Lars, Since this question has come up a few times I'm going to write up a nice wiki article on it explaining the differences between letting someone in via an ACL and actually doing digest authentication. In a nutshell, though, it's this: if the user does digest authentication (with the whole REGISTER, 401, REGISTER, 200 OK exchange) then whatever value is in user_context is the context for the calls made by that user. In conf/directory/default/1000.xml (and 1001.xml, etc.) they all have user_context = "default" so when those users register the calls they make are handled in the default context. OTOH, if you let a user in via an ACL they aren't really registered, you've simply opened the door for anyone coming from a particular IP address or IP address range. In that case the calls are handled in the context specified by the context parameter of the sip profile where the calls come in. By default the internal sip profile uses the public context. This is for security reasons. "Paranoid by default" is how you might describe it. You are welcome to change that value to "default" so that calls let in by the ACL are handled just like auth'd calls.
Play around with it and let us know how it goes. I think you'll get it once you start modifying settings and making test calls. -MC On Thu, Dec 24, 2009 at 8:16 AM, Lars Zeb <larc...@yahoo.com> wrote: > Brian, > > > > Please forgive my slowness, but I’m still having problems with this. When > you say that I “really didn’t auth the user”, did you mean the > endpoint/extension? > > > > If you did, I upped to svn1 16055 and placed a cidr attribute on the > extension and reran the test, resulting in the same output, going to context > public. > > > > Further, I’m confused about your response about ACL compared with Billy W > in an email of 12/22/2009. > > > > “…you could simply put these entries in your internal sofia profile. > > > > <param name="apply-inbound-acl" value="192.168.0.0/24"/> <param > name="apply-register-acl" value="192.168.0.0/24"/> > > > > In that case, you do not need to include anything in the directory. The > cidr entries in the directory are for providing additional control for each > user id and what IPs they are allowed to make calls from.” > > > > http://pastebin.freeswitch.org/11633 > > Linux fs 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:39:21 EDT 2009 i686 i686 > i386 GNU/Linux > > > > Thanks Lars > > > > *From:* freeswitch-users-boun...@lists.freeswitch.org [mailto: > freeswitch-users-boun...@lists.freeswitch.org] *On Behalf Of *Brian West > *Sent:* Wednesday, December 23, 2009 6:03 PM > *To:* freeswitch-users@lists.freeswitch.org > *Subject:* Re: [Freeswitch-users] Local call uses public context? > > > > 2009-12-23 15:00:01.955357 [DEBUG] sofia.c:5322 IP 192.168.10.105 Approved > by acl "192.168.10.0/24[]". Access Granted. > > > > Because the context is set on the profile as public... and you really > didn't auth the user so user_context was never set. > > > > /b > > > > On Dec 23, 2009, at 7:49 PM, Lars Zeb wrote: > > > > I am trying to setup a second FS box from scratch using v16048. > > > > What can cause a local call (81002, or 9996) to use context public? It’s a > standard vanilla install. > > > > http://pastebin.freeswitch.org/11629 > > > > Thanks, Lars > > _______________________________________________ > FreeSWITCH-users mailing list > FreeSWITCH-users@lists.freeswitch.org > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users > http://www.freeswitch.org > > > > _______________________________________________ > FreeSWITCH-users mailing list > FreeSWITCH-users@lists.freeswitch.org > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users > http://www.freeswitch.org > >
_______________________________________________ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
