[Freeswitch-users] user context being ignored

Peter Villeneuve petervnv1 at gmail.com
Fri Apr 7 22:29:13 MSD 2017


That seems to have done the job.
Apparently my vars.xml was somehow missing the auth-calls variable, but
setting it explicitly in the profile worked.

Thanks!

On Fri, Apr 7, 2017 at 7:15 PM, Peter Villeneuve <petervnv1 at gmail.com>
wrote:

> Thanks for your help David!
>
> I already have this set in my internal profile:
>
>  <param name="auth-calls" value="$${internal_auth_calls}"/>
>     <!-- Force the user and auth-user to match. -->
>     <param name="inbound-reg-force-matching-username" value="false"/>
>     <!-- on authed calls, authenticate *all* the packets not just invite
> -->
>     <param name="auth-all-packets" value="false"/>
>     <param name="accept-blind-reg" value="false"/>
>
> I guess I'll change the auth-calls value explicitly to true and restart
> freeswitch to see if it makes any difference.
>
> Cheers,
> Peter
>
> On Fri, Apr 7, 2017 at 7:09 PM, David Villasmil <
> david.villasmil.work at gmail.com> wrote:
>
>> There's a param called auth-calls or something like that, make sure it's
>> in your profile.
>> On Fri, Apr 7, 2017 at 7:38 PM Peter Villeneuve <petervnv1 at gmail.com>
>> wrote:
>>
>>> Hi all,
>>>
>>> I'm confused by some strange behavior I'm seeing on my vanilla FS
>>> installation.
>>>
>>> If I have <param name="apply-inbound-acl" value="domains"/> set in my
>>> internal sip profile, even my registered user is unable to make any calls
>>> since he gets rejected by the 2017-04-07 17:13:10.085105 [WARNING]
>>> sofia.c:9983 IP xx.xx.xx.xx Rejected by acl "domains" message in the logs.
>>> Shouldn't FS fall back to regular digest authentication like it used to?
>>>
>>> I know the user (let's call him 1000) is registered properly since
>>> running sofia status profile internal reg in the cli shows that he is
>>> indeed registered as expected.
>>>
>>> I made sure in user 1000's directory entry that <variable
>>> name="user_context" value="default"/> is set.
>>>
>>> If 1) I I apply <param name="apply-inbound-acl" value="domains"/> to the
>>> internal profile then calls from user 1000 get rejected by acl domains as
>>> explained above, with no fallback to digest authentication (don't know why
>>> it doesn't challenge the user)
>>>
>>> if 2) I disable <param name="apply-inbound-acl" value="domains"/> then
>>> the call hits the public dialplan instead of the default one even though
>>> <variable name="user_context" value="default"/> is set in user 1000's
>>> directory xml entry.
>>>
>>> I haven't used FS in awhile but I recall in the past not having this
>>> much trouble trying to get it working as expected. I suppose I could set
>>> the context in the internal profile to default but then all kinds of bad
>>> guys will be able to make calls on my dime (it's happened before). I want
>>> authenticated users only to make calls but this seems to be eluding me.
>>>
>>> Is this a known bug (my debian installation was built from git 02c0860
>>> 2017-03-03 23:35:25Z 32bit) or am I doing something silly?
>>>
>>> Thanks,
>>> Peter
>>> ____________________________________________________________
>>> _____________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170407/22f2c363/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list