Thanks for the info. I downloaded 1.3.2-notls and was able to make it work after it returned a -2 instead of the -5 I was receiving from the 1.3.1. I think that the 1.3.1 version that I was testing with was probably a trunk version. Anyways now that both sides are configured properly it is working the way I intended.
Stagg On Jun 30, 2008, at 12:07 PM, flavio wrote: > Hi Stagg, > > Check the UAC module, if you want to send credentials to Asterisk (I > have tested OpenSER 1.3.2 and Asterisk 1.4, it works). Another way > is to integrate Asterisk and OpenSER using realtime (there is a > tutorial in the www.openser.org website), with this integration, the > same user existing in OpenSER will be valid in the Asterisk Server. > There is the ugly way too (autocreatepeer=yes or insecure =invite in > the peer) in the Asterisk Server, but make sure that only OpenSER > can send SIP requests to your Asterisk Server or you can get into > big security problems. > > Cheers, > > Flavio > > > ----- Original Message ----- From: "Stagg Shelton" <[EMAIL PROTECTED] > > > To: <[email protected]> > Sent: Monday, June 30, 2008 11:21 AM > Subject: Re: [OpenSER-Users] Problem with asterisk authenticating on > invite > > >> I am using proxy_authorize & proxy_challenge on the invite. >> >> if (!(method=="REGISTER")) >> { >> if (!allow_trusted()) >> { >> if (!proxy_authorize("", "subscriber")) { >> $var(debug) = proxy_authorize("", "subscriber"); >> xlog("Not Proxy Authorize: $var(debug)"); >> proxy_challenge("", "0"); >> exit; >> } >> if (!check_from()) { >> sl_send_reply("403","Forbidden auth ID"); >> exit; >> } >> >> consume_credentials(); >> # caller authenticated >> } >> } >> >> >> Below is the output I see in the log file when this path is executed. >> >> Jun 30 10:10:47 rolecall /sbin/openser[15625]: Not Proxy Authorize: >> -4 >> Jun 30 10:10:47 rolecall /sbin/openser[15629]: Not Proxy Authorize: >> -5 >> Jun 30 10:10:47 rolecall /sbin/openser[15625]: Not Proxy Authorize: >> -5 >> Jun 30 10:10:47 rolecall /sbin/openser[15627]: Not Proxy Authorize: >> -5 >> >> As you can see on the initial invite the credentials are not found >> which is to be expected. But on the subsequent invites OpenSER is >> returning the generic error which doesn't tell me a whole lot. Can >> you tell me how to obtain more verbose debugging. >> >> Is it possible that OpenSER is using the From tag and not the >> credentials supplied in the Proxy-Authorization header? >> >> Thank You >> Stagg Shelton >> >> On Jun 30, 2008, at 4:21 AM, Bogdan-Andrei Iancu wrote: >> >>> Hi Stagg, >>> >>> For INVITEs, use proxy_challenge() + proxy_authorize() functions and >>> not the www_xxxxxxx() functions. >>> >>> Regards, >>> Bogdan >>> >>> Stagg Shelton wrote: >>>> I've been trying to work through openser successfully >>>> authenticating a user on an INVITE. I've tried using >>>> www_challenge and proxy_challenge. Each time, OpenSER will >>>> respond to the INVITE with the appropriate Authentication header >>>> depending on what I'm using, and asterisk will resend the INVITE >>>> with the Digest credentials. I've determined that OpenSER returns >>>> a -5 when processing either www_authorize or proxy_authorize and >>>> the INVITE has the Digest credentials. >>>> >>>> The authentication seems to work just fine when asterisk Registers >>>> to openser. Are there any known issues with asterisk >>>> authenticating during an INVITE? I would prefer to do it this way >>>> in case the PBX loses its primary network connectivity and is >>>> failing to a secondary route, or some other reason that would >>>> cause the IP address to change. >>>> >>>> I am currently using OpenSER 1.3.1 >>>> >>>> Thank You >>>> Stagg Shelton >>>> _______________________________________________ >>>> Users mailing list >>>> [email protected] >>>> http://lists.openser.org/cgi-bin/mailman/listinfo/users >>>> >>>> >>> >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.openser.org/cgi-bin/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.openser.org/cgi-bin/mailman/listinfo/users
