Changing default Asterisk Manager Password results in Fatal error "Unable to connect to Asterisk Manager from /var/lib/asterisk"

Hi, Folks –

I am hoping that someone here has a helpful solution to this issue, as I have been trying to resolve this for a while now with no luck.

I am running FreePBX 2.9.0.5. I recently received the notification in FreePBX “You are running with the default, well-known Asterisk Manager Password” message, and so I changed the value of AMPMGRPASS in the two files that I am supposed to – namely, /etc/amportal.conf and /etc/asterisk/manager.conf.

However, upon attempting to reload the config in FreePBX, I get the following fatal error:


exit: 1
Mon, 30 May 2011 18:21:35 -0700 - Failed to login.
[FATAL] Unable to connect to Asterisk Manager from /var/lib/asterisk/bin/retrieve_conf, aborting

Needless to say, the Asterisk status in the FreePBX GUI is now red, and none of the areas such as Extensions, etc., are accessible.

Looking for other instances of the default Asterisk Manager Password in the config files, I found it also in the file /etc/asterisk/extensions_additional.conf but changing it there as well had no effect. I have taken all obvious steps, such as restarting the server, etc.

Does anyone know how I can get FreePBX working properly again without changing back to the default Asterisk Manager Password (and presumably, re-opening the vulnerability)?

Thanks, any assistance would be greatly appreciated.

– Wentil

PS: As an aside, if this is a security hole (as would seem to be indicated by the error message), the process of changing this password should be much easier, and indeed, each install should use a randomly-generated password instead of every install using the same default password.

The FreePBX distribution provides automatic random passwords. If you install by hand or via a distribution that does not provide this facility you must take care of it yourself.

WRT your question, did your restart Asterisk?

Make sure the passwords in manager.conf and amportal.conf match exactly then run an amportal stop/amportal start.

Hi, Skyking. Thanks for taking the time to reply and help me out, I really appreciate it!

To explain a bit further, I installed the latest version of FreePBX from the ISO available at the FreePBX site, and did all the upgrades up to Beta from inside the GUI, and at the end of it all, the default Asterisk Manager Password was still in place (it’s a Hidden Setting). I’m kind of surprised FreePBX did not provide the random password functionality on the ISO, but that’s neither here nor there – if they’ve added it in the source, I’m sure it will make it to the ISO version in time. In the meanwhile, I can just keep changing it by hand… well, hopefully.

Anyway, WRT suggesting restarting Asterisk, yes, certainly I restarted Asterisk. As per my original post, I even restarted the entire server. There was no change.

Looking at the top of the /etc/amportal.conf I took note of the warning:

#;-----------------------------------------------------------------------------$
#; Do NOT edit this file as it is auto-generated by FreePBX. All modifications $
#; this file must be done via the Web GUI. There are alternative files to make
#; custom modifications, details at: http://freepbx.org/configuration_files
#;-----------------------------------------------------------------------------$

Which leads me to believe I should have changed it through the GUI instead of via shell and nano. Why I didn’t see that before I don’t know. Although, it shouldn’t make a difference for test purposes.

So I am changing it back to the default password and will try altering it in the Advanced Settings page under FreePBX. I’ll post my results here momentarily.

I changed all three config files back to the default password, and everything worked again.

So I then went into the Advanced Settings area, revealed the Hidden and Read-Only options, overrode the Read-Only options and changed the password there.

The same problem, and the same error, occurs as when I manually edited the files.

I reverted to the default password and it works again.

Obviously we can’t leave it with the default password set like this – it surely must be a security hole given the “well-known” password warning that popped up in FreePBX, but I’m not sure why it’s a Hidden Setting if it’s a security hole.

Any thoughts or suggestions?

The distro does indeed generate a random password. I am not sure what is happening.

I do have a question, why would you expose the MySQL port to the Internet? There is no good reason. If MySQL is not exposed the PWD issue is mute.

Hi again, Skyking!

I am not exposing the MySQL Port.

The only ports I am exposing are SSH, WEB, SIP:TCP, SIP:UDP, UDP 5060-5080 and UDP 10000-20000, and I start/stop the httpd service (it’s set to not start up on boot by default) when I need it, shutting it down after I am done accessing the FreePBX interface.

I am only concerned because FreePBX warned that I was still using the default, well-known password.

If it is a moot point, why would FreePBX issue a warning?

I would very much like to change the password, but the normal methods just don’t seem to be working.

– Wentil

Might anyone else have experienced this and have found a way to change the Asterisk Manager Password without causing this error?

Distro installes DO use random password. Where did you try to change the password from?

Hi Moshe –

Thanks for taking the time to write, and to help me out on this. I really, really appreciate it.

I installed from the latest ISO image downloaded from the FreePBX site, “AsteriskNOW-1.7.1-i386.iso”. From there I performed all available updates through the FreePBX GUI and am now running FreePBX 2.9.0.5. I was notified by FreePBX the other day that the default Asterisk Manager Password was in place, and checking, I found that to be true (although I had changed all other passwords when asked).

Initially I tried changing that Default Password from bash using nano in the three conf files that contain it:

– /etc/amportal.conf
– /etc/asterisk/manager.conf
– /etc/asterisk/extensions_additional.conf

But once it was changed, FreePBX lost its Asterisk Status and would not perform a config update. Even forcing a reload through rebooting the server did not change this. So, I changed the password back to the default – and all worked fine once again.

Re-reading the notice at the top of the config files, I went into the Advanced Settings area, revealed the Hidden and Read-Only options to show the Asterisk Manager Password, overrode the Read-Only options and changed the password there.

Yet the same problem, and the same error, occured as when I manually edited the files – a red Asterisk status and FreePBX would not reload its config files.

So, I reverted to the default password and it worked again.

Is there some other area in the FreePBX GUI to change the Asterisk Manager Password, other than the Hidden area under the Advanced Settings tab? What am I doing wrong?

– Wentil

Your not doing anything wrong. Due to the inner workings of FreePBX, your encountering a “race condition” where two event need to take place after each other - and each needs the other to go first. Try this: edit manager.conf then update Advanced Settings. Then, from the asterisk cli do a ‘module reload manager’. Now see if FreePBX will play nice.

1 Like

Hi Moshe –

That did it! The password has been changed, and FreePBX is working fine.

Thanks once again for your help in this matter – really!

I hope this thread is useful to other folks who experience this same issue.

– Wentil

…and I hope that we close the bug thats open on this issue so that no one will need this thread :slight_smile:

That’s always best. :slight_smile:

Well, the bad news is that someone definitely needed this info. The good news is that you guys worked this out and blazed the trail for me.

I certainly don’t want to cast any stones in my glass house, but as a developer, I have to ask the question, how the heck did this make it through any testing? Changing the password from the default should be a pretty basic test case.

At any rate, I’m just glad to be back up and running. You guys are awesome, thanks for a great product!

Jamie

Now works again!

It solved my issues with freePBX 2.9.

Although I still have a blank page trying to use the embedded freePBX in Elastix 2.2 :-((

But hé I can config use “ipaddress”/admin/index.php (this is Asterisk, I know)

Thanks.

You are in a race condition, follow these steps:

view /etc/amportal.conf

Change /etc/asterisk/manager.conf to match amportal settings.

The command is “manager reload” from the asterisk CLI.

You should now be all set.

I am also having this problem.

I found this thread by searching for errors from the original poster. I’ve tried everything in this thread, including the resolution, but I must be doing it wrong.

To the point, that even the default password doesn’t work.

Can anyone lend a hand?

I have followed this procedure (maybe wrong)
edited /etc/asterisk/manager.conf
edited Advanced Settings (and clicked save, but not Apply – it will fail)
I’ve done “module reload manager” from the CLI.

While in the console, I see this:
== Connect attempt from ‘127.0.0.1’ unable to authenticate

And retrieve_conf shows me this:
[[email protected] ~]$ /var/lib/asterisk/bin/retrieve_conf

[FATAL] Unable to connect to Asterisk Manager from /var/lib/asterisk/bin/retrieve_conf, aborting

I’m unsure of what else do to.

Well, I got this working. I went over everything.
Finally, I decided to run a tcpdump on port 5038, and I trapped the password that FreePBX was sending to Asterisk. I changed asterisk to this password, and everything played nice.

It wasn’t the default password, and it wasn’t my new password. but it was a password I had changed while testing. I still do not know where that password was stored. I manually changed amportal.conf and manager.conf… but this password was stored elsewhere.

Yes starting with 2.9 it is stored and read from the MySQL Database not amportal.conf