Polycom 501 will not auth

Status
Not open for further replies.
R

rfc1920

New Member
Jul 1, 2021
16
0
1
58
So far, softphones on VPN work, and fortunately I have only one hard phone also currently not in use. In fact I do not yet have the DID going to this system.
However, I am trying to get that one phone, what appears to be a Polycom 501, user agent PolycomSoundPointIP-SPIP_501-UA/3.1.8.0070, to authenticate. Names have been changed to protect the innocent. 192.168.2.200 is the Polycom ip address, and phone.server.name represents the phone server DNS name:

recv 525 bytes from udp/[192.168.2.200]:5060 at 13:37:39.050803:
------------------------------------------------------------------------
REGISTER sip:phone.server.name:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.2.200;branch=z9hG4bK72dff3daF9763F57
From: "First Last" <sip:231@phone.server.name>;tag=20281828-83817F8B
To: <sip:231@phone.server.name>
CSeq: 1 REGISTER
Call-ID: f00f6574-39c3918e-af211a31@192.168.2.200
Contact: <sip:231@192.168.2.200>;methods="INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER"
User-Agent: PolycomSoundPointIP-SPIP_501-UA/3.1.8.0070
Accept-Language: en
Max-Forwards: 70
Expires: 900
Content-Length: 0

2021-07-21 13:37:39.049534 [WARNING] sofia_reg.c:1795 SIP auth challenge (REGISTER) on sofia profile 'internal' for [231@phone.server.name] from ip 192.168.2.200
send 587 bytes to udp/[192.168.2.200]:5060 at 13:37:39.051527:
------------------------------------------------------------------------
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.2.200;branch=z9hG4bK72dff3daF9763F57;rport=5060
From: "First Last" <sip:231@phone.server.name>;tag=20281828-83817F8B
To: <sip:231@phone.server.name>;tag=cKcg9XQpSmmrg
Call-ID: f00f6574-39c3918e-af211a31@192.168.2.200
CSeq: 1 REGISTER
User-Agent: FreeSWITCH
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Supported: timer, path, replaces
WWW-Authenticate: Digest realm="phone.server.name", nonce="e7eeace1-8e18-42db-b936-8900ea31dd28", algorithm=MD5, qop="auth"
Content-Length: 0

recv 769 bytes from udp/[192.168.2.200]:5060 at 13:37:39.111843:
------------------------------------------------------------------------
REGISTER sip:phone.server.name:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.2.200;branch=z9hG4bK9d970f65C7909942
From: "First Last" <sip:231@phone.server.name>;tag=20281828-83817F8B
To: <sip:231@phone.server.name>
CSeq: 2 REGISTER
Call-ID: f00f6574-39c3918e-af211a31@192.168.2.200
Contact: <sip:231@192.168.2.200>;methods="INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER"
User-Agent: PolycomSoundPointIP-SPIP_501-UA/3.1.8.0070
Accept-Language: en
Authorization: Digest username="231", realm="phone.server.name", nonce="e7eeace1-8e18-42db-b936-8900ea31dd28", qop=auth, cnonce="946hABaai+iGyF/", nc=00000001, uri="sip:phone.server.name:5060", response="e8e1e862bdffadd171e4adc469f1fa3b", algorithm=MD5
Max-Forwards: 70
Expires: 900
Content-Length: 0

2021-07-21 13:37:39.109533 [WARNING] sofia_reg.c:1740 SIP auth failure (REGISTER) on sofia profile 'internal' for [231@phone.server.name] from ip 192.168.2.200
send 464 bytes to udp/[192.168.2.200]:5060 at 13:37:39.116738:
------------------------------------------------------------------------
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 192.168.2.200;branch=z9hG4bK9d970f65C7909942;rport=5060
From: "First Last" <sip:231@phone.server.name>;tag=20281828-83817F8B
To: <sip:231@phone.server.name>;tag=Dv58aS8SpXaBc
Call-ID: f00f6574-39c3918e-af211a31@192.168.2.200
CSeq: 2 REGISTER
User-Agent: FreeSWITCH
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Supported: timer, path, replaces
Content-Length: 0
Click to expand...
 
R

rfc1920

New Member
Jul 1, 2021
16
0
1
58
For the device, I have the correct MAC address, but I saw nowhere to put the ip address, so I guess that's magic. I don't think it will be able to ARP since it is on another subnet and at a different location as with the old and busted phone server. I have the user First Last as the label and one line with:

1 phone.server.name, First Last, 231, 231, PASSWORD, 5060, UDP, 120,, True
 
hfoster

hfoster

Active Member
Jan 28, 2019
677
80
28
34
Is it possible the password is just wrong? Check extension 231's password matches up with the handset.

Did you provision this phone automatically or manually?
 
R

rfc1920

New Member
Jul 1, 2021
16
0
1
58
Fully manual at this point other than the fact that the phone uses DHCP for basic network setup. I have tried a few different passwords as well as no password, which appeared to have been the choice on the FreePBX setup.
 
hfoster

hfoster

Active Member
Jan 28, 2019
677
80
28
34
It's only going to be one password, the extension 231's password. Mouse over it in the extension edit to reveal the password in question.
1626947197558.png
 
R

rfc1920

New Member
Jul 1, 2021
16
0
1
58
Makes sense. Not sure what the devices page configuration was for unless only for automatic provisioning. I'll try that.
EDIT: The correct extension password gets populated there if configured from the extension page.
 
Last edited:
R

rfc1920

New Member
Jul 1, 2021
16
0
1
58
Still no go. Comparing this to what Bria sends, it appears that the Polycom is sending nonce as crypt instead of MD5 even though algo is set to MD5.
 
Status
Not open for further replies.
Top Bottom