Getting/proxying the users/extensions from another server


#1

It’s been forever and I already gave all hope Grandstream is at one point going to add directory support, making of their PBX line something usable, so, I’m looking for workarounds.

My ISP with Internet line, bundles at no extra cost a myriad of perks, among them are 6 unlimited worldwide-calling phones lines. But, they have the weirdest way to go about it: even though the Internet link is fiber, the lines are delivered on POTS. These are of course digital like every other phone line there is, and they even deliver up to two of them over VoIP using the fiber ONT meaning I’m getting an analog port no matter what.

It’s obviously more expensive for them to do this instead of just giving me the credentials to add them up to my PBX but go figure…

To make VoIP more useful, I’ve been using a virtualized PBX for some time now because it’s able to pull users from a directory server and therefore people can login without getting a new set of credentials and as such don’t have to maintain both and the directory forces users to keep rotating passwords, increasing security. I want to get the user base into a UCM but I have no idea how could I go about it.

For the being I’ve been using the UCM as a glorified digital/analog trunk gateway and I’d like it to do more to justify its place in the rack.

My question is, if it were to peer with the other virtualized “box”, could the extensions/users from the remote box register on the UCM? This doesn’t even make sense to me but I’m looking for any leeway, as tiny as it might be.

This is what I mean:

How could I get the SIP clients from sipserver1 in the picture to be able to register through sipserver2 (the UCM) without them existing in sipserver2 itself: because the users/extensions are pulled from the directory, this means I don’t have passwords of any of them. Credential management is done all the way back at the directory.

I’d be happy to hear any ideas, suggestions or your anecdotes if you tried this. I thought about maybe not doing this type of setup for user authorization and instead completely eliminating security on the VoIP system and let every user login with nothing else than the username/extension to it, and, authenticate not to the PBXes but to RADIUS with credentials+certificates via a tunneling protocol, such as OpenVPN, and explicit access to IP addresses assigned via RADIUS as well. I need to iron out the details but it seems plausible.


#2

The UCM expects the client to register as do the PBX systems you have listed in sipserver1. THE UCM is a standalone PBX appliance. There might be a way of getting into the AMI, but Grandstream limits the functionality of this as it was not intended to be “open” like you might find in other manufacturers’ implementations of Asterisk.

The UCM does use LDAP on peer trunks where by you can make the UCM aware of the extensions of the other peer device and can then allow dial thru from the non-UCM device thru the UCM trunks.


#3

OMG yeah! I completely forgot about the AMI thing! I did log in once and could do much though. That said, it was a long long LONG time ago, the UCM6100 series was new at the time. I have tried LDAP on the UCM to no avail, but the implementation is severely incomplete. It won’t take spaces, like AD needs, it won’t accept URL encoding, it won’t accept escape characters, it won’t accept quoted strings, it won’t accept input for any of the 5 different method AD accepts. I gave up on it. But I will check the AMI thing and if I’m not mistaken there’s some sort of telephony interface I don’t remember its name right now but I do remember I’ve seen it also in Windows Server.

Did a quick search right now and found this: https://docs.microsoft.com/en-us/windows/desktop/tapi/telephony-application-programming-interfaces but I’m not a hundred that was it…

Anyway, weekend project I guess. Thanks for the tip!