New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
auth_check: to 2 accounts on the same Phone, same username different realm. 2nd acc fails with -2 #548
Comments
Here some logs of the auth_check. |
Realm is used for domain matching in subscriber table. Also be sure that if you use ha1 for digest authentication, the realm is used to build that string. You need to have two records in this case inside the subscriber table. This is something to continue on sr-users@lists.sip-router.org mailing list if you want to discuss more. It is not related to a bug in the code and the tracker here is not used as a discussions forum, so I am closing the item here. |
Hello again, Sorry to bother again. Therefore there must be an issue in the code with threading authentication of SipAccounts with the same username but different domains from one ip-address and port. |
After further testing this seems to be a problem of the phones firmware. |
Hi there,
we are using kamailio as Registrar and Dispatcher.
Running
modparam("auth_db", "use_domain", MULTIDOMAIN) //with MULTIDOMAIN = 1
In our
route[AUTH]
I call
if (!auth_check("$fd", "subscriber", "1")) {
to filter unwanted Guests and and brute-force attacks to the blacklist.
strangely auth_check fails under the following conditions:
1 UserAgent(Phone) with 2 SipAccounts with the same user-name but different realm
The first account can REGISTER without a problem.
for the second Account REGISTER fails with -2.
If I disable the first one the second one Registered.
Could it be that auth_check is not multidomain-safe in one user-agent thread?
Hope to here from you...
PS: I like kamailio =).
version: kamailio 4.3.4 (x86_64/linux)
The text was updated successfully, but these errors were encountered: