SIP Digest authentication fails. ...check_auth: username mismatch

sam7575 · May 3, 2016, 3:49pm

I am building a basic SIP UA. I am sending the following INVITE, as seen in Asterisk console (only headers relevant to authentication are shown):

INVITE sip:104@192.168.1.92 SIP/2.0
From: "110"<sip:110@192.168.1.92>;tag=80859256
To: <sip:104@192.168.1.92>
Call-ID: 80859256
CSeq: 80859256 INVITE
Via: SIP/2.0/UDP 192.168.1.92:6000;branch=z9hG4bK-80859256
Contact: <sip:110@192.168.1.92>

In response, I get the following challenge:

 SIP/2.0 401 Unauthorized
 Via: SIP/2.0/UDP 192.168.1.92:6000;branch=z9hG4bK-   80859256;received=127.0.0.1
 From: "110"<sip:110@192.168.1.92>;tag=80859256
 To: <sip:104@192.168.1.92>;tag=as25af7f49
 Call-ID: 80859256
 CSeq: 80859256 INVITE
 Server: Asterisk PBX 13.7.2
 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
 Supported: replaces, timer
 WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="20e95772"
 Content-Length: 0

I reply with the following:

 ACK sip:104@192.168.1.92 SIP/2.0
 From: "110"<sip:110@192.168.1.92>;tag=80859256
 To: <sip:104@192.168.1.92>;tag=as25af7f49
 Call-ID: 80859256
 CSeq: 80859256 ACK
 Via: SIP/2.0/UDP 192.168.1.92:6000;rport;branch=z9hG4bK-80859256
 Contact: <sip:110@192.168.1.92>
 Content-Length: 0


 INVITE sip:104@192.168.1.92 SIP/2.0
 From: "110"<sip:110@192.168.1.92>;tag=80859256
 To: <sip:104@192.168.1.92>
 Call-ID: 80859256
 CSeq: 80859257 INVITE
 Via: SIP/2.0/UDP 192.168.1.92:6000;rport;branch=z9hG4bK-80859257
 Max-Forwards:5
 Allow: REGISTER, INVITE, ACK, BYE, REFER, NOTIFY, CANCEL, INFO, OPTIONS, PRACK, SUBSCRIBE
 Contact: <sip:110@192.168.1.92>
 Authorization: Digest
 username="110",realm="asterisk", nonce="20e95772",uri="sip:104@192.168.1.92",response="ed2de012b2255e85ddb0ee724b9a3ffd"
 Session-Expires: 1800
 Min-SE: 90
 Content-Type: application/sdp

I have not included above the actual SDP sent with the invites. The password for extension 110 is 110 as defined in sip.conf.

QUESTION:
I am getting this error:

 WARNING...: chan_sip.c:16702 check_auth: username mismatch, have <110>, digest has <>
 NOTICE...: chan_sip.c:25603 handle_request_invite: Failed to authenticate device "110"<sip:110@192.168.1.92>;tag=76981187

This is followed by a “SIP/2.0 403 Forbidden” message.

I do not believe that my digest calculation as sent in the second INVITE is wrong.
What needs to be changed? I have spent a lot of time in debugging this…
Any help would be HIGHLY appreciated.

sam7575 · May 4, 2016, 4:28am

Found the answer, thanks to this reply on StackOverflow. I was mistakenly inserting a CR+LF after “Authorization: Digest” in the second INVITE.

Topic		Replies	Views
SIP 401 in response to auth challenge response Asterisk SIP	4	34	February 22, 2025
Asterisk ignores challenge for digest auth, reg fails Asterisk Support	1	815	December 6, 2005
Not clear about some of the Asterisk SIP messages	5	1103	May 10, 2016
SIP - Failed to Authenticate Asterisk SIP	4	47	November 30, 2024
SIP trunking error Failed to authenticate on INVITE to Asterisk Support	1	3129	September 12, 2012

SIP Digest authentication fails. ...check_auth: username mismatch

Related topics