Administrators module and changing password

jcbdmd · October 1, 2014, 10:46pm

I have locked myself out of my web gui…

I tried to use the “Administrators module” to change my password after the recent 0-day stuff, and evidently had a fat finger typo in the single-blank password field. Without a second confirm password field, I guess I inadvertently hit an extra key…

Anyway, ssh’d in as root and found that the passwords in /etc/asterisk/manager.conf and /etc/amportal.conf are my old password??? So does the “Administrators module” change the password somewhere else?

How can I reset my web admin user from the command line?

tm1000 · October 1, 2014, 11:12pm

The password is stored in the database not in those files. manager.conf is for asterisk so that freepbx can connect to it, not so you can login.

http://wiki.freepbx.org/display/L1/amportal+commands#amportalcommands-Unlock

jcbdmd · October 1, 2014, 11:27pm

I guess I was confused, because the values in those files were somehow exactly the same as what I used the first time I logged into the portal and setup the administrator listed in the Administrator module.

I followed that page and was able to log in using the session id and just deleted the admin user and also reverted all users/passwords to the defaults in advanced settings.

Now I am happily able to log in, but the settings in advanced settings are:

Asterisk Manager Password? amp111
Asterisk Manager User ? admin

User Portal Admin Username? 'my-uid’
User Portal Admin Password? ‘my-secret’ <------and here my password is displayed in clear text

Is this the default when you create a new admin at first login to the portal?

Should I change any of these to be different?

tm1000 · October 1, 2014, 11:54pm

Change “User Portal Admin” to something else. It’s rarely used. Unless you are logging into ARI as an Admin

jcbdmd · October 2, 2014, 12:09am

I have tested adding and removing my admin a couple of times, and each time the user portal admin and secret are set to be the exact same uid/pwd as what I create for my gui admin. It does this automagically.

I have also noticed that the status screen nags you if you leave asterisk manager password set to the default amp111.

Oh, I should also mention that this is under FreePBX 12 w/ Asterisk 12.

So my understanding is that I should have:
Web GUI username: username 1
Web GUI pwd: password 1

Asterisk Manager Password? change from amp111 to password 2
Asterisk Manager User ? admin

User Portal Admin Username? change from username 1 it auto-copies from above to username 3
User Portal Admin Password? change from password 1 it auto-copies from above to password 3

tm1000 · October 2, 2014, 12:23am

Ok then ignore “User Portal Admin”. Just ignore it. In fact those settings are completely meaningless in 12 especially if you removed fw_ari

tm1000 · October 2, 2014, 12:42am

I fixed this in FreePBX ARI Framework 12.0.7, so if you don’t want to see those settings then install ARI Framework… then uninstall it (yes). They will go away after that