Auto Provisioning in Thirdlane 6.1.1.2

thats because you have to do it the new way when you run newer versions of software..

Apache is the server that hands out the configs

webmin needs to run on port 10000 freeing up apache to run on 80, 443
apache points /provisioning/ or /unauthenticated/provisioning/ to /home/PlcmSpIp
TFTP also runs out of /home/PlcmSpIp

make sure that the /home/PlcmSpIp directory has the correct permissions.. ie owned by root but chmod 751 so that it cant be content scanned

you do realize that TFTP is no more or less secure than http or https right? In fact if you ran HTTP without chmod 751 its actually less secure because i could retrieve a directory index of files. I dont care either way but I didnt want you to have a misconception that https was any more secure than tftp. In TFTP you cannot get a list of files, you must know the file name in order to fetch it. In http(s), unless specified otherwise, you can get a directory index and then click on the file and read its contents. In either case though, knowing the file name gives you complete access to its content.

I just installed the latest ISO for thirdlane MTE, what are the steps I need to take to get Auto-Provisioning working again? What am I supposed to put where? I have searched everywhere. I need to have autoprovisioning for Polycom and Cisco. Very Confused.

Polycom is a little different than other phones. Polycom requires multiple files for provisioning and can be very picky so much so that if the phone is a IP670 and is looking for a specific configuration on a specific line and it isn't found it will fail.

First make sure the ISO doesn't come preloaded with Polycom files first. I was an idiot and did all this anyway before verifying this.

Here is what I suggest for Polycom:

Download the latest SPLIT file (if pre 4.0 bootrom) and COMBINED (if post 4.0) file from Polycom's website for the latest phone you will be using. It will include the bootrom for the phones below lesser than it. So I download the one for IP670 since all my clients use 670's and a few use the older ones.

1. cd /home/PlcmSpIp
2. wget http://downloads.polycom.com/voice/voip/sp_ss_sip/spip_ssip_vvx_3_2_3_r…
3. unzip spip_ssip_vvx_3_2_3_release_sig_split.zip

Again Polycom's have multiple files for provisioning. ie. sip.cfg phone1.cfg 0000000000.cfg etc... Once you get these files installed, you must go back into the phone1.cfg file and find the lines for each setting you want to change ie:

reg.1.server.1.address="YOURURL" reg.1.server.1.port="5060" reg.1.server.1.transport="DNSnaptr" reg.1.server.1.expires="120"

This file is where you can change many variables of the phone and when the phone get's its provisioning file all these settings will be pushed to it. I THINK that if you separated these out by customers you could control each customers timezone since there is no way to do this in MTE.

Go through and put your data in there manually. This all should be done in your OVERRIDES folder so that any upgrades don't wipe this out. The override folder will be searched for and used instead of the files within PlcmSpIp folder but things will be taken from the PlcmSpIP folder if nothing is in OVERRIDES folder.

Once you do this, you can direct your phones to TFTP or HTTP of your URL or IP and all should work fine.

One thing I will say is that do not try and auto provision a VVX1500 with these files because you will get PHONENUMBER@IPADDRESS for inbound calls. Just manually provision this.

Sorry this is all over the place but I hope it helps a little. Feel free to bash me on anything I said wrong Erik :)

Thanks for the explaination, this helps. My issue right now is that by FTP i cannot GET anything I try logging in manually, it tells me Access Denied. For HTTP what is the address I need to point my phone to?

I haven't used FTP, although I want to so I can upload changes from the phone to the switch. When I provision I just choose http and point my phone to my url or ip address. Thats it.

I figured it out. In the VSFTP configuration directory under /etc/vsftpd there is a file callled PlcmSpIp. Inside that file the user was being restricted from downloading all files using a wild card. You need to remove the ",.*" from the end of the Deny File line. I have confirmed that this exists on a fresh installation of MTE not sure if thats incorrectly done.

this was incredibly stupid on your part vrtuworks. Dont be one of those guys that come back in 6 months with their tail tucked between their legs saying

I should have listened to you, you were right. I am so screwed now. Someone got into our system and downloaded all the config files and started making international calls. I didnt realize it happened for a couple days and now I have a $10,000 bill with my international carrier and they said there is no way I am getting out of this. Additionally my customers are getting calls from angry people because the customer's callerid is showing up on their answering machines related to fradulent credit card scams

this has literally happened not once, not twice, but to 9 customers.

theres a REASON vsftp is setup to not let you download a file unless you know the EXACT FILENAME to download. The polycom phone doesnt do a 'mget *'.. it downloads its mac-addr.cfg file and THAT file tells it what other files to fetch. A little RTFM will save you $10k in non-disputable damages.

Eeman - Sorry I'm not sure how to get it to work otherwise then, with the .* at the end the phones fail to provision. With it removed they work fine.

Also - We dont give anyone International calling so it's not that big of a risk, we only have domestic enabled. We allow users to connec to Skype for International.

Removing it allows me to auto-provision.

another note - when I provision my phones do not receive a notify event and do not get rebooted when I make a change. Is there anything that I need to do out of the box for that to work with polycom? I have checked the sip-notify.conf and it looks good.

In the config I have users still cannot do a directory listing, that still gives a 550, thats what I thought was important correct me if I am wrong.

manually do an ftp to your box and do a mass get . if you succeed you have a permissions issue. Also, with the old config, confirm that you can fetch a single named file. a polycom phone will never issue a get command on a wildcard.

We recently updated an older TL install (now running PBX Manager 6.1.1.10) and now we can no longer auto-provision phones. The FTP requests are not getting the config files.

When we use an FTP client - we can connect fine so i dont think its and access issue but when we try to GET a specific Config files we keep getting an "550 Permission denied." message.

We checked the folder permissions and they are:
[root@pbx home]# ls -ld /home/PlcmSpIp
drwxr-x--x 9 root root 4096 Feb 12 11:25 /home/PlcmSpIp

this appears to be appropriate. - chmod on the PlcmSpIp folder is set to 0751

We are not sure what happened to stop the FTP process that was working properly before the update but something int the yum updates to seems to have changed.

We are stumped and could really use some assistance in sorting this out.

so you're going to need to try and discover where the configs are getting stored... make sure they are still being placed in the correct directory. Upgrades of the old ver6 were just an upgrade to the webmin module, so I do not anticipate anything changing in your vsftpd configs or your apache configs. Are you able to ftp fetch any file that you CAN see in the /home/PlcmSpIp dir?

BTW dont resurrect 6yr old threads, its very unlikely anyone who posted here still peruses the forums. Just start a new thread.