<div dir="ltr"><div><div>That seems to have done the job.<br></div>Apparently my vars.xml was somehow missing the auth-calls variable, but setting it explicitly in the profile worked.<br><br></div>Thanks!<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Apr 7, 2017 at 7:15 PM, Peter Villeneuve <span dir="ltr"><<a href="mailto:petervnv1@gmail.com" target="_blank">petervnv1@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Thanks for your help David!<br><br></div>I already have this set in my internal profile:<br><br> <param name="auth-calls" value="$${internal_auth_calls}<wbr>"/><br> <!-- Force the user and auth-user to match. --><br> <param name="inbound-reg-force-<wbr>matching-username" value="false"/><br> <!-- on authed calls, authenticate *all* the packets not just invite --><br> <param name="auth-all-packets" value="false"/><br> <param name="accept-blind-reg" value="false"/><br><br></div>I guess I'll change the auth-calls value explicitly to true and restart freeswitch to see if it makes any difference.<br><br></div>Cheers,<br></div>Peter<br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Apr 7, 2017 at 7:09 PM, David Villasmil <span dir="ltr"><<a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.<wbr>com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">There's a param called auth-calls or something like that, make sure it's in your profile.<br><div class="gmail_quote"><div><div class="m_4801381036881332105h5"><div dir="ltr">On Fri, Apr 7, 2017 at 7:38 PM Peter Villeneuve <<a href="mailto:petervnv1@gmail.com" target="_blank">petervnv1@gmail.com</a>> wrote:<br></div></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="m_4801381036881332105h5"><div dir="ltr" class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg">Hi all,<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>I'm confused by some strange behavior I'm seeing on my vanilla FS installation.<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>If I have <param name="apply-inbound-acl" value="domains"/> set in my internal sip profile, even my registered user is unable to make any calls since he gets rejected by the 2017-04-07 17:13:10.085105 [WARNING] sofia.c:9983 IP xx.xx.xx.xx Rejected by acl "domains" message in the logs. Shouldn't FS fall back to regular digest authentication like it used to?<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>I know the user (let's call him 1000) is registered properly since running sofia status profile internal reg in the cli shows that he is indeed registered as expected.<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>I made sure in user 1000's directory entry that <variable name="user_context" value="default"/> is set.<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>If 1) I I apply <param name="apply-inbound-acl" value="domains"/> to the internal profile then calls from user 1000 get rejected by acl domains as explained above, with no fallback to digest authentication (don't know why it doesn't challenge the user)<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>if 2) I disable <param name="apply-inbound-acl" value="domains"/> then the call hits the public dialplan instead of the default one even though <variable name="user_context" value="default"/> is set in user 1000's directory xml entry.<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>I haven't used FS in awhile but I recall in the past not having this much trouble trying to get it working as expected. I suppose I could set the context in the internal profile to default but then all kinds of bad guys will be able to make calls on my dime (it's happened before). I want authenticated users only to make calls but this seems to be eluding me.<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>Is this a known bug (my debian installation was built from git 02c0860 2017-03-03 23:35:25Z 32bit) or am I doing something silly?<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>Thanks,<br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>Peter<br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div></div></div>
______________________________<wbr>______________________________<wbr>_____________<br class="m_4801381036881332105m_8584112497123013118gmail_msg">
Professional FreeSWITCH Consulting Services:<br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<a href="mailto:consulting@freeswitch.org" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">consulting@freeswitch.org</a><br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">http://www.freeswitchsolutions<wbr>.com</a><br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<br class="m_4801381036881332105m_8584112497123013118gmail_msg">
Official FreeSWITCH Sites<br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<a href="http://www.freeswitch.org" rel="noreferrer" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">http://www.freeswitch.org</a><br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<a href="http://confluence.freeswitch.org" rel="noreferrer" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">http://confluence.freeswitch.o<wbr>rg</a><br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<a href="http://www.cluecon.com" rel="noreferrer" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">http://www.cluecon.com</a><br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<br class="m_4801381036881332105m_8584112497123013118gmail_msg">
FreeSWITCH-users mailing list<br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a><br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a><br class="m_4801381036881332105m_8584112497123013118gmail_msg">
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/<wbr>freeswitch-users</a><br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<a href="http://www.freeswitch.org" rel="noreferrer" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">http://www.freeswitch.org</a></blockquote></div>
<br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions<wbr>.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.o<wbr>rg</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/<wbr>freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>