The FreeSWITCH directory is the authoritative source of user accounts. It stores SIP authentication credentials, voicemail PINs, caller ID presentation values, and per-user variables that control call routing. WhenDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/signalwire/freeswitch/llms.txt
Use this file to discover all available pages before exploring further.
mod_sofia receives a SIP REGISTER or a challenged INVITE, it queries the directory to look up the authenticating user’s password. When the dialplan uses a user/ dial string (e.g., bridge data="user/1000@domain.com"), it also queries the directory to resolve the user’s registered contact URI.
Directory Structure
The directory section of the configuration uses a domain-centric hierarchy: one or more<domain> elements, each containing groups of users. The vanilla configuration defines a single domain whose name is set to $${domain} (the machine’s local IP by default).
directory/default.xml
User Entry
Each user is stored in its own file insidedirectory/default/. The file for extension 1000 illustrates the canonical structure:
The vanilla configuration ships with 20 demo user accounts — extensions 1000 through 1019 — all using the same
$${default_password} (set to 1234 in vars.xml). Each user’s voicemail PIN (vm-password) defaults to that user’s own extension number (e.g., 1000 for user 1000). You must change these credentials before exposing FreeSWITCH to any network. Edit vars.xml, change the value of default_password, then run reloadxml from the fs_cli console.Authentication
mod_sofia uses HTTP Digest authentication (RFC 3261 §22) to verify SIP REGISTER and INVITE requests. When a challenge is issued, the user agent must supply credentials that FreeSWITCH validates against the directory.
FreeSWITCH supports two password storage formats:
Plaintext password
The
password param stores the password in cleartext. FreeSWITCH computes the MD5 A1 hash on-the-fly during authentication.Pre-hashed (a1-hash)
Store a pre-computed MD5 hash of Generate it with:
user:domain:password for slightly better at-rest security.force-register-domain setting in the internal SIP profile pins all registrations to $${domain}, so users register with the IP address (or hostname) configured in vars.xml rather than whatever domain they send in their SIP headers.
Voicemail
Voicemail configuration is split between the directory (per-user settings) andautoload_configs/voicemail.conf.xml (global storage paths and behaviour).
The directory controls two voicemail attributes per user:
| Parameter / Variable | Location | Description |
|---|---|---|
vm-password | <params> | The numeric PIN the user dials to retrieve messages. |
voicemail_enabled | <variables> | Set to false to disable voicemail for a specific user. Defaults to enabled. |
call_timeout seconds), continue_on_fail=true allows execution to fall through to:
${dialed_extension} in the default voicemail profile.
Call Permissions
Thetoll_allow variable is a comma-separated list of permission tokens checked by the dialplan before routing outbound calls. The default dialplan checks this variable on extensions in the Local_Extension and outbound routing sections.
| Value | Meaning |
|---|---|
local | Allows calls to local extensions and internal numbers |
domestic | Allows domestic long-distance calls |
international | Allows international dialing (01+country code) |
Multiple Domains
To serve multiple SIP domains from a single FreeSWITCH instance, create one<domain> block per domain, each in its own file under directory/. The domain name attribute must match the SIP domain that users register with.
force-register-domain and force-register-db-domain parameters from your SIP profile (or set them to empty strings) so that FreeSWITCH uses the domain from the SIP packet rather than overriding it.
Directory Reload
After adding or modifying user files, reload the configuration without restarting FreeSWITCH:reloadxml re-reads and re-compiles the entire XML configuration tree, including the directory. Active calls are not affected. New registrations and authentication attempts will immediately use the updated directory.
To verify a specific user record was loaded correctly: