FreePBX | Register | Issues | Wiki | Portal | Support

Admin panel throws whoops error when loging in with AD user


(Tony Guadagno) #1

Hi, i posted this several months ago and i am still not able to figure it out, i was hoping someone new might have some insight.

I have had this issue since i installed (fresh) the 14 beta, i am currently on FreePBX 14.0.1rc1.17. I have linked the users accounts to AD, i have an admin group and I have some admin users in that group. when the AD admin users log in, they get this whoops error:

Unable to locate the FreePBX BMO Class 'Broadcast’A required module might be disabled or uninstalled. Recommended steps (run from the CLI): 1) fwconsole ma install broadcast 2) fwconsole ma enable broadcast

(screenshot attached) after this error is thrown, if you change the url to /admin and refresh, you get the admin panel. This error references the Broadcast module (which i do not use). someone suggested removing this module, when I did that, the error changed to name the next module in the list (calendar i think). so I don’t think this has anything to do with Broadcast.

Also, this only happens with AD admins, if I use the built in admin, I do NOT get this error…

any idea’s?
thanks


(Andrew Nagy) #2

Update all modules to edge mode.


(Tony Guadagno) #3

andrew, is there an edge module that fixes this?


(Andrew Nagy) #4

Please update all modules to the edge mode. Especially user manager.


(Tony Guadagno) #5

andrew, i attempted to update all to edge, half way through, i got this: i cannot get into module admin any more, it wants me to install usermanager


(Andrew Nagy) #6

Do it on the cli then.


(Tony Guadagno) #7

andrew, ok, i was able to install from command line, i then i went to modules and finished updating the modules. i noticed that i can no longer login at all with AD creds. i looked at userman and i see this in the status of my AD directory entry:

You must provide a configuration array or an instance of Adldap\Connections\ProviderInterface.

…i pressed the red ‘apply’ button, do i need to reboot? or is there something else wrong?

thanks


(Andrew Nagy) #8

Not sure. You may have to start over. We haven’t see than in qa yet. But perhaps you should be more verbose on where that error is coming from.


(Tony Guadagno) #9

andrew, I see the directory tab is all new. so i removed my old (imported) AD entry and created a new one. that one connects yeh! I went into groups and i see my AD groups, and i set the default attributes (like enable admin panel etc) but there is no submit or save button, i am not able to save anything on the edit screen of the group details


(Tony Guadagno) #10

ok, i see, the message says its being locked while synchronizing…so, is there a way to force this or do it manually and see results, because i don’t think it would normally take this long.


(Tony Guadagno) #11

ok, i found the command and i think this might be an issue:

[root@uepbx1 ~]# fwconsole userman --list
±—±---------------------------+
| ID | Name |
±—±---------------------------+
| 1 | Imported freepbx directory |
| 3 | Ultra-Fei |
±—±---------------------------+

[root@uepbx1 ~]# fwconsole userman --sync 3 --force
Starting Sync on directory ‘Ultra-Fei’…
PHP Fatal error: Call to a member function getConvertedGuid() on null in /var/www/html/admin/modules/userman/functions.inc/auth/modules/Msad2.php on line 506
Whoops\Exception\ErrorException: Call to a member function getConvertedGuid() on null in file /var/www/html/admin/modules/userman/functions.inc/auth/modules/Msad2.php on line 506
Stack trace:

  1. Whoops\Exception\ErrorException->() /var/www/html/admin/modules/userman/functions.inc/auth/modules/Msad2.php:506

(Andrew Nagy) #12

You don’t have primary groups assigned to some users. Try to fix that on your server.

Otherwise this is already fixed in userman edge. (https://github.com/FreePBX/userman/blob/release/14.0/functions.inc/auth/modules/Msad2.php#L509)

Running with --verbose will give you more information as well.

Also if you don’t have the submit buttons then you didn’t hit apply config. That links the javascript.


(Tony Guadagno) #13

andrew, yes, i will start to sift through our users to find which one doesn’t have a primary group, it would be nice to have that update. do you know when it will be in edge? i have 14.0.3.9 and it is not in that.

thanks for all your help today!


(Tony Guadagno) #14

andrew, fyi, i looked at all users and could find none that were missing the primary group. It looks like the code you referenced adds more verbose logging to indicate what user it had a problem with? that would be helpful, i could then zero in on a user. Do you know when that code might be in edge?

thanks


(Andrew Nagy) #15

All done


(Tony Guadagno) #16

great, thanks, i will try now


(Tony Guadagno) #17

andrew, that update fixed a lot for me, i now can complete a sync, all the users and groups are there. in addition, the status messages are pointing me to the problem, when i do an update --verbose, i see this:

Updating Primary Groups
Unable to find reed1283’s primary group

i get this for all users. i have checked and these users do have a primary group assigned, it is “Domain Users” (the default). Is this an issue for FreePBX? this is the default config for all AD installs, why does it not like Domain Users?

thanks


(Tony Guadagno) #18

andrew, I tried to login to admin with an ldap user. i was not able (invalid creds). so i did a packet trace and i see the issue:

as you can see, the creds freepbx is sending to my ldap server have my domain twice. so, did i configure something wrong or is this a bug? btw, i did not enter my domain at the login prompt, i just entered ‘tonyg’

thanks


(Andrew Nagy) #19

I would have to see your configuration. Anything else would be a guess

The primary group code works fine for me. It does a lookup of the group based on gid. This is in the library code it’s not something I can fix.


(Tony Guadagno) #20

andrew, here is my directory config. i have reviewed the settings and I don’t see anything that would result in the domain being appended twice.