Cpe to acs authentication not working as documented against Huawei CPE

Hi all. As usual, been reading the docs and several forum posts.

I want to specify a username and password for each CPE to ACS connection.

I have followed the instructions, created cwmp.auth inside config, if I set it to true, connection is denied. If I set it to false, its allowed (which is exactly the reverse of what the doc says unless I totally misunderstood it). Target CPE is Huawei EG8141A5 , which I assume is NOT behind a NAT because it has it own VLAN to the ACS (I was able to connect to the CPE even when it’s WAN connection was down).

What tests I have done:

added parameter:
cwmp.auth set to FALSE
result: CPE CONNECTS

cwmp.auth set to TRUE
CPE CONNECTS

cwmp.auth set to AUTH(“correctUser”,“correctPass”)
acs gives “Authentication failure”

cwmp.auth set to AUTH(“wrongUser”,“correctPass”)
acs gives “Authentication failure”

cwmp.auth set to TRUE
acs gives “Authentication failure”

cwmp.auth set to FALSE
CPE CONNECTS

cwmp.auth set to TRUE
acs gives “Authentication failure”

delete cwmp.auth
CPE CONNECTS

added parameter:
cwmp.auth set to FALSE
acs gives “Authentication failure”
(edit: forgot to mention CPE is configured to inform every 10 seconds to get rapid feedback).

and after that last test, but not for long, it starts to connect unauthenticated to the ACS. I could be wrong but I suppose server threads are not loading configuration on realtime.

TcpDump files show the auth parameters are passed at the http header but I was unable to check if they are correct or not (except for the username, which is not encripted).

tcpdump command line:

> tcpdump host 10.111.1.248 and not icmp -A

dump files (in TXT format, normal.txt and hex.txt using -X)

I will test again against a TP Link product ASAP, because some preliminary tests gave me different results.

using GenieACS version 1.2.3.

uname -a

Linux genieacs 4.19.0-12-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64 GNU/Linux

thanks in advance.

rudy

just upgraded to 1.2.4 and now seems like it’s working. Still I need to test it more. Thanks.