Administrators module and changing password

I have locked myself out of my web gui…

I tried to use the “Administrators module” to change my password after the recent 0-day stuff, and evidently had a fat finger typo in the single-blank password field. Without a second confirm password field, I guess I inadvertently hit an extra key…

Anyway, ssh’d in as root and found that the passwords in /etc/asterisk/manager.conf and /etc/amportal.conf are my old password??? So does the “Administrators module” change the password somewhere else?

How can I reset my web admin user from the command line?

The password is stored in the database not in those files. manager.conf is for asterisk so that freepbx can connect to it, not so you can login.

I guess I was confused, because the values in those files were somehow exactly the same as what I used the first time I logged into the portal and setup the administrator listed in the Administrator module.

I followed that page and was able to log in using the session id and just deleted the admin user and also reverted all users/passwords to the defaults in advanced settings.

Now I am happily able to log in, but the settings in advanced settings are:

Asterisk Manager Password? amp111
Asterisk Manager User ? admin

User Portal Admin Username? 'my-uid’
User Portal Admin Password? ‘my-secret’ <------and here my password is displayed in clear text

Is this the default when you create a new admin at first login to the portal?

Should I change any of these to be different?

Change “User Portal Admin” to something else. It’s rarely used. Unless you are logging into ARI as an Admin

I have tested adding and removing my admin a couple of times, and each time the user portal admin and secret are set to be the exact same uid/pwd as what I create for my gui admin. It does this automagically.

I have also noticed that the status screen nags you if you leave asterisk manager password set to the default amp111.

Oh, I should also mention that this is under FreePBX 12 w/ Asterisk 12.

So my understanding is that I should have:
Web GUI username: username 1
Web GUI pwd: password 1

Asterisk Manager Password? change from amp111 to password 2
Asterisk Manager User ? admin

User Portal Admin Username? change from username 1 it auto-copies from above to username 3
User Portal Admin Password? change from password 1 it auto-copies from above to password 3

Ok then ignore “User Portal Admin”. Just ignore it. In fact those settings are completely meaningless in 12 especially if you removed fw_ari

I fixed this in FreePBX ARI Framework 12.0.7, so if you don’t want to see those settings then install ARI Framework… then uninstall it (yes). They will go away after that