Вы просматриваете старую версию данной страницы. Смотрите текущую версию.
Сравнить с текущим |
просмотр истории страницы
Установка
Установка Asterisk PBX
# wget http://downloads.asterisk.org/pub/telephony/asterisk/releases/asterisk-1.8.17.0.tar.gz
# tar xzf asterisk-1.8.17.0.tar.gz
# cd asterisk-1.8.17.0
# contrib/scripts/install_prereq install
# ./configure
# make
# make install
Если Вы новичок установите сразу дефалтные конфиг файлы.
# make samples
Установка Perl AGI интерфейса к AGI.
# wget http://asterisk.gnuinter.net/files/asterisk-perl-1.03.tar.gz
# tar zxvf asterisk-perl-1.03.tar.gz
# cd asterisk-perl-1.03
# perl Makefile.PL
# make
# make test
# make install
Устанавливаем perl из пакетов и настраиваем.
# perl -MCPAN -e shell (при первом запуске отвечаем дефолтно на все вопросы) cpan>install Config::IniFiles install Crypt::CBC install Crypt::DES install Authen::Radius install Asterisk::AGI cpan>q
Для отправки CDR записей на биллиг используется Radius
# wget http://prdownload.berlios.de/radiusclient-ng/radiusclient-ng-0.5.6.tar.gz
# tar zxvf radiusclient-ng-0.5.6.tar.gz
# cd radiusclient-ng-0.5.6
# ./configure
# ./make
# ./make install
По умолчанию Asterisk не поддерживает авторизацию через Radius, для этого необходимо использовать специальный AGI скрипт основанный на разработке PortaOne, который находится в биллинге
# ls -l /usr/local/ics/bin/agi-rad-auth.agi
# scp /usr/local/ics/bin/agi-rad-auth.agi <адрес сервера астериск>:/var/lib/asterisk/agi-bin/
Это скрипт вызывается перед набором номера и если биллинг разрешает звонок то Asterisk двигается дальше по цепочке.
Настройка
В файл /etc/asterisk/modules.conf необходимо включить модуль
load => res_agi.so
Примеры настройки:
/etc/asterisk/sip.conf
[general] context=office ; Default context for incoming calls allowguest=no ; Allow or reject guest calls (default is yes) allowoverlap=no ; Disable overlap dialing support. (Default is yes) udpbindport=5060 udpbindaddr=0.0.0.0 srvlookup=yes disallow=all allow=alaw,ulaw,gsm canreinvite=no dtmfmode=rfc2833 [200] type=friend host=dynamic username=200 secret=123 nat=no canreinvite=no context=office ;context=sip_auth externalauth=yes callerid=920620 disallow=all allow=ulaw subscribemwi = no mailbox=200@office callgroup=1 pickupgroup=1 [201] type=friend host=dynamic username=201 secret=123 nat=no canreinvite=no context=office ;context=sip_auth externalauth=yes callerid=920621 disallow=all allow=ulaw subscribemwi = no mailbox=100@office callgroup=1 pickupgroup=1
/etc/asterisk/extensions.conf
[general]
static=yes
writeprotect=no
;clearglobalvars=no
[globals]
RADIUS_Server=10.1.1.1
RADIUS_Secret=servicem
RADIUS_Auth_Port=2812
RAIUS_Acct_Port=2813
Acct_Update_Timeout=60
NAS_IP_Address=10.1.1.2
[office]
exten => _X.,1,Set(SIP_Authorization=${SIP_HEADER(Authorization)})
exten => _X.,n,AGI(agi-rad-auth.agi,Routing=SIP&AuthorizeBy=SIP)
exten => _X.,n,Dial(${EXTEN},60,tT)
exten => _X.,n,Hangup
exten => h,1,Hangup
Красным отмечено то что необходимо изменить.
/usr/local/etc/radiusclient-ng/radiusclient.conf
# General settings # specify which authentication comes first respectively which # authentication is used. possible values are: "radius" and "local". # if you specify "radius,local" then the RADIUS server is asked # first then the local one. if only one keyword is specified only # this server is asked. auth_order radius,local # maximum login tries a user has login_tries 4 # timeout for all login tries # if this time is exceeded the user is kicked out login_timeout 60 # name of the nologin file which when it exists disables logins. # it may be extended by the ttyname which will result in # a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable # logins on /dev/ttyS2) nologin /etc/nologin # name of the issue file. it's only display when no username is passed # on the radlogin command line issue /usr/local/etc/radiusclient-ng/issue # RADIUS settings # RADIUS server to use for authentication requests. this config # item can appear more then one time. if multiple servers are # defined they are tried in a round robin fashion if one # server is not answering. # optionally you can specify a the port number on which is remote # RADIUS listens separated by a colon from the hostname. if # no port is specified /etc/services is consulted of the radius # service. if this fails also a compiled in default is used. authserver 10.1.1.1:2812 # RADIUS server to use for accouting requests. All that I # said for authserver applies, too. # acctserver 10.1.1.1:2813 # file holding shared secrets used for the communication # between the RADIUS client and server servers /usr/local/etc/radiusclient-ng/servers # dictionary of allowed attributes and values # just like in the normal RADIUS distributions dictionary /usr/local/etc/radiusclient-ng/dictionary # program to call for a RADIUS authenticated login login_radius /usr/local/sbin/login.radius # file which holds sequence number for communication with the # RADIUS server seqfile /var/run/radius.seq # file which specifies mapping between ttyname and NAS-Port attribute mapfile /usr/local/etc/radiusclient-ng/port-id-map # default authentication realm to append to all usernames if no # realm was explicitly specified by the user # the radiusd directly form Livingston doesnt use any realms, so leave # it blank then default_realm # time to wait for a reply from the RADIUS server radius_timeout 10 # resend request this many times before trying the next server radius_retries 3 # local address from which radius packets have to be sent bindaddr * # LOCAL settings # program to execute for local login # it must support the -f flag for preauthenticated login login_local /bin/login