SIP Password length

[henrymat]

Hi,
 trying to connect a NYC SIP to our Mitel 5000, I have read that the password for the SIP must be 12 or less characters - Is there a way to extend this? our SIP Provider is saying they cant reduce the length of their password and can only issue me one of 13 characters long.

Cheers
H

[acejavelin]

Hi,
 trying to connect a NYC SIP to our Mitel 5000, I have read that the password for the SIP must be 12 or less characters - Is there a way to extend this? our SIP Provider is saying they cant reduce the length of their password and can only issue me one of 13 characters long.

Cheers
H

What version of software are you running? 6.2 allows for a password of up to 49 characters for Inbound or Outbound authentication.

I know in our system we are using 18 character random passwords already... We are our own hosting company, and our password requirements are 16+ random generated characters and I don't recall having any issues getting the trunks working on our 6.2 system.

[henrymat]

Thanks, We're on v 5.1.0.20 - do you know if its possible on this version pr if there are any updates available for v5 to allow this to work?

thanks
H

[Tech Electronics]

henrymat,

The Outbound Authentication Password for a SIP Peer Trunk Group is 64 characters at version 5.1.0.40 which is the latest version of 5.1 that should be on your system.

Thanks,

TE

[henrymat]

thats great thank you - am I right in thinking that 5.1.0.20 has a 12 character restriction? or is there another issue with our system causing teh SIP not to authenticate?
Is the update to 5.1.0.40 available without software assurance?

thanks so much

[acejavelin]

thats great thank you - am I right in thinking that 5.1.0.20 has a 12 character restriction? or is there another issue with our system causing teh SIP not to authenticate?
Is the update to 5.1.0.40 available without software assurance?

thanks so much

You can upgrade within the same release without software assurance... 5.1.X.X to any 5.1.X.X version, 6.0.X.X to any 6.0.X.X, etc... You just can't "jump" release streams like 5.0.0.27 to 5.1.0.20 or 6.1.0.47 to 6.2.0.63, without a new license key.

But honestly, 5.1.0.20 and 5.1.0.40 should have the same password length restrictions here. Not trying to question your abilities here, but are you sure your putting it in the correct place?

[henrymat]

thats really great thank you for that info - Please question away!
Im getting 403 errors from the SIP Provider, and a response from their techs saying its a wrong password error.
 I'm inputting the password under System>Devices and feature codes? SIP Peers?SIP Trunk Groups? 82003>Configuration>authentication > outbound password.

Is this the correct place or is there somewhere else I need to add it too?

Cheers

[acejavelin]

thats really great thank you for that info - Please question away!
Im getting 403 errors from the SIP Provider, and a response from their techs saying its a wrong password error.
 I'm inputting the password under System>Devices and feature codes? SIP Peers?SIP Trunk Groups? 82003>Configuration>authentication > outbound password.

Is this the correct place or is there somewhere else I need to add it too?

Cheers

That is the correct place... Are the trunks registering and are just calls failing, or won't they even register?

[henrymat]

thats really great thank you for that info - Please question away!
Im getting 403 errors from the SIP Provider, and a response from their techs saying its a wrong password error.
 I'm inputting the password under System>Devices and feature codes? SIP Peers?SIP Trunk Groups? 82003>Configuration>authentication > outbound password.

Is this the correct place or is there somewhere else I need to add it too?

Cheers

That is the correct place... Are the trunks registering and are just calls failing, or won't they even register?

The trunks won’t register, I get a 403 error.
The SIP provider asked if passwords are encrypted?
Any other ideas what might be messing with the password?

Cheers
H


Sent from my iPhone using Tapatalk

[Tech Electronics]

henrymat,

I don't mean to tell you how things work, but if it were a username/password issue you would be getting a 401 error not a 403 error. A the 4xx error series is typically looked at as a client issue, but not always; case in point 403.

401 Unauthorized: The request requires user authentication. This response is issued by the User Agent Servers and Registrars.
403 Forbidden: The server understood the request, but is refusing to fulfill it. This response is issued by the User Agent Servers and Registrars.

They may seem similar, but in reality they fulfill two separate purposes. The 4xx series of errors means you are getting to the Server, which is great, but the server is refusing to work with the client because it doesn't like what it is receiving from it.

401 Unauthorized = bad username and/or password
403 Forbidden = Not allowed regardless if the username/password is correct or not. A 403 error typically means that the ISP is using a static binding and they have the wrong IP Address(s) that they expect the request to come from.

I think you have been led astray my friend. I would be asking the ISP why they are sending a 403 error and then telling you that they see the username and password incorrectly.

Thanks,

TE

[sarond]

Have you tried to use a SIP Client on you PC/Laptop?

This is usually how I test the providers credentials for registration.

[j0mbie]

Sorry to dig up a very old thread, but I wanted to post this in case anyone comes along here in the future, like I did. My version of Mitel 5000 CP does *NOT* support passwords longer than 12 characters. If you input a longer password, it will simply trim all the extra characters.

Software Release Version: 5.1 SP4 PR5
Call Processing Version: 5.1.0.52
Mitel System Administration & Diagnostics Version: 5.2.20.0 (64-Bit)

I confirmed this using packet captures and checking the 2nd SIP REGISTER packet. (The one with the Digest Authentication Response in Wireshark.) Mitel's response did not match the expected response, if you use the below formulas. However, if I truncated my password to 12 characters and ran it through the formulas again, it matched what Mitel was sending.

HA1 = Lowercase MD5 of: {Username}:{Digest Realm}:{Password}
HA2 = Lowercase MD5 of: {Method}:{Digest Authentication URI}
Response = Lowercase MD5 of: {HA1}:{Digest Nonce}:{Digest Nonce Count}:{Digest CNonce}:{Digest QOP}:{HA2}

Note: Method is "REGISTER" when you're registering a SIP trunk, and typically QOP will be "auth", in my experience.

This is also just useful information if you ever want to check that you're sending the correct password when you go through a packet capture. If you're not using CNonce, the formula would just be:

Response = Lowercase MD5 of: {HA1}:{Digest Nonce}:{HA2}

On a side note, I also got 403 Authentication Failure back from my response, but that could just be my SIP provider giving the wrong reply codes.