Lars,<br><br>Since this question has come up a few times I'm going to write up a nice wiki article on it explaining the differences between letting someone in via an ACL and actually doing digest authentication. In a nutshell, though, it's this: if the user does digest authentication (with the whole REGISTER, 401, REGISTER, 200 OK exchange) then whatever value is in user_context is the context for the calls made by that user. In conf/directory/default/1000.xml (and 1001.xml, etc.) they all have user_context = "default" so when those users register the calls they make are handled in the default context. OTOH, if you let a user in via an ACL they aren't really registered, you've simply opened the door for anyone coming from a particular IP address or IP address range. In that case the calls are handled in the context specified by the context parameter of the sip profile where the calls come in. By default the internal sip profile uses the public context. This is for security reasons. "Paranoid by default" is how you might describe it. You are welcome to change that value to "default" so that calls let in by the ACL are handled just like auth'd calls.<br>
<br>Play around with it and let us know how it goes. I think you'll get it once you start modifying settings and making test calls.<br><br>-MC<br><br><div class="gmail_quote">On Thu, Dec 24, 2009 at 8:16 AM, Lars Zeb <span dir="ltr"><<a href="mailto:larclap@yahoo.com">larclap@yahoo.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div link="blue" vlink="purple" style="word-wrap: break-word;" lang="EN-US">
<div>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);">Brian,</span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);">Please forgive
my slowness, but I’m still having problems with this. When you say that I
“really didn’t auth the user”, did you mean the
endpoint/extension?</span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);">If you did, I
upped to svn1 16055 and placed a cidr attribute on the extension and reran the
test, resulting in the same output, going to context public.</span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);">Further, I’m
confused about your response about ACL compared with Billy W in an email of
12/22/2009.</span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p class="MsoNormal" style="margin-left: 0.5in;"><span style="font-size: 11pt; color: rgb(31, 73, 125);">“…you could simply put these entries in your
internal sofia profile.</span></p>
<p class="MsoNormal" style="margin-left: 0.5in;"><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p class="MsoNormal" style="margin-left: 0.5in;"><span style="font-size: 11pt; color: rgb(31, 73, 125);"><param name="apply-inbound-acl"
value="<a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a>"/> <param
name="apply-register-acl" value="<a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a>"/></span></p>
<p class="MsoNormal" style="margin-left: 0.5in;"><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p class="MsoNormal" style="margin-left: 0.5in;"><span style="font-size: 11pt; color: rgb(31, 73, 125);">In that case, you do not need to include anything in the
directory. The cidr entries in the directory are for providing additional
control for each user id and what IPs they are allowed to make calls from.”</span></p>
<p class="MsoNormal" style="margin-left: 0.5in;"><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p class="MsoNormal"><a href="http://pastebin.freeswitch.org/11633" target="_blank">http://pastebin.freeswitch.org/11633</a></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);">Linux fs
2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:39:21 EDT 2009 i686 i686 i386 GNU/Linux</span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);">Thanks Lars</span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<div style="border-style: none none none solid; border-color: -moz-use-text-color -moz-use-text-color -moz-use-text-color blue; border-width: medium medium medium 1.5pt; padding: 0in 0in 0in 4pt;">
<div>
<div style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0in 0in;">
<p class="MsoNormal"><b><span style="font-size: 10pt;">From:</span></b><span style="font-size: 10pt;">
<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>
[mailto:<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>] <b>On Behalf Of </b>Brian
West<br>
<b>Sent:</b> Wednesday, December 23, 2009 6:03 PM<br>
<b>To:</b> <a href="mailto:freeswitch-users@lists.freeswitch.org" target="_blank">freeswitch-users@lists.freeswitch.org</a><br>
<b>Subject:</b> Re: [Freeswitch-users] Local call uses public context?</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);">2009-12-23</span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);"> </span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);">15</span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);">:</span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);">00</span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);">:</span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);">01.955357</span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);"> </span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);">[</span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);">DEBUG</span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);">]</span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);"> sofia.c:</span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);">5322</span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);"> IP </span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);">192.168.10.105</span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);"> Approved by acl "</span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);">192.168.10.0</span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);">/</span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);">24</span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);">[]</span></span><span><span style="font-size: 8.5pt; font-family: "Courier New"; color: rgb(51, 51, 51);">". Access Granted.</span></span></p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-size: 8.5pt; font-family: Courier; color: rgb(51, 51, 51);">Because the context is set on the profile as
public... and you really didn't auth the user so user_context was never set.</span></span></p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"><span><span style="font-size: 8.5pt; font-family: Courier; color: rgb(51, 51, 51);">/b</span></span></p>
</div>
<div>
<p class="MsoNormal"> </p>
<div>
<div>
<p class="MsoNormal">On Dec 23, 2009, at 7:49 PM, Lars Zeb wrote:</p>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size: 11pt;">I am trying to setup a second
FS box from scratch using v16048.</span><span style="font-size: 11pt;"></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 11pt;"> </span><span style="font-size: 11pt;"></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 11pt;">What can cause a local call
(81002, or 9996) to use context public? It’s a standard vanilla install.</span><span style="font-size: 11pt;"></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 11pt;"> </span><span style="font-size: 11pt;"></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 11pt;"><a href="http://pastebin.freeswitch.org/11629" target="_blank">http://pastebin.freeswitch.org/11629</a></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 11pt;"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 11pt;">Thanks,
Lars</span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size: 13.5pt;">_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a></span></p>
</div>
</div>
<p class="MsoNormal"> </p>
</div>
</div>
</div>
</div>
<br>_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br>