Wednesday, 26 March 2014

Asterisk PIN based dialing

10:31 Posted by Jurgens Krause , No comments

As an Asterisk administrator, I often have clients requesting the ability to have users enter a PIN before dialing. This is useful on factory floors where users roam between different phones, but still need to be held accountable for their calls. Apart from just authenticating the user, the dialplan also has to ensure that the account code is correctly assigned in the CDR.
To this end Asterisk provides the AUTHENTICATE dialplan application.

Authenticate has many different options that makes it very versatile, but what I have found most useful is to use the file function. This allows you to create a file with account codes and MD5 password hashes.
The file needs to be structured as follows:


When using the file mode, the account code will be written into the CDR logs. For example:
vim /etc/asterisk/pins.conf
You may use a different file/location
To create the MD5 hashes, you can run the following command
echo -n 4865 | md5sum
You can substitute 4865 for any pin of your choosing, this line will output an MD5 hash which you can use in the pins.conf file:

Again for illustrative purposes, I will keep the dialplan simple.
exten => _XXX.,1,NoOp(Going Out)
same  => n,NoOp(You have to authenticate)
same  => n,Authenticate(/etc/asterisk/pins.conf,m,4)
same  => n,NoOp(user has been authenticated)
same => n,Dial(SIP/${upstream}/${EXTEN})
same => n,HangUp()

The first line matches all numbers with more than three digits, and reports to the console "Going Out"
The second line is simply for debugging
The third line is the magic one:
It calls the AUTHENTICATE dialplan application with a filename as the first argument.
The second argument "m", specifies that it should do a file lookup.
The last argument sets the pin length to 4 digits, thus the user does not need to end input with a "#"

That's it, Asterisk takes care of the prompts, lookups and writing the correct information into the dialplan.


Post a Comment