astlinux-users — AstLinux Users Mailing List

Re: [Astlinux-users] Hello all and I need help.

[Michael K. <li...@mk...>]

The references were removed in 2018:

https://github.com/asterisk/dahdi-linux/commit/75620dd9ef6ac746745a1ecab4ef925a5b9e2988

> Am 05.06.2023 um 15:11 schrieb Lonnie Abelbeck <li...@lo...>:
> 
> Hi Tahiro,
> 
> A quick look at the dahdi-linux code for the "wcb4xxp", the PCI-ids appear to be defined here [1]
> 
> But my gut feeling, there may be more to it than simply adding a line to DEFINE_PCI_DEVICE_TABLE
> 
> Question, are Digium wcb4xxp ISDN cards available on the used market at a reasonable price?
> 
> Lonnie
> 
> [1] https://github.com/asterisk/dahdi-linux/blob/4397c55319154a8dc89022f6f75c683d6af12d54/drivers/dahdi/wcb4xxp/base.c#LL3642C1-L3651C3
> 
> 
> 
>> On Jun 5, 2023, at 2:51 AM, Tahiro Hashizume via Astlinux-users <ast...@li...> wrote:
>> 
>> Alright, I hope the attached TXT file clarifies the situation I am facing.
>> Looks to me like the driver in question does not have the necessary PCI-ID listed.
>> 
>> On Thu, Jun 1, 2023 at 4:33 PM Tahiro Hashizume <ta...@ha...> wrote:
>> Hi Michael,
>> 
>> The telephone service provided by the local telco (NTT East of Japan) is based on a very standard format (SIP+RTSP with SIP session timer of 300 seconds) provided on a closed network over fiber.
>> Yet I still consider the interfacing of asterisk with the local telco via ISDN to be a valid option for the following reasons:
>> A.) The information required for SIP registration incl. account, domain and SIP server address(es) are provided via vendor-specific options of DHCPv4+DHCPv6-PD.
>> Given the format of the service (as mentioned above), direct-interfacing of asterisk with telco is no rocket science in principle, but doing so with some reliability is another thing.
>> While there is sip-proxy software (non-OSS) available for Linux which also functions as a DHCP client, I find it rather silly to use it.
>> B.)The local telco also requires that any non-hardware/non-certified IP-PBXes directly interfaced with their VoIP servers via IPv4/IPv6 to be inspected for security and compatibility. In terms of direct-interfacing asterisk with the telco, this means having asterisk config files checked by telco's engineers (AND THE INSPECTION COSTS A LOT!!!). The aforementioned sip-proxy is certified-compatible with the telco and effectively eliminates the need for inspection.
>> 
>> Given that B400P available through the local distributor is a telco-certified device and the telco also provides a ISDN gateway for the service (which has either two or four BRIs and ethernet), ISDN-interfacing of asterisk is a seemingly decent choice. Yes, it's a problem so easy to solve in principle but not so in reality.
>> 
>> Now, the card is listed in lspci, but is not visible from DAHDI utilities. My guess is that it's due to the PCI VID&PID of B400P that is not listed in "modinfo wcb4xxp". Documentation by OpenVox also says that a little patching is necessary, so things make sense overall.
>> 
>> I'll include the PID and VID with the next email should there be a demand for it.
>> 
>> Any comments and ideas are appreciated.
>> 
>> Tahiro
>> 
>> On Mon, May 29, 2023 at 6:38 PM Michael Keuter <li...@mk...> wrote:
>> 
>> 
>>> Am 29.05.2023 um 07:39 schrieb Tahiro Hashizume via Astlinux-users <ast...@li...>:
>>> 
>>> Dear whom it may concern.
>>> 
>>> I've recently got my hands on a OpenVox B400P ISDN BRI card.
>>> It seems that DAHDI included with Astlinux isn't built to support the card and I'm now trying to figure out how to build the image with the support included.
>>> It's been a while since I started fiddling with OSS and I have been fairly comfortable building stuff from sources although I am not yet able to write my own Makefile and so on.
>>> Any ideas on how I should get started?
>>> 
>>> P.S.-I have managed to build the toolchain and Astlinux image by default config for Asterisk 18.x. 
>>> 
>>> Regards.
>> 
>> Hi Tahiro,
>> 
>> the only BRI driver in DAHDI is the WCB4XXP for 2-8 port HFS-chip cards.
>> 
>> https://doc.astlinux-project.org/userdoc:dahdi
>> 
>> So in principle this should work for your card:
>> 
>> DAHDIMODS="wcb4xxp dahdi_echocan_oslec"
>> 
>> I have switched all my ISDN based installations to berofix cards/boxes over 10 years ago.
>> And now none is still in production :-). 
>> 
>> Michael
>> 
>> http://www.mksolutions.info


Michael

http://www.mksolutions.info

Re: [Astlinux-users] Hello all and I need help.

[Lonnie A. <li...@lo...>]

Hi Tahiro,

A quick look at the dahdi-linux code for the "wcb4xxp", the PCI-ids appear to be defined here [1]

But my gut feeling, there may be more to it than simply adding a line to DEFINE_PCI_DEVICE_TABLE

Question, are Digium wcb4xxp ISDN cards available on the used market at a reasonable price?

Lonnie

[1] https://github.com/asterisk/dahdi-linux/blob/4397c55319154a8dc89022f6f75c683d6af12d54/drivers/dahdi/wcb4xxp/base.c#LL3642C1-L3651C3



> On Jun 5, 2023, at 2:51 AM, Tahiro Hashizume via Astlinux-users <ast...@li...> wrote:
> 
> Alright, I hope the attached TXT file clarifies the situation I am facing.
> Looks to me like the driver in question does not have the necessary PCI-ID listed.
> 
> On Thu, Jun 1, 2023 at 4:33 PM Tahiro Hashizume <ta...@ha...> wrote:
> Hi Michael,
> 
> The telephone service provided by the local telco (NTT East of Japan) is based on a very standard format (SIP+RTSP with SIP session timer of 300 seconds) provided on a closed network over fiber.
> Yet I still consider the interfacing of asterisk with the local telco via ISDN to be a valid option for the following reasons:
> A.) The information required for SIP registration incl. account, domain and SIP server address(es) are provided via vendor-specific options of DHCPv4+DHCPv6-PD.
> Given the format of the service (as mentioned above), direct-interfacing of asterisk with telco is no rocket science in principle, but doing so with some reliability is another thing.
> While there is sip-proxy software (non-OSS) available for Linux which also functions as a DHCP client, I find it rather silly to use it.
> B.)The local telco also requires that any non-hardware/non-certified IP-PBXes directly interfaced with their VoIP servers via IPv4/IPv6 to be inspected for security and compatibility. In terms of direct-interfacing asterisk with the telco, this means having asterisk config files checked by telco's engineers (AND THE INSPECTION COSTS A LOT!!!). The aforementioned sip-proxy is certified-compatible with the telco and effectively eliminates the need for inspection.
> 
> Given that B400P available through the local distributor is a telco-certified device and the telco also provides a ISDN gateway for the service (which has either two or four BRIs and ethernet), ISDN-interfacing of asterisk is a seemingly decent choice. Yes, it's a problem so easy to solve in principle but not so in reality.
> 
> Now, the card is listed in lspci, but is not visible from DAHDI utilities. My guess is that it's due to the PCI VID&PID of B400P that is not listed in "modinfo wcb4xxp". Documentation by OpenVox also says that a little patching is necessary, so things make sense overall.
> 
> I'll include the PID and VID with the next email should there be a demand for it.
> 
> Any comments and ideas are appreciated.
> 
> Tahiro
> 
> On Mon, May 29, 2023 at 6:38 PM Michael Keuter <li...@mk...> wrote:
> 
> 
> > Am 29.05.2023 um 07:39 schrieb Tahiro Hashizume via Astlinux-users <ast...@li...>:
> > 
> > Dear whom it may concern.
> > 
> > I've recently got my hands on a OpenVox B400P ISDN BRI card.
> > It seems that DAHDI included with Astlinux isn't built to support the card and I'm now trying to figure out how to build the image with the support included.
> > It's been a while since I started fiddling with OSS and I have been fairly comfortable building stuff from sources although I am not yet able to write my own Makefile and so on.
> > Any ideas on how I should get started?
> > 
> > P.S.-I have managed to build the toolchain and Astlinux image by default config for Asterisk 18.x. 
> > 
> > Regards.
> 
> Hi Tahiro,
> 
> the only BRI driver in DAHDI is the WCB4XXP for 2-8 port HFS-chip cards.
> 
> https://doc.astlinux-project.org/userdoc:dahdi
> 
> So in principle this should work for your card:
> 
> DAHDIMODS="wcb4xxp dahdi_echocan_oslec"
> 
> I have switched all my ISDN based installations to berofix cards/boxes over 10 years ago.
> And now none is still in production :-). 
> 
> Michael
> 
> http://www.mksolutions.info

Re: [Astlinux-users] Hello all and I need help.

[Tahiro H. <ta...@ha...>]

Alright, I hope the attached TXT file clarifies the situation I am facing.
Looks to me like the driver in question does not have the necessary PCI-ID
listed.

On Thu, Jun 1, 2023 at 4:33 PM Tahiro Hashizume <ta...@ha...>
wrote:

> Hi Michael,
> The telephone service provided by the local telco (NTT East of Japan) is
> based on a very standard format (SIP+RTSP with SIP session timer of 300
> seconds) provided on a closed network over fiber.
> Yet I still consider the interfacing of asterisk with the local telco via
> ISDN to be a valid option for the following reasons:
> A.) The information required for SIP registration incl. account, domain
> and SIP server address(es) are provided via vendor-specific options of
> DHCPv4+DHCPv6-PD.
> Given the format of the service (as mentioned above), direct-interfacing
> of asterisk with telco is no rocket science in principle, but doing so with
> some reliability is another thing.
> While there is sip-proxy software (non-OSS) available for Linux which also
> functions as a DHCP client, I find it rather silly to use it.
> B.)The local telco also requires that any non-hardware/non-certified
> IP-PBXes directly interfaced with their VoIP servers via IPv4/IPv6 to be
> inspected for security and compatibility. In terms of direct-interfacing
> asterisk with the telco, this means having asterisk config files checked by
> telco's engineers (AND THE INSPECTION COSTS A LOT!!!). The aforementioned
> sip-proxy is certified-compatible with the telco and effectively eliminates
> the need for inspection.
>
> Given that B400P available through the local distributor is a
> telco-certified device and the telco also provides a ISDN gateway for the
> service (which has either two or four BRIs and ethernet), ISDN-interfacing
> of asterisk is a seemingly decent choice. Yes, it's a problem so easy to
> solve in principle but not so in reality.
>
> Now, the card is listed in lspci, but is not visible from DAHDI utilities.
> My guess is that it's due to the PCI VID&PID of B400P that is not listed in
> "modinfo wcb4xxp". Documentation by OpenVox also says that a little
> patching is necessary, so things make sense overall.
>
> I'll include the PID and VID with the next email should there be a demand
> for it.
>
> Any comments and ideas are appreciated.
>
> Tahiro
>
> On Mon, May 29, 2023 at 6:38 PM Michael Keuter <li...@mk...>
> wrote:
>
>>
>>
>> > Am 29.05.2023 um 07:39 schrieb Tahiro Hashizume via Astlinux-users <
>> ast...@li...>:
>> >
>> > Dear whom it may concern.
>> >
>> > I've recently got my hands on a OpenVox B400P ISDN BRI card.
>> > It seems that DAHDI included with Astlinux isn't built to support the
>> card and I'm now trying to figure out how to build the image with the
>> support included.
>> > It's been a while since I started fiddling with OSS and I have been
>> fairly comfortable building stuff from sources although I am not yet able
>> to write my own Makefile and so on.
>> > Any ideas on how I should get started?
>> >
>> > P.S.-I have managed to build the toolchain and Astlinux image by
>> default config for Asterisk 18.x.
>> >
>> > Regards.
>>
>> Hi Tahiro,
>>
>> the only BRI driver in DAHDI is the WCB4XXP for 2-8 port HFS-chip cards.
>>
>> https://doc.astlinux-project.org/userdoc:dahdi
>>
>> So in principle this should work for your card:
>>
>> DAHDIMODS="wcb4xxp dahdi_echocan_oslec"
>>
>> I have switched all my ISDN based installations to berofix cards/boxes
>> over 10 years ago.
>> And now none is still in production :-).
>>
>> Michael
>>
>> http://www.mksolutions.info
>>
>>
>>
>>
>>
>> _______________________________________________
>> Astlinux-users mailing list
>> Ast...@li...
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal to
>> pa...@kr....
>>
>

Re: [Astlinux-users] Hello all and I need help.

[Tahiro H. <ta...@ha...>]

Hi Michael,
The telephone service provided by the local telco (NTT East of Japan) is
based on a very standard format (SIP+RTSP with SIP session timer of 300
seconds) provided on a closed network over fiber.
Yet I still consider the interfacing of asterisk with the local telco via
ISDN to be a valid option for the following reasons:
A.) The information required for SIP registration incl. account, domain and
SIP server address(es) are provided via vendor-specific options of
DHCPv4+DHCPv6-PD.
Given the format of the service (as mentioned above), direct-interfacing of
asterisk with telco is no rocket science in principle, but doing so with
some reliability is another thing.
While there is sip-proxy software (non-OSS) available for Linux which also
functions as a DHCP client, I find it rather silly to use it.
B.)The local telco also requires that any non-hardware/non-certified
IP-PBXes directly interfaced with their VoIP servers via IPv4/IPv6 to be
inspected for security and compatibility. In terms of direct-interfacing
asterisk with the telco, this means having asterisk config files checked by
telco's engineers (AND THE INSPECTION COSTS A LOT!!!). The aforementioned
sip-proxy is certified-compatible with the telco and effectively eliminates
the need for inspection.

Given that B400P available through the local distributor is a
telco-certified device and the telco also provides a ISDN gateway for the
service (which has either two or four BRIs and ethernet), ISDN-interfacing
of asterisk is a seemingly decent choice. Yes, it's a problem so easy to
solve in principle but not so in reality.

Now, the card is listed in lspci, but is not visible from DAHDI utilities.
My guess is that it's due to the PCI VID&PID of B400P that is not listed in
"modinfo wcb4xxp". Documentation by OpenVox also says that a little
patching is necessary, so things make sense overall.

I'll include the PID and VID with the next email should there be a demand
for it.

Any comments and ideas are appreciated.

Tahiro

On Mon, May 29, 2023 at 6:38 PM Michael Keuter <li...@mk...>
wrote:

>
>
> > Am 29.05.2023 um 07:39 schrieb Tahiro Hashizume via Astlinux-users <
> ast...@li...>:
> >
> > Dear whom it may concern.
> >
> > I've recently got my hands on a OpenVox B400P ISDN BRI card.
> > It seems that DAHDI included with Astlinux isn't built to support the
> card and I'm now trying to figure out how to build the image with the
> support included.
> > It's been a while since I started fiddling with OSS and I have been
> fairly comfortable building stuff from sources although I am not yet able
> to write my own Makefile and so on.
> > Any ideas on how I should get started?
> >
> > P.S.-I have managed to build the toolchain and Astlinux image by default
> config for Asterisk 18.x.
> >
> > Regards.
>
> Hi Tahiro,
>
> the only BRI driver in DAHDI is the WCB4XXP for 2-8 port HFS-chip cards.
>
> https://doc.astlinux-project.org/userdoc:dahdi
>
> So in principle this should work for your card:
>
> DAHDIMODS="wcb4xxp dahdi_echocan_oslec"
>
> I have switched all my ISDN based installations to berofix cards/boxes
> over 10 years ago.
> And now none is still in production :-).
>
> Michael
>
> http://www.mksolutions.info
>
>
>
>
>
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pa...@kr....
>

Re: [Astlinux-users] Hello all and I need help.

[Michael K. <li...@mk...>]

> Am 29.05.2023 um 07:39 schrieb Tahiro Hashizume via Astlinux-users <ast...@li...>:
> 
> Dear whom it may concern.
> 
> I've recently got my hands on a OpenVox B400P ISDN BRI card.
> It seems that DAHDI included with Astlinux isn't built to support the card and I'm now trying to figure out how to build the image with the support included.
> It's been a while since I started fiddling with OSS and I have been fairly comfortable building stuff from sources although I am not yet able to write my own Makefile and so on.
> Any ideas on how I should get started?
> 
> P.S.-I have managed to build the toolchain and Astlinux image by default config for Asterisk 18.x. 
> 
> Regards.

Hi Tahiro,

the only BRI driver in DAHDI is the WCB4XXP for 2-8 port HFS-chip cards.

https://doc.astlinux-project.org/userdoc:dahdi

So in principle this should work for your card:

DAHDIMODS="wcb4xxp dahdi_echocan_oslec"

I have switched all my ISDN based installations to berofix cards/boxes over 10 years ago.
And now none is still in production :-). 

Michael

http://www.mksolutions.info

[Astlinux-users] Hello all and I need help.

[Tahiro H. <ta...@ha...>]

Dear whom it may concern.

I've recently got my hands on a OpenVox B400P ISDN BRI card.
It seems that DAHDI included with Astlinux isn't built to support the card
and I'm now trying to figure out how to build the image with the
support included.
It's been a while since I started fiddling with OSS and I have been fairly
comfortable building stuff from sources although I am not yet able to write
my own Makefile and so on.
Any ideas on how I should get started?

P.S.-I have managed to build the toolchain and Astlinux image by default
config for Asterisk 18.x.

Regards.

Re: [Astlinux-users] Astlinux-users Digest, Vol 198, Issue 6

[Gonzalo <gon...@ho...>]

Thanks Ionel,

I also do astlinux backups via scp to a remote NAS that way.

What I've set up now are automated backups from local laptops into a disk directly plugged to the Astlinux box. 
The disk is powered on at specific times, then Astlinux mounts the disk, rsyncs some folders in the laptops into it and then umounts the disk and powers it off until the next scheduled backup.
It's a cheap solution giving a second life to an old disk and it's working well so far.

Regards.



El 30 de abril de 2023 12:42:18 UTC, ast...@li... escribió:
>Send Astlinux-users mailing list submissions to
>	ast...@li...
>
>To subscribe or unsubscribe via the World Wide Web, visit
>	https://lists.sourceforge.net/lists/listinfo/astlinux-users
>or, via email, send a message with subject or body 'help' to
>	ast...@li...
>
>You can reach the person managing the list at
>	ast...@li...
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Astlinux-users digest..."
>
>
>Today's Topics:
>
>   1. Re: USB disk automount in Astlinux (Ionel Chila)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Sat, 29 Apr 2023 08:15:27 -0500
>From: Ionel Chila <ion...@me...>
>To: AstLinux Users Mailing List <ast...@li...>
>Subject: Re: [Astlinux-users] USB disk automount in Astlinux
>Message-ID: <C6C...@me...>
>Content-Type: text/plain; charset="us-ascii"
>
>Gonzalo
>
>I backup my PBX in 2 places.
>
>1. I have a permanent USB disk mounted as /mnt/kd/USB/ and a script in the crontab takes care of the backup:
>
>0 4 * * * tar czf /mnt/kd/USB/backup.`date "+%Y-%m-%d"`.tar.gz $(ls -1 /mnt/kd/ | sed -e "s/^cdr-.*//" -e "s/^USB$//" -e "s/^monitor$//" -e "s/^voicemail$//") -C /mnt/kd
>
>
>2. My NAS running UnRaid also pulls a backup from the USB drive remotely via scp. You need to do the ssh key setup and so it does not prompt you for password. I do pull backups remotely from all my IOT and other devices.
>
>#!/bin/bash
>scp -r exile@192.168.0.15:/mnt/kd/USB/*gz  /mnt/user/IOT-BKP/AST-PBX/
>
>
>
>
>
>> On Apr 29, 2023, at 4:52 AM, Gonzalo <gon...@ho...> wrote:
>> 
>> Hi,
>> 
>> Thank you Ionel and Lonnie.
>> 
>> The idea was to mount the disk not only at startup but each time the disk is plugged and keep it switched off most of the time but I'll have to mount it with a custom script instead of automatically.
>> I have a remote controlled switch which I use to power on the disk each time I want to perform a backup.
>> 
>> Regards.
>> _______________________________________________
>> Astlinux-users mailing list
>> Ast...@li...
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>> 
>> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>
>------------------------------
>
>
>
>------------------------------
>
>Subject: Digest Footer
>
>_______________________________________________
>Astlinux-users mailing list
>Ast...@li...
>https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
>
>------------------------------
>
>End of Astlinux-users Digest, Vol 198, Issue 6
>**********************************************

Re: [Astlinux-users] USB disk automount in Astlinux

[Ionel C. <ion...@me...>]

Gonzalo

I backup my PBX in 2 places.

1. I have a permanent USB disk mounted as /mnt/kd/USB/ and a script in the crontab takes care of the backup:

0 4 * * * tar czf /mnt/kd/USB/backup.`date "+%Y-%m-%d"`.tar.gz $(ls -1 /mnt/kd/ | sed -e "s/^cdr-.*//" -e "s/^USB$//" -e "s/^monitor$//" -e "s/^voicemail$//") -C /mnt/kd


2. My NAS running UnRaid also pulls a backup from the USB drive remotely via scp. You need to do the ssh key setup and so it does not prompt you for password. I do pull backups remotely from all my IOT and other devices.

#!/bin/bash
scp -r exile@192.168.0.15:/mnt/kd/USB/*gz  /mnt/user/IOT-BKP/AST-PBX/





> On Apr 29, 2023, at 4:52 AM, Gonzalo <gon...@ho...> wrote:
> 
> Hi,
> 
> Thank you Ionel and Lonnie.
> 
> The idea was to mount the disk not only at startup but each time the disk is plugged and keep it switched off most of the time but I'll have to mount it with a custom script instead of automatically.
> I have a remote controlled switch which I use to power on the disk each time I want to perform a backup.
> 
> Regards.
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....

Re: [Astlinux-users] USB disk automount in Astlinux

[Lonnie A. <li...@lo...>]

> The idea was to mount the disk not only at startup but each time the disk is plugged and keep it switched off most of the time but I'll have to mount it with a custom script instead of automatically.

Gonzalo, Make certain you 'umount' before unplugging or powering down the USB disk.

Periodic network/cloud backups also work well.

BTW, AstLinux supports a 'wol-host' command to wake a network device that supports Wake-on-LAN ... some testing is required for particular hardware.
--
Usage: wol-host [options...] ipv4_addr|name

Options:
  --mac MAC    Manually define the MAC address, aa:bb:cc:dd:ee:ff, default none/auto-lookup
  -p pass      Append aa:bb:cc:dd[:ee:ff] password to the WoL packet, default none
  -P, --ping   Follow WoL packet with a series of ICMP (ping) packets to host.
  -t secs      Max time (in secs) to send ping packets, default 180
  -v           Verbose mode
  -h, --help   Show this help text
--
So, if everything works correctly, an AstLinux script could initiate a backup by first sending a WoL packet to wake a network file server, perform the backup and then let the network file server sleep after a period of inactivity.

Lonnie




> On Apr 29, 2023, at 4:52 AM, Gonzalo <gon...@ho...> wrote:
> 
> Hi,
> 
> Thank you Ionel and Lonnie.
> 
> The idea was to mount the disk not only at startup but each time the disk is plugged and keep it switched off most of the time but I'll have to mount it with a custom script instead of automatically.
> I have a remote controlled switch which I use to power on the disk each time I want to perform a backup.
> 
> Regards.
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....

Re: [Astlinux-users] USB disk automount in Astlinux

[Gonzalo <gon...@ho...>]

Hi,

Thank you Ionel and Lonnie.

The idea was to mount the disk not only at startup but each time the disk is plugged and keep it switched off most of the time but I'll have to mount it with a custom script instead of automatically.
I have a remote controlled switch which I use to power on the disk each time I want to perform a backup.

Regards.

Re: [Astlinux-users] USB disk automount in Astlinux

[Ionel C. <ion...@me...>]

Yes I do LOL.  How did that get in there? When?  How many years ago :) I had this PBX for like 15 years or so.  Told you I am an idiot :)


HOME-PBX durep # cat /mnt/kd/rc.local 
##

disk_dev="/dev/sdb1"
disk_mnt="/mnt/kd/USB"

mkdir -p "$disk_mnt"
echo "$disk_dev $disk_mnt ext3 noauto,noatime 0 0" >> /tmp/etc/fstab

e2fsck -y "$disk_dev" >/dev/null

echo "Mounting device '$disk_dev' at '$disk_mnt'"
mount "$disk_mnt" >/dev/null
##
HOME-PBX durep # 




> On Apr 28, 2023, at 8:32 PM, Lonnie Abelbeck <li...@lo...> wrote:
> 
> /mnt/kd/rc.local 

Re: [Astlinux-users] USB disk automount in Astlinux

[Lonnie A. <li...@lo...>]

Ionel, are you certain you don't have a 'mount' command in either /mnt/kd/rc.local or /mnt/kd/rc.elocal ?

Lonnie



> On Apr 28, 2023, at 7:13 PM, Ionel Chila via Astlinux-users <ast...@li...> wrote:
> 
> Lonnie,  I got nothing in /etc/udev/rules.d  LOL.
> 
> The fstab is the only thing I changed and it works fine every reboot
> 
> I guess old school Linux :) Sorry for providing the wrong guidance :)
> 
> 
> [    1.684661] usb-storage 1-3:1.0: USB Mass Storage device detected
> [    1.685122] scsi host4: usb-storage 1-3:1.0
> [    2.715504] scsi 4:0:0:0: Direct-Access     SanDisk  Ultra Fit        1.00 PQ: 0 ANSI: 6
> [    2.716621] sd 4:0:0:0: [sdb] 240254976 512-byte logical blocks: (123 GB/115 GiB)
> [    2.717849] sd 4:0:0:0: [sdb] Write Protect is off
> [    2.717906] sd 4:0:0:0: [sdb] Mode Sense: 43 00 00 00
> [    2.718997] sd 4:0:0:0: [sdb] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
> [    2.736198]  sdb: sdb1
> [    2.739593] sd 4:0:0:0: [sdb] Attached SCSI removable disk
> [    6.112418] EXT4-fs (sda2): mounted filesystem without journal. Opts: (null)
> [    6.692360] EXT4-fs (sda2): mounted filesystem without journal. Opts: (null)
> [    6.735574] udevd[182]: starting version 3.2.11
> [    6.737703] random: udevd: uninitialized urandom read (16 bytes read)
> [    6.738816] random: udevd: uninitialized urandom read (16 bytes read)
> [    6.739044] random: udevd: uninitialized urandom read (16 bytes read)
> [    6.755549] udevd[183]: starting eudev-3.2.11
> [    6.775029] 8139too: 8139too Fast Ethernet driver 0.9.28
> [    6.783055] VMware vmxnet3 virtual NIC driver - version 1.5.0.0-k-NAPI
> [    6.799976] e1000: Intel(R) PRO/1000 Network Driver
> [    6.800028] e1000: Copyright (c) 1999-2006 Intel Corporation.
> [    6.807499] e1000e: Intel(R) PRO/1000 Network Driver
> [    6.807552] e1000e: Copyright(c) 1999 - 2015 Intel Corporation.
> [    6.807973] e1000e 0000:01:00.0: Interrupt Throttling Rate (ints/sec) set to dynamic conservative mode
> [    6.849361] e1000e 0000:01:00.0 0000:01:00.0 (uninitialized): registered PHC clock
> [    6.894442] e1000e 0000:01:00.0 eth0: (PCI Express:2.5GT/s:Width x1) 00:22:4d:9f:68:57
> [    6.894514] e1000e 0000:01:00.0 eth0: Intel(R) PRO/1000 Network Connection
> [    6.894580] e1000e 0000:01:00.0 eth0: MAC: 3, PHY: 8, PBA No: FFFFFF-0FF
> [    6.904842] igb: Intel(R) Gigabit Ethernet Network Driver
> [    6.904894] igb: Copyright (c) 2007-2014 Intel Corporation.
> [    6.930470] Intel(R) 2.5G Ethernet Linux Driver
> [    6.930519] Copyright(c) 2018 Intel Corporation.
> [   12.783015] EXT4-fs (sda3): mounted filesystem without journal. Opts: (null)
> [   17.855384] random: crng init done
> [   17.855438] random: 5 urandom warning(s) missed due to ratelimiting
> [   18.429089] dahdi: loading out-of-tree module taints kernel.
> [   18.430757] dahdi: Version: 3.2.0
> [   18.432068] dahdi: Telephony Interface Registered on major 196
> [   22.500961] wctdm24xxp 0000:02:00.0: Port 1: Installed -- AUTO FXO (FCC mode)
> [   22.501025] wctdm24xxp 0000:02:00.0: Port 2: Installed -- AUTO FXS/DPO
> [   22.501070] wctdm24xxp 0000:02:00.0: Port 3: Installed -- AUTO FXS/DPO
> [   22.501115] wctdm24xxp 0000:02:00.0: Port 4: Installed -- AUTO FXS/DPO
> [   22.502438] wctdm24xxp 0000:02:00.0: Found a Wildcard TDM: Wildcard TDM410P (0 BRI spans, 4 analog channels)
> [   22.511330] dahdi_echocan_oslec: Registered echo canceler 'OSLEC'
> [   22.522642] dahdi_echocan_mg2: Registered echo canceler 'MG2'
> [   23.793592] w83627ehf: Found W83627DHG-P chip at 0x290
> [   25.210820] e1000e 0000:01:00.0 eth0: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
> [   28.547237] EXT4-fs (sdb1): mounting ext3 file system using the ext4 subsystem
> [   28.693669] EXT4-fs (sdb1): mounted filesystem with ordered data mode. Opts: (null)
> [   33.390794] sched: RT throttling activated
> 
> 
> HOME-PBX etc # df -h
> Filesystem                Size      Used Available Use% Mounted on
> /dev/root                10.5M      9.5M    393.0K  96% /oldroot
> devtmpfs                512.0K         0    512.0K   0% /dev
> none                    144.7M    144.7M         0 100% /
> none                      9.8M    152.0K      9.6M   2% /tmp
> none                      9.8M    312.0K      9.5M   3% /var
> none                    512.0K         0    512.0K   0% /dev/shm
> none                    512.0K         0    512.0K   0% /mnt/unionfs
> /dev/sda2               983.1M    309.7M    623.4M  33% /mnt/asturw
> none                    144.7M    144.7M         0 100% /mnt/unionfs/asturo/etc
> unionfs                   1.1G    454.4M    623.4M  42% /mnt/unionfs/union/etc
> unionfs                   1.1G    454.4M    623.4M  42% /etc
> none                    144.7M    144.7M         0 100% /mnt/unionfs/asturo/stat
> unionfs                   1.1G    454.4M    623.4M  42% /mnt/unionfs/union/stat
> unionfs                   1.1G    454.4M    623.4M  42% /stat
> /dev/sda3                57.5G     25.9G     28.6G  48% /mnt/kd
> /dev/sda1               191.7M    130.4M     61.3M  68% /oldroot/cdrom
> /dev/sdb1               112.2G      6.6G     99.9G   6% /mnt/kd/USB
> HOME-PBX etc # 
> 
> 
>> On Apr 28, 2023, at 6:58 PM, Lonnie Abelbeck <li...@lo...> wrote:
>> 
>> /etc/udev/rules.d 
> 
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....

Re: [Astlinux-users] USB disk automount in Astlinux

[Ionel C. <ion...@me...>]

Lonnie,  I got nothing in /etc/udev/rules.d  LOL.

The fstab is the only thing I changed and it works fine every reboot

I guess old school Linux :) Sorry for providing the wrong guidance :)


[    1.684661] usb-storage 1-3:1.0: USB Mass Storage device detected
[    1.685122] scsi host4: usb-storage 1-3:1.0
[    2.715504] scsi 4:0:0:0: Direct-Access     SanDisk  Ultra Fit        1.00 PQ: 0 ANSI: 6
[    2.716621] sd 4:0:0:0: [sdb] 240254976 512-byte logical blocks: (123 GB/115 GiB)
[    2.717849] sd 4:0:0:0: [sdb] Write Protect is off
[    2.717906] sd 4:0:0:0: [sdb] Mode Sense: 43 00 00 00
[    2.718997] sd 4:0:0:0: [sdb] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
[    2.736198]  sdb: sdb1
[    2.739593] sd 4:0:0:0: [sdb] Attached SCSI removable disk
[    6.112418] EXT4-fs (sda2): mounted filesystem without journal. Opts: (null)
[    6.692360] EXT4-fs (sda2): mounted filesystem without journal. Opts: (null)
[    6.735574] udevd[182]: starting version 3.2.11
[    6.737703] random: udevd: uninitialized urandom read (16 bytes read)
[    6.738816] random: udevd: uninitialized urandom read (16 bytes read)
[    6.739044] random: udevd: uninitialized urandom read (16 bytes read)
[    6.755549] udevd[183]: starting eudev-3.2.11
[    6.775029] 8139too: 8139too Fast Ethernet driver 0.9.28
[    6.783055] VMware vmxnet3 virtual NIC driver - version 1.5.0.0-k-NAPI
[    6.799976] e1000: Intel(R) PRO/1000 Network Driver
[    6.800028] e1000: Copyright (c) 1999-2006 Intel Corporation.
[    6.807499] e1000e: Intel(R) PRO/1000 Network Driver
[    6.807552] e1000e: Copyright(c) 1999 - 2015 Intel Corporation.
[    6.807973] e1000e 0000:01:00.0: Interrupt Throttling Rate (ints/sec) set to dynamic conservative mode
[    6.849361] e1000e 0000:01:00.0 0000:01:00.0 (uninitialized): registered PHC clock
[    6.894442] e1000e 0000:01:00.0 eth0: (PCI Express:2.5GT/s:Width x1) 00:22:4d:9f:68:57
[    6.894514] e1000e 0000:01:00.0 eth0: Intel(R) PRO/1000 Network Connection
[    6.894580] e1000e 0000:01:00.0 eth0: MAC: 3, PHY: 8, PBA No: FFFFFF-0FF
[    6.904842] igb: Intel(R) Gigabit Ethernet Network Driver
[    6.904894] igb: Copyright (c) 2007-2014 Intel Corporation.
[    6.930470] Intel(R) 2.5G Ethernet Linux Driver
[    6.930519] Copyright(c) 2018 Intel Corporation.
[   12.783015] EXT4-fs (sda3): mounted filesystem without journal. Opts: (null)
[   17.855384] random: crng init done
[   17.855438] random: 5 urandom warning(s) missed due to ratelimiting
[   18.429089] dahdi: loading out-of-tree module taints kernel.
[   18.430757] dahdi: Version: 3.2.0
[   18.432068] dahdi: Telephony Interface Registered on major 196
[   22.500961] wctdm24xxp 0000:02:00.0: Port 1: Installed -- AUTO FXO (FCC mode)
[   22.501025] wctdm24xxp 0000:02:00.0: Port 2: Installed -- AUTO FXS/DPO
[   22.501070] wctdm24xxp 0000:02:00.0: Port 3: Installed -- AUTO FXS/DPO
[   22.501115] wctdm24xxp 0000:02:00.0: Port 4: Installed -- AUTO FXS/DPO
[   22.502438] wctdm24xxp 0000:02:00.0: Found a Wildcard TDM: Wildcard TDM410P (0 BRI spans, 4 analog channels)
[   22.511330] dahdi_echocan_oslec: Registered echo canceler 'OSLEC'
[   22.522642] dahdi_echocan_mg2: Registered echo canceler 'MG2'
[   23.793592] w83627ehf: Found W83627DHG-P chip at 0x290
[   25.210820] e1000e 0000:01:00.0 eth0: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
[   28.547237] EXT4-fs (sdb1): mounting ext3 file system using the ext4 subsystem
[   28.693669] EXT4-fs (sdb1): mounted filesystem with ordered data mode. Opts: (null)
[   33.390794] sched: RT throttling activated


HOME-PBX etc # df -h
Filesystem                Size      Used Available Use% Mounted on
/dev/root                10.5M      9.5M    393.0K  96% /oldroot
devtmpfs                512.0K         0    512.0K   0% /dev
none                    144.7M    144.7M         0 100% /
none                      9.8M    152.0K      9.6M   2% /tmp
none                      9.8M    312.0K      9.5M   3% /var
none                    512.0K         0    512.0K   0% /dev/shm
none                    512.0K         0    512.0K   0% /mnt/unionfs
/dev/sda2               983.1M    309.7M    623.4M  33% /mnt/asturw
none                    144.7M    144.7M         0 100% /mnt/unionfs/asturo/etc
unionfs                   1.1G    454.4M    623.4M  42% /mnt/unionfs/union/etc
unionfs                   1.1G    454.4M    623.4M  42% /etc
none                    144.7M    144.7M         0 100% /mnt/unionfs/asturo/stat
unionfs                   1.1G    454.4M    623.4M  42% /mnt/unionfs/union/stat
unionfs                   1.1G    454.4M    623.4M  42% /stat
/dev/sda3                57.5G     25.9G     28.6G  48% /mnt/kd
/dev/sda1               191.7M    130.4M     61.3M  68% /oldroot/cdrom
/dev/sdb1               112.2G      6.6G     99.9G   6% /mnt/kd/USB
HOME-PBX etc # 


> On Apr 28, 2023, at 6:58 PM, Lonnie Abelbeck <li...@lo...> wrote:
> 
> /etc/udev/rules.d 

Re: [Astlinux-users] USB disk automount in Astlinux

[Lonnie A. <li...@lo...>]

Ionel, Did you have to edit/add anything to /etc/udev/rules.d to make that work?  Puzzled.

Gonzalo, If you only wanted it to mount on startup, create /mnt/kd/rc.local and make script executable (vfat example).

-- /mnt/kd/rc.local --
#!/bin/sh

DISK="/dev/sdb1"
DISK_MP="/tmp/USB"

mkdir -p "$DISK_MP"

if [ -e "$DISK" ]; then
 mount -t vfat $DISK $DISK_MP
fi
--

Make the script executable
# chmod +x /mnt/kd/rc.local

Now, on each reboot, the USB drive will be mounted if it exists.

AstLinux does not support any automount functionally.

Lonnie


> On Apr 28, 2023, at 5:55 PM, Ionel Chila via Astlinux-users <ast...@li...> wrote:
> 
> A line in /etc/fstab will do the trick. Figure out what what dev is your USB drive and the partition type and change the line accordingly 
> 
> My example below is for my 256G USB drive I use for backing up my configs
> 
> /dev/sdb1 /mnt/kd/USB ext3 noauto,noatime 0 0
> 
> 
> 
> 
>> On Apr 28, 2023, at 5:34 PM, Gonzalo <gon...@ho...> wrote:
>> 
>> Hi,
>> 
>> What would be the best way to configure automount for an external usb disk in Astlinux?
>> 
>> The goal is to get the disk mounted automatically on a fixed path every time the disk is plugged into Astlinux box.
>> 
>> Thanks.
>> _______________________________________________
>> Astlinux-users mailing list
>> Ast...@li...
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>> 
>> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
> 
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....

Re: [Astlinux-users] USB disk automount in Astlinux

[Ionel C. <ion...@me...>]

A line in /etc/fstab will do the trick. Figure out what what dev is your USB drive and the partition type and change the line accordingly 

My example below is for my 256G USB drive I use for backing up my configs

/dev/sdb1 /mnt/kd/USB ext3 noauto,noatime 0 0




> On Apr 28, 2023, at 5:34 PM, Gonzalo <gon...@ho...> wrote:
> 
> Hi,
> 
> What would be the best way to configure automount for an external usb disk in Astlinux?
> 
> The goal is to get the disk mounted automatically on a fixed path every time the disk is plugged into Astlinux box.
> 
> Thanks.
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....

[Astlinux-users] USB disk automount in Astlinux

[Gonzalo <gon...@ho...>]

Hi,

What would be the best way to configure automount for an external usb disk in Astlinux?

The goal is to get the disk mounted automatically on a fixed path every time the disk is plugged into Astlinux box.

Thanks.

Re: [Astlinux-users] Firewall / Adaptive Ban for external / internet brute force attacks

[Ionel C. <ion...@me...>]

Thanks much Lonnie. These are some awesome ideas.  I will try some and report back.

Cheers
Ionel



> On Apr 22, 2023, at 1:38 PM, Lonnie Abelbeck <li...@lo...> wrote:
> 
> Hi Ionel,
> 
>> Is it possible to create a rule and say only this “extension” can log in and everything else drop?
> 
> No, that would require some sort of deep inspection at the firewall level.
> 
> A couple of ideas...
> 
> 1) Using 'sipgrep' from the AstLinux CLI, have your brother call you and see what the "User-Agent:" header is:
> --
> User-Agent: _______
> --
> Then using the "sip-user-agent" firewall plugin [1] in whitelist mode, define SIP_USER_AGENT_PASS_TYPES
> 
> For example:
> --
> SIP_USER_AGENT_PASS_TYPES="_______"
> --
> 
> That should reduce a lot of of 5060 spam.
> 
> Note -> If you have other external SIP endpoints you would need to add (space separate) their User-Agent to SIP_USER_AGENT_PASS_TYPES as well.
> 
> 
> 2)  If your brother's network can perform dynamic DNS, then the "DynDNS Host Open plugin" could be used on only allow your brother, and then remove the "Pass EXT->Local UDP 0/0 5060" firewall rule.
> 
> For example:
> --
> DYNDNS_HOST_OPEN_UDP="xxxxx.duckdns.org~5060"
> --
> 
> 3) If your brother's IP address does not change much, say it is "1.2.3.4" perform a
> --
> whois 1.2.3.4 | grep '^CIDR:'
> --
> and use that CIDR instead of 0/0 in the UDP 5060 firewall rule. Something like "Pass EXT->Local UDP 1.2.0.0/16 5060"
> 
> 
> Lonnie
> 
> 
> [1] https://doc.astlinux-project.org/userdoc:tt_firewall_plugins#sip-user-agent
> 
> 
> 
>> On Apr 22, 2023, at 12:05 PM, Ionel Chila via Astlinux-users <ast...@li...> wrote:
>> 
>> I had to open port 5060 to the internet for my brother PAP2-NA to get in. Initially I started getting a lot of brute force attacks but the “adaptive-ban” plugins took care of it.  Now I am getting a different type  of attacks?  See logs bellow.
>> 
>> I do have a firewall from UDMP-SE and this PBX is on a DMZ. I forward port 5060 on my WAN to this PBX.
>> 
>> Is it possible to create a rule and say only this “extension” can log in and everything else drop?  For instance the PAP2-NA extension is 505 for the purpose of this exercise. 
>> 
>> Thanks in advance
>> Ionel
>> 
>> 
>> Apr 22 10:55:29 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1447810443-1891497107-14325089 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
>> Packet timed out after 32000ms with no response
>> Apr 22 10:56:26 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-00000027]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <
>> sip:9998@192.168.0.15:5060
>>> ;tag=1922473623 for INVITE, code = -1
>> Apr 22 10:56:58 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1920380597-2112014333-1667702904 for seqno 2 (Critical Response) -- See 
>> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
>> Packet timed out after 32000ms with no response
>> Apr 22 10:57:38 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4210 in retrans_pkt: Timeout on 1138283951-307500403-1980426376 on non-critical invite transaction.
>> Apr 22 10:57:55 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-00000029]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <
>> sip:9998@192.168.0.15:5060
>>> ;tag=739451700 for INVITE, code = -1
>> Apr 22 10:58:27 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 76533194-1510649679-2136561043 for seqno 2 (Critical Response) -- See 
>> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
>> Packet timed out after 32000ms with no response
>> Apr 22 11:02:56 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4210 in retrans_pkt: Timeout on 2133735229-376621693-426493952 on non-critical invite transaction.
>> Apr 22 11:03:00 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002b]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <
>> sip:8889@192.168.0.15:5060
>>> ;tag=595665381 for INVITE, code = -1
>> Apr 22 11:03:32 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1076661996-1742674713-465326551 for seqno 2 (Critical Response) -- See 
>> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
>> Packet timed out after 32000ms with no response
>> Apr 22 11:04:30 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002c]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <
>> sip:8889@192.168.0.15:5060
>>> ;tag=43636851 for INVITE, code = -1
>> Apr 22 11:05:02 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1728888031-387023100-315880286 for seqno 2 (Critical Response) -- See 
>> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
>> Packet timed out after 32000ms with no response
>> Apr 22 11:05:59 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002d]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <
>> sip:8889@192.168.0.15:5060
>>> ;tag=1367210315 for INVITE, code = -1
>> Apr 22 11:06:31 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 2061695187-795614543-1485048389 for seqno 2 (Critical Response) -- See 
>> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
>> Packet timed out after 32000ms with no response
>> Apr 22 11:07:27 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002e]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <
>> sip:8889@192.168.0.15:5060
>>> ;tag=277172302 for INVITE, code = -1
>> Apr 22 11:07:59 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1019652159-463033238-1026431883 for seqno 2 (Critical Response) -- See 
>> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
>> Packet timed out after 32000ms with no response
>> Apr 22 11:08:57 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002f]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <
>> sip:8889@192.168.0.15:5060
>>> ;tag=1163877947 for INVITE, code = -1
>> Apr 22 11:09:29 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 469319743-1015333260-1652986992 for seqno 2 (Critical Response) -- See 
>> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
>> Packet timed out after 32000ms with no response
>> Apr 22 11:12:44 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4210 in retrans_pkt: Timeout on 160522783-725134999-814499190 on non-critical invite transaction.
>> Apr 22 11:13:27 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285]: chan_sip.c:30575 in sip_poke_noanswer: Peer '204' is now UNREACHABLE!  Last qualify: 48
>> 
>> _______________________________________________
>> Astlinux-users mailing list
>> Ast...@li...
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>> 
>> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
> 
> 
> 
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....

Re: [Astlinux-users] Firewall / Adaptive Ban for external / internet brute force attacks

[Lonnie A. <li...@lo...>]

Hi Ionel,

> Is it possible to create a rule and say only this “extension” can log in and everything else drop?

No, that would require some sort of deep inspection at the firewall level.

A couple of ideas...

1) Using 'sipgrep' from the AstLinux CLI, have your brother call you and see what the "User-Agent:" header is:
--
User-Agent: _______
--
Then using the "sip-user-agent" firewall plugin [1] in whitelist mode, define SIP_USER_AGENT_PASS_TYPES

For example:
--
SIP_USER_AGENT_PASS_TYPES="_______"
--

That should reduce a lot of of 5060 spam.

Note -> If you have other external SIP endpoints you would need to add (space separate) their User-Agent to SIP_USER_AGENT_PASS_TYPES as well.


2)  If your brother's network can perform dynamic DNS, then the "DynDNS Host Open plugin" could be used on only allow your brother, and then remove the "Pass EXT->Local UDP 0/0 5060" firewall rule.

For example:
--
DYNDNS_HOST_OPEN_UDP="xxxxx.duckdns.org~5060"
--

3) If your brother's IP address does not change much, say it is "1.2.3.4" perform a
--
whois 1.2.3.4 | grep '^CIDR:'
--
and use that CIDR instead of 0/0 in the UDP 5060 firewall rule. Something like "Pass EXT->Local UDP 1.2.0.0/16 5060"


Lonnie


[1] https://doc.astlinux-project.org/userdoc:tt_firewall_plugins#sip-user-agent



> On Apr 22, 2023, at 12:05 PM, Ionel Chila via Astlinux-users <ast...@li...> wrote:
> 
> I had to open port 5060 to the internet for my brother PAP2-NA to get in. Initially I started getting a lot of brute force attacks but the “adaptive-ban” plugins took care of it.  Now I am getting a different type  of attacks?  See logs bellow.
> 
> I do have a firewall from UDMP-SE and this PBX is on a DMZ. I forward port 5060 on my WAN to this PBX.
> 
> Is it possible to create a rule and say only this “extension” can log in and everything else drop?  For instance the PAP2-NA extension is 505 for the purpose of this exercise. 
> 
> Thanks in advance
> Ionel
> 
> 
> Apr 22 10:55:29 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1447810443-1891497107-14325089 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
> Packet timed out after 32000ms with no response
> Apr 22 10:56:26 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-00000027]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <
> sip:9998@192.168.0.15:5060
>> ;tag=1922473623 for INVITE, code = -1
> Apr 22 10:56:58 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1920380597-2112014333-1667702904 for seqno 2 (Critical Response) -- See 
> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
> Packet timed out after 32000ms with no response
> Apr 22 10:57:38 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4210 in retrans_pkt: Timeout on 1138283951-307500403-1980426376 on non-critical invite transaction.
> Apr 22 10:57:55 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-00000029]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <
> sip:9998@192.168.0.15:5060
>> ;tag=739451700 for INVITE, code = -1
> Apr 22 10:58:27 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 76533194-1510649679-2136561043 for seqno 2 (Critical Response) -- See 
> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
> Packet timed out after 32000ms with no response
> Apr 22 11:02:56 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4210 in retrans_pkt: Timeout on 2133735229-376621693-426493952 on non-critical invite transaction.
> Apr 22 11:03:00 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002b]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <
> sip:8889@192.168.0.15:5060
>> ;tag=595665381 for INVITE, code = -1
> Apr 22 11:03:32 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1076661996-1742674713-465326551 for seqno 2 (Critical Response) -- See 
> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
> Packet timed out after 32000ms with no response
> Apr 22 11:04:30 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002c]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <
> sip:8889@192.168.0.15:5060
>> ;tag=43636851 for INVITE, code = -1
> Apr 22 11:05:02 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1728888031-387023100-315880286 for seqno 2 (Critical Response) -- See 
> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
> Packet timed out after 32000ms with no response
> Apr 22 11:05:59 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002d]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <
> sip:8889@192.168.0.15:5060
>> ;tag=1367210315 for INVITE, code = -1
> Apr 22 11:06:31 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 2061695187-795614543-1485048389 for seqno 2 (Critical Response) -- See 
> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
> Packet timed out after 32000ms with no response
> Apr 22 11:07:27 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002e]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <
> sip:8889@192.168.0.15:5060
>> ;tag=277172302 for INVITE, code = -1
> Apr 22 11:07:59 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1019652159-463033238-1026431883 for seqno 2 (Critical Response) -- See 
> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
> Packet timed out after 32000ms with no response
> Apr 22 11:08:57 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002f]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <
> sip:8889@192.168.0.15:5060
>> ;tag=1163877947 for INVITE, code = -1
> Apr 22 11:09:29 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 469319743-1015333260-1652986992 for seqno 2 (Critical Response) -- See 
> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
> Packet timed out after 32000ms with no response
> Apr 22 11:12:44 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4210 in retrans_pkt: Timeout on 160522783-725134999-814499190 on non-critical invite transaction.
> Apr 22 11:13:27 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285]: chan_sip.c:30575 in sip_poke_noanswer: Peer '204' is now UNREACHABLE!  Last qualify: 48
> 
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....

[Astlinux-users] Firewall / Adaptive Ban for external / internet brute force attacks

[Ionel C. <ion...@me...>]

I had to open port 5060 to the internet for my brother PAP2-NA to get in. Initially I started getting a lot of brute force attacks but the “adaptive-ban” plugins took care of it.  Now I am getting a different type  of attacks?  See logs bellow.

I do have a firewall from UDMP-SE and this PBX is on a DMZ. I forward port 5060 on my WAN to this PBX.

Is it possible to create a rule and say only this “extension” can log in and everything else drop?  For instance the PAP2-NA extension is 505 for the purpose of this exercise. 

Thanks in advance
Ionel


Apr 22 10:55:29 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1447810443-1891497107-14325089 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32000ms with no response
Apr 22 10:56:26 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-00000027]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <sip:9998@192.168.0.15:5060>;tag=1922473623 for INVITE, code = -1
Apr 22 10:56:58 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1920380597-2112014333-1667702904 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32000ms with no response
Apr 22 10:57:38 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4210 in retrans_pkt: Timeout on 1138283951-307500403-1980426376 on non-critical invite transaction.
Apr 22 10:57:55 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-00000029]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <sip:9998@192.168.0.15:5060>;tag=739451700 for INVITE, code = -1
Apr 22 10:58:27 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 76533194-1510649679-2136561043 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32000ms with no response
Apr 22 11:02:56 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4210 in retrans_pkt: Timeout on 2133735229-376621693-426493952 on non-critical invite transaction.
Apr 22 11:03:00 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002b]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <sip:8889@192.168.0.15:5060>;tag=595665381 for INVITE, code = -1
Apr 22 11:03:32 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1076661996-1742674713-465326551 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32000ms with no response
Apr 22 11:04:30 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002c]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <sip:8889@192.168.0.15:5060>;tag=43636851 for INVITE, code = -1
Apr 22 11:05:02 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1728888031-387023100-315880286 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32000ms with no response
Apr 22 11:05:59 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002d]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <sip:8889@192.168.0.15:5060>;tag=1367210315 for INVITE, code = -1
Apr 22 11:06:31 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 2061695187-795614543-1485048389 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32000ms with no response
Apr 22 11:07:27 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002e]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <sip:8889@192.168.0.15:5060>;tag=277172302 for INVITE, code = -1
Apr 22 11:07:59 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1019652159-463033238-1026431883 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32000ms with no response
Apr 22 11:08:57 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002f]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <sip:8889@192.168.0.15:5060>;tag=1163877947 for INVITE, code = -1
Apr 22 11:09:29 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 469319743-1015333260-1652986992 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32000ms with no response
Apr 22 11:12:44 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4210 in retrans_pkt: Timeout on 160522783-725134999-814499190 on non-critical invite transaction.
Apr 22 11:13:27 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285]: chan_sip.c:30575 in sip_poke_noanswer: Peer '204' is now UNREACHABLE!  Last qualify: 48

Re: [Astlinux-users] Stopping logging of Crontab

[Michael K. <mic...@ip...>]

Ah thanks Lonnie

That looks a better way of doing it.

Regards
Michael Knill


From: Lonnie Abelbeck <li...@lo...>
Date: Friday, 31 March 2023 at 1:01 am
To: AstLinux Users Mailing List <ast...@li...>
Subject: Re: [Astlinux-users] Stopping logging of Crontab
Hi Michael,

The (busybox) crond daemon has a syslog level setting which defaults to 8, the least verbose log level.  So no help there.

Using the filter for the Status Tab, is a reasonable idea.


Personally, when executing shell commands on a regular interval of seconds/minutes, I prefer to use a bash shell script and the sleep builtin. (Using the sleep builtin keeps from spawning a new process whenever 'sleep' is called).

The simplest example of this is the 'msmtpqueue' bash script [1]

Basic code setup and loop:
--
#!/bin/bash

LOCKFILE="/var/lock/foobar.lock"

# Robust 'bash' method of creating/testing for a lockfile
if ! ( set -o noclobber; echo "$$" > "$LOCKFILE" ) 2>/dev/null; then
  echo "foobar: already running, lockfile \"$LOCKFILE\" exists, process id: $(cat "$LOCKFILE")."
  return 9
fi

# Load 'sleep' builtin if it exists
if [ -f /usr/lib/bash/sleep ]; then
  enable -f /usr/lib/bash/sleep sleep
fi

#seconds to wait
wait=300

trap 'rm -f "$LOCKFILE"; exit $?' INT TERM EXIT

while true; do
  # do stuff

  sleep $wait
done

rm -f "$LOCKFILE"
trap - INT TERM EXIT
--

Look at the actual code [1] for finer details.  Another fairly simple example, asterisk-sip-monitor [2] which adds a PID file that can be removed to exit the script.

Lonnie

[1] https://github.com/astlinux-project/astlinux/blob/master/package/msmtp/msmtpqueue.sh

[2] https://github.com/astlinux-project/astlinux/blob/master/package/asterisk/asterisk-sip-monitor





> On Mar 29, 2023, at 11:39 PM, Michael Knill <mic...@ip...> wrote:
>
> Short of putting in a filter for the Status Tab, is there any way to stop Crontab logging to Syslog.
> I now have a process that is run every 10 minutes and its annoying that it logs to Syslog each time.
>
> Regards
>
> Michael Knill
> Managing Director
>
> D: +61 2 6189 1360
> P: +61 2 6140 4656
> E: mic...@ip...
> W: ipcsolutions.com.au
>



_______________________________________________
Astlinux-users mailing list
Ast...@li...
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....

Re: [Astlinux-users] Stopping logging of Crontab

[Lonnie A. <li...@lo...>]

Hi Michael,

The (busybox) crond daemon has a syslog level setting which defaults to 8, the least verbose log level.  So no help there.

Using the filter for the Status Tab, is a reasonable idea.


Personally, when executing shell commands on a regular interval of seconds/minutes, I prefer to use a bash shell script and the sleep builtin. (Using the sleep builtin keeps from spawning a new process whenever 'sleep' is called).

The simplest example of this is the 'msmtpqueue' bash script [1]

Basic code setup and loop:
--
#!/bin/bash

LOCKFILE="/var/lock/foobar.lock"

# Robust 'bash' method of creating/testing for a lockfile
if ! ( set -o noclobber; echo "$$" > "$LOCKFILE" ) 2>/dev/null; then
  echo "foobar: already running, lockfile \"$LOCKFILE\" exists, process id: $(cat "$LOCKFILE")."
  return 9
fi

# Load 'sleep' builtin if it exists
if [ -f /usr/lib/bash/sleep ]; then
  enable -f /usr/lib/bash/sleep sleep
fi

#seconds to wait
wait=300

trap 'rm -f "$LOCKFILE"; exit $?' INT TERM EXIT

while true; do
  # do stuff

  sleep $wait
done

rm -f "$LOCKFILE"
trap - INT TERM EXIT
--

Look at the actual code [1] for finer details.  Another fairly simple example, asterisk-sip-monitor [2] which adds a PID file that can be removed to exit the script.

Lonnie

[1] https://github.com/astlinux-project/astlinux/blob/master/package/msmtp/msmtpqueue.sh

[2] https://github.com/astlinux-project/astlinux/blob/master/package/asterisk/asterisk-sip-monitor





> On Mar 29, 2023, at 11:39 PM, Michael Knill <mic...@ip...> wrote:
> 
> Short of putting in a filter for the Status Tab, is there any way to stop Crontab logging to Syslog.
> I now have a process that is run every 10 minutes and its annoying that it logs to Syslog each time.
>  
> Regards
>  
> Michael Knill
> Managing Director
>  
> D: +61 2 6189 1360
> P: +61 2 6140 4656
> E: mic...@ip...
> W: ipcsolutions.com.au
> 

Re: [Astlinux-users] Stopping logging of Crontab

[Michael K. <li...@mk...>]

> Am 30.03.2023 um 10:08 schrieb Michael Keuter <li...@mk...>:
> 
> 
> 
>> Am 30.03.2023 um 06:39 schrieb Michael Knill <mic...@ip...>:
>> 
>> Short of putting in a filter for the Status Tab, is there any way to stop Crontab logging to Syslog.
>> I now have a process that is run every 10 minutes and its annoying that it logs to Syslog each time.
>> 
>> Regards
>> 
>> Michael Knill
>> Managing Director
> 
> I have not tested this, but maybe it works:
> 
> https://unix.stackexchange.com/questions/204431/skip-syslog-rsyslog-logging-of-certain-cron-jobs
> 
> Michael

No, it does NOT work :-(.

Michael

http://www.mksolutions.info

Re: [Astlinux-users] Stopping logging of Crontab

[Michael K. <li...@mk...>]

> Am 30.03.2023 um 06:39 schrieb Michael Knill <mic...@ip...>:
> 
> Short of putting in a filter for the Status Tab, is there any way to stop Crontab logging to Syslog.
> I now have a process that is run every 10 minutes and its annoying that it logs to Syslog each time.
>  
> Regards
>  
> Michael Knill
> Managing Director

I have not tested this, but maybe it works:

https://unix.stackexchange.com/questions/204431/skip-syslog-rsyslog-logging-of-certain-cron-jobs

Michael

http://www.mksolutions.info

[Astlinux-users] Stopping logging of Crontab

[Michael K. <mic...@ip...>]

Short of putting in a filter for the Status Tab, is there any way to stop Crontab logging to Syslog.
I now have a process that is run every 10 minutes and its annoying that it logs to Syslog each time.

Regards

Michael Knill
Managing Director

D: +61 2 6189 1360<tel:+61261891360>
P: +61 2 6140 4656<tel:+61261404656>
E: mic...@ip...<mailto:mic...@ip...>
W: ipcsolutions.com.au<https://ipcsolutions.com.au/>

 [Icon  Description automatically generated]
Smarter Business Communications

Re: [Astlinux-users] LDAP Authentication on Astlinux

[Michael K. <mic...@ip...>]

Yay we have Stretto now authenticating to OpenLDAP in Astlinux.

Regards
Michael Knill


From: Michael Knill <mic...@ip...>
Date: Thursday, 23 March 2023 at 3:51 pm
To: AstLinux Users Mailing List <ast...@li...>
Subject: Re: [Astlinux-users] LDAP Authentication on Astlinux
Hi Lonnie

Yes thoroughly actually. We may be getting there slowly. Not knowing a great deal about LDAP and slapd is making progress slow.
Our main problem appears to be LDAPS currently as LDAP seems to work.

Regards
Michael Knill


From: Lonnie Abelbeck <li...@lo...>
Date: Thursday, 23 March 2023 at 12:29 pm
To: AstLinux Users Mailing List <ast...@li...>
Subject: Re: [Astlinux-users] LDAP Authentication on Astlinux
Hi Michael,

Have you read this ...

LDAP Server Configuration
https://doc.astlinux-project.org/userdoc:tt-ldap-server

You need ACME certs for LDAPS.

I know nothing about modern Bria, hope they support LDAPS properly.

It has been a long time since we implemented LDAP, you will most likely have to figure out the details.

Good luck. :-)

Lonnie



> On Mar 22, 2023, at 7:36 PM, Michael Knill <mic...@ip...> wrote:
>
> Hi All
>
> I need to set up LDAPS authentication on Astlinux for Stretto Authentication (Bria) and just wondering how I would do this.
> I have set up LDAP fine for just telephone numbers but not passwords.
> Sorry that I am an LDAP noob.
>
> Regards
>
> Michael Knill
> Managing Director
>
> D: +61 2 6189 1360
> P: +61 2 6140 4656
> E: mic...@ip...
> W: ipcsolutions.com.au
>
>  <image001.png>
> Smarter Business Communications
>
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....



_______________________________________________
Astlinux-users mailing list
Ast...@li...
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....