EPM Base File Vars for User Manager

Using Active Directory for user manager - works great.

EPM does not seem to have a way to push the user name from that Directory
It also appears the the password being pushed to the phone is the password from the extension not the user manager directory - I have EPM settings in Phone Apps to use User Manager Authentication which seems to work nicely except for EPM. Soft phones authenticate fine with the AD credentials

I can get by with using the extension manager credentials but would be great if i coudl reference the user manger display name - right now the only thing that comes thry as name is the extension number

also where configure the TFP path for the Aastra phones 6757I?

running PBXact 14.0.3.6 and EPM 14.0.2.97

thanks

The User Manager and the Extensions/Devices are two different things. The User Manager is for managing the users of the PBX (UCP/Admin access, etc). The AD credentials they are using log them into the UCP.

The EPM deals with the actual devices. These are configured based on the Extension’s settings. So the name being used is the Extension Display Name, the username is the extension number and the password is the Extension’s secret. The EPM lets you manage the device itself such as BLF’s, Speedials, softkeys, etc.

You should be able to set the Aastra template to display either “Name”, “Extension” or “Name-Extension” and that will set the phone’s template with the Extension’s details. The configs are written out in the /tftpboot directory. This is where HTTP/FTP/TFTP configs for provisioning will look for the device’s config.

Just keep in mind a PBX User in User Manager does not actually need to be directly related to a single device or extension. In fact you could make user “vmmanager” and only give them access to the voicemail settings of any or all voicemail accounts on the PBX via the UCP. Same with call history, etc. You could also have devices that have no voicemail, special features or an actual user related to it (alarm/door device, etc) so that device actually doesn’t need its own UCP user.

interesting, i thought that if the extension and user were linked the credentials would be using Active Directory (usermanager) not extension credentials when i have setting below for “User Manager Authentication” - I guess EPM does not look belong extension…

I do see now on the template where i can set name rather than extension - this gets me what i want - thanks!!

The “extension and voicemail password” is an another method to login to the UCP. It also requires each extension to have a voicemail account. By using the “User Manager” it goes back to what I said before, it uses the User Manager creds instead. Gets around having to have a voicemail for all the users if they don’t need one.

Open feature request
https://issues.freepbx.org/browse/FREEPBX-17773

The issue here is asterisk needs to know the password. With AD the AD doesn’t send us the password so how would asterisk know the SIP Secret.

I believe the other issue, while probably not a large one overall, is that when you change the user’s password in AD or User Manager then you must also change the device’s password. If you are using EPM that could be fine since it would force a new template to be pushed but then the phone would have to pull that. During that delay of pulling the new config and applying the new password any INVITEs or REGISTERs (which still happen while a call is going on) would be rejected by the PBX for “wrong password”.

it actually works out nicely that EPM will use the extension secret , Id prefer this to be static and not changing every 90 days like the AD password for the very points you mention. My real concern is soft phones that are accessed outside the firm and they seem to continue to use the AD credentials which allow me to disable them in one place in AD itself , when they leave…

thanks again for you help!

The only difference between a softphone and the Aastra is the fact one is software and the other is hardware. To the PBX they are still devices which means you should not be treating the softphones any different than you would the Aastra/desk phones. It doesn’t matter what type of phone/device it is, it still needs to use the extension number/secret to connect to the PBX.

So basically, no device would use AD or the User Manager for its SIP credentials.

what is this setting for ? I was told by the tech that it would allow be to authenticate using my AD credentials
when connecting via soft phone - I am using with the Zulu Soft Phone now - I use my AD username/Password not the extension number/extension password…

This allows you to use User Management credentials to login with the Login Phone App instead of ext#/vm pin.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.