Hello List members:
Is it possible to authenticate a user’s device only based on a MAC address and not a normal UID & password combination?
While I realized this would be a serious security issue on a normal production machine, we are trying to see if we can activate some older (but still new in the box) video desk sets and we do not have the passwords for them. We thought we could try to make them work based on their existing configuration. Assuming they could registered in some way, we might be able to push out some additional configuration to the set.
The new sets we have (about 10 total) were to be used in a public IP telephone company that went out of business. They are trying to register to their assigned SIP server. Lucky for us, the domain became available and we were able to register it. The FQN points to our FreePBX development host. However, we can not think of a way to get the sets to actually register. We see them trying in the Asterisk log files. In fact, we see a number of sets (same brand and model) trying to attached to our server and this is about 5 years after the other company went out of business! (Somebody left a number of sets still attached to public Internet)
Any suggestions would be very useful.
You need to have a SIP username and password to register. No way around the SIP username side of things.
The MAC address of a device is only visible on the same network segment. It’s not possible to embed the MAC address into an IP packet - unless, of course, the device is trying to deploy or configure itself using the MAC address? Then you could just simply fake the response the device wants.
Thanks for the response:
This is a typical device trying to connect (log file) to the host.
172.24.3.33 - - [26/Mar/2015:19:36:32 +0000] “GET /download/?ojo-mac=00:02:54:02:19:d1&ojo-id=2000-0010-CE85&ojo-rev=rev01.03.11&ojo-config-id=bdbe1b20cc1a87664868c389454aee41&ojo-stun-type=Blocked&ojo-sn=09000463100230803100&ojo-key-id=99d929b71b56a07b5a4479152a73a54d251b6d7f HTTP/1.0” 200 1181 “-” “Wget/1.9.1”
From what you are saying, there is no way to provide this device access to the FreePBX system. From what I see, the device is trying to go a download directory to get a current configuration file. Sadly we do not understand how this specific file is constructed exactly.
On the device itself, we told it not to use a STUN/TURN server. We have one configured (and running) but we think if the sets are all on the same LAN network, it is not needed.
Any additional help would be great.