<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Alright, thank you! Domains ACL works
BUT requires "users" to be in "groups". If "users" are directly in
the "domain" section, ACL remains empty.<br>
<br>
This is contradictory to the WiKi saying that: "Using groups is
optional -- you can put your users straight into the domain
section if you desire". Should I file Jira or should I edit WiKi
instead? :)<br>
<br>
With regards to directory, I intend to keep it minimalistic:<br>
<br>
<user id="foo" cidr="1.2.3.4/32"><br>
<variables><br>
<variable name="accountcode" value="customer_1"/><br>
</variables><br>
</user><br>
<br>
Will someone from a different CIDR be able to place calls as user
"foo" bypassing any authentication? Note that I don't set any
password in params.<br>
If so, how to secure this on the SIP profile level and keep user
entries as concise as possible?<br>
<br>
Thanks again!<br>
-Victor<br>
<br>
On 14-05-05 12:24 PM, Steven Ayre wrote:<br>
</div>
<blockquote
cite="mid:CAFiqYunitftd=hOuCkdHqTO5xqqzE+-XJqHad=AYh69s5i_hoA@mail.gmail.com"
type="cite">
<div dir="ltr">You need this:
<div> <param name="apply-inbound-acl" value="domains"/><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On 5 May 2014 17:13, Victor
Chukalovskiy <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:victor.chukalovskiy@gmail.com"
target="_blank">victor.chukalovskiy@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
Coming from wholesale background, my FS's run without any
registrations.<br>
So far everything was ACL-based using "apply-inbound-acl"
and I did not<br>
use any directory entries.<br>
<br>
The only problem with this is that once I have all IPs
together in one<br>
big ALC, I can't identify which customer the call came from.
E.g. need<br>
to set my_channel_variable=customer1 if a call came from
particular IPs<br>
and my_channel_variable=customer2 if a call came from other
IPs.<br>
<br>
So I'm trying to move ACL logic into directory by means of
defining a<br>
user with cidr attribute. So far, no matter what I do FS
challenges<br>
INVITE with "407" even-though the INVITE comes from the IP
that is<br>
included in CIDR attribute for a user. I suppose for
whatever reason<br>
switch does not match INVITEs against CIDR's in the
directory. Please<br>
help me with that. WiKi is written from a somewhat different
logic /<br>
perspective, so it's hard to apply.<br>
<br>
My SIP profile is:<br>
<br>
<profile name="test"><br>
<gateways><br>
</gateways><br>
<domains><br>
</domains><br>
<settings><br>
<param name="parse-invite-tel-params"
value="true"/><br>
<param name="user-agent-string" value="test"/><br>
<param name="debug" value="0"/><br>
<param name="sip-trace" value="no"/><br>
<param name="log-auth-failures" value="true"/><br>
<param name="rfc2833-pt" value="101"/><br>
<param name="sip-port" value="5060"/><br>
<param name="dialplan" value="XML"/><br>
<param name="context" value="test"/><br>
<param name="country" value="e164"/><br>
<param name="dtmf-duration" value="2000"/><br>
<param name="inbound-codec-prefs"
value="$${default_codec_prefs}"/><br>
<param name="outbound-codec-prefs"
value="$${default_codec_prefs}"/><br>
<param name="caller-id-type" value="none"/><br>
<param name="rtp-timer-name" value="soft"/><br>
<param name="rtp-ip" value="192.168.1.2"/><br>
<param name="sip-ip" value="192.168.1.2"/><br>
<param name="manage-presence" value="false"/><br>
<param name="manage-shared-appearance"
value="false"/><br>
<param name="inbound-codec-negotiation"
value="greedy"/><br>
<param name="disable-transcoding" value="true"/><br>
<param name="manual-redirect" value="false"/><br>
<param name="disable-transfer" value="true"/><br>
<param name="disable-register" value="false"/><br>
<param name="auth-calls" value="true"/><br>
<param name="rtp-timeout-sec" value="300"/><br>
<param name="rtp-hold-timeout-sec" value="1800"/><br>
<param name="pass-callee-id" value="false"/><br>
</settings><br>
</profile><br>
<br>
<br>
Thanks!<br>
-Victor<br>
<br>
<br>
<br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a moz-do-not-send="true"
href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a moz-do-not-send="true" href="http://www.cudatel.com"
target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a moz-do-not-send="true" href="http://www.freeswitch.org"
target="_blank">http://www.freeswitch.org</a><br>
<a moz-do-not-send="true" href="http://wiki.freeswitch.org"
target="_blank">http://wiki.freeswitch.org</a><br>
<a moz-do-not-send="true" href="http://www.cluecon.com"
target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a moz-do-not-send="true" href="http://www.freeswitch.org"
target="_blank">http://www.freeswitch.org</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a class="moz-txt-link-freetext" href="http://www.cudatel.com">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
</pre>
</blockquote>
<br>
</body>
</html>