12-06-2013 05:37 AM - edited 03-21-2019 07:57 AM
Hi Guys,
I am looking at configuring the SPA504G to allow for 'hot desking' functionality, so that users can login and use the phone as their own, so their extension follows them whereever they might be.
I have an http server ,configured and I have the extension mobility profile defined, however I wondered if there were example configurations of how this works?
I can get the SPA to download the profile so I get the login button and it sends an HTTP request to get phone configuration file, but does this only once.
Plus when I am successful I cannot logout, so my client stays registered.
Any suggestions would be great.
I also have the challenge of linking user logins to their profiles and sip accounts.
Thanks
Jon
<flat-profile>
<Profile_Rule ua="na">("$EMS" eq "mobile" and "$MUID" ne "" and "$MPWD" ne "") ? [--uid $MUID$PDOM
--pwd $MPWD] http://192.168.1.103/mobility/spa649EF37675CA.cfg </Profile_Rule>
<EM_Enable ua="na">Yes</EM_Enable>
<EM_User_Domain ua="na">test.com</EM_User_Domain>
<EM_Phone_User_ID ua="na"></EM_Phone_User_ID>
<EM_Phone_Password ua="na"></EM_Phone_Password>
<EM_Mobile_User_ID ua="na"></EM_Mobile_User_ID>
<EM_Mobile_Password ua="na"></EM_Mobile_Password>
<EM_Login_State ua="na">"mobile"</EM_Login_State>
12-09-2013 01:53 PM
Host (non-logged in) configuration is overwritten by mobile configuration when someone is logged in succesfully. And unless another host configuration will override mobile configuration, it remain in effect. The only efect of "logout" is change of configuration. If you will not change it, logout is "no operation".
I don't know what's purpose of "login" in your particular case, but I assume that it's something that should not be accesible when no one is logged in. Such feature needs to be deconfigured on logout - and it's the purpose of host configuration. It turn device's configuration to the one dedicated to "no one is logged in" mode.
I don't understand the sentence mentioning two accounts in full. Where you think you need to have two accounts ? And two account per what ? Per phone ? Per device ? There's an idea hidden behind your's question which I'm not fammilar with, so I don't understand.
I notice that when I change parameters, it always looks for a default configuration first, when the EM functionality is enabled and you enter credentials from the login key initially.
Phone start in non-logged in state. I assume it's not surprising so much.
12-09-2013 02:06 PM
Hi Dan,
Yes sorry let me be clear on the requirements.
I need a handset on site, whereby a user can just come up to it, and enter their credentials to login and register for SIP.
Ideally I would just want the SPA sat there with a login button and no Host profile registered for SIP, or unregistered for that matter so the lamp is not flashing orange.
So users can use it for hot-desking so calls follow them wherever they might be working.
From what your saying though there will always be a need for a host profile which I get.
On my current setup, the host profile isnt loading without me being prompted for username and password, again is that normal or an issue with configuration?
Thanks
Jon
12-09-2013 03:41 PM
Host profile doesn't mean that a SIP account needs to be configured. No configuration = no registration to exchange, all Line buttons dark, no way to call. Only login PSK avaiable here.
Mobile configuration loaded upon login = proper SIP configuration, appropriate Line buttons configured in, green lights on (if succesfully registered to exchange), calls works like a charm.
On logout button, all those things needs to be turned off - and it's the job of host mode configuration.
Just beware of local law. For example, emergency calls must be allowed regardless of device state (so no PIN nor login nor coin) in my country.
On my current setup, the host profile isnt loading without me being prompted for username and password
It's not correct. If phone will be turned off when a user logged in, then turned on later, the mobile configuration remain in effect (because it is saved in device and no host configuration is defined). And even casual LOGOUT will not work properly.
Do you remember the example from Montila's document ? It's conditional has "else" part as well. You need follow such example. Something like it:
("$EMS" eq "mobile" and "$MUID" ne "" and "$MPWD" ne "") ? [--uid $MUID$PDOM --pwd $MPWD] http://192.168.1.103/mobility/spa$MA-USER$MUID.cfg | http://192.168.1.103/mobility/spa$MA-HOST.cfg
The orange is conditional. If true, the green part will apply (it define URL for mobile mode and order HTTP authentication using $MUID$PDOM name and $MPWD password). If false, blue part will apply. It define URL requested without authentication (e.g. host mode configuration).
12-11-2013 07:58 AM
Thanks again for the help Dan.
I have tested successfully on a server running the latest apache2 version, Im now troubleshooting on a server running apache 2.2.22 where the HTTP authentication username(--uid) isnt being presented to the server, I just see " ".
Once I resolve that I will have a fully working version and will post any details.
Thanks
Jon
12-11-2013 11:42 AM
Catch the HTTP session. I suspect it's problem of Apache's digest authentication configuration.
12-13-2013 05:26 AM
Hi Dan,
One last thing, is there anyway to make the handset logout and unregister if a user forgets to logout?
As I know with other solutions there is an inactivity timer or another timer you can set to logout at session, is this possible with EM and SPA handsets?
Thanks again.
Jon
12-13-2013 01:35 PM
As far as I know, no.
You may try to play with reload of host provisioning after a timeout, but I'm not sure it can switch EM status from mobile to host.
12-20-2013 11:48 PM
Hi Dan,
Seasons greetings, thanks again for all your comments on this.
One last thing, Im adding the profile to our existing provisioning mechanism, which actually uses multiple provisioning profiles, an example of which is below;
The EM is enabled and I can login, but when I do I see HTTP GET requests for Profile B and C, but not D, I thought D would override the previous two requests?
As these profiles then overwrite the EM one. Ive been trying to find a document that explains profiles in more detail, do you know where one is I can review?
Many thanks
Jon
12-21-2013 09:27 AM
Two possible reasons:
Modify D-profile to be plain URL (unconditional). It give you a chance to distinquish between those two posibilities. If you will see HTTP request for D-URL it's [2], if not it's [1]
12-23-2013 10:21 AM
Great thanks Dan, thats sorted, I was trying to overwrite too many profiles.
I think thats finally there, I will post working configuration shortly.
I presume that with the whole profile mechanism in use the SPA has to reboot when switching between profiles?
Theres nothing that can be done to stop that?
Thank
Jon
12-23-2013 10:38 AM
I presume that with the whole profile mechanism in use the SPA has to reboot when switching between profiles?Theres nothing that can be done to stop that?
You can do nothing with it. Despite EM switching look like a magic, it's simple method based on configuration reload. Following document apply here in full:
If you will not split configuration into A-D sub-profiles but use server-side script to generate one configuration at once instead, the reconfiguration process will be slightly faster.
04-14-2014 06:04 AM
Hi,
I wonder if someone could help me on extension mobility on spa504 with asterisk. I have followed this thread to implement similar but it does not work.
I am trying to authenticate using below profile:
("$EMS" eq "mobile" and "$MUID" ne "" and "$MPWD" ne "") ? [--uid $MUID$PDOM --pwd $MPWD] http://192.168.1.103/mobility/spa$MA-USER$MUID.cfg |http://192.168.1.103/mobility/spa$MA-HOST.cfg
However I am not sure how to create authentication for $MUID and $MPWD. What phone domain $PDOM is used for?
I tried to find some decent document to implement this feature but could not get anything suitable.
Thanks in advance.
04-14-2014 07:38 AM
I'm not sure what you mean saying "I am not sure how to create authentication" . This is standard HTTP digest authentication, nothing Cisco specific, so you need to configure it on your HTTP server. Consult your HTTP server documentation for "how to configure authentication".
It's so long time I tried to configure it, so I don't know whats the value of $PDOM. Just try to fill any option with 'domain' in its name with an arbitrary string, then check the content of $PDOM. Or remove it from Profile_Rule and forget it at all.
04-14-2014 09:30 AM
Hi Dan,
I have managed to do it without authentication and I think I know how to add authentication using apache.
Thanks for you reply,
04-14-2014 10:06 AM
Glad to hear.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide