When you use a CIDR it matches the user entry based on IP not on username.<br><br>You're able to authenticate with other usernames because they're all authenticating to the same user based on IP.<br><br>-Steve<br><br>
<br><br><div class="gmail_quote">On 28 June 2011 00:12, Kurtis Heimerl <span dir="ltr"><<a href="mailto:kheimerl@cs.berkeley.edu">kheimerl@cs.berkeley.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
One of those links got screwed up...<br>
<div class="im"><br>
Anyhow, here are those three config files:<br>
<br>
internal.xml : <a href="http://pastebin.freeswitch.org/16609" target="_blank">http://bpastebin.freeswitch.org/16609</a><br>
<br>
acl.conf.xml : <a href="http://pastebin.freeswitch.org/16610" target="_blank">http://pastebin.freeswitch.org/16610</a><br>
<br>
1300.xml : <a href="http://pastebin.freeswitch.org/16611" target="_blank">http://pastebin.freeswitch.org/16611</a><br>
<br>
If anything else could help, I'd love to share it.<br>
<br>
The basic story, so far as I see, is that I allow specific IPs through<br>
the ACL. Somehow this is allowing ANY SIP username to register, rather<br>
than just those defined (such as 1300). Any help would be appreciated.<br>
<br>
</div>On Mon, Jun 27, 2011 at 4:11 PM, Kurtis Heimerl<br>
<div><div></div><div class="h5"><<a href="mailto:kheimerl@cs.berkeley.edu">kheimerl@cs.berkeley.edu</a>> wrote:<br>
> Anyhow, here are those three config files:<br>
><br>
> internal.xml : <a href="http://pastebin.freeswitch.org/16609" target="_blank">http://pastebin.freeswitch.org/16609</a><br>
> acl.conf.xml : <a href="http://pastebin.freeswitch.org/16610" target="_blank">http://pastebin.freeswitch.org/16610</a><br>
> 1300.xml : <a href="http://pastebin.freeswitch.org/16611" target="_blank">http://pastebin.freeswitch.org/16611</a><br>
><br>
> If anything else could help, I'd love to share it.<br>
><br>
> The basic story, so far as I see, is that I allow specific IPs through<br>
> the ACL. Somehow this is allowing ANY SIP username to register, rather<br>
> than just those defined (such as 1300). Any help would be appreciated.<br>
><br>
> On Mon, Jun 27, 2011 at 1:30 PM, Kurtis Heimerl<br>
> <<a href="mailto:kheimerl@cs.berkeley.edu">kheimerl@cs.berkeley.edu</a>> wrote:<br>
>> It's enabled in the acl.conf.xml file, using CIDR.<br>
>><br>
>> What conf files do you consider relevant? acl.conf.xml, internal.xml,<br>
>> a profile or two, anything else?<br>
>><br>
>> On Mon, Jun 27, 2011 at 1:26 PM, David Ponzone <<a href="mailto:david.ponzone@ipeva.fr">david.ponzone@ipeva.fr</a>> wrote:<br>
>>> The interesting question is then: why are you able to register without<br>
>>> password, if this feature is not enabled on the profile...<br>
>>> Perhaps you should recap your config once more, and put the relevant files<br>
>>> on PB.<br>
>>> David Ponzone Direction Technique<br>
>>> email: <a href="mailto:david.ponzone@ipeva.fr">david.ponzone@ipeva.fr</a><br>
>>> tel: 01 74 03 18 97<br>
>>> gsm: 06 66 98 76 34<br>
>>> Service Client IPeva<br>
>>> tel: 0811 46 26 26<br>
>>> <a href="http://www.ipeva.fr" target="_blank">www.ipeva.fr</a> - <a href="http://www.ipeva-studio.com" target="_blank">www.ipeva-studio.com</a><br>
>>> Ce message et toutes les pièces jointes sont confidentiels et établis à<br>
>>> l'intention exclusive de ses destinataires. Toute utilisation ou diffusion<br>
>>> non autorisée est interdite. Tout message électronique est susceptible<br>
>>> d'altération. IPeva décline toute responsabilité au titre de ce message s'il<br>
>>> a été altéré, déformé ou falsifié. Si vous n'êtes pas destinataire de ce<br>
>>> message, merci de le détruire immédiatement et d'avertir l'expéditeur.<br>
>>><br>
>>><br>
>>><br>
>>> Le 27/06/2011 à 20:36, Kurtis Heimerl a écrit :<br>
>>><br>
>>> That would explain why removing them didn't do anything!<br>
>>><br>
>>> Thanks.<br>
>>><br>
>>> On Mon, Jun 27, 2011 at 6:25 AM, Steven Ayre <<a href="mailto:steveayre@gmail.com">steveayre@gmail.com</a>> wrote:<br>
>>><br>
>>> Just so you know...<br>
>>><br>
>>> <param name="accept-blind-reg" value="true"/><br>
>>><br>
>>> <param name="accept-blind-auth" value="true"/><br>
>>><br>
>>> These will have no effect in the user directory. They only apply to SIP<br>
>>><br>
>>> profiles.<br>
>>><br>
>>> -Steve<br>
>>><br>
>>><br>
>>><br>
>>> On 27 June 2011 02:23, Kurtis Heimerl <<a href="mailto:kheimerl@cs.berkeley.edu">kheimerl@cs.berkeley.edu</a>> wrote:<br>
>>><br>
>>> Hello FS Users!<br>
>>><br>
>>> I'm trying to create the following setup. When a user registers, if<br>
>>><br>
>>> they register on a known account (lets say X), they do not need a<br>
>>><br>
>>> password. X's registration is immediately OK'd, and everything is<br>
>>><br>
>>> great. I've gotten that working using the ACL. The IP address of our<br>
>>><br>
>>> SIP clients are added through cidr and the clients do not need to give<br>
>>><br>
>>> passwords.<br>
>>><br>
>>> However, for some reason, if another account that does not exist in<br>
>>><br>
>>> the directory (let's say Y) registers, FS returns with a 200 OK,<br>
>>><br>
>>> instead of rejecting Y. I'm trying to figure out why this is the case,<br>
>>><br>
>>> and how to remedy that fact.<br>
>>><br>
>>> I have the following line in my internal.xml file, which I had assumed<br>
>>><br>
>>> would force this function:<br>
>>><br>
>>> <!-- Force the user and auth-user to match. --><br>
>>><br>
>>> <param name="inbound-reg-force-matching-username" value="true"/><br>
>>><br>
>>> However, it does not work. In my directory, each individual account as<br>
>>><br>
>>> the following lines:<br>
>>><br>
>>> <user id="1303"><br>
>>><br>
>>> <params><br>
>>><br>
>>> <param name="accept-blind-reg" value="true"/><br>
>>><br>
>>> <param name="accept-blind-auth" value="true"/><br>
>>><br>
>>> <param name="vm-password" value="1000"/><br>
>>><br>
>>> </params><br>
>>><br>
>>> Though I've found that removing it (from all users in the directory)<br>
>>><br>
>>> doesn't help.<br>
>>><br>
>>> I'm primarily concerned with the line in internal.xml; it seems<br>
>>><br>
>>> possible that the fact that we do not have an auth-user (because we do<br>
>>><br>
>>> not require auth) means that this won't work. However, I have yet to<br>
>>><br>
>>> test that hypothesis. The ACL has been the most confusing aspect of<br>
>>><br>
>>> this installation, with a lot of undocumented aspects, and I get the<br>
>>><br>
>>> nagging feeling this is another. I could very well be wrong though.<br>
>>><br>
>>> Thanks for any direction.<br>
>>><br>
>>> _______________________________________________<br>
>>><br>
>>> Join us at ClueCon 2011, Aug 9-11, Chicago<br>
>>><br>
>>> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a> 877-7-4ACLUE<br>
>>><br>
>>> FreeSWITCH-users mailing list<br>
>>><br>
>>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
>>><br>
>>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>>><br>
>>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
>>><br>
>>> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
>>><br>
>>><br>
>>> _______________________________________________<br>
>>><br>
>>> Join us at ClueCon 2011, Aug 9-11, Chicago<br>
>>><br>
>>> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a> 877-7-4ACLUE<br>
>>><br>
>>> FreeSWITCH-users mailing list<br>
>>><br>
>>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
>>><br>
>>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>>><br>
>>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
>>><br>
>>> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
>>><br>
>>><br>
>>><br>
>>> _______________________________________________<br>
>>> Join us at ClueCon 2011, Aug 9-11, Chicago<br>
>>> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a> 877-7-4ACLUE<br>
>>><br>
>>> FreeSWITCH-users mailing list<br>
>>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
>>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
>>> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
>>><br>
>>><br>
>>> _______________________________________________<br>
>>> Join us at ClueCon 2011, Aug 9-11, Chicago<br>
>>> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a> 877-7-4ACLUE<br>
>>><br>
>>> FreeSWITCH-users mailing list<br>
>>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
>>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
>>> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
>>><br>
>>><br>
>><br>
><br>
<br>
_______________________________________________<br>
Join us at ClueCon 2011, Aug 9-11, Chicago<br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a> 877-7-4ACLUE<br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</div></div></blockquote></div><br><div style="visibility: hidden; left: -5000px; position: absolute; z-index: 9999; padding: 0px; margin-left: 0px; margin-top: 0px; overflow: hidden; word-wrap: break-word; color: black; font-size: 10px; text-align: left; line-height: 130%;" id="avg_ls_inline_popup">
</div>