<div dir="ltr">However since you're actually asking about CIDR, that parameter is ignored for those users. The authentication by ACL occurs before checking the password given (if any), if the users match the CIDR then they'll never reach the allow-empty-passwords check.</div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On 6 May 2014 20:31, Victor Chukalovskiy <span dir="ltr"><<a href="mailto:victor.chukalovskiy@gmail.com" target="_blank">victor.chukalovskiy@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Great, thank you Antony. I confirm it
works either way now....it was a super quick one.<br>
<br>
On a similar topic, do I have to set this in the domain params?<br>
<param name="allow-empty-password" value="false"/><br>
<br>
This is to keep things failproof, given I only set CIDR and no
password for my users.<div><div class="h5"><br>
<br>
<br>
On 14-05-06 03:07 PM, Anthony Minessale wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">Patch added to make it work either way but
previously you don't need:
<div><br>
</div>
<div><domain></div>
<div> <users></div>
<div> <user>...</user></div>
<div>
<div> <user>...</user></div>
</div>
<div> </users></div>
<div></domain></div>
<div><br>
</div>
<div>Just:</div>
<div><br>
</div>
<div>
<div><domain></div>
<div> <user>...</user></div>
<div> <user>...</user></div>
<div>
</domain><br>
</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, May 6, 2014 at 1:47 PM, Victor
Chukalovskiy <span dir="ltr"><<a href="mailto:victor.chukalovskiy@gmail.com" target="_blank">victor.chukalovskiy@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Ok, done: <a href="https://jira.freeswitch.org/browse/FS-6506" target="_blank">https://jira.freeswitch.org/browse/FS-6506</a><br>
<br>
Also, added comment to the WiKi until this is fixed:<br>
<a href="https://wiki.freeswitch.org/wiki/XML_User_Directory_Guide#Groups" target="_blank">https://wiki.freeswitch.org/wiki/XML_User_Directory_Guide#Groups</a>
<div>
<div><br>
<br>
On 14-05-06 12:32 PM, Steven Ayre wrote:<br>
</div>
</div>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">I'd go with a Jira. Either it's an
oversight, or there's a reason for it that can be
tracked in Jira and then the wiki updated
referencing the ticket.</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote"> On 5 May 2014 21:38,
Victor Chukalovskiy <span dir="ltr"><<a href="mailto:victor.chukalovskiy@gmail.com" target="_blank">victor.chukalovskiy@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Alright, thank you! Domains ACL works
BUT requires "users" to be in "groups". If
"users" are directly in the "domain"
section, ACL remains empty.<br>
<br>
This is contradictory to the WiKi saying
that: "Using groups is optional -- you can
put your users straight into the domain
section if you desire". Should I file Jira
or should I edit WiKi instead? :)<br>
<br>
With regards to directory, I intend to
keep it minimalistic:<br>
<br>
<user id="foo" cidr="<a href="http://1.2.3.4/32" target="_blank">1.2.3.4/32</a>"><br>
<variables><br>
<variable name="accountcode"
value="customer_1"/><br>
</variables><br>
</user><br>
<br>
Will someone from a different CIDR be able
to place calls as user "foo" bypassing any
authentication? Note that I don't set any
password in params.<br>
If so, how to secure this on the SIP
profile level and keep user entries as
concise as possible?<br>
<br>
Thanks again!<span><font color="#888888"><br>
-Victor</font></span>
<div>
<div><br>
<br>
On 14-05-05 12:24 PM, Steven Ayre
wrote:<br>
</div>
</div>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">You need this:
<div> <param
name="apply-inbound-acl"
value="domains"/><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On 5 May
2014 17:13, Victor Chukalovskiy <span dir="ltr"><<a href="mailto:victor.chukalovskiy@gmail.com" target="_blank">victor.chukalovskiy@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
Coming from wholesale
background, my FS's run without
any registrations.<br>
So far everything was ACL-based
using "apply-inbound-acl" and I
did not<br>
use any directory entries.<br>
<br>
The only problem with this is
that once I have all IPs
together in one<br>
big ALC, I can't identify which
customer the call came from.
E.g. need<br>
to set
my_channel_variable=customer1 if
a call came from particular IPs<br>
and
my_channel_variable=customer2 if
a call came from other IPs.<br>
<br>
So I'm trying to move ACL logic
into directory by means of
defining a<br>
user with cidr attribute. So
far, no matter what I do FS
challenges<br>
INVITE with "407" even-though
the INVITE comes from the IP
that is<br>
included in CIDR attribute for a
user. I suppose for whatever
reason<br>
switch does not match INVITEs
against CIDR's in the directory.
Please<br>
help me with that. WiKi is
written from a somewhat
different logic /<br>
perspective, so it's hard to
apply.<br>
<br>
My SIP profile is:<br>
<br>
<profile name="test"><br>
<gateways><br>
</gateways><br>
<domains><br>
</domains><br>
<settings><br>
<param
name="parse-invite-tel-params"
value="true"/><br>
<param
name="user-agent-string"
value="test"/><br>
<param name="debug"
value="0"/><br>
<param name="sip-trace"
value="no"/><br>
<param
name="log-auth-failures"
value="true"/><br>
<param name="rfc2833-pt"
value="101"/><br>
<param name="sip-port"
value="5060"/><br>
<param name="dialplan"
value="XML"/><br>
<param name="context"
value="test"/><br>
<param name="country"
value="e164"/><br>
<param
name="dtmf-duration"
value="2000"/><br>
<param
name="inbound-codec-prefs"
value="$${default_codec_prefs}"/><br>
<param
name="outbound-codec-prefs"
value="$${default_codec_prefs}"/><br>
<param
name="caller-id-type"
value="none"/><br>
<param
name="rtp-timer-name"
value="soft"/><br>
<param name="rtp-ip"
value="192.168.1.2"/><br>
<param name="sip-ip"
value="192.168.1.2"/><br>
<param
name="manage-presence"
value="false"/><br>
<param
name="manage-shared-appearance"
value="false"/><br>
<param
name="inbound-codec-negotiation"
value="greedy"/><br>
<param
name="disable-transcoding"
value="true"/><br>
<param
name="manual-redirect"
value="false"/><br>
<param
name="disable-transfer"
value="true"/><br>
<param
name="disable-register"
value="false"/><br>
<param name="auth-calls"
value="true"/><br>
<param
name="rtp-timeout-sec"
value="300"/><br>
<param
name="rtp-hold-timeout-sec"
value="1800"/><br>
<param
name="pass-callee-id"
value="false"/><br>
</settings><br>
</profile><br>
<br>
<br>
Thanks!<br>
-Victor<br>
<br>
<br>
<br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH
Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The
CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel
Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">Anthony Minessale II ♬ @anthmfs ♬
@FreeSWITCH ♬
<div><br>
<div>☞ <a href="http://freeswitch.org/" target="_blank">http://freeswitch.org/</a>
☞ <a href="http://cluecon.com/" target="_blank">http://cluecon.com/</a> ☞ <a href="http://twitter.com/FreeSWITCH" target="_blank">http://twitter.com/FreeSWITCH</a></div>
<div>
<div>☞ <a href="http://irc.freenode.net" target="_blank">irc.freenode.net</a>
#freeswitch ☞ <u><a href="http://freeswitch.org/g+" target="_blank">http://freeswitch.org/g+</a></u><br>
<br>
</div>
<div>ClueCon Weekly Development Call <br>
</div>
<div>☎ <a href="mailto:sip%3A888@conference.freeswitch.org" target="_blank">sip:888@conference.freeswitch.org</a>
☎ <a href="tel:%2B19193869900" value="+19193869900" target="_blank">+19193869900</a> </div>
<div><br>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>