is rejected.
Regards,
Bogdan
PS: you can send the logs to me if you do not manage to read them (also
attach the SIP trace)
Stagg Shelton wrote:
> I am using proxy_authorize & proxy_challenge on the invite.
>
> if (!(method=="REGISTER"))
> {
> if (!allow_trusted())
> {
> if (!proxy_authorize("", "subscriber")) {
> $var(debug) = proxy_authorize("", "subscriber");
> xlog("Not Proxy Authorize: $var(debug)");
> proxy_challenge("", "0");
> exit;
> }
> if (!check_from()) {
> sl_send_reply("403","Forbidden auth ID");
> exit;
> }
>
> consume_credentials();
> # caller authenticated
> }
> }
>
>
> Below is the output I see in the log file when this path is executed.
>
> Jun 30 10:10:47 rolecall /sbin/openser[15625]: Not Proxy Authorize: -4
> Jun 30 10:10:47 rolecall /sbin/openser[15629]: Not Proxy Authorize: -5
> Jun 30 10:10:47 rolecall /sbin/openser[15625]: Not Proxy Authorize: -5
> Jun 30 10:10:47 rolecall /sbin/openser[15627]: Not Proxy Authorize: -5
>
> As you can see on the initial invite the credentials are not found
> which is to be expected. But on the subsequent invites OpenSER is
> returning the generic error which doesn't tell me a whole lot. Can
> you tell me how to obtain more verbose debugging.
>
> Is it possible that OpenSER is using the From tag and not the
> credentials supplied in the Proxy-Authorization header?
>
> Thank You
> Stagg Shelton
>
> On Jun 30, 2008, at 4:21 AM, Bogdan-Andrei Iancu wrote:
>
>
>> Hi Stagg,
>>
>> For INVITEs, use proxy_challenge() + proxy_authorize() functions and
>> not the www_xxxxxxx() functions.
>>
>> Regards,
>> Bogdan
>>
>> Stagg Shelton wrote:
>>
>>> I've been trying to work through openser successfully
>>> authenticating a user on an INVITE. I've tried using
>>> www_challenge and proxy_challenge. Each time, OpenSER will
>>> respond to the INVITE with the appropriate Authentication header
>>> depending on what I'm using, and asterisk will resend the INVITE
>>> with the Digest credentials. I've determined that OpenSER returns
>>> a -5 when processing either www_authorize or proxy_authorize and
>>> the INVITE has the Digest credentials.
>>>
>>> The authentication seems to work just fine when asterisk Registers
>>> to openser. Are there any known issues with asterisk
>>> authenticating during an INVITE? I would prefer to do it this way
>>> in case the PBX loses its primary network connectivity and is
>>> failing to a secondary route, or some other reason that would
>>> cause the IP address to change.
>>>
>>> I am currently using OpenSER 1.3.1
>>>
>>> Thank You
>>> Stagg Shelton
>>> _______________________________________________
>>> Users mailing list
>>> Users@lists.openser.org
>>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>
>
> _______________________________________________
> Users mailing list
> Users@lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>
>
_______________________________________________
Users mailing list
Users@lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users
