It’s been forever and I already gave all hope Grandstream is at one point going to add directory support, making of their PBX line something usable, so, I’m looking for workarounds.
My ISP with Internet line, bundles at no extra cost a myriad of perks, among them are 6 unlimited worldwide-calling phones lines. But, they have the weirdest way to go about it: even though the Internet link is fiber, the lines are delivered on POTS. These are of course digital like every other phone line there is, and they even deliver up to two of them over VoIP using the fiber ONT meaning I’m getting an analog port no matter what.
It’s obviously more expensive for them to do this instead of just giving me the credentials to add them up to my PBX but go figure…
To make VoIP more useful, I’ve been using a virtualized PBX for some time now because it’s able to pull users from a directory server and therefore people can login without getting a new set of credentials and as such don’t have to maintain both and the directory forces users to keep rotating passwords, increasing security. I want to get the user base into a UCM but I have no idea how could I go about it.
For the being I’ve been using the UCM as a glorified digital/analog trunk gateway and I’d like it to do more to justify its place in the rack.
My question is, if it were to peer with the other virtualized “box”, could the extensions/users from the remote box register on the UCM? This doesn’t even make sense to me but I’m looking for any leeway, as tiny as it might be.
This is what I mean:
How could I get the SIP clients from sipserver1 in the picture to be able to register through sipserver2 (the UCM) without them existing in sipserver2 itself: because the users/extensions are pulled from the directory, this means I don’t have passwords of any of them. Credential management is done all the way back at the directory.
I’d be happy to hear any ideas, suggestions or your anecdotes if you tried this. I thought about maybe not doing this type of setup for user authorization and instead completely eliminating security on the VoIP system and let every user login with nothing else than the username/extension to it, and, authenticate not to the PBXes but to RADIUS with credentials+certificates via a tunneling protocol, such as OpenVPN, and explicit access to IP addresses assigned via RADIUS as well. I need to iron out the details but it seems plausible.