<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Ok, done:
<a class="moz-txt-link-freetext" href="https://jira.freeswitch.org/browse/FS-6506">https://jira.freeswitch.org/browse/FS-6506</a><br>
<br>
Also, added comment to the WiKi until this is fixed:<br>
<a class="moz-txt-link-freetext" href="https://wiki.freeswitch.org/wiki/XML_User_Directory_Guide#Groups">https://wiki.freeswitch.org/wiki/XML_User_Directory_Guide#Groups</a><br>
<br>
On 14-05-06 12:32 PM, Steven Ayre wrote:<br>
</div>
<blockquote
cite="mid:CAFiqYukb0CjRY7MsqMkuF9LEQiBhGF2us6H6k7bkNw7rUXd16w@mail.gmail.com"
type="cite">
<div dir="ltr">I'd go with a Jira. Either it's an oversight, or
there's a reason for it that can be tracked in Jira and then the
wiki updated referencing the ticket.</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">
On 5 May 2014 21:38, Victor Chukalovskiy <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:victor.chukalovskiy@gmail.com"
target="_blank">victor.chukalovskiy@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Alright, thank you! Domains ACL works BUT requires
"users" to be in "groups". If "users" are directly in
the "domain" section, ACL remains empty.<br>
<br>
This is contradictory to the WiKi saying that: "Using
groups is optional -- you can put your users straight
into the domain section if you desire". Should I file
Jira or should I edit WiKi instead? :)<br>
<br>
With regards to directory, I intend to keep it
minimalistic:<br>
<br>
<user id="foo" cidr="<a moz-do-not-send="true"
href="http://1.2.3.4/32" target="_blank">1.2.3.4/32</a>"><br>
<variables><br>
<variable name="accountcode"
value="customer_1"/><br>
</variables><br>
</user><br>
<br>
Will someone from a different CIDR be able to place
calls as user "foo" bypassing any authentication? Note
that I don't set any password in params.<br>
If so, how to secure this on the SIP profile level and
keep user entries as concise as possible?<br>
<br>
Thanks again!<span class="HOEnZb"><font color="#888888"><br>
-Victor</font></span>
<div>
<div class="h5"><br>
<br>
On 14-05-05 12:24 PM, Steven Ayre wrote:<br>
</div>
</div>
</div>
<div>
<div class="h5">
<blockquote type="cite">
<div dir="ltr">You need this:
<div> <param name="apply-inbound-acl"
value="domains"/><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On 5 May 2014 17:13,
Victor Chukalovskiy <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:victor.chukalovskiy@gmail.com"
target="_blank">victor.chukalovskiy@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">Hello,<br>
<br>
Coming from wholesale background, my FS's run
without any registrations.<br>
So far everything was ACL-based using
"apply-inbound-acl" and I did not<br>
use any directory entries.<br>
<br>
The only problem with this is that once I have
all IPs together in one<br>
big ALC, I can't identify which customer the
call came from. E.g. need<br>
to set my_channel_variable=customer1 if a call
came from particular IPs<br>
and my_channel_variable=customer2 if a call
came from other IPs.<br>
<br>
So I'm trying to move ACL logic into directory
by means of defining a<br>
user with cidr attribute. So far, no matter
what I do FS challenges<br>
INVITE with "407" even-though the INVITE comes
from the IP that is<br>
included in CIDR attribute for a user. I
suppose for whatever reason<br>
switch does not match INVITEs against CIDR's
in the directory. Please<br>
help me with that. WiKi is written from a
somewhat different logic /<br>
perspective, so it's hard to apply.<br>
<br>
My SIP profile is:<br>
<br>
<profile name="test"><br>
<gateways><br>
</gateways><br>
<domains><br>
</domains><br>
<settings><br>
<param name="parse-invite-tel-params"
value="true"/><br>
<param name="user-agent-string"
value="test"/><br>
<param name="debug" value="0"/><br>
<param name="sip-trace"
value="no"/><br>
<param name="log-auth-failures"
value="true"/><br>
<param name="rfc2833-pt"
value="101"/><br>
<param name="sip-port"
value="5060"/><br>
<param name="dialplan"
value="XML"/><br>
<param name="context"
value="test"/><br>
<param name="country"
value="e164"/><br>
<param name="dtmf-duration"
value="2000"/><br>
<param name="inbound-codec-prefs"
value="$${default_codec_prefs}"/><br>
<param name="outbound-codec-prefs"
value="$${default_codec_prefs}"/><br>
<param name="caller-id-type"
value="none"/><br>
<param name="rtp-timer-name"
value="soft"/><br>
<param name="rtp-ip"
value="192.168.1.2"/><br>
<param name="sip-ip"
value="192.168.1.2"/><br>
<param name="manage-presence"
value="false"/><br>
<param name="manage-shared-appearance"
value="false"/><br>
<param
name="inbound-codec-negotiation"
value="greedy"/><br>
<param name="disable-transcoding"
value="true"/><br>
<param name="manual-redirect"
value="false"/><br>
<param name="disable-transfer"
value="true"/><br>
<param name="disable-register"
value="false"/><br>
<param name="auth-calls"
value="true"/><br>
<param name="rtp-timeout-sec"
value="300"/><br>
<param name="rtp-hold-timeout-sec"
value="1800"/><br>
<param name="pass-callee-id"
value="false"/><br>
</settings><br>
</profile><br>
<br>
<br>
Thanks!<br>
-Victor<br>
<br>
<br>
<br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a moz-do-not-send="true"
href="mailto:consulting@freeswitch.org"
target="_blank">consulting@freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitchsolutions.com"
target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel
Communication Server<br>
<a moz-do-not-send="true"
href="http://www.cudatel.com"
target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org"
target="_blank">http://www.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://wiki.freeswitch.org"
target="_blank">http://wiki.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.cluecon.com"
target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:FreeSWITCH-users@lists.freeswitch.org"
target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org"
target="_blank">http://www.freeswitch.org</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a moz-do-not-send="true" href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a moz-do-not-send="true" href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a moz-do-not-send="true" href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a moz-do-not-send="true" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a moz-do-not-send="true" href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a>
<a moz-do-not-send="true" href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a moz-do-not-send="true" href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>
<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a moz-do-not-send="true" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a moz-do-not-send="true"
href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a moz-do-not-send="true" href="http://www.cudatel.com"
target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a moz-do-not-send="true" href="http://www.freeswitch.org"
target="_blank">http://www.freeswitch.org</a><br>
<a moz-do-not-send="true" href="http://wiki.freeswitch.org"
target="_blank">http://wiki.freeswitch.org</a><br>
<a moz-do-not-send="true" href="http://www.cluecon.com"
target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a moz-do-not-send="true" href="http://www.freeswitch.org"
target="_blank">http://www.freeswitch.org</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a class="moz-txt-link-freetext" href="http://www.cudatel.com">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
</pre>
</blockquote>
<br>
</body>
</html>