login | register
Sat 17 of May, 2008 [10:15 UTC]

voip-info.org

Navigation
Today's Deals
Recently Visited Pages
Search with Google
Search this site with Google. Results may not include recent changes.
 
Google Ads
Last Changes
Shoutbox
  • Juan Ortega, Thu 15 of May, 2008 [10:33 UTC]: Hi everybody, I'm Juan, an ITCom student, and I need to know what basic elements I need to create a VoIP network. Can anybody helpme, please?,Thank you very much
  • gineta, Wed 14 of May, 2008 [03:58 UTC]: any here not fine the configuration of firewall juniper -screem for VOIP asterisk????
  • Anoop Prabhakaran, Tue 13 of May, 2008 [12:16 UTC]: I am developing Asterisk IVR, Whenever i make a internation call to the IVR system, the DTMF is not getting detected properly, this happens only for the first time, second call onwards system works fine. why this is happening
  • joe, Mon 12 of May, 2008 [04:27 UTC]: Is there an opensource browser based softphone, or a system like Busta where everything is not manages through their website?
  • Nick Barnes, Fri 09 of May, 2008 [11:36 UTC]: Christopher - yesterday I tried an Asterisk install on a CentOS 5.1 box with stock GUI and it all worked fine. Sorry I can't help.
  • aero, Fri 09 of May, 2008 [08:20 UTC]: can someone help me out on this, i tried to play some sound files on my asterisk box and this is the error message i got. WARNING[4429]: format_wav.c:169 check_header: Unexpected freqency 22050 May 8 11:17:39 WARNING[4433]: codec_gsm.c:194 gsmtolin_fra
  • Christopher Faust, Thu 08 of May, 2008 [14:15 UTC]: I beleive that I may have to change something in the xserver configuration. Please advise
  • Christopher Faust, Thu 08 of May, 2008 [14:14 UTC]: Everything was perfect. In the bios I have increased the memory allocated Still receive input not supported on my display.
  • Christopher Faust, Thu 08 of May, 2008 [14:13 UTC]: This would not be my main box. I am doing some testing to see if I can install zaptel and asterisk 1.4 on a full centos 5.1 box with development software Its bizzare, because before I went through the asterisk and zaptel installation everything was perfe
  • Nick Barnes, Thu 08 of May, 2008 [13:44 UTC]: Christopher - I can't see any way in which an Asterisk installation would muck your GUI, but remember that it is advised not to use a GUI on an Asterisk box anyway.
Server Stats
  • Execution time: 0.34s
  • Memory usage: 2.23MB
  • Database queries: 29
  • GZIP: Disabled
  • Server load: 0.98

Asterisk config manager.conf

Configuration of the Asterisk manager API

Note that activating the manager API opens a TCP port. Make sure you know what you are doing. Maybe it's enough to just activate this for the local loopback interface, 127.0.0.1. However, by using AstManProxy communication can be secured using SSL/HTTPS, and there is also AMI SSL/TLS support in Asterisk 1.6.

New: Asterisk 1.4 introduces AMI-over-http as an alternative approach, using the internal Asterisk http server (see AJAM).

Note: "portno" has changed to "port" (at least as of Asterisk 1.2.4). So if one doesn't work try the other. Simply reloading asterisk will not enable the manager. You must shut down asterisk and restart. To test just telnet to port 5038 on the asterisk box. If bindaddr = 0.0.0.0 then the manager will bind to ALL Ip's on the server.

Example

 ;
 ; Asterisk Call Management support
 ;
 [general]
 enabled = yes
 port = 5038 
 bindaddr = 0.0.0.0

 ; Each user has a section labeled with the username
 ; so this is the section for the user named "mark"
 [mark]
 secret = mysecret
 deny=0.0.0.0/0.0.0.0
 permit=209.16.236.73/255.255.255.0
 permit=127.0.0.1/255.255.255.0
 read = system,call,log,verbose,command,agent,user
 write = system,call,log,verbose,command,agent,user                                                


Security tips

  • No encryption is used, even the password is sent in plaintext. Notes: However you can use md5 challange-and-reply for a slightly safer means to transmit the password; Asterisk 1.4 will come with SSL encryption)
  • Don't enable it on a public IP.
  • Use http://www.stunnel.org/ or a SSH tunnel
  • Watch out with management programs with direct interface to the manager.
  • Limit the privileges per user (especially the system!)


Questions

Anyone able to explain the exact meaning of each these entires?

 system,call,log,verbose,command,agent,user

Answer

All manager API commands registered by varoius asterisk modules have a privilege group associated to it. In order for a manager API user to be able to issue a command, it has to have read or write privilege to the appropriate group. Following is a list of commands groupped by privilege groups as of Asterisk 1.2.7.1:

system: DBGet, DBPut, SIPpeers, SIPshowpeer
call: Hangup, Status, Setvar, Getvar, Redirect, Originate, ExtensionState, AbsoluteTimeout, MailboxStatus, MailboxCount, SetCDRUserField, Monitor, StopMonitor, ChangeMonitor
log: * couldn't find any *
verbose: * couldn't find any *
command: Command
Agent: Agents,AgentLogoff,AgentCallbackLogin, QueueAdd, QueueRemove, QueuePause
User: * couldn't find any *
None (commands that can be issued without explicit privileges associated): Ping, Events, Logoff, ListCommands, ZapTransfer, ZapHangup, ZapDialOffhook, ZapDNDon, ZapDNDoff, ZapShowChannels, IAXpeers, IAXnetstat, Queues, QueueStat, ParkedCalls

See also


Go back to Asterisk
Created by oej, Last modification by Yuri on Wed 16 of Apr, 2008 [13:24 UTC]

Comments

Comments Filter

Manager passwork keeps resetting to the default.

by Dave R on Wednesday 04 of July, 2007 [12:47:34 UTC]
Whenever there is an update to FreePBX the manager password seems to get reset back to the default. Why? How do I stop that happening?

any additional port

by mohamed on Thursday 17 of August, 2006 [00:01:46 UTC]
Hello,

I've gastman installed on windows and the asterisk runnings on debian... Error " connection failed - 172.25.25.3 10061" I'm not sure what 10061 (maybe port).. I've alloed in iptables aswell as port 5038 ..Are there any additional ports ?

--
mo
secret = whateverxxxx
deny=0.0.0.0/0.0.0.0
permit=172.25.25.1/255.255.255.0
permit=127.0.0.1/255.255.255.0
read = system,call,log,verbose,command,agent,user
write = system,call,log,verbose,command,agent,user

thanks,
Mohamed

any additional port

by mohamed on Wednesday 16 of August, 2006 [23:58:28 UTC]
Hello,

I've gastman installed on windows and the asterisk runnings on debian... Error " connection failed - 172.25.25.3 10061" I'm not sure what 10061 (maybe port).. I've alloed in iptables aswell as port 5038 ..Are there any additional ports ?

--
mo
secret = whateverxxxx
deny=0.0.0.0/0.0.0.0
permit=172.25.25.1/255.255.255.0
permit=127.0.0.1/255.255.255.0
read = system,call,log,verbose,command,agent,user
write = system,call,log,verbose,command,agent,user

thanks,
Mohamed

Re: Can not get around Authenticatin error with simple telnet

by Jon Farmer on Saturday 22 of October, 2005 [16:28:33 UTC]
Please note that when the manager looks up the ACL to see what IP's can connect it will always use the last matching entry. Therefore if you have deny=0.0.0.0/0.0.0.0 after any explit permits it will always deny. Put the deny at the top of the list and then list explicit permits below.


Can not get around Authenticatin error with simple telnet

by pkellner on Friday 18 of March, 2005 [20:27:33 UTC]
My manager.conf file is very simple. (see below). When I try a simple connect with telnet, I always get the Authentication failure. I'm using the CentOS and have changed my IP and system name. Other than that, very vanilla.

Also, not sure if this is relevant, but if I change my bindaddr to 0.0.0.0 as was suggested in another post, I constantly get the error: "Connect attemp from '127.0.0.1' unable to authenticate" even though I am not trying to telnet in at that point. It just keeps repeating itself.

Thanks for any help on this. (my first post here, so far I've been able to figure out my other issues on my own) (:cry:)

general
enabled = yes
port = 5038
bindaddr = 192.168.1.11

tony
secret = mypass
permit=0.0.0.0/255.255.255.255
deny=0.0.0.0/0.0.0.0
read = system,call,log,verbose,command,agent,user
write = system,call,log,verbose,command,agent,user

Can't authenticate

by thezulu on Tuesday 30 of November, 2004 [01:47:38 UTC]
I tried the example config for the manager interface
Then when I tried to login:
telnet 192.168.1.12 5038
Trying 192.168.1.12...
Connected to 192.168.1.12.
Escape character is '^]'.
Asterisk Call Manager/1.0
Action: login
Username: mark
Secret: mysecret

Response: Error
Message: Authentication failed

Connection closed by foreign host.
I can't work out what's going wrong. I'm using Asterisk 1.0

Any Ideas?
Edit

d00t

by Anonymous on Friday 15 of October, 2004 [18:30:16 UTC]
In the manager.conf you see

mark
secret=

etc etc

mark is the username, change it to whatever you want
Edit

And how exactly DO i specify a username?

by Anonymous on Sunday 26 of September, 2004 [21:08:26 UTC]
Everywhere they say, "oh, set a username in manager.conf", but HOW?
What tag?

That can't be too secret!
Edit

Re: I had to permit localhost

by Anonymous on Tuesday 18 of May, 2004 [20:14:34 UTC]
That was because I used the command "astman localhost"

So, no problem there
Edit

I had to permit localhost

by Anonymous on Tuesday 18 of May, 2004 [20:09:26 UTC]
Here's my deny/permit lines :
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.255
permit=192.168.0.1/255.255.255.0

Please update this page with new information, just login and click on the "Edit" or "Add Comment" button above. Get a free login here: Register Thanks! - support@voip-info.org

Page Changes | Comments

Sponsored by:
Terms of Service Privacy Policy
© 2003-2008 VOIP-Info.org LLC

Powered by bitweaver