Different username and authuser in sip registration

Hello,
we have problem with SIP registration when authuser differs from username in registration.
In chan_sip was registration string in format:
nnnnnnnnn:passpasspass:authiduathid@sbc.provider.net/nnnnnnnnn
If we try to setup it in pjsip, we are no able to make different username from authuser.
Here is part of pjsip configuration:

type=wizard
aor/maximum_expiration=300
aor/default_expiration=300
aor/qualify_timeout=10.0
aor/qualify_frequency=30
aor/contact=sip:nnnnnnnnn@sbc.provider.net
endpoint/context=inbound
endpoint/dtmf_mode=rfc4733
endpoint/disallow=all
endpoint/allow=alaw
endpoint/send_pai=yes
endpoint/send_rpid=no
endpoint/from_user=nnnnnnnnn
identify/match=sbc.provider.net
registration/server_uri=sip:sbc.provider.net:5060
registration/client_uri=sip:nnnnnnnnn@sbc.provider.net:5060
registration/contact_user=nnnnnnnnn
registration/auth_rejection_permanent=no
registration/expiration=60
outbound_auth_type=userpass
outbound_auth/username=authiduathid
outbound_auth/password=passpasspass
remote_hosts=sbc.provider.net
sends_auth=yes
sends_registrations=yes
transport=transport-udp

If outbound_auth/username=authiduathid is specified ti rewrites user part of registration/client_uri to authiduathid

if outbound_auth/username=nnnnnnnnn is specified, there is Digest username set to nnnnnnnnn, which is wrong too.

Can you tell me please what is correct configuration for authuser in this case?

Thank you
Tomas Podolsky

Can you provide a trace of the working configuration with chan_sip, and the not working one with chan_pjsip?

Sorry for late response.
Here are 3 traces:

  1. chan_sip -> working
  2. pjsip authname = authiduathid -> wrong user in trace
  3. pjsip authname = nnnnnnnnn (username) -> wrong digest username(authname) in trace
==============================================
================== chan_sip ==================
==============================================


16:36:10.125592 IP (tos 0x60, ttl 64, id 56202, offset 0, flags [none], proto UDP (17), length 449)
    2.2.2.2.5060 > 1.1.1.1.5060: SIP, length: 421
        REGISTER sip:sbc.provider.net SIP/2.0
        Via: SIP/2.0/UDP 2.2.2.2:5060;branch=z9hG4bK1ab79701
        Max-Forwards: 70
        From: <sip:nnnnnnnnn@sbc.provider.net>;tag=as09b255a7
        To: <sip:nnnnnnnnn@sbc.provider.net>
        Call-ID: 30f48ba917ef97370f1a2819261ab2c1@2.2.2.2
        CSeq: 102 REGISTER
        Supported: replaces, timer
        User-Agent: Asterisk PBX
        Expires: 300
        Contact: <sip:nnnnnnnnn@2.2.2.2:5060>
        Content-Length: 0


16:36:10.126545 IP (tos 0x60, ttl 58, id 0, offset 0, flags [DF], proto UDP (17), length 333)
    1.1.1.1.5060 > 2.2.2.2.5060: SIP, length: 305
        SIP/2.0 100 Trying
        Call-ID: 30f48ba917ef97370f1a2819261ab2c1@2.2.2.2
        CSeq: 102 REGISTER
        From: <sip:nnnnnnnnn@sbc.provider.net>;tag=as09b255a7
        To: <sip:nnnnnnnnn@sbc.provider.net>
        Via: SIP/2.0/UDP 2.2.2.2:5060;received=2.2.2.2;rport=5060;branch=z9hG4bK1ab79701
        Content-Length: 0


16:36:10.218816 IP (tos 0x60, ttl 58, id 0, offset 0, flags [DF], proto UDP (17), length 546)
    1.1.1.1.5060 > 2.2.2.2.5060: SIP, length: 518
        SIP/2.0 401 Unauthorized
        Call-ID: 30f48ba917ef97370f1a2819261ab2c1@2.2.2.2
        CSeq: 102 REGISTER
        From: <sip:nnnnnnnnn@sbc.provider.net>;tag=as09b255a7
        To: <sip:nnnnnnnnn@sbc.provider.net>;tag=00-06165-52b10d41-5ab639e93
        Via: SIP/2.0/UDP 2.2.2.2:5060;received=2.2.2.2;rport=5060;branch=z9hG4bK1ab79701
        WWW-Authenticate: Digest realm="sbc.provider.net",nonce="52b10a9f50ddca6b49264f0a5e37c75c",opaque="52acbf6d52d3cff",stale=false,algorithm=MD5
        Server: Cirpack/v4.88 (gw_sip)
        Content-Length: 0


16:36:10.219834 IP (tos 0x60, ttl 64, id 56203, offset 0, flags [none], proto UDP (17), length 678)
    2.2.2.2.5060 > 1.1.1.1.5060: SIP, length: 650
        REGISTER sip:sbc.provider.net SIP/2.0
        Via: SIP/2.0/UDP 2.2.2.2:5060;branch=z9hG4bK158a7366
        Max-Forwards: 70
        From: <sip:nnnnnnnnn@sbc.provider.net>;tag=as09b255a7
        To: <sip:nnnnnnnnn@sbc.provider.net>
        Call-ID: 30f48ba917ef97370f1a2819261ab2c1@2.2.2.2
        CSeq: 103 REGISTER
        Supported: replaces, timer
        User-Agent: Asterisk PBX
        Authorization: Digest username="authiduathid", realm="sbc.provider.net", algorithm=MD5, uri="sip:sbc.provider.net", nonce="52b10a9f50ddca6b49264f0a5e37c75c", response="b8142ec548f0f8706137ac63976fbd3c", opaque="52acbf6d52d3cff"
        Expires: 300
        Contact: <sip:nnnnnnnnn@2.2.2.2:5060>
        Content-Length: 0


16:36:10.220823 IP (tos 0x60, ttl 58, id 0, offset 0, flags [DF], proto UDP (17), length 333)
    1.1.1.1.5060 > 2.2.2.2.5060: SIP, length: 305
        SIP/2.0 100 Trying
        Call-ID: 30f48ba917ef97370f1a2819261ab2c1@2.2.2.2
        CSeq: 103 REGISTER
        From: <sip:nnnnnnnnn@sbc.provider.net>;tag=as09b255a7
        To: <sip:nnnnnnnnn@sbc.provider.net>
        Via: SIP/2.0/UDP 2.2.2.2:5060;received=2.2.2.2;rport=5060;branch=z9hG4bK158a7366
        Content-Length: 0


16:36:10.284702 IP (tos 0x60, ttl 58, id 0, offset 0, flags [DF], proto UDP (17), length 502)
    1.1.1.1.5060 > 2.2.2.2.5060: SIP, length: 474
        SIP/2.0 200 OK
        Call-ID: 30f48ba917ef97370f1a2819261ab2c1@2.2.2.2
        Contact: <sip:nnnnnnnnn@2.2.2.2:5060>;expires=300
        CSeq: 103 REGISTER
        From: <sip:nnnnnnnnn@sbc.provider.net>;tag=as09b255a7
        To: <sip:nnnnnnnnn@sbc.provider.net>;tag=00-07157-52b10d4b-234379252
        Via: SIP/2.0/UDP 2.2.2.2:5060;received=2.2.2.2;rport=5060;branch=z9hG4bK158a7366
        P-Associated-URI: <sip:nnnnnnnnn@sbc.provider.net>
        Server: Cirpack/v4.88 (gw_sip)
        Content-Length: 0





=====================================================================
================== pjsip: authname = authiduathid  ==================
=====================================================================

16:49:45.967946 IP (tos 0x60, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 592)
    2.2.2.2.5060 > 1.1.1.1.5060: SIP, length: 564
        REGISTER sip:sbc.provider.net SIP/2.0
        Via: SIP/2.0/UDP 2.2.2.2:5060;rport;branch=z9hG4bKPj391fdee5-a58a-473c-965a-6a79f0d2c57b
        From: <sip:authiduathid@sbc.provider.net>;tag=d199ddd4-1063-4864-ab3a-a4968b20bc7b
        To: <sip:authiduathid@sbc.provider.net>
        Call-ID: 7d23ca3e-32cc-405a-b68b-d2768e1534b3
        CSeq: 28881 REGISTER
        Contact: <sip:nnnnnnnnn@2.2.2.2:5060>
        Expires: 60
        Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER
        Max-Forwards: 70
        User-Agent: Asterisk PBX
        Content-Length:  0


16:49:45.968799 IP (tos 0x60, ttl 58, id 0, offset 0, flags [DF], proto UDP (17), length 387)
    1.1.1.1.5060 > 2.2.2.2.5060: SIP, length: 359
        SIP/2.0 100 Trying
        Call-ID: 7d23ca3e-32cc-405a-b68b-d2768e1534b3
        CSeq: 28881 REGISTER
        From: <sip:authiduathid@sbc.provider.net>;tag=d199ddd4-1063-4864-ab3a-a4968b20bc7b
        To: <sip:authiduathid@sbc.provider.net>
        Via: SIP/2.0/UDP 2.2.2.2:5060;received=2.2.2.2;rport=5060;branch=z9hG4bKPj391fdee5-a58a-473c-965a-6a79f0d2c57b
        Content-Length: 0


16:49:45.999435 IP (tos 0x60, ttl 58, id 0, offset 0, flags [DF], proto UDP (17), length 434)
    1.1.1.1.5060 > 2.2.2.2.5060: SIP, length: 406
        SIP/2.0 403 authentication failed
        Call-ID: 7d23ca3e-32cc-405a-b68b-d2768e1534b3
        CSeq: 28881 REGISTER
        From: <sip:authiduathid@sbc.provider.net>;tag=d199ddd4-1063-4864-ab3a-a4968b20bc7b
        To: <sip:authiduathid@sbc.provider.net>;tag=01-32191-acf6e2c1-5772fcbf6
        Via: SIP/2.0/UDP 2.2.2.2:5060;received=2.2.2.2;rport=5060;branch=z9hG4bKPj391fdee5-a58a-473c-965a-6a79f0d2c57b
        Content-Length: 0



============================================================================
================== pjsip: authname = nnnnnnnnn (username) ==================
============================================================================


16:52:02.637931 IP (tos 0x60, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 585)
    2.2.2.2.5060 > 1.1.1.1.5060: SIP, length: 557
        REGISTER sip:sbc.provider.net SIP/2.0
        Via: SIP/2.0/UDP 2.2.2.2:5060;rport;branch=z9hG4bKPj2efd8d5b-51ca-4b20-94f8-9fed34c09545
        From: <sip:nnnnnnnnn@sbc.provider.net>;tag=19187e9b-aec3-4bc1-842a-2c5720772adc
        To: <sip:nnnnnnnnn@sbc.provider.net>
        Call-ID: 01e3822e-8efb-44c4-9f00-bc7174b865f3
        CSeq: 9771 REGISTER
        Contact: <sip:nnnnnnnnn@2.2.2.2:5060>
        Expires: 60
        Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER
        Max-Forwards: 70
        User-Agent: Asterisk PBX
        Content-Length:  0


16:52:02.638791 IP (tos 0x60, ttl 58, id 0, offset 0, flags [DF], proto UDP (17), length 380)
    1.1.1.1.5060 > 2.2.2.2.5060: SIP, length: 352
        SIP/2.0 100 Trying
        Call-ID: 01e3822e-8efb-44c4-9f00-bc7174b865f3
        CSeq: 9771 REGISTER
        From: <sip:nnnnnnnnn@sbc.provider.net>;tag=19187e9b-aec3-4bc1-842a-2c5720772adc
        To: <sip:nnnnnnnnn@sbc.provider.net>
        Via: SIP/2.0/UDP 2.2.2.2:5060;received=2.2.2.2;rport=5060;branch=z9hG4bKPj2efd8d5b-51ca-4b20-94f8-9fed34c09545
        Content-Length: 0


16:52:02.671590 IP (tos 0x60, ttl 58, id 0, offset 0, flags [DF], proto UDP (17), length 593)
    1.1.1.1.5060 > 2.2.2.2.5060: SIP, length: 565
        SIP/2.0 401 Unauthorized
        Call-ID: 01e3822e-8efb-44c4-9f00-bc7174b865f3
        CSeq: 9771 REGISTER
        From: <sip:nnnnnnnnn@sbc.provider.net>;tag=19187e9b-aec3-4bc1-842a-2c5720772adc
        To: <sip:nnnnnnnnn@sbc.provider.net>;tag=00-07931-52b25cde-69f173c91
        Via: SIP/2.0/UDP 2.2.2.2:5060;received=2.2.2.2;rport=5060;branch=z9hG4bKPj2efd8d5b-51ca-4b20-94f8-9fed34c09545
        WWW-Authenticate: Digest realm="sbc.provider.net",nonce="52b25964710eae990504941166098d36",opaque="52b208a039cd5af",stale=false,algorithm=MD5
        Server: Cirpack/v4.88 (gw_sip)
        Content-Length: 0


16:52:02.671881 IP (tos 0x60, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 811)
    2.2.2.2.5060 > 1.1.1.1.5060: SIP, length: 783
        REGISTER sip:sbc.provider.net SIP/2.0
        Via: SIP/2.0/UDP 2.2.2.2:5060;rport;branch=z9hG4bKPja4cd6b97-1642-4e66-a865-f3c8b05d8de7
        From: <sip:nnnnnnnnn@sbc.provider.net>;tag=19187e9b-aec3-4bc1-842a-2c5720772adc
        To: <sip:nnnnnnnnn@sbc.provider.net>
        Call-ID: 01e3822e-8efb-44c4-9f00-bc7174b865f3
        CSeq: 9772 REGISTER
        Contact: <sip:nnnnnnnnn@2.2.2.2:5060>
        Expires: 60
        Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER
        Max-Forwards: 70
        User-Agent: Asterisk PBX
        Authorization: Digest username="nnnnnnnnn", realm="sbc.provider.net", nonce="52b25964710eae990504941166098d36", uri="sip:sbc.provider.net", response="c60db9ac48ad887dd282edacd029ef75", algorithm=MD5, opaque="52b208a039cd5af"
        Content-Length:  0


16:52:02.672753 IP (tos 0x60, ttl 58, id 0, offset 0, flags [DF], proto UDP (17), length 380)
    1.1.1.1.5060 > 2.2.2.2.5060: SIP, length: 352
        SIP/2.0 100 Trying
        Call-ID: 01e3822e-8efb-44c4-9f00-bc7174b865f3
        CSeq: 9772 REGISTER
        From: <sip:nnnnnnnnn@sbc.provider.net>;tag=19187e9b-aec3-4bc1-842a-2c5720772adc
        To: <sip:nnnnnnnnn@sbc.provider.net>
        Via: SIP/2.0/UDP 2.2.2.2:5060;received=2.2.2.2;rport=5060;branch=z9hG4bKPja4cd6b97-1642-4e66-a865-f3c8b05d8de7
        Content-Length: 0


16:52:02.785790 IP (tos 0x60, ttl 58, id 0, offset 0, flags [DF], proto UDP (17), length 461)
    1.1.1.1.5060 > 2.2.2.2.5060: SIP, length: 433
        SIP/2.0 403 Wrong login or password
        Call-ID: 01e3822e-8efb-44c4-9f00-bc7174b865f3
        CSeq: 9772 REGISTER
        From: <sip:nnnnnnnnn@sbc.provider.net>;tag=19187e9b-aec3-4bc1-842a-2c5720772adc
        To: <sip:nnnnnnnnn@sbc.provider.net>;tag=00-08162-52b25ce7-541468960
        Via: SIP/2.0/UDP 2.2.2.2:5060;received=2.2.2.2;rport=5060;branch=z9hG4bKPja4cd6b97-1642-4e66-a865-f3c8b05d8de7
        Server: Cirpack/v4.88 (gw_sip)
        Content-Length: 0


Your configuration looks correct but I’m wondering if it’s a consequence of using wizards. If you use the CLI command to examine the auth what does it show?

here is auth in CLI:

asterisk*CLI> pjsip show auth regtest-oauth 

  I/OAuth:  <AuthId/UserName.............................................................>
==========================================================================================

     Auth:  regtest-oauth/authiduathid

 ParameterName  : ParameterValue
 ===============================
 @pjsip_wizard  : regtest
 auth_type      : userpass
 md5_cred       : 
 nonce_lifetime : 32
 password       : passpasspass
 realm          : 
 username       : authiduathid

It appears to be correct so I’m not sure why it would not place the correct auth username in there. If you don’t use a wizard does it work?

Yes, if I don’t use wizard it works.
Couldn’t be problem with this: ‘server_uri and client_uri are constructed using their respective patterns using {REMOTE_HOST} and {USERNAME}’?
Because if wizard is used, than ‘registration/client_uri’ is authiduathid@sbc.provider.net and it is wrong.

But finally I make it working with wizard by setting ‘client_uri_pattern=sip:nnnnnnnnn@${REMOTE_HOST}’

Isn’t there issue with interpreting ${USERNAME} from ‘outbound_auth/username’ ?

Well, normally the username is the same across everything - authentication, AOR. The wizard probably caters to that instead of your abnormal usage.

I am not sure if this is abnormal usage. I resolved it by ‘hack’ because it appeared to be correct configuration, how you wrote. :slight_smile:
Does exist a chance that it could be resolved as accepted bug? :innocent:
But in every case, thank you for your guidance.

I’m not sure it’s a hack or bug since the ability to overrule it is provided. The default behavior itself works for the vast majority of people.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.