Asterisk SIP digest authentication username mismatch

Posted by Matt on Super User See other posts from Super User or by Matt
Published on 2010-04-02T22:19:27Z Indexed on 2010/04/02 22:23 UTC
Read the original article Hit count: 1593

Filed under:
|

I have an asterisk system that I'm attempting to get to work as a backup for our 3com system. We already use it for a conference bridge. Our phones are the 3com 3C10402B, so I don't have the issue of older 3com phones that come without a SIP image.

The 3com phones are communicating SIP with the Asterisk, but are unable to register because they present a digest username value that doesn't match what Asterisk thinks it should.

As an example, here are the relevant lines from a successful registration from a soft phone:

Server sends:
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="1cac3853"
Phone responds:
Authorization: Digest username="2321", realm="asterisk", nonce="1cac3853", uri="sip:192.168.254.12", algorithm=md5, response="d32df9ec719817282460e7c2625b6120"

For the 3com phone, those same lines look like this (and fails):

Server sends:
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="6c915c33"
Phone responds:
Authorization: Digest username="sip:[email protected]", realm="asterisk", nonce="6c915c33", uri="sip:192.168.254.12", opaque="", algorithm=MD5, response="a89df25f19e4b4598595f919dac9db81"

Basically, Asterisk wants to see a username in the Digest username field of 2321, but the 3com phone is sending sip:[email protected].

Anyone know how to tell asterisk to accept this format of username in the digest authentication?

Here is the sip.conf info for that extension:

[2321]
deny=0.0.0.0/0.0.0.0
disallow=all
type=friend
secret=1234
qualify=yes
port=5060
permit=0.0.0.0/0.0.0.0
nat=yes
mailbox=2321@device
host=dynamic
dtmfmode=rfc2833
dial=SIP/2321
context=from-internal
canreinvite=no
callerid=device <2321>
allow=ulaw, alaw
call-limit=50

... and for those interested in the grit, here is the debug output of the registration attempt:


REGISTER sip:192.168.254.12 SIP/2.0
v: SIP/2.0/UDP 192.168.254.157:5060
t: 
f: 
i: fa4451d8-01d6-1cc2-13e4-00e0bb33beb9
CSeq: 18580 REGISTER
Max-Forwards: 70
m: ;dt=544
Expires: 3600
User-Agent: 3Com-SIP-Phone/V8.0.1.3
X-3Com-PhoneInfo: firstRegistration=no; primaryCallP=192.168.254.12; secondaryCallP=0.0.0.0;


--- (11 headers 0 lines) ---
Using latest REGISTER request as basis request
Sending to 192.168.254.157 : 5060 (no NAT)


SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.254.157:5060;received=192.168.254.157
From: 
To: 
Call-ID: fa4451d8-01d6-1cc2-13e4-00e0bb33beb9
CSeq: 18580 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Contact: 
Content-Length: 0



SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.254.157:5060;received=192.168.254.157
From: 
To: ;tag=as3fb867e2
Call-ID: fa4451d8-01d6-1cc2-13e4-00e0bb33beb9
CSeq: 18580 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="6c915c33"
Content-Length: 0


Scheduling destruction of SIP dialog 'fa4451d8-01d6-1cc2-13e4-00e0bb33beb9' in 32000 ms (Method: REGISTER)
confbridge*CLI>

REGISTER sip:192.168.254.12 SIP/2.0
v: SIP/2.0/UDP 192.168.254.157:5060
t: 
f: 
i: fa4451d8-01d6-1cc2-13e4-00e0bb33beb9
CSeq: 18581 REGISTER
Max-Forwards: 70
m: ;dt=544
Expires: 3600
User-Agent: 3Com-SIP-Phone/V8.0.1.3
Authorization: Digest username="sip:[email protected]", realm="asterisk", nonce="6c915c33", uri="sip:192.168.254.12", opaque="", algorithm=MD5, response="a89df25f19e4b4598595f919dac9db81"
X-3Com-PhoneInfo: firstRegistration=no; primaryCallP=192.168.254.12; secondaryCallP=0.0.0.0;


--- (12 headers 0 lines) ---
Using latest REGISTER request as basis request
Sending to 192.168.254.157 : 5060 (NAT)


SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.254.157:5060;received=192.168.254.157
From: 
To: 
Call-ID: fa4451d8-01d6-1cc2-13e4-00e0bb33beb9
CSeq: 18581 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Contact: 
Content-Length: 0



SIP/2.0 403 Authentication user name does not match account name
Via: SIP/2.0/UDP 192.168.254.157:5060;received=192.168.254.157
From: 
To: ;tag=as3fb867e2
Call-ID: fa4451d8-01d6-1cc2-13e4-00e0bb33beb9
CSeq: 18581 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Content-Length: 0


Scheduling destruction of SIP dialog 'fa4451d8-01d6-1cc2-13e4-00e0bb33beb9' in 32000 ms (Method: REGISTER)

Thanks for your input!

© Super User or respective owner

Related posts about asterisk

Related posts about sip