Spending Lots of Asterisk Time - Should Not Be

With Asterisk, I feel like I am back in the days of Dr. Grace Hopper when the story surfaced about her finding a moth in the computer and therefore finding the first “bug” in a program.

Now, move forward to 2011 and I have an “Asterisk Call Manager/1.1” telling me “Message: Authentication failed”. I look at that error response message as being the true bug in this process. It tells me nothing but seems to imply my ‘Username’ or ‘Secret’ must be wrong.

Instead of wasting all the time of all the moderators and all the people that are having difficulty, why not have Asterisk tell us where Asterisk decided I provided the wrong stuff? At least provide an error message that is closer to the real problem.

People have real lives and Asterisk should be a great solution that is spread far and wide. Perhaps every house should have one so that the kids can enjoy having their own real phones at an early age if only for in-house intercom play use. But NO. When anyone reads these forums it is easily understood that you need more than a college education to resolve Asterisk issues.

A college education has nothing to do with using Asterisk or resolving Asterisk issues.

The best outlet for your frustrations with error messages is for you to make patches that improve the current behavior to be more in line with the behavior you would like. Before patching anything, it’s a good idea to bring up your implementation ideas on the asterisk-dev mailing list. Don’t just go there with a feature request though, instead, be prepared to discuss how you want to solve a problem. Others may jump in to offer feedback. If the community thinks what you’re proposing is a good idea, then you’d want to make a patch and put it up on the issue tracker - issues.asterisk.org/jira - where things begin the process for eventual inclusion into the Asterisk code base.

Cheers

I would be better to give concise details of the problem you are having rather than have a general moan. Have you used any M$ software recently and seen the sorts of nonsensical errors that produces on occasions?

On the little provided, Asterisk may simply be reporting back what the remote system told it. If Asterisk is the source of the message, being open source, it is trivial to grep the code for the message text and find the exact conditions under which it is generated.

Touched a nerve? Sorry. Just wanted to make you think.

I picked the example on purpose. I feel it goes to a most basic level of Asterisk - just being able to Login using AMI. If you can not ‘Login’ successfully, you can not ask Asterisk to do anything for you. Asterisk can not be a tool to help you get your job done more efficiently.

To support my theory, just look at the ‘david55’ remark. In my remarks I said, '. . . have an “Asterisk Call Manager/1.1” telling me “Message: Authentication failed”. I look at that error response message . . . '. And, David says “. . . Asterisk may simply be reporting back what the remote system told it. If Asterisk is the source of the message . . .”. Doesn’t that tell you something fundamental? It tells me that even one of the top Asterisk folks in the world can not definitively interpret what Asterisk means. David would have me, you and the rest of the world believe that grepping the code is just a normal part of everyday Asterisk life I suppose?

As to the ‘leemason’ remark, Microsoft is a lost cause in my book. I live in the LAMP world. And, if I had a specific problem to fix, I could likely find a solution among all the other similar requests I’ve found on this Asterisk board and others. Generally there is no specific answer other than try this and try that and try the other. Finally I am sure most of these folks have found a solution one way or the other. They either stumbled across the answer themselves or they found someone else to get the job done for them. Sometimes, and in many cases, ‘david55’ or ‘Malcom Davenport’ had an effective solution.

But, their effective solutions are not the focus of my premise. And, Malcom wants me to spend my free time and participate in an “asterisk-dev mailing list” activity. Well, if Malcolm Davenport does not believe the fundamental issue we are discussing here is “a good idea”, I certainly have no chance convincing anyone on a mail list that my idea should have more weight than others.

And, to that point it appears I am correct. The top Asterisk person in the world does not believe, as I do believe, that it is fundamentally important to resolve issues quickly about logging into Asterisk. It is important to accelerate Asterisk growth.

No, you do not need a college degree. But, a college degree ain’t what it used to be either. When I started, you could not touch a teletype without at least being a college student.

My detailed knowledge is restricted to specific areas. If I needed a detailed explanation for a message in an area with which I’m not familiar, I would grep the code for it. However, I’m under no obligation to do that for someone else.

Having just looked up “Asterisk Call Manager” it appears to be beta quality software, which may be closed source, and may well be the origin of this message.

It looks like “Message:” comes from your Win32 software and the rest from Asterisk.

This particular case is interesting because best security practice is not to tell the attacker what they have got wrong, so a vague response is perfectly reasonable. Information about whether it was the user or the password that is bad is logged to the Asterisk logs, which are, presumably, not visible to the attacker. This also says which user ID Asterisk thinks was being used. Even for local logs, best security practice is not to log failed passwords - even logging failed users can be questionable, as people sometimes mix up the entry of users and passwords.

[quote=“magnets”]Touched a nerve? Sorry. Just wanted to make you think.

But, their effective solutions are not the focus of my premise. And, Malcom wants me to spend my free time and participate in an “asterisk-dev mailing list” activity. Well, if Malcolm Davenport does not believe the fundamental issue we are discussing here is “a good idea”, I certainly have no chance convincing anyone on a mail list that my idea should have more weight than others.

And, to that point it appears I am correct. The top Asterisk person in the world does not believe, as I do believe, that it is fundamentally important to resolve issues quickly about logging into Asterisk. It is important to accelerate Asterisk growth.

No, you do not need a college degree. But, a college degree ain’t what it used to be either. When I started, you could not touch a teletype without at least being a college student.[/quote]

I’m pretty sure that after this comment, people are thinking that you’re trolling.

I didn’t say it wasn’t a good idea to improve the error logging/reporting that Asterisk provides, especially for your use - where you either haven’t yet figured out your problem or you had to go read something else to figure it out. I’ve told you where to go next. I’m not carrying the banner for you, that’s your job.

Yep a troll. Shame
as to errors with respect to authentification, any more detail than "cant log you in is perfectly acceptable.

I think you got a statement inverted there. I think you meant that Can’t log you in was an acceptable response.

I guess I have seen the term ‘troll’ used on the Internet. I have no idea why people feel the need for name calling. Stopping bullying in grade school is a good idea for the Internet as well.

Just one point of clarification or focus perhaps.

I own both ends of the conversation. I can set the username and password to whatever is necessary and wherever necessary.

So, this authentication issue (or is ianplain correct with ‘authentification’) has little to do with the purpose of this basic ‘Login’ functionality. And, that is, in my opinion, passing a check that the correct Username and Secret have been entered.

P.S. Lots of the old examples do not include ‘ActionID’. So I am curious. Would it hurt to include ‘ActionID’ when using older versions of Asterisk AMI? In other words updating code before moving to the next level of Asterisk?

ActionID is only so that responses to a particular Action will be tagged with that same ActionID. Thus, if there are multiple things watching for a response, they know which response is theirs.

I can’t recall at what point ActionID was introduced, but I don’t think it’s germain to what version of Asterisk you’re running on and your code, it just relates to the ability to sensibly parse responses.

Is there documentation somewhere concerning Asterisk as it relates to ACL, permit, firewall. And, how they may get in the way of getting to the actual authentication of Username and Password? I would say, “and why any of this has to do with Authentication” but I just do not have the inclination to participate in changing what Asterisk requires. I just need to get a job done, now.

In order to get a SIP Trunk to work a couple weeks ago I had to resort, finally, to using DMZ in my Linksys router. Setting up port forwarding was just not sufficient. I can not revisit that decision, however, since I am now hanging on fsockopen, the firewall could be playing a part. Apparently fsockopen has been known to hang on firewall issues.

This whole thing is absolutely frustrating. What should be taking minutes is taking days to resolve. All I wanted to do was have Asterisk do a simple Login to get me started.

Elastix was the distro I installed and they can get their CLI interface to work.

Actually, for now I am just going to set this task aside and start playing with AJAM. Perhaps the setup parameters will be different enough that it may provide an easier route to authentication.

Well, that was a short trip to nowhere.

The changes for AJAM went smoothly. All the screens described presented properly as expected.

However, authentication fails the same as before.

Before I start digging into code in this authentication area, is there someone out there in Asterisk land that can brief me on the existing logic and point me towards the code?

I thought the original post was quite clear, and seemed to say something I have been thinking for a long time now.

Unless I missed it, the post was simply expressing that while Asterisk is a great product, and has had many evolutions, it is still not in a very practical state for consumers.

It is an IT toy, not a consumer toy. Wives, kids, roommates, etc. cannot use asterisk reliably, since not everyone can troubleshoot phones. Most people would not know where to start STARTING!

Answers like to above are simply unhelpful. Most people are not coders, myself included. I can fool around in code, but certainly not create it to any helpful degree. As is true of most people!

If I have to explain that to any of you, then you will simply think I am a troll too…

I think the point is valid, and needs to be addressed if the current evolution of SIP/VOIP/IAX2 etc is going to go anywhere useful. There are other products out there making MONEY for their creators, and unfortunately, they will be what the world sees going forward with VOIP, not Asterisk.(Unless consumerified) It would be nice to see Asterisk at the forefront in some form or another, rather than closed behind some other front-end, which is very likely the route it will take unless this is addressed. Missing the bus is common, it would be nice to avoid it.

Hope that is helpful, it is certainly not a troll. Please, if you feel the need to pick this post apart, don’t. Comments welcome, of course!

Peter

Exactly! Asterisk is for an IT people or at least someone with basic knowledge of network and IP tools and obviously with Linux.
Customer is the end of the process, they don’t see how is installed they only see how is working.

If you want to start you have many options:

–Pay certification training with Digium.
–Read The online book
–Ask google. Is your friend and have a tons of information related with asterisk and how to install and how to start.

But you know, nowadays people only want copy&paste things or use next next install and say “Damm Im an expert”, like people installing Elastix they just insert the cd install and sell an “Asterisk product” but when the PBX fails they don’t know how to troubleshoot and customers thinks asterisk is a crap. Using Asterisk in advanced mode need certifications, time and money, I understand that Asterisk is an Open Source project, but that doesn’t mean that you will acquire experience or knowledge for free. Or just came and compliant about bugs.

Talking about bugs, you have the option to submit a bug in order to get fixed, but you need to spare some of your time to do that.

If Asterisk is near of his death, explain me why solutions like twilio are using it, or governments switched to asterisk or all the call centers(at least in my country) uses asterisk as a robust solution with TTS, ASR, Domotic integration and so on. Don’t forget the price of this compared with cisco or avaya systems: is FREE!

I understand the frustration of begin new projects, but I don’t drive a car before a learn how to drive it.

If you think Im a “Digium’s bootlicker”. Yes I’m, because in this difficult times Asterisk feeds my family.

I have been doing asterisk for a long time… Asterisk is a Phone system. . well in a simple sense it is a phone system, whether you use a Mitel, an Avaya, a Cisco, a Shoretel, a 3CX, an Asterisk, etc it is necessary to have IP and telephony knowledge… Interfacing 3rd party applications and systems is always the toughest part of any install and in the maintenance onward…

anyone who has set up LCS with microsoft integration to a mitel 3300 can certainly understand the frustration of 3rd party software integration to each other…

Asterisk DOES LOG a lot of stuff… core set verbose, and core set debug really do wonders… couple that with mastering the use of disk-logging and ‘grep’-ing the Complete set of logs and you have a pretty darn good troubleshooting tool… more than the above other PBX’s will give you… Need more? then wiresharking the Asterisk machine often yields answers to many network issues… dont have a managed ethernet switch connected to your Asterisk? use tcpdump and save it in pcap format then use wireshark to analyze what you get… Ive solved many a call quality issue with the above…

and as a near final resort if there is a certain area giving you lots of trouble you can break into the C-code and without being a coder, do as mentioned above grep or text search the file for parts of the text in the error message you are receiving and oftentimes get an idea at least where to start looking…

and FINALLY I have special LAB ONLY versions of asterisk running where i have gone into the code and added extra debug statements to print out information that I couldnt get otherwise… you really dont have to be a coder to find out how to add a debug line and print out a value of a variable on the console… I typically dont setup new software on customer’s sites first but do it in my lab… the ALPHA-Test lab version of asterisk is often modified as far as logging… then once I figure the stuff out… run it in my RC-Lab system which is identical to a customer site… so I know my setup works on the non-snookered-up asterisk… the BEAUTY of asterisk is that I CAN MODIFY the source for debugging purposes and really get deep into an issue… whereas the above mentioned PBX’s im pretty much STUCK and often their tech support is clueless if its an advanced setup being performed…

as also stated authentication issues are sensitive as Hackers look for any way to exploit a system that they can… Logging too much can give them a lead… esp with a system Like asterisk where hackers can look at the source code to find an exploit rather than have to do it the hard way… fortunately Long distance rates get cheaper and cheaper so it gives hacker less likely a reason to even want to hack anyone;s phone system…