Archive for April, 2007

Installing and Configuring Asterisk

Thursday, April 26th, 2007

Installing and Configuring Asterisk

The following article is for installing and configuring Asterisk. There are now different flavors of using Asterisk, the two I will touch upon in this writing is Asterisk (the command line version) and Trixbox (f.k.a Asterisk@Home).

BACKGROUND
Asterisk is a PBX (Phone Box Exchange) system used to connect multiple phone to multiple lines (or a combination there of) for having many features that a traditional PBX would give you, but Open Source (in this case free). You can use PSTN lines, IAX, or SIP routing lines, as well as hard phones (traditional telephones or VoIP handsets) or soft phones. It is used for VoIP (Voice over Internet Protocol).

INSTALLATION
We will first cover installation with the traditional Asterisk software:

First have a box with Linux loaded on it.

System Requirements:

First download Asterisk from CVS:

# cd /usr/src
# export CVSROOT=:pserver:anoncvs@cvs.digium.com:/usr/cvsroot
# cvs login
(password is same as username)
# cvs checkout zaptel asterisk
# cd zaptel
# make clean ; make install
# cd ../libpri
# make clean ; make install
# cd ../asterisk
# make clean ; make install
# make samples

If all of this worked without any errors, you have successfully installed Asterisk.

You can now run

# asterisk –vvvvvvvc

If that doesn’t work, try

# /usr/sbin/asterisk -vvvvvvc

This will run asterisk console in super-verbose mode, if there are any errors, you will see them scrolling across the screen too.

You can type “stop now” to kill Asterisk.

Installing Cards:

Open up your computer and install the card into a PCI slot. These cards require a certain voltage, so make sure your computer can power the card appropriately. When in doubt, lookup the model number of your card, and the model number of your computer. Sometimes, you will need an extra plug from the powersupply to power some of the larger TDM cards.

After you have your card installed, you must configure the card. The following is how to configure a card (this checks for any type of card):

# modprobe zaptel
# modprobe wcfxo
# modprobe wcfxs

NOTE: The first one to be probed, will become channel 1, etc.

Next, you have to edit the zaptel.conf file to let it know where the cards are at. Here is an example of a basic zaptel.conf configuration:

Fxsks=1
Fxoks=2
Fxoks=3
Loadzone=us
Defaultzone=us

Without getting too deep as to why, fxsks is actually for the fxo card, the fxoks stuff is for the fxs cards. The zones just need to be equal to your country code. The number after the fx??? Needs to be equal to what you got when you modprobed earlier.

Now, save your changes and prepare to edit another file called Zapata.conf.

Under Zapata.conf, you would change it (in this scenario) as so:

• busydetect=1 #busy detect on or off
• busycount=7 #how many rings it would take for it to know it’s busy
• relaxdtmf=yes #if dtmf should not be forced
• callwaiting=yes #self-explanatory
• callwaitingcallerid=yes #self-explanatory
• threewaycalling=yes #self-explanatory
• transfer=yes #self-explanatory
• cancallforward=yes #self-explanatory
• usecallerid=yes #self-explanatory
• echocancel=yes #tries to kill/adjust echoing that’s prevalent with VoIP
• echocancelwhenbridged=yes #Self-explanatory
• rxgain=0.0 #volume
• txgain=0.0 #volume
• group=1 #groups for trunking
• pickupgroup=1-4 #groups for phones to pickup calls ringing on other phones
• immediate=no #as soon as the phone is picked up, it dials a specified number [think Red Bat Phone from Original Batman program]
• context=bell #bell is a “group of settings” in your extensions.conf file
• signalling=fxs_ks #signalling method, just have it match your zaptel.conf
• callerid=asreceived #pass callerid on to asterisk’s extension logic
• channel=1 #assign the settings to this channel
• context=home #home is a “group of settings” in your extensions.conf file
• group=2
• signalling=fxo_ks #signalling method, just have it match your zaptel.conf
• mailbox=2468 #mailbox number
• callerid=”Phone 1″ <2468> #callerid of phone on this channel
• channel=2 #assign the settings to this channel
• signalling=fxo_ks #signalling method, just have it match your zaptel.conf
• mailbox=3579 #mailbox number
• callerid=”Phone 2″ <3579> #callerid of phone on this channel
• channel=3 #assign the settings to this channel

Run the following (after stopping Asterisk) to finish configuring the Zaptel cards:
# ztcfg –vv

Now edit the extensions.conf file to configure numbers for the cards:

[default] #This is the default plan for what happens when someone dials extension 103, or 1000
; exten => $extensionNumber,$priority,$command
exten => 103,1,BackGround(tt-monkeys)
; definitions for extension 1000….
exten => 1000,1,Dial(SIP/dg,20,t,r)
exten => 1000,2,Voicemail(s1000)

[telewest_pstn] #This is a sample dial plan called “telewest_pstn” that determines what happens when you use your PSTN like to make a SIP phone ring.
exten => s,1,Dial(SIP/dg,25,t,r)
exten => s,2,Voicemail(s1000)
exten => s,3,Hangup

[default] #This is another part of the default dial plan for dialing out.
; if the number starts with a 9, send it via the PSTN landline.
exten => _9.,1,Dial(Zap/1/${EXTEN:1})
; or if it’s a 6 digit number (i.e local call)
exten => _XXXXXX,1,Dial(Zap/1/%{EXTEN})

Make sure to save your changes.

Sip.conf

From http://www.voip-info.org, the resource for Asterisk, and VoIP related items.
The sip.conf file is a “configuration file for Asterisk SIP channels, for both inbound and outbound calls.”

Here is an example from www.voip-info.org:

[general]
context = (own_context in extensions.conf where receive the call )
realm = real.com (If you’d like to separate by realms)
bindbort=5060 (the port to bind to)
srvlookup=yes (lookup the server?)
disallow=all (secure it by not allowing everybody)
allow=ulaw (protocol)
allow=gsm (encoding/compression – check with provider)
language=en (self explanatory)

trustrpid = yes
sendrpid = yes

register => fromuser@fromdomain:secret@host (from your other asterisk box or VoIP provider)
register => XXXX@YYYY.com:AAAA@IP (from your other asterisk box or VoIP provider)

[my_provider]
type=peer (type of SIP extension)
fromuser=XXXX (user name)
fromdomain=YYYY.com (domain name)
canreinvite=no (usually set to no)
secret=AAAAA (password)
insecure=very (usually set to this)
host= IP (IP address of what this extension should use to authenticate)
disallow=all (secure it by not allowing everybody)
allow=gsm (encoding/compression – check with provider)
allow=ulaw (encoding/compression – check with provider)
allow=alaw (encoding/compression – check with provider)
qualify=yes (usually set to yes)
nat=no (if you’re behind a SOHO firewall, set this to yes)

Outbound call in extensions.conf
exten => _X.,1,Dial(SIP/${EXTEN}@my_provider) (how outbound calls are handled by Asterisk: This specific one means that when a phone number is dialed the first thing that happens is for it to go to a variable extension being called (which is usually declared beforehand) through a SIP line.

When creating or making changes to this file, reload Asterisk by logging into the console and typing the following:

Reload

This will tell Asterisk to re-scan the *.conf files and absorb the changes accordingly.

Trixbox:

Trixbox is a good program that contains all of the essentials of Asterisk, but it much easier to setup. You just pop in the install CD, ad it will install Asterisk, and a lot of other add-ons for you (along with wiping out your hard drive).

Instead of re-inventing the wheel. Sureteq has a good link for how to install and configure Trixbox. It’s for version 1.2, but it will work for version 2.0 just as well.

http://www.sureteq.com/asterisk/trixboxv1.2.htm

Firewalls:

Ideally, when setting up VoIP you will want to do the following with your VoIP PBX system.
1. Separate it from your regular network, whether this be through VLAN’ing, Subnetting or AirGaping, make sure its separate so that it doesn’t mess with your traffic.
2. Change the default passwords on your PBX for EVERYTHING!!!
3. Run the updates to update everything on the server BEFORE configuring it
4. Confirm that your Firewall/Router has QoS (preferably for VoIP on it).
5. Open up the following ports if applicable:
a. 22 TCP for SSH (Quick Remote Administration)
b. 5060 TCP for SIP Registration
c. 10000-20000 UDP for RTP (for audio, video and data)
d. 4569 UDP for IAX2 -> If you’re using IAX, this is probably the one you want.
e. 5036 UDP for IAX
6. Add your modules (especially the backup/restore module)
7. Set a backup schedule for the PBX

An earlier version of Trixbox is Asterisk@home, and was just as easy to manage. Something to keep in mind is that within versions of Trixbox 2.0 and later, it is not too hard to restore your configuration. Upgrades between versions, and between Trixbox and Asterisk will require you to have a card copy of all of your information and will have to be manually entered once the upgrade is complete.

Connecting Microsoft Entourage 2004 to Microsoft Exchange Server 2003

Wednesday, April 18th, 2007

Microsoft Entourage interacts with Microsoft Exchange differently than a typical Microsoft Office client. There are some fundamental concerns that an organization should have when using Entourage with Exchange. One difference that is important to point out early in the process is the fact that Microsoft Entourage can cause Exchange database files to become bloated with streaming information in the *.stm files that is not otherwise needed. There are 3 ways to combat this when/if it occurs:
1) Run a eseutil command while the database is stopped to defrag the database. When using eseutil you will need a minimum amount of freespace available that is equal to the database size.
2) Migrate mailboxes between information stores on the Exchange Server (if Exchange Enterprise) in order to be able to delete the old Exchange database and clear out the fragmentation.
3) Delete the old database and restore from a backup.

Note: Over the course of working with this type of infrastructure for years, it should be noted that using Exchange Enterprise and using multiple message stores is the best way to handle this issue if you have the appropriate licensing and disk space.

Another common issue that is encountered with administering Entourage that is not likely to occur with Exchange is that the change of a users message store to a new server with a new address requires that the client be reconfigured to accommodate for the new address. So if a users mailbox is moved from Exchange23 to Exchange 87 then the client will need to be updated. This is not typically the case with Outlook as it will use x.500 records to update the users client software to reflect the new location of the message store on a per client basis.

To begin to setup the first account, from Entourage select Tools -> Accounts and you will see the accounts window. Entourage can actually log into multiple Exchange accounts concurrently. If the user has POP and IMAP accounts in addition to the Exchange account, the Accounts landing page will be where all accounts are configured. To configure an Exchange account, click on arrow to the right of the New button and click Exchange.

This will bring up the Account Setup Assistant. Here, you will enter the default Email address for the account into the Email Address field and check the box for My account is on an Exchange server. Then you will enter the users login credentials for Active Directory in the User ID field and the Active Directory domain in the Domain field. The password for the user should be entered into the password field and then click on the right arrow to allow the client to attempt to find the appropriate server information automatically. If this fails do not be alarmed, it will typically fail. However, if the DNS information in the users TCP/IP settings is correct then at times it will succeed.

Once you have entered the data, click on the right arrow button. If DNS settings are configured effectively then it may setup the account automatically; however, this is prone to failure.

Click on the Configure account manually button to bring up a screen that will allow you to enter the needed information to configure the account properly. Settings in the Account Settings tab include:
1) The Name is the name that will be placed in the From: field of emails sent through this account.
2) The Email address is the DEFAULT email address for the user.
3) The Account ID is the users login credentials to Active Directory. There are times when the Account ID will also need the NetBIOS domain prepended to it. For example, if the NetBIOS domain name in your environment is Patagonia, then the Account ID might read MyDomain/administrator. The settings used here should be easily mirrored from what is used by Outlook Web Access.
4) The Exchange server address is not automatically detected when performing a manual setup, so if you have multiple Exchange servers in your environment you may have to manually enter the DNS name or IP address of the server in the Exchange server: field.

Once you are satisfied with the settings under the Account Settings screen, click on the Options tab of the Edit Account Window. Options include:
1) Receive complete messages – This is typically the best choice over partially receive messages for most users
2) Partially receive messages over – For larger messages, you can choose to only receive the first 50 (or whatever number you enter into this field) KB of the message. This is often used to make mail appear faster, although for attachments it can cause the user to have to manually retrieve the attachment which can be fairly annoying. This is also helpful in troubleshooting as a large message can clog up the ability to download a mailbox.
3) Default Signature – Choose the signature you would like to use for your Exchange account.
4) Headers – Headers can be used for rule processing. If you are not using this then you likely do not need to use this field.

Once you are satisfied with your settings for the account options page, click on the Advanced screen to configure public folder settings and LDAP settings. Options here include:
1) Public folders server – This is the IP address or DNS name of the Exchange server. If you have Exchange servers dedicated to public folder storage then you would use the address of these in this field, otherwise it should be set to be the same as the Exchange server being used to log in. In Microsoft Exchange, not all servers house public folders. Each folder can be set to replicate amongst specified servers. Outlook enumerates this automatically but Entourage does not.
2) DAV service requires a secure connection (SSL)
3) Override default DAV port – If Outlook Web Access is running on a port other than 80 (or 443 if SSL is being used) then this setting will need to be used.
4) LDAP Server – This is the IP address or DNS name of the LDAP server that you will be accessing. Sometimes this is an Active Directory controller, but other times this is the Exchange server according to how roles have been assigned to computers.
5) This server requires me to log on – unless your Active Directory server allows unauthenticated logons (very rare) this option needs to be checked
6) This LDAP Server requires a secure connection (SSL) – If your LDAP server needs an SSL Cert then you will need to check this box. If this is the case then you will need to install the SSL certificate using Keychain Access.
7) Override default LDAP port – If the LDAP port or you are running for Active Directory has been customized or if you are running a 3rd party LDAP store then this setting will need to be changed.
8) Maximum number of results to return – for companies larger than 1,000 users you may need to increase this to see the entire GAL.
9) Search Base – leaving this field blank is usually fine unless you want users to have access to the GAL. GAL access can be obtained by filling in the appropriate search base.

Once you have set the Advanced Options we can configure Delegate access. To do so, click on the Delegate tab and configure delegation for the specified user. The My Delegates section is where you provide other users with the ability to send on the users behalf. Other users can be added by clicking on the Add… button. To add other users whose mailbox the user has access to you would use the Users I am a delegate for section. Here, you can click on the Add… button to add users whose folders and send on behalf of permissions this mail client should have access to. Just as with Outlook, for specific folder access you would grant this by right-clicking (control-clicking in a Mac environment with a one-button mouse) and clicking on the permissions button. As with Microsoft Outlook, permission must be given at the root folder and then any folders in the folder structure below that folder. Unlike an Outlook environment, occasionally the permissions button will timeout. If this is the case then use the Microsoft Outlook client while logged in as the user to make these types of delegation changes for the user.

Once you have set the Delegate options, click on the Security tab if you need to configure SSL options. Otherwise you can skip this section and click on OK. If you do need to configure SSL, click on the Security tab and use the Select button to choose any certs that are installed on the computer.

Once you have configured all of the settings for the Exchange account, click OK. Now you can go to the Entourage Main Window and verify that your account is online. If the account says (Not connected) then connectivity is not there and you will need to troubleshoot.

Using OD for Kerio Authentication

Tuesday, April 17th, 2007

Set up DNS record for mail.company.com
Set up OD master with Kerberos and make sure its all working.
Bind server into OD master and check Kerb.
Install Kerio.
Install Kerio OD extensions to Mail server.
Open Terminal and sudo pico /etc/openldap/slapd.conf
Find the include statements in the file.
Make sure that “include /etc/openldap/schema/kerio-mailserver.schema” (no quotes) is in that file in the correct spot under include.
Open Kerio Admin.
Go to Domains and click on the domain and click edit, than go to the directory services tab.
Check Map User accounts.
Choose Apple OD Kerberos Auth.

Hostname: mail.company.com
Username: uid=companydiradmin,cn-users,dc=dnsnameof,dc=main,dc=odmaster
Password:

LDAP Search Suffix:
dc=dnsnameof,dc=main,dc=odmaster

Click test and you should get a connected successfully message!
Than when you go to users and click add choose activate user in directory service and you should see all of your OD users.

Final Cut Issues On Intel Xserve’s

Wednesday, April 11th, 2007

This is the result of our testing of using Intel Xserve’s with Final Cut Pro:

Also, in my testing the final result of the Intel Xserve VGA boot is this:
-If you power it on without a monitor attached it will not open Final Cut.
-If you power it on with a monitor attached and remove it before opening Final Cut then it will not launch Final Cut.
-If you power it on with a monitor and open Final Cut then Final Cut will work until closed provided you leave the MiniVGA adapter plugged in. If you remove the MiniVGA adapter then Final Cut will crash.
-If you power it on with a monitor and open Final Cut, then remove the monitor and close Final Cut, Final Cut will not launch until it is rebooted without a monitor.

It comes down to whether the Quartz Extreme is initiated and/or running. Just an FYI on what I found in my testing of this.

Xsan: Sometimes You’re Going to Loose a Drive

Wednesday, April 4th, 2007

Sometimes a drive fails, or a RAID controller goes down on an array with a redundant drive and the parity on a RAID must be rebuilt. In other words, if you loose a drive in a RAID 5, RAID 1, RAID 0+1 or RAID 3 array you will be left with a degraded RAID (also referred to as a critical RAID) unless you have configured your Xserve RAID to use a hot spare. If you are using a hot spare on the channel of the failed drive the RAID will begin to rebuild itself automatically. If you are not using a hot spare, upgrading your degraded RAID back to a healthy state should happen as quickly as possible to avoid data loss. In the event of a second drive failure on the array most of the data could be lost – and Murphy’s Law is evil when it comes to RAIDs. The data should be backed up as quickly as possible if it has not already been backed up.

Once the data is backed up, you should perform a rebuild of the parity for the array. The partiy is rebuilt based on the data that is on the array. This does not fix any issues that may be present with actual data. In other words, if you were using the Xserve RAID as a local volume it would only repair issues with the array and not also perform a repair disk on the drives. In an Xsan any data corruption could force you to rebuild you volume from the LUNs. You would not need to relabel the LUNs, but you may have to rebuild your volume

In many situations you will be able to simply swap the bad drive out with an identical good drive and configure it as a hot spare. Then the Xserve RAID will automatically begin rebuilding the array, moving it from a degraded state into a healthy state.

However, there are often logical issues with drives and arrays. Also, hot spares do not always join the degraded array. In these situations you may need to manually rebuild an array. To do this:
Silence the alarm on the Xserve RAID.
Verify that you have a clean backup of your data.
Verify that you have a clean backup of your data again or better, have someone else check as well.
Open up your trusty Xserve RAID Spare Parts Kit and grab the spare drive module.
Remove the drive module that has gone down (typically the one with the amber light).
Install the new drive in your now empty slot.
Open RAID Admin from the /Applications/Server directory.
Click on the RAID containing the damagemed array.
Click on the Advanced button in the toolbar.
Enter the management password for the Xserve RAID you are rebuilding the parity for.
Click on the button for Verify or Rebuild Parity and click on Continue.
Select the array needing to be rebuilt.
Click Rebuild Array and be prepared to wait for hours during the rebuild process. It is possible to use the array during the rebuild process – although if you don’t have to use the array it is probably best not to as you will see a performance loss. During the rebuild the lights on the drive will flash between an amber and a green state.
Once the rebuild is complete, perform a Verify Array on the RAID.
Verify the data on the volumes using the array.
Order a new drive to replace the broken drive in your Xserve RAID Spare Parts Kit.

If the rebuild of the data does not go well and the array is lost then you will likely need to delete the array and readd it. This will cause you to loose the data that was stored on that array and possibly on the volume, so it can never hurt to call Apple first and see if they have any more steps you can attempt. This is one of the many good reasons for backing data up. Just because you are using a RAID does not mean you should not back your data up.

The Verify Array can also be used to help troubleshoot issues with corrupted arrays.

This process has been tested using firmware 1.5 and below for Xserve RAIDs.