Benko
2006-Oct-09 09:37 UTC
[asterisk-users] connecting multiple servers with iax - authentication fails
Hello! I'm having a problem which actually looks banal. I'm trying to connect 3 servers via iax with each other. However, i've not been successfull so far. Asterisk always tries to authenticate the calling user with the credentials of the last entry in iax.conf, not the ones that would actually belong to the calling user. e.g. Server1 has peer/user entries for Server2 and Server3(in this order), Server2 now tries to call Server1, but is asked for the credentials of Server3(Because Server3 is the last entry in iax.conf), which doesn't work of course. The IAX debug for this example is attached(iax_server2.txt). Please also take a look at the attached iax.conf-files for each server, maybe i've missed some setting... Currently i workaround this issue by using the same secret for all servers, this is not very practicable however... The asterisk versions in use are 1.2.9.1 on server3 and server2 and 1.4.0-beta2 on server1. This guy seems to have had the same problem, unfortunately he received no answer: http://lists.digium.com/pipermail/asterisk-users/2003-August/011960.html thx christian -------------- next part -------------- [general] register => server3:12345678@server2.domain.org bindport=4569 ; bindport and bindaddr may be specified bindaddr=10.1.99.157 bandwidth=high allow=all disallow=lpc10 jitterbuffer=no forcejitterbuffer=no autokill=yes [server3] type=peer auth=md5 user=server3 secret=thirdsecret321 qualify=yes host=XXX.XXX.XXX.XXX context=iax_server3 [server3] type=user auth=md5 user=server3 secret=thirdsecret321 qualify=yes host=XXX.XXX.XXX.XXX context=iax_server3 [server2] type=peer auth=md5 user=server2 secret=othersecret123 qualify=yes host=XXX.XXX.XXX.XXX context=iax_server3 [server2] type=user auth=md5 user=server2 secret=othersecret123 qualify=yes host=XXX.XXX.XXX.XXX context=iax_server3 -------------- next part -------------- [general] bindport=4569 bindaddr=213.208.4.99 bandwidth=high allow=all disallow=lpc10 jitterbuffer=no forcejitterbuffer=no tos=lowdelay autokill=yes [server1] type=user auth=md5 user=server1 secret=othersecret123 qualify=yes host=dynamic context=iax_server3 [server1] type=peer auth=md5 user=server1 secret=othersecret123 qualify=yes host=dynamic context=iax_server3 [server3] type=user auth=md5 user=mgw1 secret=12345678 qualify=yes host=XXX.XXX.XXX.XXX context=iax_server3 [server3] type=peer auth=md5 user=server3 secret=12345678 qualify=yes host=XXX.XXX.XXX.XXX context=iax_server3 -------------- next part -------------- [general] bindport=4569 bindaddr=0.0.0.0 delayreject=yes bandwidth=high allow=all ; same as bandwidth=high allow=alaw disallow=ulaw disallow=lpc10 ; Icky sound quality... Mr. Roboto. jitterbuffer=no forcejitterbuffer=no [server1] type=peer auth=md5 secret=thirdsecret321 ; redundant when already embedded in Dial string qualify=yes host=81.XXX.XXX.XXX user=server1 ; redundant when already embedded in Dial string context=iax_server1 [server1] type=user auth=md5 secret=thirdsecret321 ; redundant when already embedded in Dial string qualify=yes host=81.XXX.XXX.XXX user=server1 ; redundant when already embedded in Dial string context=iax_server1 [server2] type=peer auth=md5 secret=12345678 ; redundant when already embedded in Dial string qualify=yes host=XXX.XXX.XXX.XXX user=server2 ; redundant when already embedded in Dial string context=iax_server3 ;yes, this context is the same as in iax.conf.server2.txt [server2] type=user auth=md5 secret=12345678 ; redundant when already embedded in Dial string qualify=yes host=XXX.XXX.XXX.XXX user=server2 ; redundant when already embedded in Dial string context=iax_server3 ;yes, this context is the same as in iax.conf.server2.txt -------------- next part -------------- Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass: NEW Timestamp: 00015ms SCall: 00006 DCall: 00000 [81.XXX.XXX.XXX:4569] VERSION : 2 CALLED NUMBER : 004989153213126 CODEC_PREFS : () CALLING NUMBER : 49896272423 CALLING PRESNTN : 34 CALLING TYPEOFN : 0 CALLING TRANSIT : 0 CALLING NAME : server1 LANGUAGE : en FORMAT : 4 CAPABILITY : 4194175 ADSICPE : 2 DATE TIME : 2006-10-09 17:18:34 Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX Subclass: AUTHREQ Timestamp: 00002ms SCall: 00030 DCall: 00006 [81.XXX.XXX.XXX:4569] AUTHMETHODS : 2 CHALLENGE : 757581300 USERNAME : server3 Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass: AUTHREP Timestamp: 00040ms SCall: 00006 DCall: 00030 [81.XXX.XXX.XXX:4569] MD5 RESULT : 94975d6e1044df7ddcafee71463fbfd9 server2*CLI> Oct 9 17:15:53 NOTICE[11866]: chan_iax2.c:7229 socket_read: Host 81.XXX.XXX.XXX failed to authenticate as server1 Tx-Frame Retry[000] -- OSeqno: 001 ISeqno: 002 Type: IAX Subclass: REJECT Timestamp: 00027ms SCall: 00030 DCall: 00006 [81.XXX.XXX.XXX:4569] CAUSE : No authority found CAUSE CODE : 50 server2*CLI>
Benko
2006-Oct-09 09:58 UTC
[asterisk-users] Re: connecting multiple servers with iax - authentication fails
> e.g. Server1 has peer/user entries for Server2 and Server3(in this > order), Server2 now tries to call Server1, but is asked for the > credentials of Server3(Because Server3 is the last entry in iax.conf), > which doesn't work of course.i beg your pardon, actually the description of the attached debug goes like this: e.g. Server2 has peer/user entries for Server1 and Server3(in this order), Server1 now tries to call Server2, but is asked for the credentials of Server3(Because Server3 is the last entry in iax.conf of Server2)...
Tim Panton
2006-Oct-10 01:27 UTC
[asterisk-users] connecting multiple servers with iax - authentication fails
On 9 Oct 2006, at 17:36, Benko wrote:> Hello! > > I'm having a problem which actually looks banal. I'm trying to > connect 3 servers via iax with each other. However, i've not been > successfull so far. Asterisk always tries to authenticate the calling > user with the credentials of the last entry in iax.conf, not the ones > that would actually belong to the calling user. > > e.g. Server1 has peer/user entries for Server2 and Server3(in this > order), Server2 now tries to call Server1, but is asked for the > credentials of Server3(Because Server3 is the last entry in iax.conf), > which doesn't work of course. > > The IAX debug for this example is attached(iax_server2.txt). > > Please also take a look at the attached iax.conf-files for each > server, > maybe i've missed some setting... > > Currently i workaround this issue by using the same secret for all > servers, this is not very practicable however... > > The asterisk versions in use are 1.2.9.1 on server3 and server2 and > 1.4.0-beta2 on server1. > > This guy seems to have had the same problem, unfortunately he received > no answer: > http://lists.digium.com/pipermail/asterisk-users/2003-August/ > 011960.html > > > thx > christian > <iax.conf.server1.txt> > <iax.conf.server2.txt> > <iax.conf.server3.txt> > <iax_debug_server2.txt>It is a bit hard to tell what is going on because you have blanked the IP addresses in the config files to all the same value. If you specify an IP address in the host= line , asterisk will use the from IP address of a 'new' to try and find a matching entry, and ignore the username sent in the message. At a guess you have the IP addresses of servers 1 or 3 wrong in iax.conf on server2 Tim. Tim Panton www.mexuar.com