[Freeswitch-users] user context being ignored

Fri Apr 7 22:15:43 MSD 2017

Thanks for your help David!

I already have this set in my internal profile:

 <param name="auth-calls" value="$${internal_auth_calls}"/>
    <!-- Force the user and auth-user to match. -->
    <param name="inbound-reg-force-matching-username" value="false"/>
    <!-- on authed calls, authenticate *all* the packets not just invite -->
    <param name="auth-all-packets" value="false"/>
    <param name="accept-blind-reg" value="false"/>

I guess I'll change the auth-calls value explicitly to true and restart
freeswitch to see if it makes any difference.

Cheers,
Peter

On Fri, Apr 7, 2017 at 7:09 PM, David Villasmil <
david.villasmil.work at gmail.com> wrote:

> There's a param called auth-calls or something like that, make sure it's
> in your profile.
> On Fri, Apr 7, 2017 at 7:38 PM Peter Villeneuve <petervnv1 at gmail.com>
> wrote:
>
>> Hi all,
>>
>> I'm confused by some strange behavior I'm seeing on my vanilla FS
>> installation.
>>
>> If I have <param name="apply-inbound-acl" value="domains"/> set in my
>> internal sip profile, even my registered user is unable to make any calls
>> since he gets rejected by the 2017-04-07 17:13:10.085105 [WARNING]
>> sofia.c:9983 IP xx.xx.xx.xx Rejected by acl "domains" message in the logs.
>> Shouldn't FS fall back to regular digest authentication like it used to?
>>
>> I know the user (let's call him 1000) is registered properly since
>> running sofia status profile internal reg in the cli shows that he is
>> indeed registered as expected.
>>
>> I made sure in user 1000's directory entry that <variable
>> name="user_context" value="default"/> is set.
>>
>> If 1) I I apply <param name="apply-inbound-acl" value="domains"/> to the
>> internal profile then calls from user 1000 get rejected by acl domains as
>> explained above, with no fallback to digest authentication (don't know why
>> it doesn't challenge the user)
>>
>> if 2) I disable <param name="apply-inbound-acl" value="domains"/> then
>> the call hits the public dialplan instead of the default one even though
>> <variable name="user_context" value="default"/> is set in user 1000's
>> directory xml entry.
>>
>> I haven't used FS in awhile but I recall in the past not having this much
>> trouble trying to get it working as expected. I suppose I could set the
>> context in the internal profile to default but then all kinds of bad guys
>> will be able to make calls on my dime (it's happened before). I want
>> authenticated users only to make calls but this seems to be eluding me.
>>
>> Is this a known bug (my debian installation was built from git 02c0860
>> 2017-03-03 23:35:25Z 32bit) or am I doing something silly?
>>
>> Thanks,
>> Peter
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170407/94247db5/attachment-0001.html 