Buy or Renew
Buy or Renew
This forum is no longer in read-only mode. See this post for updates
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
746
Views
0
Helpful
4
Replies

SPA508G Won't Provision Using HTTP Authentication

marcel.manning
Level 1
Level 1

‎01-23-2016 10:09 AM - edited ‎03-21-2019 08:51 AM

I'm trying to provision the SPA508G with the latest firmware using Nginx and HTTP Auth. I've used the format provided in the provisioning guide but it's not working.

I'm using the following format on the profile line

[--uid slee --pwd 1234] http://download.com/spacfg.xml

Nginx is showing the following error

GET /app/provision/?mac=xxxxxxxxx HTTP/1.1" 401 0 "-" "Cisco/SPA508G-7.6.1 (XXXXXXXXXXXX)(XXXXXXXXXXXX)

As soon as I turn off HTTP Authentication the phone provisions no problem. Anyone have any experience with this?

0 Helpful
4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

‎01-23-2016 10:28 AM

I think it is more common to do this using SSL, and then you can authenticate based on the phones built in SSL certificate.  But it does take much longer to setup.

0 Helpful

Dan Lukes
VIP Alumni
VIP Alumni

‎01-24-2016 03:46 PM

There's neither text '/app/provision' nor 'mac=' in the profile rule configured. A there are no such strings even in factory default provisioning rule. Hard to believe the firmware, even the buggy one, has just manufactured those strings.

May be the SPA508G firmware is buggy, but not that way.

Use wireshark or tcpdump or so to capture the HTTP request as well as server response. I assume the Nginx is guilty. But it's just blind shot. Captured data will allow us to analyze it.

0 Helpful

marcel.manning
Level 1
Level 1
In response to Dan Lukes

‎01-24-2016 03:58 PM

Sorry my profile rule is as follows

[--uid myUser --pwd myPass] http://myserver/app/provision/?mac=xxxxxxxxx

So I've done some digging around and realized that my server had HTTP Basic Auth and not Digest Auth. Even after setting up digest authentication I was still unable to get the phone to provision with HTTP Auth enabled. I'd see a 401 error on the Nginx log followed by a status of 200 but it still would not provision. When I remove the Authentication the phone provisions fine. These phones seem very finicky.

0 Helpful

Dan Lukes
VIP Alumni
VIP Alumni
In response to marcel.manning

‎01-24-2016 04:04 PM

You confirmed my hypothesis - Nginx has caused troubles. And I assume it's guilty even now. Captured HTTP session should help you to disclose the cause.

0 Helpful
Customers Also Viewed These Support Documents