[Asterisk-Users] SER and Asterisk authentication
Chris Roberts
croberts at bongle.co.uk
Sun Aug 28 05:03:04 MST 2005
Heya,
I'm trying to get SER up and running as a front-end for a couple of Asterisk
boxes for SIP clients. I'd like clients to register with the SER platform.
However, I'd like clients to authenticate with Asterisk when they try to
make outgoing calls via Asterisk. Otherwise it seems that users could bypass
my SER box and register directly with the Asterisk boxes and bypass
authentication altogether, since their user profiles on * must be set with
no password or md5secret.
However, when I enable a password on *, and ask the users to dial out, I get
a 407 Proxy Authorization required. The replies to this list have suggested
trusting all calls from SER, but this doesn't allow me to have per-user
profiles that I can see, unless I set the * users passwords to be null which
gives me the security problem above.
sip.cfg file:
[ser]
type=friend
context=default
host=myserhost
[user1]
type=friend
context=ausercontext
host=dynamic
password=thesameastheserpassword
--------
This fails (with X-Lite) as it seems the asterisk authentication fails. If I
remove the passwords everything works, but then I can connect X-Lite
directly to my asterisk box aswell and bypass the SER authentication and
dial straight out :( Ideally I'd like SER and Asterisk to look at the same
authentication database in MySQL, and I've seem mention that people have
this running, but I can't get this to work at the moment.
Anyone got any ideas?
Cheers,
Chris.
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.10.16/83 - Release Date: 26/08/2005
More information about the asterisk-users
mailing list