How can we help you today?
Start a new topic

[WARN ] SIP: sip::ProcessAuthDigest: 401 needs 128 bit nonce

I have a Snom D375 running the latest firmware (v10.1.33.33) which in turn has Identity 1 registered to a FreePBX CHAN SIP extension. I'm seeing lots of the following types of errors:

Apr 16 20:47:22.020 [WARN ] SIP: sip::ProcessAuthDigest: 401 needs 128 bit nonce Apr 16 20:47:22.020 [NOTICE] SIP: process auth: Match challenge for user=201, realm=asterisk


Anyone have any idea why?



1 Comment

Paul,


From RFC 3261


RFC 3261            SIP: Session Initiation Protocol           June 2002


  20.44 WWW-Authenticate

   A WWW-Authenticate header field value contains an authentication

   challenge.  See Section 22.2 for further details on its usage.

   Example:

      WWW-Authenticate: Digest realm="atlanta.com",

        domain="sip:boxesbybob.com", qop="auth",

        nonce="f84f1cec41e6cbe5aea9c8e88d359",

        opaque="", stale=FALSE, algorithm=MD5

21 Response Codes

   The response codes are consistent with, and extend, HTTP/1.1 response

   codes.  Not all HTTP/1.1 response codes are appropriate, and only

   those that are appropriate are given here.  Other HTTP/1.1 response

   codes SHOULD NOT be used.  Also, SIP defines a new class, 6xx.

   

   

   21.4.2 401 Unauthorized

   The request requires user authentication.  This response is issued by

   UASs and registrars, while 407 (Proxy Authentication Required) is

   used by proxy servers.



  22.2 User-to-User Authentication


   When a UAS receives a request from a UAC, the UAS MAY authenticate

   the originator before the request is processed.  If no credentials

   (in the Authorization header field) are provided in the request, the

   UAS can challenge the originator to provide credentials by rejecting

   the request with a 401 (Unauthorized) status code.


   The WWW-Authenticate response-header field MUST be included in 401

   (Unauthorized) response messages.  The field value consists of at

   least one challenge that indicates the authentication scheme(s) and

   parameters applicable to the realm.


   An example of the WWW-Authenticate header field in a 401 challenge

   is:


      WWW-Authenticate: Digest

              realm="biloxi.com",

              qop="auth,auth-int",

              nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",

              opaque="5ccc069c403ebaf9f0171e9517f40e41"


   When the originating UAC receives the 401 (Unauthorized), it SHOULD,

   if it is able, re-originate the request with the proper credentials.

   The UAC may require input from the originating user before

   proceeding.  Once authentication credentials have been supplied

   (either directly by the user, or discovered in an internal keyring),

   UAs SHOULD cache the credentials for a given value of the To header

   field and "realm" and attempt to re-use these values on the next

   request for that destination.  UAs MAY cache credentials in any way

   they would like."



Regards,


Snom Support 

Login or Signup to post a comment