h3. Установка
Установка Asterisk PBX
{code}
# wget http://downloads.asterisk.org/pub/telephony/asterisk/releases/asterisk-1.8.17.0.tar.gz
# tar xzf asterisk-1.8.17.0.tar.gz
# cd asterisk-1.8.17.0
# contrib/scripts/install_prereq install
# ./configure
# make
# make install
{code}
Если Вы новичок установите сразу дефалтные конфиг файлы.
{code}# make samples{code}
Установка Perl AGI интерфейса к AGI.
{code}# wget http://asterisk.gnuinter.net/files/asterisk-perl-1.03.tar.gz
# tar zxvf asterisk-perl-1.03.tar.gz
# cd asterisk-perl-1.03
# perl Makefile.PL
# make
# make test
# make install{code}
Устанавливаем perl из пакетов и настраиваем.
{code}# perl -MCPAN -e shell
(при первом запуске отвечаем дефолтно на все вопросы)
cpan>install Config::IniFiles
install Crypt::CBC
install Crypt::DES
install Authen::Radius
install Asterisk::AGI
cpan>q
{code}
Для отправки CDR записей на биллиг используется Radius
{code}
# wget http://prdownload.berlios.de/radiusclient-ng/radiusclient-ng-0.5.6.tar.gz
# tar zxvf radiusclient-ng-0.5.6.tar.gz
# cd radiusclient-ng-0.5.6
# ./configure
# ./make
# ./make install
{code}
По умолчанию Asterisk не поддерживает авторизацию через Radius, для этого необходимо использовать специальный AGI скрипт основанный на разработке PortaOne, который находится в биллинге
{code}
# ls -l /usr/local/ics/bin/agi-rad-auth.agi
# scp /usr/local/ics/bin/agi-rad-auth.agi <адрес сервера астериск>:/var/lib/asterisk/agi-bin/
{code}
Это скрипт вызывается перед набором номера и если биллинг разрешает звонок то Asterisk двигается дальше по цепочке.
h3. *Настройка*
В файл /etc/asterisk/modules.conf необходимо включить модуль
{code}load => res_agi.so{code}
Примеры настройки:
{code:title=/etc/asterisk/sip.conf}
[general]
context=office ; Default context for incoming calls
allowguest=no ; Allow or reject guest calls (default is yes)
allowoverlap=no ; Disable overlap dialing support. (Default is yes)
udpbindport=5060
udpbindaddr=0.0.0.0
srvlookup=yes
disallow=all
allow=alaw,ulaw,gsm
canreinvite=no
dtmfmode=rfc2833
[200]
type=friend
host=dynamic
username=200
secret=123
nat=no
canreinvite=no
context=office
;context=sip_auth
externalauth=yes
callerid=920620
disallow=all
allow=ulaw
subscribemwi = no
mailbox=200@office
callgroup=1
pickupgroup=1
[201]
type=friend
host=dynamic
username=201
secret=123
nat=no
canreinvite=no
context=office
;context=sip_auth
externalauth=yes
callerid=920621
disallow=all
allow=ulaw
subscribemwi = no
mailbox=100@office
callgroup=1
pickupgroup=1
{code}
{code:title=/etc/asterisk/extensions.conf}
[general]
static=yes
writeprotect=no
;clearglobalvars=no
[globals]
RADIUS_Server=10.1.1.1
RADIUS_Secret=servicem
RADIUS_Auth_Port=2812
RAIUS_Acct_Port=2813
Acct_Update_Timeout=60
NAS_IP_Address=10.1.1.2
[office]
exten => _X.,1,Set(SIP_Authorization=${SIP_HEADER(Authorization)})
exten => _X.,n,AGI(agi-rad-auth.agi,Routing=SIP&AuthorizeBy=SIP)
exten => _X.,n,Dial(${EXTEN},60,tT)
exten => _X.,n,Hangup
exten => h,1,Hangup
{code}
Красным отмечено то что необходимо изменить.
{code:title=/usr/local/etc/radiusclient-ng/radiusclient.conf}
# General settings
# specify which authentication comes first respectively which
# authentication is used. possible values are: "radius" and "local".
# if you specify "radius,local" then the RADIUS server is asked
# first then the local one. if only one keyword is specified only
# this server is asked.
auth_order radius,local
# maximum login tries a user has
login_tries 4
# timeout for all login tries
# if this time is exceeded the user is kicked out
login_timeout 60
# name of the nologin file which when it exists disables logins.
# it may be extended by the ttyname which will result in
# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable
# logins on /dev/ttyS2)
nologin /etc/nologin
# name of the issue file. it's only display when no username is passed
# on the radlogin command line
issue /usr/local/etc/radiusclient-ng/issue
# RADIUS settings
# RADIUS server to use for authentication requests. this config
# item can appear more then one time. if multiple servers are
# defined they are tried in a round robin fashion if one
# server is not answering.
# optionally you can specify a the port number on which is remote
# RADIUS listens separated by a colon from the hostname. if
# no port is specified /etc/services is consulted of the radius
# service. if this fails also a compiled in default is used.
authserver 10.1.1.1:2812
# RADIUS server to use for accouting requests. All that I
# said for authserver applies, too.
#
acctserver 10.1.1.1:2813
# file holding shared secrets used for the communication
# between the RADIUS client and server
servers /usr/local/etc/radiusclient-ng/servers
# dictionary of allowed attributes and values
# just like in the normal RADIUS distributions
dictionary /usr/local/etc/radiusclient-ng/dictionary
# program to call for a RADIUS authenticated login
login_radius /usr/local/sbin/login.radius
# file which holds sequence number for communication with the
# RADIUS server
seqfile /var/run/radius.seq
# file which specifies mapping between ttyname and NAS-Port attribute
mapfile /usr/local/etc/radiusclient-ng/port-id-map
# default authentication realm to append to all usernames if no
# realm was explicitly specified by the user
# the radiusd directly form Livingston doesnt use any realms, so leave
# it blank then
default_realm
# time to wait for a reply from the RADIUS server
radius_timeout 10
# resend request this many times before trying the next server
radius_retries 3
# local address from which radius packets have to be sent
bindaddr *
# LOCAL settings
# program to execute for local login
# it must support the -f flag for preauthenticated login
login_local /bin/login
{code}
Установка Asterisk PBX
{code}
# wget http://downloads.asterisk.org/pub/telephony/asterisk/releases/asterisk-1.8.17.0.tar.gz
# tar xzf asterisk-1.8.17.0.tar.gz
# cd asterisk-1.8.17.0
# contrib/scripts/install_prereq install
# ./configure
# make
# make install
{code}
Если Вы новичок установите сразу дефалтные конфиг файлы.
{code}# make samples{code}
Установка Perl AGI интерфейса к AGI.
{code}# wget http://asterisk.gnuinter.net/files/asterisk-perl-1.03.tar.gz
# tar zxvf asterisk-perl-1.03.tar.gz
# cd asterisk-perl-1.03
# perl Makefile.PL
# make
# make test
# make install{code}
Устанавливаем perl из пакетов и настраиваем.
{code}# perl -MCPAN -e shell
(при первом запуске отвечаем дефолтно на все вопросы)
cpan>install Config::IniFiles
install Crypt::CBC
install Crypt::DES
install Authen::Radius
install Asterisk::AGI
cpan>q
{code}
Для отправки CDR записей на биллиг используется Radius
{code}
# wget http://prdownload.berlios.de/radiusclient-ng/radiusclient-ng-0.5.6.tar.gz
# tar zxvf radiusclient-ng-0.5.6.tar.gz
# cd radiusclient-ng-0.5.6
# ./configure
# ./make
# ./make install
{code}
По умолчанию Asterisk не поддерживает авторизацию через Radius, для этого необходимо использовать специальный AGI скрипт основанный на разработке PortaOne, который находится в биллинге
{code}
# ls -l /usr/local/ics/bin/agi-rad-auth.agi
# scp /usr/local/ics/bin/agi-rad-auth.agi <адрес сервера астериск>:/var/lib/asterisk/agi-bin/
{code}
Это скрипт вызывается перед набором номера и если биллинг разрешает звонок то Asterisk двигается дальше по цепочке.
h3. *Настройка*
В файл /etc/asterisk/modules.conf необходимо включить модуль
{code}load => res_agi.so{code}
Примеры настройки:
{code:title=/etc/asterisk/sip.conf}
[general]
context=office ; Default context for incoming calls
allowguest=no ; Allow or reject guest calls (default is yes)
allowoverlap=no ; Disable overlap dialing support. (Default is yes)
udpbindport=5060
udpbindaddr=0.0.0.0
srvlookup=yes
disallow=all
allow=alaw,ulaw,gsm
canreinvite=no
dtmfmode=rfc2833
[200]
type=friend
host=dynamic
username=200
secret=123
nat=no
canreinvite=no
context=office
;context=sip_auth
externalauth=yes
callerid=920620
disallow=all
allow=ulaw
subscribemwi = no
mailbox=200@office
callgroup=1
pickupgroup=1
[201]
type=friend
host=dynamic
username=201
secret=123
nat=no
canreinvite=no
context=office
;context=sip_auth
externalauth=yes
callerid=920621
disallow=all
allow=ulaw
subscribemwi = no
mailbox=100@office
callgroup=1
pickupgroup=1
{code}
{code:title=/etc/asterisk/extensions.conf}
[general]
static=yes
writeprotect=no
;clearglobalvars=no
[globals]
RADIUS_Server=10.1.1.1
RADIUS_Secret=servicem
RADIUS_Auth_Port=2812
RAIUS_Acct_Port=2813
Acct_Update_Timeout=60
NAS_IP_Address=10.1.1.2
[office]
exten => _X.,1,Set(SIP_Authorization=${SIP_HEADER(Authorization)})
exten => _X.,n,AGI(agi-rad-auth.agi,Routing=SIP&AuthorizeBy=SIP)
exten => _X.,n,Dial(${EXTEN},60,tT)
exten => _X.,n,Hangup
exten => h,1,Hangup
{code}
Красным отмечено то что необходимо изменить.
{code:title=/usr/local/etc/radiusclient-ng/radiusclient.conf}
# General settings
# specify which authentication comes first respectively which
# authentication is used. possible values are: "radius" and "local".
# if you specify "radius,local" then the RADIUS server is asked
# first then the local one. if only one keyword is specified only
# this server is asked.
auth_order radius,local
# maximum login tries a user has
login_tries 4
# timeout for all login tries
# if this time is exceeded the user is kicked out
login_timeout 60
# name of the nologin file which when it exists disables logins.
# it may be extended by the ttyname which will result in
# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable
# logins on /dev/ttyS2)
nologin /etc/nologin
# name of the issue file. it's only display when no username is passed
# on the radlogin command line
issue /usr/local/etc/radiusclient-ng/issue
# RADIUS settings
# RADIUS server to use for authentication requests. this config
# item can appear more then one time. if multiple servers are
# defined they are tried in a round robin fashion if one
# server is not answering.
# optionally you can specify a the port number on which is remote
# RADIUS listens separated by a colon from the hostname. if
# no port is specified /etc/services is consulted of the radius
# service. if this fails also a compiled in default is used.
authserver 10.1.1.1:2812
# RADIUS server to use for accouting requests. All that I
# said for authserver applies, too.
#
acctserver 10.1.1.1:2813
# file holding shared secrets used for the communication
# between the RADIUS client and server
servers /usr/local/etc/radiusclient-ng/servers
# dictionary of allowed attributes and values
# just like in the normal RADIUS distributions
dictionary /usr/local/etc/radiusclient-ng/dictionary
# program to call for a RADIUS authenticated login
login_radius /usr/local/sbin/login.radius
# file which holds sequence number for communication with the
# RADIUS server
seqfile /var/run/radius.seq
# file which specifies mapping between ttyname and NAS-Port attribute
mapfile /usr/local/etc/radiusclient-ng/port-id-map
# default authentication realm to append to all usernames if no
# realm was explicitly specified by the user
# the radiusd directly form Livingston doesnt use any realms, so leave
# it blank then
default_realm
# time to wait for a reply from the RADIUS server
radius_timeout 10
# resend request this many times before trying the next server
radius_retries 3
# local address from which radius packets have to be sent
bindaddr *
# LOCAL settings
# program to execute for local login
# it must support the -f flag for preauthenticated login
login_local /bin/login
{code}