<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">First off you have to fully understand how SIP authentication works the two authorization line are different because one is for a challenge and one is a response to a challenge. <br><div><div><br></div><div><a href="http://en.wikipedia.org/wiki/Digest_access_authentication">http://en.wikipedia.org/wiki/Digest_access_authentication</a></div><div><br></div><div><br></div><div>On Oct 6, 2009, at 4:22 PM, Nicolas Brenner wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">That happens with both gateways though, one works and the other doesn't. Would the rport have anything to do with the registration failing?<br><br>The big difference to me is that the working gateway replies a 401 Unauthorized containing:<br><br> WWW-Authenticate: Digest realm="<a href="http://pxextmy.redvoiss.net/">pxextmy.redvoiss.net</a>", nonce="4acac8fe248a9075a13773274684392a65a40240", qop="auth".<br><br>Whereas the non-working gateway's 401 has:<br><br>WWW-Authenticate: Digest realm="<span class="nu0">216.72</span><span class="nu0">.10</span><span class="nu0">.39</span>", nonce="4acac08249c439decb2bea539282faf755c80b0c".<br></blockquote><div><br></div><div>What is this gateway? You might actually put the realm param INTO the gateway config for this gateway.</div><div><br></div><br><blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; ">What does the qop parameter stand for? Apparently because of that parameter, FS sends a new REGISTER including this:<br></span></blockquote><div><br></div><div>Quality of Protection, qop is assumed auth if excluded.</div><br><blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><br>Authorization: Digest username="xxxxxxxxx", realm="<a href="http://pxextmy.redvoiss.net/">pxextmy.redvoiss.net</a>", nonce="4acac8fe248a9075a13773274684392a65a40240", cnonce="h1DCSizTEi2eMQAdCe9KJA", algorithm=MD5, uri="sip:<a href="http://pxextmy.redvoiss.net/">pxextmy.redvoiss.net</a>", response="05adb2a7f9d7772e57dc846257484f5d", qop=auth, nc=<span class="nu0">00000001</span>.<font class="Apple-style-span" color="#000000"><font class="Apple-style-span" color="#144FAE"><br></font></font></span></blockquote><div><br></div>This is a response to a challenge.<br><br><blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; ">Instead, on the non-working gateway case, FS sends a REGISTER with this:<br><br>Authorization: Digest username="yyyyyyyyy", realm="<span class="nu0">216.72</span><span class="nu0">.10</span><span class="nu0">.39</span>", nonce="4acac08249c439decb2bea539282faf755c80b0c", algorithm=MD5, uri="<a href="sip:216.72.10.39">sip:</a><span class="nu0"><a href="sip:216.72.10.39">216.72</a></span><span class="nu0"><a href="sip:216.72.10.39">.10</a></span><span class="nu0"><a href="sip:216.72.10.39">.39</a></span>", response="8311db7666779df89d5223e16a611826".<font class="Apple-style-span" color="#000000"><font class="Apple-style-span" color="#144FAE"><br></font></font></span></blockquote><div><br></div>This is a challenge. <br><br><blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; ">Notice the absence of the qop and nc parameters. I'm guessing the lack of those parameters causes the gateway (SIP server) to use another nonce and hence reject the mismatching REGISTER.<br></span></blockquote><div><br></div><div>Again challenge vs response.</div><br><blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><br>BTW, registration from an X-Lite softphone works.<br><br><br>Thanks!<br><br>Nicolas</span></blockquote></div><br></body></html>