Authorisation on Asterisk

pavin_au · January 18, 2017, 6:35am

Hi forum!

Thank you for your previous help. I really appreciate it!

I have problem with authorization for my users like this:

[2017-01-18 17:28:34] NOTICE[16122]: chan_sip.c:27891 handle_request_register: Registration from ‘"101"sip:101@192.168.0.15’ failed for ‘192.168.0.5:50792’ - Wrong password
voipserv*CLI>

However, my config files are:

[root@voipserv Wed Jan 18 17:28:18 asterisk]# egrep -v ‘^;|^#|^$’ /etc/asterisk/sip.conf
[general]
include sip_additional.conf
[root@voipserv Wed Jan 18 17:29:31 asterisk]#vi /etc/asterisk/sip_additional.conf
[101]
deny=0.0.0.0/0.0.0.0
secret=secret123
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
trustrpid=yes
mediaencryption=no
sendrpid=no
type=friend
nat=no
port=5060
qualify=yes
callgroup=1
pickupgroup=1
dial=SIP/101
permit=0.0.0.0/0.0.0.0
callerid=Second <101>
callcounter=yes
faxdetect=no

Same password I put in config profile my X-Lite softphone by copy/paste method.

Is it possible that I have problem with password, because I have wrong/another information about it to somewhere? In DB let say?
I try to check it to the MySQL DB I used for my asterisk and see next
MariaDB [asterisk]> select extension, password, name, sipname from users;

±----------±---------±--------------------±--------+
| extension | password | name | sipname |
±----------±---------±--------------------±--------+
| 100 | | First | 100 |
| 101 | | Second | 101 |
| 107 | | Manual | 107 |
±----------±---------±--------------------±--------+

Field ‘password’ as you see is empty. Can it be the root of the problem? If so, what other tables, dbs I should check?

Thank you in advance,
Ivan

pavin_au · January 19, 2017, 6:37am

Guys,

I really need help. I tried to create test extension 111 and it doesn’t work. I see this new extension into my log files and into my MySQL DB but I still experience with password failure problem

This is my debug.

<— SIP read from UDP:192.168.0.5:52790 —>
REGISTER sip:192.168.0.15 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.5:52790;branch=z9hG4bK-524287-1—7f22ef348114f71b;rport
Max-Forwards: 70
Contact: sip:111@192.168.0.5:52790;rinstance=aa31642790c1113f
To: "111"sip:111@192.168.0.15
From: "111"sip:111@192.168.0.15;tag=ed4e6a3c
Call-ID: 81564ZGVlNWM1NjVkYTA2Y2I2MjNjOGNjNzgwZmQ3ODI5Y2I
CSeq: 1 REGISTER
Expires: 3600
Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, CANCEL, BYE, REFER, INFO, OPTIONS, MESSAGE
User-Agent: X-Lite release 4.9.5.1 stamp 81564
Content-Length: 0

<------------->
— (12 headers 0 lines) —
Sending to 192.168.0.5:52790 (no NAT)
Sending to 192.168.0.5:52790 (no NAT)

<— Transmitting (no NAT) to 192.168.0.5:52790 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.0.5:52790;branch=z9hG4bK-524287-1—7f22ef348114f71b;received=192.168.0.5;rport=52790
From: "111"sip:111@192.168.0.15;tag=ed4e6a3c
To: "111"sip:111@192.168.0.15;tag=as4dfaa77b
Call-ID: 81564ZGVlNWM1NjVkYTA2Y2I2MjNjOGNjNzgwZmQ3ODI5Y2I
CSeq: 1 REGISTER
Server: Asterisk PBX 13.6.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce="42af3ae6"
Content-Length: 0

<------------>
Scheduling destruction of SIP dialog ‘81564ZGVlNWM1NjVkYTA2Y2I2MjNjOGNjNzgwZmQ3ODI5Y2I’ in 32000 ms (Method: REGISTER)

<— SIP read from UDP:192.168.0.5:52790 —>
REGISTER sip:192.168.0.15 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.5:52790;branch=z9hG4bK-524287-1—beef7356d4d49f3e;rport
Max-Forwards: 70
Contact: sip:111@192.168.0.5:52790;rinstance=aa31642790c1113f
To: "111"sip:111@192.168.0.15
From: "111"sip:111@192.168.0.15;tag=ed4e6a3c
Call-ID: 81564ZGVlNWM1NjVkYTA2Y2I2MjNjOGNjNzgwZmQ3ODI5Y2I
CSeq: 2 REGISTER
Expires: 3600
Allow: SUBSCRIBE, NOTIFY, INVITE, ACK, CANCEL, BYE, REFER, INFO, OPTIONS, MESSAGE
User-Agent: X-Lite release 4.9.5.1 stamp 81564
Authorization: Digest username=“111”,realm=“asterisk”,nonce=“42af3ae6”,uri=“sip:192.168.0.15”,response=“a7a71b9c33a57991f08cf986791d5c9a”,algorithm=MD5
Content-Length: 0

<------------->
— (13 headers 0 lines) —
Sending to 192.168.0.5:52790 (no NAT)

<— Transmitting (no NAT) to 192.168.0.5:52790 —>
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 192.168.0.5:52790;branch=z9hG4bK-524287-1—beef7356d4d49f3e;received=192.168.0.5;rport=52790
From: "111"sip:111@192.168.0.15;tag=ed4e6a3c
To: "111"sip:111@192.168.0.15;tag=as4dfaa77b
Call-ID: 81564ZGVlNWM1NjVkYTA2Y2I2MjNjOGNjNzgwZmQ3ODI5Y2I
CSeq: 2 REGISTER
Server: Asterisk PBX 13.6.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0

<------------>
[2017-01-19 17:35:41] NOTICE[20458]: chan_sip.c:27891 handle_request_register: Registration from ‘"111"sip:111@192.168.0.15’ failed for ‘192.168.0.5:52790’ - Wrong password
Scheduling destruction of SIP dialog ‘81564ZGVlNWM1NjVkYTA2Y2I2MjNjOGNjNzgwZmQ3ODI5Y2I’ in 32000 ms (Method: REGISTER)
voipserv*CLI>

Do you have any ideas?

Thank you in advance!

pavin_au · January 19, 2017, 6:54am

I actually consider about this in my debug

Contact: sip:111@192.168.0.5:54627;rinstance=1f745b1dcfd7b8cd
To: "111"sip:111@192.168.0.15
From: "111"sip:111@192.168.0.15;tag=0b23ef0b

The IP address in fields “to” and “from” is the same but in my understanding the address into field “from” should be 192.168.0.5. Am I correct? If so, how can I fix it?

Thank you in advance!

jcolp · January 19, 2017, 9:05pm

Please use the “Preformatted text” option for providing logs. What is the output of “sip show peers”?

pavin_au · January 20, 2017, 2:46am

Thank you jcop!

It shows nothing 0-peers

pavin_au · January 20, 2017, 2:53am

voipservCLI> sip show peers
Name/username Host Dyn Forcerport Comedia ACL Port Status Description
0 sip peers [Monitored: 0 online, 0 offline Unmonitored: 0 online, 0 offline]
[2017-01-20 13:52:50] NOTICE[11937]: chan_sip.c:27891 handle_request_register: Registration from ‘sip:155@192.168.0.15’ failed for ‘192.168.0.19:50431’ - Wrong password
voipservCLI>

pavin_au · January 20, 2017, 4:08am

Guys,

Is it possible that I have loaded some module which don’t allows my users connect to Asterisk?

pavin_au · January 20, 2017, 8:01am

Guys,

I found that my Asterisk does not see my users.

voipservCLI> sip show users
Username Secret Accountcode Def.Context ACL Forcerport
voipservCLI>

On the other hand I have this users/extensions in my config files
[101]
secret=secret123
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
trustrpid=yes
mediaencryption=no
sendrpid=no
type=friend
nat=no
port=5060
qualify=yes
callgroup=1
pickupgroup=1
dial=SIP/101
permit=192.168.0.0/255.255.255.0
callerid=Second <101>
callcounter=yes
faxdetect=no

[150]
deny=0.0.0.0/0.0.0.0
secret=secret123
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
trustrpid=yes
mediaencryption=no
sendrpid=no
type=friend
nat=force_rport,comedia
port=5060
qualify=yes
qualifyfreq=60
transport=udp,tcp,tls
avpf=no
force_avp=no
icesupport=no
encryption=no
callgroup=
pickupgroup=
dial=SIP/150
permit=192.168.0.0/24
callerid=Cisco7970 <150>
callcounter=yes
faxdetect=no

Could you give me advice, where I can check my users, please?

Thank you in advance

jcolp · January 20, 2017, 11:03am

What are the contents (using pre-formatted text) of sip.conf?

pavin_au · January 23, 2017, 6:54am

Thank you jcolp! I have in sip.conf next:

[root@voipserv Mon Jan 23 17:50:47 asterisk]# egrep -v ‘^#|^;|^$’ /etc/asterisk/sip.conf
[general]
include sip_general_additional.conf
include sip_additional.conf
[root@voipserv Mon Jan 23 17:51:00 asterisk]#

So the sip.conf has literally nothing. I don’t know what the pre-formatted text is. (HTML tags?)

So, I try to send my two other configs from sip.conf into additional messages.

pavin_au · January 23, 2017, 6:57am

[root@voipserv Mon Jan 23 17:55:09 asterisk]# vi /etc/asterisk/sip_additional.conf

;--------------------------------------------------------------------------------;
; Do NOT edit this file as it is auto-generated by FreePBX. ;
;--------------------------------------------------------------------------------;
; For information on adding additional paramaters to this file, please visit the ;
; FreePBX.org wiki page, or ask on IRC. This file was created by the new FreePBX ;
; BMO - Big Module Object. Any similarity in naming with BMO from Adventure Time ;
; is totally deliberate. ;
;--------------------------------------------------------------------------------;
[100]
deny=0.0.0.0/0.0.0.0
secret=secret123
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
trustrpid=yes
mediaencryption=no
sendrpid=no
type=friend
nat=no
port=5060
qualify=yes
qualifyfreq=60
transport=udp,tcp,tls
avpf=no
force_avp=no
icesupport=no
encryption=no
callgroup=1
pickupgroup=1
dial=SIP/100
mailbox=100@default
permit=0.0.0.0/0.0.0.0
callerid=First <100>
callcounter=yes
faxdetect=no

[101]
secret=secret123
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
trustrpid=yes
mediaencryption=no
sendrpid=no
type=friend
nat=no
port=5060
qualify=yes
callgroup=1
pickupgroup=1
dial=SIP/101
permit=192.168.0.0/255.255.255.0
callerid=Second <101>
callcounter=yes
faxdetect=no

[TPG]
disallow=all
host=111.10.42.69
type=friend
port=5060
insecure=invite,port
allow=alaw
context=from-trunk
qualify=yes
directmedia=no

pavin_au · January 23, 2017, 6:59am

[root@voipserv Mon Jan 23 17:57:55 asterisk]# vi /etc/asterisk/sip_general_additional.conf

;--------------------------------------------------------------------------------;
; Do NOT edit this file as it is auto-generated by FreePBX. ;
;--------------------------------------------------------------------------------;
; For information on adding additional paramaters to this file, please visit the ;
; FreePBX.org wiki page, or ask on IRC. This file was created by the new FreePBX ;
; BMO - Big Module Object. Any similarity in naming with BMO from Adventure Time ;
; is totally deliberate. ;
;--------------------------------------------------------------------------------;
vmexten=*97
context=from-sip-external
callerid=Unknown
notifyringing=yes
notifyhold=yes
tos_sip=cs3
tos_audio=ef
tos_video=af41
alwaysauthreject=yes
useragent=FPBX-12.0.76.2(13.6.0)
disallow=all
allow=ulaw
allow=alaw
allow=gsm
allow=g726
allow=g729
allow=g723
allow=g722
allow=g719
bindport=5060
nat=no
g726nonstandard=no
videosupport=no
maxcallbitrate=384
canreinvite=no
rtptimeout=30
rtpholdtimeout=300
checkmwi=10
notifyringing=yes
notifyhold=yes
registertimeout=20
maxexpiry=3600
minexpiry=60
defaultexpiry=120
jbenable=no
ALLOW_SIP_ANON=no
allowguest=yes
srvlookup=no
callevents=no
localnet=192.168.0.0/255.255.255.0
localnet=10.239.67.216/30

pavin_au · January 23, 2017, 7:00am

Thank you jcolp again! I literally is loosing my hope

david551 · January 23, 2017, 9:01am

For FreePBX peer support use http://community.freepbx.org/

We are not experts in the complex ways in which FreePBX manipulates the Asterisk configuration and we expect people to understand the basics of how Asterisk configuration files work.

Preformatted text refers to the use of the </> button on the forum composition tool bar.

pavin_au · January 23, 2017, 7:25pm

Thank you David.

Just would like to tell you, when I put all configuration from sip_additional.conf to sip.conf - Asterisk sees the users.But for my understanding sip_additional.conf is asterisk file not freePBX. Correct me, please, if I’m wrong. Now I’d like to understand very interesting question - why Asterisk can’t see my users if they are not in sip.conf

Thank you again

david551 · January 23, 2017, 9:45pm

sip.conf is Asterisk. There are no included files in a baseline configuration. Any includes are the result of some add on software.

I don’t know for certain how FreePBX structures the use of its include files.