CME forced auth codes in 8.5/8.6 - Page 2

thisisshanky · ‎06-16-2011

I m referring to this document (which doesnt seem to help me much)..so thought of posting at this forum....

Has any body successfully implemented FAC in CME..

http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/admin/configuration/guide/cmefac.html

i have setup two LPCor groups one for end users and one for PSTN trunks..to test this functionality i put one ephone under the end users group and another ephone in the PSTN trunk group..and when you call from ephone 1 to 2...it asks for the username and password as programmed but then it hangs up the call...

i can post configs if needed...its pretty similar to whats in the document..

TIA..

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

t_kilany_2 · ‎08-21-2011

Hello shamku,

I'm facing the same problem you have earlier, "

it asks for the username and password as programmed but then it hangs up the call..."

I have review the AAA section of my configuration it is the same exactly like you mentioned here and similar to the example of the Cisco documentation, but still the call is hangs up.

Any idea?

I have try some debug command, and got the following:

Aug 19 22:23:20.924: //850//Auth:/AUTH_ProcessAuthFailure: Auth operation Failed

Aug 19 22:23:20.924: //850//Auth:/AUTH_Close: status(2)

Aug 19 22:23:20.924: //-1//Auth:/AUTH_SetAuthFacData:

Aug 19 22:23:20.924: //-1//Auth:/AUTH_FacDataIsAvailable:

Aug 19 22:23:20.924: //850//Auth:/AUTH_Complete: Auth Returning 2 [AUTH_STATUS_FAILED]: use_count(3)

Aug 19 22:23:20.928: //-1//Auth:HN006C9510:/AFW_M_Auth_Free:

Thanks!

thisisshanky · ‎08-22-2011

Did you re-record the wave files properly in the g711ulaw 8bit mono format...when the file formats were wrong i noticed that this was not functioning properly...

Also please paste your configs, i can take a look at it...

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

t_kilany_2 · ‎08-22-2011

Hi shamku,

Thank you for your reply!

I have used some Cisco files for audio. I guess they are ok.

enter_account.au

enter_pin.au

Codec Details for these files are as follow:

Codec: PCM MU-LAW (mlaw)

Channels: Mono

Sample rate: 8000 Hz

Bits per sample: 16

I will attach the configuration shortly as soon as I get back to office.

Regards,

Tarik

Salvo_Phl · ‎09-01-2011

Thanks Man,

This helped alot! Working at one of our remote brnaches thanks to your configs.

Phil

jonwoloshyn · ‎09-22-2011

thisisshanky - have you noticed in your config the following:

trunk group lpcor outgoing PSTNTrunk

This is not how you entered the command.

The entered command is just

trunk group XXX

lpcor outgoing PSTNTrunk

For some reason IOS is changing the command in the config to what you have. When you reboot, your FACs won't work as IOS will not understand "trunk group lpcor outgoing PSTNTrunk"

I've had that issue just recently. Wondering if it's fixed in newer code. I think I was on 15.1 M1 Anyone else seen it?

thisisshanky · ‎09-22-2011

You are right John

I did notice the same problem with the customer and right now as we speak we manually re-enter the command if router is rebooted. I am not sure if a later code has fixed this, yet to try..best open a tac case..

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

jonwoloshyn · ‎09-22-2011

I'll try a newer version of code in my lab. I checked the bug toolkit but didn't see anything related. My customers system is completely isolated from their data network down to the copper so the only way for me to open a TAC case and get anywhere is to be onsite with the box so a TAC case isn't optimal for me as I don't have the cycles to sit there or any way to cost recover my time

jonwoloshyn · ‎09-22-2011

BTW - with the param passwd, if you leave out the param passwd-prompt command, set the param passwd to a value and create all your numeric user accounts with the same password as what you have specified as param passwd, the auth application skips the password check so instead of needing userid and password, the caller only needs userid. Basically, means single stage authentication code like CUCM. Much nicer and easier for users to accept when coming from a different system.

thisisshanky · ‎09-22-2011

wow thats a great find, i was wondering how to do that...good to know..

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

Praveen Arak · ‎03-28-2014

Dear ,

Can you please givr me working example for this as I do have same request to use single pin authentication in CME 9.X .

Thanks

Praveen

Jorge Luis Covenas Chiroque · ‎02-24-2012

Hi thisisshanky, I tested your script and it works well with FXO lines connected to PSTN.

But when I tested it using E1 primary the call end inmediately after ingress user and password.

This is the disconnect cause code: Service or option not available, or unspecified (63)

Venkitesh H Iyer · ‎02-29-2012

Hello Jorge,

We are having 2 BRI Lines & 1 PRI Line in our Office and it works perfectly fine. In fact, we have kept the PRI for Local Calling (Local + STD) & the 2 BRI Lines for only ILD Calling. If you need, I will be pasting the configuration for you. Let me know. We are using LPCOR & COR Together. It works perfectly fine.

Regards,

Ganesh

Jorge Luis Covenas Chiroque · ‎03-01-2012

Ganesh,

Could you send us your configuration?

Thanks a lot.

Jorge Covenas

Venkitesh H Iyer
created the discussion
"Re: CME forced auth codes in 8.5/8.6"
To view the discussion, visit:
https://supportforums.cisco.com/message/3575951#3575951

Venkitesh H Iyer · ‎03-04-2012

Hi Jorge,

Sorry for the delay. I am busy with 4 different projects in my Company. Here is the Configuration. I am attaching it in a text file.

Do let me know, if there is any issue.

cogamboa · ‎07-20-2012

thisisshanky:

You will have the full configutracion, I can provide a copy

Thanks