Forbidden - wrong password on authentication for REGISTER

[Nixi]

Hi all,

I am having some big problem with a new SIP provider. It refuses to register. I cannot get a register and in and outbound routing is not working at all.

I am running PIAF Purple with Asterisk 1.8 (I have also tried setting it up the trunk on an Asterisk 1.6.2 but with same results). I have several other SIP trunks and extensions on the server and they all work fine. I not using NAT

The sip account works in X-lite so my basic details are correct.


The settings I have in Freepbx is like this:

Outgoing settings
AbissnetAL

username=044123456
type=peer
secret=1234456789
nat=never
insecure=very
host=80.91.XXX.XXX
fromuser=044123456
qualify=yes
authuser=044123456

Incoming settings
044123456

type=user
nat=never
secret=1234456789
insecure=very
dtmfmode=rfc2833
context=from-pstn
authuser=044123456

I have tried several register strings like

044123456:1234456789:[email protected]/044123456
044123456:[email protected]/044123456
[email protected]:[email protected]/044123456
[email protected]:[email protected]/044123456

The log could perhaps reveal the problem. I see some "SIP/2.0 403 Forbidden (Bad auth)" and "SIP/2.0 401 Unauthorized" and "SIP/2.0 404 Not Found" and "Forbidden - wrong password on authentication for REGISTER for '044123456' to '80.91.XXX.XXX'" but I do not understand the problem. Could it have something to do with MD5?

[2010-12-27 10:33:59] NOTICE[2992] chan_sip.c: -- Re-registration for [email protected]
[2010-12-27 10:33:59] VERBOSE[2992] chan_sip.c: REGISTER 10 headers, 0 lines
[2010-12-27 10:33:59] VERBOSE[2992] chan_sip.c: Reliably Transmitting (no NAT) to 80.91.XXX.XXX:5060:
REGISTER sip:80.91.XXX.XXX SIP/2.0 
Via: SIP/2.0/UDP 91.123.XXX.XXX:5060;branch=z9hG4bK7f68ff20 
Max-Forwards: 70 
From: <sip:[email protected]>;tag=as5679bb26 
To: <sip:[email protected]> 
Call-ID: [email protected] 
CSeq: 102 REGISTER 
User-Agent: Asterisk PBX 1.8.0 
Expires: 120 
Contact: <sip:[email protected]:5060> 
Content-Length: 0 


---
[2010-12-27 10:33:59] VERBOSE[2992] chan_sip.c: 
<--- SIP read from UDP:80.91.XXX.XXX:5060 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 91.123.XXX.XXX:5060;branch=z9hG4bK7f68ff20;received=91.123.XXX.XXX
From: <sip:[email protected]>;tag=as5679bb26
To: <sip:[email protected]>;tag=as1211ec84
Call-ID: [email protected]
CSeq: 102 REGISTER
Server: OTelloPBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="abissnet.al", nonce="68f41dd0"
Content-Length: 0

<------------->
[2010-12-27 10:33:59] VERBOSE[2992] chan_sip.c: --- (11 headers 0 lines) ---
[2010-12-27 10:33:59] VERBOSE[2992] chan_sip.c: Responding to challenge, registration to domain/host name 80.91.XXX.XXX
[2010-12-27 10:33:59] VERBOSE[2992] chan_sip.c: REGISTER 11 headers, 0 lines
[2010-12-27 10:33:59] VERBOSE[2992] chan_sip.c: Reliably Transmitting (no NAT) to 80.91.XXX.XXX:5060:
REGISTER sip:80.91.XXX.XXX SIP/2.0 
Via: SIP/2.0/UDP 91.123.XXX.XXX:5060;branch=z9hG4bK61c9cf9f 
Max-Forwards: 70 
From: <sip:[email protected]>;tag=as23f9e625 
To: <sip:[email protected]> 
Call-ID: [email protected] 
CSeq: 103 REGISTER 
User-Agent: Asterisk PBX 1.8.0 
Authorization: Digest username="044123456", realm="abissnet.al", algorithm=MD5, uri="sip:80.91.XXX.XXX", nonce="68f41dd0", response="031dc32d2127b64f8393d868987ca1ef" 
Expires: 120 
Contact: <sip:[email protected]:5060> 
Content-Length: 0 


---
[2010-12-27 10:33:59] VERBOSE[10219] manager.c: == Manager 'admin' logged off from 127.0.0.1
[2010-12-27 10:33:59] NOTICE[2992] chan_sip.c: -- Re-registration for [email protected]
[2010-12-27 10:33:59] VERBOSE[2992] chan_sip.c: 
<--- SIP read from UDP:80.91.XXX.XXX:5060 --->
SIP/2.0 403 Forbidden (Bad auth)
Via: SIP/2.0/UDP 91.123.XXX.XXX:5060;branch=z9hG4bK61c9cf9f;received=91.123.XXX.XXX
From: <sip:[email protected]>;tag=as23f9e625
To: <sip:[email protected]>;tag=as1211ec84
Call-ID: [email protected]
CSeq: 103 REGISTER
Server: OTelloPBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces, timer
Content-Length: 0

<------------->
[2010-12-27 10:33:59] VERBOSE[2992] chan_sip.c: --- (10 headers 0 lines) ---
[2010-12-27 10:33:59] WARNING[2992] chan_sip.c: Forbidden - wrong password on authentication for REGISTER for '044123456' to '80.91.XXX.XXX'
[2010-12-27 10:33:59] VERBOSE[2992] chan_sip.c: Really destroying SIP dialog '[email protected]' Method: REGISTER

[2010-12-27 10:34:01] VERBOSE[2992] chan_sip.c: Reliably Transmitting (no NAT) to 80.91.XXX.XXX:5060:
OPTIONS sip:80.91.XXX.XXX SIP/2.0 
Via: SIP/2.0/UDP 91.123.XXX.XXX:5060;branch=z9hG4bK6c7330ba 
Max-Forwards: 70 
From: "Unknown" <sip:[email protected]>;tag=as31a140eb 
To: <sip:80.91.XXX.XXX> 
Contact: <sip:[email protected]:5060> 
Call-ID: [email protected]:5060 
CSeq: 102 OPTIONS 
User-Agent: Asterisk PBX 1.8.0 
Date: Mon, 27 Dec 2010 09:34:01 GMT 
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH 
Supported: replaces, timer 
Content-Length: 0 


---
[2010-12-27 10:34:01] VERBOSE[2992] chan_sip.c: 
<--- SIP read from UDP:80.91.XXX.XXX:5060 --->
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 91.123.XXX.XXX:5060;branch=z9hG4bK6c7330ba;received=91.123.XXX.XXX
From: "Unknown" <sip:[email protected]>;tag=as31a140eb
To: <sip:80.91.XXX.XXX>;tag=as212176cb
Call-ID: [email protected]:5060
CSeq: 102 OPTIONS
Server: OTelloPBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces, timer
Accept: application/sdp
Content-Length: 0

<------------->
[2010-12-27 10:34:01] VERBOSE[2992] chan_sip.c: --- (11 headers 0 lines) ---
[2010-12-27 10:34:01] VERBOSE[2992] chan_sip.c: Really destroying SIP dialog '[email protected]:5060' Method: OPTIONS
[2010-12-27 10:34:07] VERBOSE[10237] manager.c: == Manager 'admin' logged on from 127.0.0.1

Many thanks if someone can solve this!!!

Jonathan

 

[randy7376]

I don't recall seeing authuser= in a trunk configuration before. But, I'll admit that I haven't had much time to look at Asterisk 1.8, yet.

I know with our SIP trunk provider, we have to use the fromuser= directive for it to work properly.

This example you posted is the format we use for the register string:

044123456:[email protected]/044123456

Hopefully, your provider has provided instructions on what to set here. If it still won't register, I'd get them to reset your secret for that trunk.

 

[Nixi]

No the authuser was something I tried today after seeing somebody using it from a forum. It does not make any difference in my case anyway.

Since the username and password works fine in X-lite all I need is the right instructions in Asterisk. Perhaps it is not possible but it seems so far that Asterisk handles everything.

I do not know what kind of voip server they are using, it displays OTelloPBX in the log but I cannot find any tech document about it. The ISP only support some softphones and ATA boxes which they provision.

I am not giving up but I need some help.

 

[randy7376]

Sorry, I missed the part about it working with X-Lite.

From what you posted, this really stands out:

Forbidden - wrong password on authentication for REGISTER for '044123456' to '80.91.XXX.XXX'

Have you tried deleting your trunk configuration and recreating, yet? I know I've made my fair share of mistakes - typos, usually - when setting up a trunk configuration. Maybe, you have a space somewhere that doesn't belong and it sees that as part of your secret, for example.

P.S. FYI, we have authname= in one of our trunk configurations. We're on Asterisk 1.6.2.13.

 

[Astrosmurfer]

You really should be asking your provider rather than this forum but, I do see a couple of things.

First, the SIP debug information refers to MD5 authentication which you have not specified in your trunk. So, I suspect your authentication credentials are not being transmitted in the correct format. I think you need to put auth=md5 in your outgoing trunk config.

Typically, when using registration strings, you don't use incoming settings so strip all of that out.

The register string will depend on your provider so, ask them but, I would expect it to be one of these:

044123456:[email protected]
or
044123456:[email protected]/044123456

 

[randy7376]

I missed seeing the MD5 authentication. Thanks for pointing that out, Astrosmurfer.

I need to stop responding so early in the morning - especially before the first two cups of coffee & breakfast!

 

[Nixi]

Thank you all for trying to help me. I cannot believe it, after spending too much time researching the problem it was in fact just a number in the password that was missing.

I had checked the passwords several times but for some reason I could not see it.

All good now! Maybe I need coffee to see more clearly next time;-)

Thanks again!

 

[blanchae]

Thanks for replying with the solution. We've all been there before but it's nice to hear that the problem was resolved.