<div dir="ltr">Patch added to make it work either way but previously you don't need:<div><br></div><div><domain></div><div> <users></div><div> <user>...</user></div><div><div> <user>...</user></div>
</div><div> </users></div><div></domain></div><div><br></div><div>Just:</div><div><br></div><div><div><domain></div><div> <user>...</user></div><div> <user>...</user></div><div>
</domain><br></div></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, May 6, 2014 at 1:47 PM, Victor Chukalovskiy <span dir="ltr"><<a href="mailto:victor.chukalovskiy@gmail.com" target="_blank">victor.chukalovskiy@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Ok, done:
<a href="https://jira.freeswitch.org/browse/FS-6506" target="_blank">https://jira.freeswitch.org/browse/FS-6506</a><br>
<br>
Also, added comment to the WiKi until this is fixed:<br>
<a href="https://wiki.freeswitch.org/wiki/XML_User_Directory_Guide#Groups" target="_blank">https://wiki.freeswitch.org/wiki/XML_User_Directory_Guide#Groups</a><div><div class="h5"><br>
<br>
On 14-05-06 12:32 PM, Steven Ayre wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">I'd go with a Jira. Either it's an oversight, or
there's a reason for it that can be tracked in Jira and then the
wiki updated referencing the ticket.</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">
On 5 May 2014 21:38, Victor Chukalovskiy <span dir="ltr"><<a href="mailto:victor.chukalovskiy@gmail.com" target="_blank">victor.chukalovskiy@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Alright, thank you! Domains ACL works BUT requires
"users" to be in "groups". If "users" are directly in
the "domain" section, ACL remains empty.<br>
<br>
This is contradictory to the WiKi saying that: "Using
groups is optional -- you can put your users straight
into the domain section if you desire". Should I file
Jira or should I edit WiKi instead? :)<br>
<br>
With regards to directory, I intend to keep it
minimalistic:<br>
<br>
<user id="foo" cidr="<a href="http://1.2.3.4/32" target="_blank">1.2.3.4/32</a>"><br>
<variables><br>
<variable name="accountcode"
value="customer_1"/><br>
</variables><br>
</user><br>
<br>
Will someone from a different CIDR be able to place
calls as user "foo" bypassing any authentication? Note
that I don't set any password in params.<br>
If so, how to secure this on the SIP profile level and
keep user entries as concise as possible?<br>
<br>
Thanks again!<span><font color="#888888"><br>
-Victor</font></span>
<div>
<div><br>
<br>
On 14-05-05 12:24 PM, Steven Ayre wrote:<br>
</div>
</div>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">You need this:
<div> <param name="apply-inbound-acl"
value="domains"/><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On 5 May 2014 17:13,
Victor Chukalovskiy <span dir="ltr"><<a href="mailto:victor.chukalovskiy@gmail.com" target="_blank">victor.chukalovskiy@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
Coming from wholesale background, my FS's run
without any registrations.<br>
So far everything was ACL-based using
"apply-inbound-acl" and I did not<br>
use any directory entries.<br>
<br>
The only problem with this is that once I have
all IPs together in one<br>
big ALC, I can't identify which customer the
call came from. E.g. need<br>
to set my_channel_variable=customer1 if a call
came from particular IPs<br>
and my_channel_variable=customer2 if a call
came from other IPs.<br>
<br>
So I'm trying to move ACL logic into directory
by means of defining a<br>
user with cidr attribute. So far, no matter
what I do FS challenges<br>
INVITE with "407" even-though the INVITE comes
from the IP that is<br>
included in CIDR attribute for a user. I
suppose for whatever reason<br>
switch does not match INVITEs against CIDR's
in the directory. Please<br>
help me with that. WiKi is written from a
somewhat different logic /<br>
perspective, so it's hard to apply.<br>
<br>
My SIP profile is:<br>
<br>
<profile name="test"><br>
<gateways><br>
</gateways><br>
<domains><br>
</domains><br>
<settings><br>
<param name="parse-invite-tel-params"
value="true"/><br>
<param name="user-agent-string"
value="test"/><br>
<param name="debug" value="0"/><br>
<param name="sip-trace"
value="no"/><br>
<param name="log-auth-failures"
value="true"/><br>
<param name="rfc2833-pt"
value="101"/><br>
<param name="sip-port"
value="5060"/><br>
<param name="dialplan"
value="XML"/><br>
<param name="context"
value="test"/><br>
<param name="country"
value="e164"/><br>
<param name="dtmf-duration"
value="2000"/><br>
<param name="inbound-codec-prefs"
value="$${default_codec_prefs}"/><br>
<param name="outbound-codec-prefs"
value="$${default_codec_prefs}"/><br>
<param name="caller-id-type"
value="none"/><br>
<param name="rtp-timer-name"
value="soft"/><br>
<param name="rtp-ip"
value="192.168.1.2"/><br>
<param name="sip-ip"
value="192.168.1.2"/><br>
<param name="manage-presence"
value="false"/><br>
<param name="manage-shared-appearance"
value="false"/><br>
<param
name="inbound-codec-negotiation"
value="greedy"/><br>
<param name="disable-transcoding"
value="true"/><br>
<param name="manual-redirect"
value="false"/><br>
<param name="disable-transfer"
value="true"/><br>
<param name="disable-register"
value="false"/><br>
<param name="auth-calls"
value="true"/><br>
<param name="rtp-timeout-sec"
value="300"/><br>
<param name="rtp-hold-timeout-sec"
value="1800"/><br>
<param name="pass-callee-id"
value="false"/><br>
</settings><br>
</profile><br>
<br>
<br>
Thanks!<br>
-Victor<br>
<br>
<br>
<br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel
Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Anthony Minessale II ♬ @anthmfs ♬ @FreeSWITCH ♬<div><br><div>☞ <a href="http://freeswitch.org/" target="_blank">http://freeswitch.org/</a> ☞ <a href="http://cluecon.com/" target="_blank">http://cluecon.com/</a> ☞ <a href="http://twitter.com/FreeSWITCH" target="_blank">http://twitter.com/FreeSWITCH</a></div>
<div><div>☞ <a href="http://irc.freenode.net" target="_blank">irc.freenode.net</a> #freeswitch ☞ <u><a href="http://freeswitch.org/g+" target="_blank">http://freeswitch.org/g+</a></u><br><br></div><div>ClueCon Weekly Development Call <br>
</div><div>☎ <a href="mailto:sip%3A888@conference.freeswitch.org" target="_blank">sip:888@conference.freeswitch.org</a> ☎ +19193869900 </div><div><br></div></div></div></div>
</div>