Showing results for 
Search instead for 
Did you mean: 

SPA508G Won't Provision Using HTTP Authentication

Level 1
Level 1

I'm trying to provision the SPA508G with the latest firmware using Nginx and HTTP Auth. I've used the format provided in the provisioning guide but it's not working.

I'm using the following format on the profile line

[--uid slee --pwd 1234]

Nginx is showing the following error

GET /app/provision/?mac=xxxxxxxxx HTTP/1.1" 401 0 "-" "Cisco/SPA508G-7.6.1 (XXXXXXXXXXXX)(XXXXXXXXXXXX)

As soon as I turn off HTTP Authentication the phone provisions no problem. Anyone have any experience with this?

4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

I think it is more common to do this using SSL, and then you can authenticate based on the phones built in SSL certificate.  But it does take much longer to setup.

Dan Lukes
VIP Alumni
VIP Alumni

There's neither text '/app/provision' nor 'mac=' in the profile rule configured. A there are no such strings even in factory default provisioning rule. Hard to believe the firmware, even the buggy one, has just manufactured those strings.

May be the SPA508G firmware is buggy, but not that way.

Use wireshark or tcpdump or so to capture the HTTP request as well as server response. I assume the Nginx is guilty. But it's just blind shot. Captured data will allow us to analyze it.

Sorry my profile rule is as follows

[--uid myUser --pwd myPass] http://myserver/app/provision/?mac=xxxxxxxxx

So I've done some digging around and realized that my server had HTTP Basic Auth and not Digest Auth. Even after setting up digest authentication I was still unable to get the phone to provision with HTTP Auth enabled. I'd see a 401 error on the Nginx log followed by a status of 200 but it still would not provision. When I remove the Authentication the phone provisions fine. These phones seem very finicky.

You confirmed my hypothesis - Nginx has caused troubles. And I assume it's guilty even now. Captured HTTP session should help you to disclose the cause.