[Freeswitch-users] user context being ignored

David Villasmil david.villasmil.work at gmail.com
Mon Apr 10 18:30:04 MSD 2017 

glad to help :)
ᐧ

Regards,

David Villasmil
email: david.villasmil.work at gmail.com
phone: +34669448337

On Fri, Apr 7, 2017 at 8:29 PM, Peter Villeneuve <petervnv1 at gmail.com>
wrote:

> That seems to have done the job.
> Apparently my vars.xml was somehow missing the auth-calls variable, but
> setting it explicitly in the profile worked.
>
> Thanks!
>
> On Fri, Apr 7, 2017 at 7:15 PM, Peter Villeneuve <petervnv1 at gmail.com>
> wrote:
>
>> Thanks for your help David!
>>
>> I already have this set in my internal profile:
>>
>>  <param name="auth-calls" value="$${internal_auth_calls}"/>
>>     <!-- Force the user and auth-user to match. -->
>>     <param name="inbound-reg-force-matching-username" value="false"/>
>>     <!-- on authed calls, authenticate *all* the packets not just invite
>> -->
>>     <param name="auth-all-packets" value="false"/>
>>     <param name="accept-blind-reg" value="false"/>
>>
>> I guess I'll change the auth-calls value explicitly to true and restart
>> freeswitch to see if it makes any difference.
>>
>> Cheers,
>> Peter
>>
>> On Fri, Apr 7, 2017 at 7:09 PM, David Villasmil <
>> david.villasmil.work at gmail.com> wrote:
>>
>>> There's a param called auth-calls or something like that, make sure it's
>>> in your profile.
>>> On Fri, Apr 7, 2017 at 7:38 PM Peter Villeneuve <petervnv1 at gmail.com>
>>> wrote:
>>>
>>>> Hi all,
>>>>
>>>> I'm confused by some strange behavior I'm seeing on my vanilla FS
>>>> installation.
>>>>
>>>> If I have <param name="apply-inbound-acl" value="domains"/> set in my
>>>> internal sip profile, even my registered user is unable to make any calls
>>>> since he gets rejected by the 2017-04-07 17:13:10.085105 [WARNING]
>>>> sofia.c:9983 IP xx.xx.xx.xx Rejected by acl "domains" message in the logs.
>>>> Shouldn't FS fall back to regular digest authentication like it used to?
>>>>
>>>> I know the user (let's call him 1000) is registered properly since
>>>> running sofia status profile internal reg in the cli shows that he is
>>>> indeed registered as expected.
>>>>
>>>> I made sure in user 1000's directory entry that <variable
>>>> name="user_context" value="default"/> is set.
>>>>
>>>> If 1) I I apply <param name="apply-inbound-acl" value="domains"/> to
>>>> the internal profile then calls from user 1000 get rejected by acl domains
>>>> as explained above, with no fallback to digest authentication (don't know
>>>> why it doesn't challenge the user)
>>>>
>>>> if 2) I disable <param name="apply-inbound-acl" value="domains"/> then
>>>> the call hits the public dialplan instead of the default one even though
>>>> <variable name="user_context" value="default"/> is set in user 1000's
>>>> directory xml entry.
>>>>
>>>> I haven't used FS in awhile but I recall in the past not having this
>>>> much trouble trying to get it working as expected. I suppose I could set
>>>> the context in the internal profile to default but then all kinds of bad
>>>> guys will be able to make calls on my dime (it's happened before). I want
>>>> authenticated users only to make calls but this seems to be eluding me.
>>>>
>>>> Is this a known bug (my debian installation was built from git 02c0860
>>>> 2017-03-03 23:35:25Z 32bit) or am I doing something silly?
>>>>
>>>> Thanks,
>>>> Peter
>>>> ____________________________________________________________
>>>> _____________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>> switch-users
>>>> http://www.freeswitch.org
>>>
>>>
>>> ____________________________________________________________
>>> _____________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170410/70d67f20/attachment-0001.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list