>> >> >> Hi All, >> >> After getting licences for Skype for asterisk a while ago I finallygot>> around to setting up a server with two channels and setting up a bcpon>> the skype end. >> >> The idea behind this is the following: >> >> Users can dial into the PBX, get authenticated and only after> >> authentication get access to internal PBX extensions. >> >> I CAN do this with a PIN, no sweat, but from a user perspective it >> becomes a bit clunky, i.e. password to remember, security in terms of >> pin leaks, multiple passwords for users, etc. >> >> I was wondering if there was a way I could extract the "FROM - USER"and>> assign it to a variable, then do a lookup of that username in adatabase>> using ODBC to decide whether to allow or disallow access. >> >> NOTE: The bit I need help with is extracting the "FROM - USER" therest>> of the stuff I've done already / before.>None of this is necessary; Skype already supports restricting to calls >to only coming from users on the buddy list. So, if your PBX is >connecting to the Skype network as user 'A', and your remote users are >'B' and 'C', then *don't* setup SFA to allow calls from anyone, and >don't set it up to automatically add users to the buddy list when they >request it. Instead, manually add users B and C to A's buddy list(using>a regular Skype client), and those are the only users that will be able >to call A. > >-- >Kevin P. FlemingI know that already, it's a matter of convenience. If I go that way, then I have to manually log in to skype, and add maybe 50 / 60 users to each new user that I create [these are personal staff accounts that wont be logged into the asterisk server via SFA, and are not part of the group set up in BCP] If there's something I can do on the asterisk end, then management becomes *very* simple --> func_odbc+freetds+MS_SQL+PHP = web page to manage users & access.
On Friday 16 Jul 2010, Neeraj Chand wrote:> >> Hi All, > >> > >> After getting licences for Skype for asterisk a while ago I finally > got > >> around to setting up a server with two channels and setting up a bcp > on > >> the skype end. > >> > >> The idea behind this is the following: > >> > >> Users can dial into the PBX, get authenticated and only after> > >> authentication get access to internal PBX extensions. > >> *snip* > >None of this is necessary; Skype already supports restricting to calls > >to only coming from users on the buddy list. So, if your PBX is > >connecting to the Skype network as user 'A', and your remote users are > >'B' and 'C', then *don't* setup SFA to allow calls from anyone, and > >don't set it up to automatically add users to the buddy list when they > >request it. Instead, manually add users B and C to A's buddy list > (using > >a regular Skype client), and those are the only users that will be able > >to call A. > I know that already, it's a matter of convenience. > If I go that way, then I have to manually log in to skype, and add maybe > 50 / 60 users to each new user that I create [these are personal staff > accounts that wont be logged into the asterisk server via SFA, and are > not part of the group set up in BCP] > If there's something I can do on the asterisk end, then management > becomes *very* simple --> func_odbc+freetds+MS_SQL+PHP = web page to > manage users & access.Notice how everything is easy to make work the way you want it to work when you have access to the Source Code; the hard bits *invariably* involve some piece of proprietary, binary-only software? There could be a moral in there somewhere ..... -- AJS
Kevin P. Fleming
2010-Jul-16 13:46 UTC
[asterisk-users] SKYPE - Authenticate incoming call
On 07/15/2010 08:57 PM, Neeraj Chand wrote:>>> >>> >>> Hi All, >>> >>> After getting licences for Skype for asterisk a while ago I finally > got >>> around to setting up a server with two channels and setting up a bcp > on >>> the skype end. >>> >>> The idea behind this is the following: >>> >>> Users can dial into the PBX, get authenticated and only after> >>> authentication get access to internal PBX extensions. >>> >>> I CAN do this with a PIN, no sweat, but from a user perspective it >>> becomes a bit clunky, i.e. password to remember, security in terms of >>> pin leaks, multiple passwords for users, etc. >>> >>> I was wondering if there was a way I could extract the "FROM - USER" > and >>> assign it to a variable, then do a lookup of that username in a > database >>> using ODBC to decide whether to allow or disallow access. >>> >>> NOTE: The bit I need help with is extracting the "FROM - USER" the > rest >>> of the stuff I've done already / before. > >> None of this is necessary; Skype already supports restricting to calls >> to only coming from users on the buddy list. So, if your PBX is >> connecting to the Skype network as user 'A', and your remote users are >> 'B' and 'C', then *don't* setup SFA to allow calls from anyone, and >> don't set it up to automatically add users to the buddy list when they >> request it. Instead, manually add users B and C to A's buddy list > (using >> a regular Skype client), and those are the only users that will be able >> to call A. >> >> -- >> Kevin P. Fleming > > I know that already, it's a matter of convenience. > If I go that way, then I have to manually log in to skype, and add maybe > 50 / 60 users to each new user that I create [these are personal staff > accounts that wont be logged into the asterisk server via SFA, and are > not part of the group set up in BCP] > If there's something I can do on the asterisk end, then management > becomes *very* simple --> func_odbc+freetds+MS_SQL+PHP = web page to > manage users & access.I really don't understand this at all; this does not match up with what you originally posted. Your Asterisk server should be using *one* account to log in to the Skype network via SFA, and only that account needs to have the list of authorized callers added as buddies. These Skype users can then call into your PBX and access the 'internal extensions' as you put it in your first message. Now, if you actually mean your Asterisk server is going to be logging in to the Skype network with many accounts (one for each extension), then your best option would be to use the built-in buddy authentication mechanism in SFA, where the Skype user who wants to be able to call sends a buddy authentication request to the SFA user they wish to call, including a special 'password' phrase in the buddy request. When this request is received by SFA the buddy request will be honored, and that user can then call that SFA user. If the password phase is not received in the buddy request, it is ignored (or rejected, I can't remember which). -- Kevin P. Fleming Digium, Inc. | Director of Software Technologies 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA skype: kpfleming | jabber: kfleming at digium.com Check us out at www.digium.com & www.asterisk.org