I appologize for the long, new-ish question, but after a few days of trying to work a solution by reading through the list archives and WIKI and coming up with what I thought would work, I think I'm just not getting a fine detail. I titled this thread "Setting up Security Groups" because I'm trying to set up some sip user groups with certain calling rights, e.g., one group of sip phones have the right to make any type of call. another group of sip phones have the right to make local & toll free calls only. The outbound dialing is broken down into 4 contexts in extensions.conf; outbound-local, outbound-toll, outbound-tollfree, and outbound-longdistance. The sip users are set up in 3 contexts in extensions.conf; sip-superuser, sip-operator and sip-basic. Under default context in extensions.conf, I have an include statement for the outbound calling. To make sure they all worked, originally I had the include statement for the sip user groups also under the default context. Everyone could dial every type of call, which wasn't what I wanted, but at least I know that the outbound calling works. I then tried moving the include statements for outbound contexts into each sip user group. Everyone can still dial outbound. Right now here is how I have it structured in extensions.conf. What am I missing? Why would a sip-basic member be able to make toll calls? [default] include => sip-basic include => sip-operator include => sip-superuser [sip-superuser] include => outbound-local include => outbound-longdistance include => outbound-tollfree include => outbound-toll ---> sip users info follows here [sip-operator] include => outbound-local include => outbound-longdistance include => outbound-tollfree ---> sip users info follows here [sip-basic] include => outbound-local include => outbound-tollfree ---> sip users info follows here [outbound-local] ---> outbound calling info follows here [outbound-longdistance] ---> outbound calling info follows here [outbound-tollfree] ---> outbound calling info follows here [outbound-toll] ---> outbound calling info follows here
On Tue, 2005-03-15 at 07:21 -0800, PA wrote:> Right now here is how I have it structured in extensions.conf. What > am I missing? Why would a sip-basic member be able to make toll > calls? > > [default] > include => sip-basic > include => sip-operator > include => sip-superuserYou probably want to remove those 3 entries. I can't remember for sure if you can inherit includes, but I do remember that unregistered sip phones could have access to the default context. Guessing without the benefit of the logs from your machine, your phones may be entering the default context and getting access that they don't deserve.> [sip-superuser] > include => outbound-local > include => outbound-longdistance > include => outbound-tollfree > include => outbound-toll > ---> sip users info follows here > > [sip-operator] > include => outbound-local > include => outbound-longdistance > include => outbound-tollfree > ---> sip users info follows here > > [sip-basic] > include => outbound-local > include => outbound-tollfree > ---> sip users info follows here > > [outbound-local] > ---> outbound calling info follows here > > [outbound-longdistance] > ---> outbound calling info follows here > > [outbound-tollfree] > ---> outbound calling info follows here > > [outbound-toll] > ---> outbound calling info follows hereWithout the details of these outbound sections, we can't tell if you have a pattern matching problem that is causing your troubles. -- Steven Critchfield <critch@basesys.com>
Thanks Steven, that was really a simple solution I overlooked. I added appropriate context=siphones-superuser in the user settings in sip.conf, commented out the includes under default and all inbound/outbound security accounts are routed as I intended. You were right, even unregistered SIP phones were able to dial out. I think I see a more clearly how default context is used. Phil Avery -----Original Message----- From: Steven Critchfield <critch@basesys.com> Sent: Mar 15, 2005 11:06 AM To: PA <taihome@earthlink.net>, Asterisk Users Mailing List - Non-Commercial Discussion <asterisk-users@lists.digium.com> Subject: Re: [Asterisk-Users] Setting up Security Groups On Tue, 2005-03-15 at 07:21 -0800, PA wrote:> Right now here is how I have it structured in extensions.conf. What > am I missing? Why would a sip-basic member be able to make toll > calls? > > [default] > include => sip-basic > include => sip-operator > include => sip-superuserYou probably want to remove those 3 entries. I can't remember for sure if you can inherit includes, but I do remember that unregistered sip phones could have access to the default context. Guessing without the benefit of the logs from your machine, your phones may be entering the default context and getting access that they don't deserve.> [sip-superuser] > include => outbound-local > include => outbound-longdistance > include => outbound-tollfree > include => outbound-toll > ---> sip users info follows here > > [sip-operator] > include => outbound-local > include => outbound-longdistance > include => outbound-tollfree > ---> sip users info follows here > > [sip-basic] > include => outbound-local > include => outbound-tollfree > ---> sip users info follows here > > [outbound-local] > ---> outbound calling info follows here > > [outbound-longdistance] > ---> outbound calling info follows here > > [outbound-tollfree] > ---> outbound calling info follows here > > [outbound-toll] > ---> outbound calling info follows hereWithout the details of these outbound sections, we can't tell if you have a pattern matching problem that is causing your troubles. -- Steven Critchfield <critch@basesys.com> _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users Spam detection software, running on the system "zeus.avanzada7.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: On Tue, 2005-03-15 at 07:21 -0800, PA wrote: > Right now here is how I have it structured in extensions.conf. What > am I missing? Why would a sip-basic member be able to make toll > calls? > > [default] > include => sip-basic > include => sip-operator > include => sip-superuser [...] Content analysis details: (0.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.1 FORGED_RCVD_HELO Received: contains a forged HELO