<p dir="ltr"><br>
On Aug 21, 2012 4:38 PM, "Daniel-Constantin Mierla" <<a href="mailto:miconda@gmail.com">miconda@gmail.com</a>> wrote:<br>
><br>
> Hello,<br>
><br>
> the version is:<br>
><br>
> FreeSWITCH version: 1.2.1+git~20120816T172128Z~6dc9596bec (1.2.1; git at commit 6dc9596bec on Thu, 16 Aug 2012 17:21:28 Z)<br>
><br>
> Did few calls and got one more strange situation. So I commented the line:<br>
><br>
><br>
> <param name="accept-blind-auth" value="true"/><br>
><br>
> and let:<br>
><br>
> <param name="auth-calls" value="true"/><br>
><br>
> Surprising, the calls are not authenticated.<br>
><br>
> But if I set:<br>
><br>
><br>
> <param name="auth-calls" value="false"/><br>
><br>
> I get 407 reply.<br>
><br>
> To summarize, I got:<br>
> 1) auth-calls=false and accept-blind-auth=true => no 407 reply<br>
> 2) auth-calls=false and accept-blind-auth commented => 407 reply<br>
> 3) auth-calls=true and accept-blind-auth commented => no 407 reply<br>
><br>
> Looks like 3) is opposite than expected. Maybe it's too late in the night here, missing something obvious, I will try again tomorrow morning and I will fire a bug if it is really the case.</p>
<p dir="ltr">What came of this? <br><br></p>
<p dir="ltr">><br>
> Cheers,<br>
> Daniel<br>
><br>
><br>
><br>
> On 8/21/12 11:43 PM, Michael Collins wrote:<br>
>><br>
>> FWIW, I could not reproduce this behavior on v1.2.stable branch. When I set auth-calls=false in the SIP profile and make an inbound call it just relies on the ACL and that's it. <br>
>><br>
>> Miconda, what version of FS did you say you were running?<br>
>><br>
>> -MC<br>
>><br>
>> On Tue, Aug 21, 2012 at 1:50 PM, Daniel-Constantin Mierla <<a href="mailto:miconda@gmail.com">miconda@gmail.com</a>> wrote:<br>
>>><br>
>>> Hi Mike,<br>
>>><br>
>>> On 8/21/12 10:27 PM, Michael Jerris wrote:<br>
>>> > auth-calls false means we won't challenge invite, accept-blind-auth means if auth headers are there, we ignore them.<br>
>>><br>
>>> it is what I expected from auth-calls (and worked like this in the<br>
>>> past), but now even if set to false, the calls are challenged with 407<br>
>>> reply for authentication. Only when I set accept-blind-auth to false<br>
>>> there is no 407.<br>
>>><br>
>>> Overall, it gets me what I need, access being granted on IP acl, but I<br>
>>> wanted to double check if such change in behaviour of auth-calls was<br>
>>> done on purpose. I will review my changes comparing with the default<br>
>>> configs to see if I modified other params that could result in this<br>
>>> situation, although I think there is no other related parameter.<br>
>>><br>
>>> Cheers,<br>
>>> Daniel<br>
>>><br>
>>> ><br>
>>> > Mike<br>
>>> ><br>
>>> > On Aug 21, 2012, at 1:57 PM, Daniel-Constantin Mierla <<a href="mailto:miconda@gmail.com">miconda@gmail.com</a>> wrote:<br>
>>> ><br>
>>> >> Hello,<br>
>>> >><br>
>>> >> in the past I used to set:<br>
>>> >><br>
>>> >> <param name="auth-calls" value="false"/><br>
>>> >><br>
>>> >> in the sip profile in order to skip user authentication for calls.<br>
>>> >><br>
>>> >> Lately I started to play a bit with 1.2 stable branch and seems that<br>
>>> >> setting auth-calls to false is no longer doing what I expected, calls<br>
>>> >> being challenged for user authentication.<br>
>>> >><br>
>>> >> Setting instead the accept-blind-auth to false got me what I wanted, like:<br>
>>> >><br>
>>> >> <!-- accept any authentication without actually checking (not a<br>
>>> >> good feature for most people) --><br>
>>> >> <param name="accept-blind-auth" value="true"/><br>
>>> >><br>
>>> >> But from the comment (checked the wiki as well, but has the same text)<br>
>>> >> is a bit unclear what is the real purpose for it.<br>
>>> >><br>
>>> >> Isn't auth-calls=false supposed to accept calls without user<br>
>>> >> authentication anymore?<br>
>>> >><br>
>>> >> For this particular case, I play some announcements, like 'user not<br>
>>> >> available', and should work also for calls coming from outside. The<br>
>>> >> access is restricted by IP address ACL, allowing SIP traffic only from<br>
>>> >> my Kamailio instance.<br>
>>> ><br>
>>> > _________________________________________________________________________<br>
>>> > Professional FreeSWITCH Consulting Services:<br>
>>> > <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
>>> > <a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><br>
>>> ><br>
>>> > FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
>>> > <a href="http://www.cudatel.com">http://www.cudatel.com</a><br>
>>> ><br>
>>> > Official FreeSWITCH Sites<br>
>>> > <a href="http://www.freeswitch.org">http://www.freeswitch.org</a><br>
>>> > <a href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a><br>
>>> > <a href="http://www.cluecon.com">http://www.cluecon.com</a><br>
>>> ><br>
>>> > FreeSWITCH-users mailing list<br>
>>> > <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
>>> > <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>>> > UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
>>> > <a href="http://www.freeswitch.org">http://www.freeswitch.org</a><br>
>>><br>
>>> --<br>
>>> Daniel-Constantin Mierla - <a href="http://www.asipto.com">http://www.asipto.com</a><br>
>>> <a href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a><br>
>>> Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - <a href="http://asipto.com/u/kat">http://asipto.com/u/kat</a><br>
>>><br>
>>><br>
>>> _________________________________________________________________________<br>
>>> Professional FreeSWITCH Consulting Services:<br>
>>> <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
>>> <a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><br>
>>><br>
>>> FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
>>> <a href="http://www.cudatel.com">http://www.cudatel.com</a><br>
>>><br>
>>> Official FreeSWITCH Sites<br>
>>> <a href="http://www.freeswitch.org">http://www.freeswitch.org</a><br>
>>> <a href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a><br>
>>> <a href="http://www.cluecon.com">http://www.cluecon.com</a><br>
>>><br>
>>> FreeSWITCH-users mailing list<br>
>>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
>>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-">http://lists.freeswitch.org/mailman/options/freeswitch-</a><br>
>><br>
>><br>
>><br>
>><br>
>> _________________________________________________________________________<br>
>> Professional FreeSWITCH Consulting Services:<br>
>> <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
>> <a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><br>
>><br>
>> FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
>> <a href="http://www.cudatel.com">http://www.cudatel.com</a><br>
>><br>
>> Official FreeSWITCH Sites<br>
>> <a href="http://www.freeswitch.org">http://www.freeswitch.org</a><br>
>> <a href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a><br>
>> <a href="http://www.cluecon.com">http://www.cluecon.com</a><br>
>></p>