<div dir="ltr"><div><div>That seems to have done the job.<br></div>Apparently my vars.xml was somehow missing the auth-calls variable, but setting it explicitly in the profile worked.<br><br></div>Thanks!<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Apr 7, 2017 at 7:15 PM, Peter Villeneuve <span dir="ltr">&lt;<a href="mailto:petervnv1@gmail.com" target="_blank">petervnv1@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Thanks for your help David!<br><br></div>I already have this set in my internal profile:<br><br> &lt;param name=&quot;auth-calls&quot; value=&quot;$${internal_auth_calls}<wbr>&quot;/&gt;<br>    &lt;!-- Force the user and auth-user to match. --&gt;<br>    &lt;param name=&quot;inbound-reg-force-<wbr>matching-username&quot; value=&quot;false&quot;/&gt;<br>    &lt;!-- on authed calls, authenticate *all* the packets not just invite --&gt;<br>    &lt;param name=&quot;auth-all-packets&quot; value=&quot;false&quot;/&gt;<br>    &lt;param name=&quot;accept-blind-reg&quot; value=&quot;false&quot;/&gt;<br><br></div>I guess I&#39;ll change the auth-calls value explicitly to true and restart freeswitch to see if it makes any difference.<br><br></div>Cheers,<br></div>Peter<br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Apr 7, 2017 at 7:09 PM, David Villasmil <span dir="ltr">&lt;<a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.<wbr>com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">There&#39;s a param called auth-calls or something like that, make sure it&#39;s in your profile.<br><div class="gmail_quote"><div><div class="m_4801381036881332105h5"><div dir="ltr">On Fri, Apr 7, 2017 at 7:38 PM Peter Villeneuve &lt;<a href="mailto:petervnv1@gmail.com" target="_blank">petervnv1@gmail.com</a>&gt; wrote:<br></div></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="m_4801381036881332105h5"><div dir="ltr" class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg"><div class="m_4801381036881332105m_8584112497123013118gmail_msg">Hi all,<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>I&#39;m confused by some strange behavior I&#39;m seeing on my vanilla FS installation.<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>If I have &lt;param name=&quot;apply-inbound-acl&quot; value=&quot;domains&quot;/&gt; set in my internal sip profile, even my registered user is unable to make any calls since he gets rejected by the 2017-04-07 17:13:10.085105 [WARNING] sofia.c:9983 IP xx.xx.xx.xx Rejected by acl &quot;domains&quot; message in the logs. Shouldn&#39;t FS fall back to regular digest authentication like it used to?<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>I know the user (let&#39;s call him 1000) is registered properly since running sofia status profile internal reg in the cli shows that he is indeed registered as expected.<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>I made sure in user 1000&#39;s directory entry that &lt;variable name=&quot;user_context&quot; value=&quot;default&quot;/&gt; is set.<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>If 1) I I apply &lt;param name=&quot;apply-inbound-acl&quot; value=&quot;domains&quot;/&gt; to the internal profile then calls from user 1000 get rejected by acl domains as explained above, with no fallback to digest authentication (don&#39;t know why it doesn&#39;t challenge the user)<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>if 2) I disable &lt;param name=&quot;apply-inbound-acl&quot; value=&quot;domains&quot;/&gt; then the call hits the public dialplan instead of the default one even though &lt;variable name=&quot;user_context&quot; value=&quot;default&quot;/&gt; is set in user 1000&#39;s directory xml entry.<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>I haven&#39;t used FS in awhile but I recall in the past not having this much trouble trying to get it working as expected. I suppose I could set the context in the internal profile to default but then all kinds of bad guys will be able to make calls on my dime (it&#39;s happened before). I want authenticated users only to make calls but this seems to be eluding me.<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>Is this a known bug (my debian installation was built from git 02c0860 2017-03-03 23:35:25Z 32bit) or am I doing something silly?<br class="m_4801381036881332105m_8584112497123013118gmail_msg"><br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>Thanks,<br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div>Peter<br class="m_4801381036881332105m_8584112497123013118gmail_msg"></div></div></div>
______________________________<wbr>______________________________<wbr>_____________<br class="m_4801381036881332105m_8584112497123013118gmail_msg">
Professional FreeSWITCH Consulting Services:<br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<a href="mailto:consulting@freeswitch.org" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">consulting@freeswitch.org</a><br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">http://www.freeswitchsolutions<wbr>.com</a><br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<br class="m_4801381036881332105m_8584112497123013118gmail_msg">
Official FreeSWITCH Sites<br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<a href="http://www.freeswitch.org" rel="noreferrer" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">http://www.freeswitch.org</a><br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<a href="http://confluence.freeswitch.org" rel="noreferrer" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">http://confluence.freeswitch.o<wbr>rg</a><br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<a href="http://www.cluecon.com" rel="noreferrer" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">http://www.cluecon.com</a><br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<br class="m_4801381036881332105m_8584112497123013118gmail_msg">
FreeSWITCH-users mailing list<br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a><br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a><br class="m_4801381036881332105m_8584112497123013118gmail_msg">
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/<wbr>freeswitch-users</a><br class="m_4801381036881332105m_8584112497123013118gmail_msg">
<a href="http://www.freeswitch.org" rel="noreferrer" class="m_4801381036881332105m_8584112497123013118gmail_msg" target="_blank">http://www.freeswitch.org</a></blockquote></div>
<br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions<wbr>.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.o<wbr>rg</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/<wbr>freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>