We use FTP just now, and it works ok. Ultimately I want to use HTTPS as we are sending config files over the internet, which have access credentials on how to register a phone, which is potentially damaging - most people deploy on a LAN, but we have a central provisioning server. Polycom are fairly flakey when it comes to mention FTPS - they say it isnt officially supported, and does not seem to be something many people are doing.
Plus it seems industry standard just now is to use HTTP/s - snom and linksys both use HTTP, and not FTP (which seems fairly unique to polycom), so it would be better to use the same protocol for all makes of telephone - especially as you can only put one string in Option 66 in a customers router. I have a ticket open with Polycom regarding just now - it seems to work now when you provision by hand by typing in values in the bootrom using HTTP with basic authentication. R On Fri, Jun 27, 2008 at 11:07 AM, Alexander Lopez <[EMAIL PROTECTED]> wrote: > I could never get the http stuff to work, I tried Ftp like what you have > > > ftp://user:[EMAIL PROTECTED]/customomer > > It worked fine for me the first time, and I just ran with it. Has worked > without an issue since day one. If FTP not an option for you???? > > Alex > >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:asterisk-users- >> [EMAIL PROTECTED] On Behalf Of Robert McNaught >> Sent: Friday, June 27, 2008 1:20 PM >> To: Asterisk Users Mailing List - Non-Commercial Discussion >> Subject: [asterisk-users] polycom with http/https basic authentication >> >> Hi, >> >> I apologize that this is not directly associated with Asterisk, I have >> been trying to solve this, but not having any luck. >> >> Does anyone have a setup with http or https with basic authentication >> for provisioning Polycom Phones. We use edgemarc 4500 routers and use >> Option 66 to auto-provision phones using DHCP. I am trying to set up >> an apache server with subdirectories for different customers protected >> by a username and password so that their phones can only access their >> own directory. >> >> The string I am putting in Option 66 is: >> >> "http://username:[EMAIL PROTECTED]/dir1/" >> >> This is packet dumps of the polycom phone trying to grab files from >> the server - using basic authentication - I have set up .htaccess >> files which work correctly when pulling down files using firefox. >> >> GET FILE WITH POLYCOM >> [EMAIL PROTECTED] ~]# ngrep -q 'HTTP/1.[01]' >> interface: eth0 (XXX.XXX.XXX.XXX/255.255.254.0) >> match: HTTP/1.[01] >> >> T XXX.XXX.XXX.XXX:1024 -> XXX.XXX.XXX.XXX [AP] >> GET /dir1/2345-12200-002.bootrom.ld HTTP/1.1..Host: >> http.server.com..Accept: */*..U >> ser-Agent: FileTransport > PolycomSoundPointIP-SPIP_320-UA/4.0.0.0423.... >> >> T XXX.XXX.XXX.XXX:80 -> XXX.XXX.XXX.XXX:1024 [AP] >> HTTP/1.1 401 Authorization Required..Date: Fri, 27 Jun 2008 16:46:59 >> GMT..Server: A >> pache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.8b >> mod_auth_passthrough/2.1 mod_bwli >> mited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5..WWW-Authenticate: Basic >> realm="Restricted >> Area"..Content-Length: 703..Content-Type: text/html; >> charset=iso-8859-1....<!DOCTY >> PE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>401 >> Authorization R >> equired</title>.</head><body>.<h1>Authorization >> Required</h1>.<p>This server could >> not verify that you.are authorized to access the document.requested. >> Either you su >> pplied the wrong.credentials (e.g., bad password), or your.browser >> doesn't understa >> nd how to supply.the credentials required.</p>.<p>Additionally, a >> 404 Not Found.err >> or was encountered while trying to use an ErrorDocument to handle >> the request.</p>. >> <hr>.<address>Apache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.8b >> mod_auth_passthrou >> gh/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5 Server at >> prov.xiptel.net P >> ort 80</address>.</body></html>. >> >> T XXX.XXX.XXX.XXX:1025 -> XXX.XXX.XXX.XXX:80 [AP] >> GET /dir1/bootrom.ld HTTP/1.1..Host: http.server.com..Accept: >> */*..User-Agent: File >> Transport PolycomSoundPointIP-SPIP_320-UA/4.0.0.0423.... >> >> >> >> USING FIREFOX >> [EMAIL PROTECTED] ~]# ngrep -q 'HTTP/1.[01]' >> interface: eth0 (69.73.146.0/255.255.254.0) >> match: HTTP/1.[01] >> >> T XXX.XXX.XXX.XXX:57773 -> XXX.XXX.XXX.XXX:80 [AP] >> GET /dir1/2345-11300-010.bootrom.ld HTTP/1.1..Host: >> http.server.com..User-Agent: Mo >> zilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008061015 >> Firefox/3.0..Accept: >> >> > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8..Accept- >> Language: >> en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: >> ISO-8859-1,utf-8;q=0 >> .7,*;q=0.7..Keep-Alive: 300..Connection: keep-alive..Referer: >> http://prov.xiptel.ne >> t/dir1/..Cookie: logintheme=cpanel; cprelogin=no; > cpsession=closed.... >> >> T XXX.XXX.XXX.XXX:80 -> XXX.XXX.XXX.XXX:57773 [AP] >> HTTP/1.1 401 Authorization Required..Date: Fri, 27 Jun 2008 16:36:20 >> GMT..Server: A >> pache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.8b >> mod_auth_passthrough/2.1 mod_bwli >> mited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5..WWW-Authenticate: Basic >> realm="Restricted >> Area"..Content-Length: 703..Keep-Alive: timeout=15, >> max=100..Connection: Keep-Aliv >> e..Content-Type: text/html; charset=iso-8859-1....<!DOCTYPE HTML >> PUBLIC "-//IETF//D >> TD HTML 2.0//EN">.<html><head>.<title>401 Authorization >> Required</title>.</head><bo >> dy>.<h1>Authorization Required</h1>.<p>This server could not verify >> that you.are au >> thorized to access the document.requested. Either you supplied the >> wrong.credentia >> ls (e.g., bad password), or your.browser doesn't understand how to >> supply.the crede >> ntials required.</p>.<p>Additionally, a 404 Not Found.error was >> encountered while t >> rying to use an ErrorDocument to handle the >> request.</p>.<hr>.<address>Apache/2.0.6 >> 1 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.8b mod_auth_passthrough/2.1 >> mod_bwlimited/1.4 F >> rontPage/5.0.2.2635 PHP/5.2.5 Server at prov.xiptel.net Port >> 80</address>.</body></ >> html>. >> >> T XXX.XXX.XXX.XXX:57773 -> XXX.XXX.XXX.XXX:80 [AP] >> GET /dir1/2345-11300-010.bootrom.ld HTTP/1.1..Host: >> http.server.com..User-Agent: Mo >> zilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008061015 >> Firefox/3.0..Accept: >> >> > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8..Accept- >> Language: >> en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: >> ISO-8859-1,utf-8;q=0 >> .7,*;q=0.7..Keep-Alive: 300..Connection: keep-alive..Referer: >> http://prov.xiptel.ne >> t/dir1/..Cookie: logintheme=cpanel; cprelogin=no; >> cpsession=closed..Authorization: >> Basic ZGlyMTppcGd2MTMxNA==.... >> >> >> As you can see, the server responds asking for authorization >> credentials, which are not responded to by the Polycom in its next >> HTTP message, whereas with a browser, when I type in my username and >> password in the dialog box, a response is made. >> >> I have been assured by Polycom that basic authentication works with >> their new models of phones - I am using a ip320. Further their admin >> guide states: >> >> "The protocol that will be used to transfer files from the boot server >> depends on >> several factors including the phone model and whether the bootROM or > SIP >> application stage of provisioning is in progress. By default, the > phones >> are >> shipped with FTP enabled as the provisioning protocol. If an > unsupported >> protocol is specified, this may result in a defined behavior (see the >> table below >> for details of which protocol the phone will use). The Specified > Protocol >> listed >> in the table can be selected in the Server Type field or the Server >> Address can >> include a transfer protocol, for example http://usr:[EMAIL PROTECTED] (refer > to >> Server Menu on page 3-9). The boot server address can be an IP > address, >> domain string name, or URL. The boot server address can also be > obtained >> through DHCP. Configuration file names in the <Ethernet address>.cfg > file >> can include a transfer protocol, for example >> https://usr:[EMAIL PROTECTED]/dir/file.cfg. If a user name and password are >> specified as part of the server address or file name, they will be >> used only if the >> server supports them." >> >> >> Anyone familiar with this situation, or have a different Option 66 >> string? or any troubleshooting tips >> >> Thanks >> >> Robert >> >> _______________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> >> AstriCon 2008 - September 22 - 25 Phoenix, Arizona >> Register Now: http://www.astricon.net >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > AstriCon 2008 - September 22 - 25 Phoenix, Arizona > Register Now: http://www.astricon.net > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
