[Asterisk-Users] Setting up Security Groups

PA taihome at earthlink.net
Wed Mar 16 07:52:18 MST 2005


Thanks Steven, that was really a simple solution I overlooked.  I added appropriate context=siphones-superuser in the user settings in sip.conf, commented out the includes under default and all inbound/outbound security accounts are routed as I intended.  

You were right, even unregistered SIP phones were able to dial out.  I think I see a more clearly how default context is used.

Phil Avery



-----Original Message-----
From: Steven Critchfield <critch at basesys.com>
Sent: Mar 15, 2005 11:06 AM
To: PA <taihome at earthlink.net>, 
	Asterisk Users Mailing List - Non-Commercial Discussion <asterisk-users at lists.digium.com>
Subject: Re: [Asterisk-Users] Setting up Security Groups

On Tue, 2005-03-15 at 07:21 -0800, PA wrote:
> Right now here is how I have it structured in extensions.conf.  What
> am I missing?  Why would a sip-basic member be able to make toll
> calls?
> 
> [default]
> include => sip-basic
> include => sip-operator
> include => sip-superuser

You probably want to remove those 3 entries. I can't remember for sure
if you can inherit includes, but I do remember that unregistered sip
phones could have access to the default context. 

Guessing without the benefit of the logs from your machine, your phones
may be entering the default context and getting access that they don't
deserve.

> [sip-superuser]
> include => outbound-local
> include => outbound-longdistance
> include => outbound-tollfree
> include => outbound-toll
> ---> sip users info follows here
> 
> [sip-operator]
> include => outbound-local
> include => outbound-longdistance
> include => outbound-tollfree
> ---> sip users info follows here
> 
> [sip-basic]
> include => outbound-local
> include => outbound-tollfree
> ---> sip users info follows here
> 
> [outbound-local]
> ---> outbound calling info follows here
> 
> [outbound-longdistance]
> ---> outbound calling info follows here
> 
> [outbound-tollfree]
> ---> outbound calling info follows here
> 
> [outbound-toll]
> ---> outbound calling info follows here

Without the details of these outbound sections, we can't tell if you
have a pattern matching problem that is causing your troubles.
-- 
Steven Critchfield <critch at basesys.com>

_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Spam detection software, running on the system "zeus.avanzada7.com", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  On Tue, 2005-03-15 at 07:21 -0800, PA wrote: > Right 
  now here is how I have it structured in extensions.conf. What > am I 
  missing? Why would a sip-basic member be able to make toll > calls? > 
  > [default] > include => sip-basic > include => sip-operator > include 
  => sip-superuser [...] 

Content analysis details:   (0.1 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.1 FORGED_RCVD_HELO       Received: contains a forged HELO





More information about the asterisk-users mailing list