On Fri, 2009-12-11 at 09:05 -0500, Lara Johnson wrote: > Well, I tested the theory. I set up a brand new box and configured it > exactly how my production system ran when I did. External users that > are coming in through my ingate can register (you can see them in the > register). And they can receive calls from internal users. > > Though when they try to call an extension that’s inside or an outside > number we get a 403 not authorized. The settings are the same as when > we were running 3.10.2 and the calls worked then. I wonder if > something in the permissions have changed in 4.0 to cause this issue. > > > > In 3.10.x we had to remove all the dialing permissions from the dial > plan to get users to be able to dial external numbers (on the sip > trunks) from the outside. We did not have the issue with external > users calling internal extensions or voicemail. > > > > Any ideas? I can get logs and send in if someone has an idea where > they would like to look. Thanks. > > > > From: Lara Johnson > Sent: Wednesday, December 02, 2009 11:29 AM > To: Picher, Michael; sipx-users@list.sipfoundry.org > Subject: RE: [sipx-users] 4.0.2 Remote users & Authentication Realm > problem > > > > > I figured that was it, although I wish it were not the case, I really > didn’t want to have to take down the system and rebuild it… it being a > production system and all. Which is why I had to try it that way first > to minimize downtime. > > > > The only thing that I could find was that once it was using the FQDN > as the authorization realm it doesn’t matter if you change its domain > it still wants the realm as the FQDN, it configures my phones to do > that and it doesn’t challenge them it seems. I even tried setting my > SBC that proxies my external users to force it to use the FQDN and it > just doesn’t want to do it that way. > > > > When I manually change the SIPX_PROXY_AUTHENTICATE_REALM in the > sipXproxy-config file from the FQDN to the domain and restart the > services the external users work just fine. Internally though > everything starts acting strange and there’s just so many problems I > wouldn’t even know where to begin. > > > > I think I’ll schedule some downtime and reset the server and spend the > time to redo it and see if that does the trick. > > > > Lara > > > > From: Picher, Michael [mailto:mpic...@cmctechgroup.com] > Sent: Wednesday, December 02, 2009 10:51 AM > To: Lara Johnson; sipx-users@list.sipfoundry.org > Subject: RE: [sipx-users] 4.0.2 Remote users & Authentication Realm > problem > > > > > I’ve tried with 4.0.x to change between the two and always end up > having to rebuild the system… You can export your users and import > them to take some of the pain away. > > > > Maybe there’s a step I’m missing but I just can’t make things work > right. May have to do with the user accounts. > > > > Mike > > > > From:sipx-users-boun...@list.sipfoundry.org > [mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of Lara > Johnson > Sent: Wednesday, December 02, 2009 9:33 AM > To: sipx-users@list.sipfoundry.org > Subject: [sipx-users] 4.0.2 Remote users & Authentication Realm > problem > > > > > > > I have a 4.0.2 box that I replaced 3.10.2 with. I ran two boxes and > then switched the 4.0.2 live. I believe this may have caused a problem > with authentication realms and my remote users. The original box was > using the straight domain as the sip domain, while the 4.0.2 box used > a FQDN until it went live. > > > > Internally all calls are working properly. Incoming calls come in and > go out. We can call remote users from inside. > > > > Remote users, however, are showing up in the registrations (through an > ingate as a b2bua and proxy) like they did in 3.10.2, however they > cannot call extensions that are inside the office (not > connected/registered remotely) or dial out to any other numbers. Upon > viewing a packet capture I get a 407 Authorization required. > > > > When I did some digging, the sipxecs-config file has the FQDN as the > authorization realm. If I manually change it to the domain name only, > all my external users start working, but internally things mess up > (transfers do not work, calls inbound have problems). I change it back > and everything is fine internally again. > > Is this because I switched from FQDN to domain name only? Should I > reinstall the 4.0.2 box and set it up with the domain name only from > the beginning? Does anyone know a way to work around this?
Probably what's happening is that you have permissions on a dial plan that goes out the InGate to a SIP trunk, and the calls to your remote users match the pattern for those rules. Do you have a dial plan that goes to the InGate as a gateway and matches the same number of digits that your users have for their extensions? _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/