I am hoping that someone here has a helpful solution to this issue, as I have been trying to resolve this for a while now with no luck.
I am running FreePBX 2.9.0.5. I recently received the notification in FreePBX “You are running with the default, well-known Asterisk Manager Password” message, and so I changed the value of AMPMGRPASS in the two files that I am supposed to – namely, /etc/amportal.conf and /etc/asterisk/manager.conf.
However, upon attempting to reload the config in FreePBX, I get the following fatal error:
exit: 1
Mon, 30 May 2011 18:21:35 -0700 - Failed to login.
[FATAL] Unable to connect to Asterisk Manager from /var/lib/asterisk/bin/retrieve_conf, aborting
Needless to say, the Asterisk status in the FreePBX GUI is now red, and none of the areas such as Extensions, etc., are accessible.
Looking for other instances of the default Asterisk Manager Password in the config files, I found it also in the file /etc/asterisk/extensions_additional.conf but changing it there as well had no effect. I have taken all obvious steps, such as restarting the server, etc.
Does anyone know how I can get FreePBX working properly again without changing back to the default Asterisk Manager Password (and presumably, re-opening the vulnerability)?
Thanks, any assistance would be greatly appreciated.
– Wentil
PS: As an aside, if this is a security hole (as would seem to be indicated by the error message), the process of changing this password should be much easier, and indeed, each install should use a randomly-generated password instead of every install using the same default password.
The FreePBX distribution provides automatic random passwords. If you install by hand or via a distribution that does not provide this facility you must take care of it yourself.
WRT your question, did your restart Asterisk?
Make sure the passwords in manager.conf and amportal.conf match exactly then run an amportal stop/amportal start.
Hi, Skyking. Thanks for taking the time to reply and help me out, I really appreciate it!
To explain a bit further, I installed the latest version of FreePBX from the ISO available at the FreePBX site, and did all the upgrades up to Beta from inside the GUI, and at the end of it all, the default Asterisk Manager Password was still in place (it’s a Hidden Setting). I’m kind of surprised FreePBX did not provide the random password functionality on the ISO, but that’s neither here nor there – if they’ve added it in the source, I’m sure it will make it to the ISO version in time. In the meanwhile, I can just keep changing it by hand… well, hopefully.
Anyway, WRT suggesting restarting Asterisk, yes, certainly I restarted Asterisk. As per my original post, I even restarted the entire server. There was no change.
Looking at the top of the /etc/amportal.conf I took note of the warning:
#;-----------------------------------------------------------------------------$
#; Do NOT edit this file as it is auto-generated by FreePBX. All modifications $
#; this file must be done via the Web GUI. There are alternative files to make
#; custom modifications, details at: http://freepbx.org/configuration_files
#;-----------------------------------------------------------------------------$
Which leads me to believe I should have changed it through the GUI instead of via shell and nano. Why I didn’t see that before I don’t know. Although, it shouldn’t make a difference for test purposes.
So I am changing it back to the default password and will try altering it in the Advanced Settings page under FreePBX. I’ll post my results here momentarily.
I changed all three config files back to the default password, and everything worked again.
So I then went into the Advanced Settings area, revealed the Hidden and Read-Only options, overrode the Read-Only options and changed the password there.
The same problem, and the same error, occurs as when I manually edited the files.
I reverted to the default password and it works again.
Obviously we can’t leave it with the default password set like this – it surely must be a security hole given the “well-known” password warning that popped up in FreePBX, but I’m not sure why it’s a Hidden Setting if it’s a security hole.
The only ports I am exposing are SSH, WEB, SIP:TCP, SIP:UDP, UDP 5060-5080 and UDP 10000-20000, and I start/stop the httpd service (it’s set to not start up on boot by default) when I need it, shutting it down after I am done accessing the FreePBX interface.
I am only concerned because FreePBX warned that I was still using the default, well-known password.
If it is a moot point, why would FreePBX issue a warning?
I would very much like to change the password, but the normal methods just don’t seem to be working.
Thanks for taking the time to write, and to help me out on this. I really, really appreciate it.
I installed from the latest ISO image downloaded from the FreePBX site, “AsteriskNOW-1.7.1-i386.iso”. From there I performed all available updates through the FreePBX GUI and am now running FreePBX 2.9.0.5. I was notified by FreePBX the other day that the default Asterisk Manager Password was in place, and checking, I found that to be true (although I had changed all other passwords when asked).
Initially I tried changing that Default Password from bash using nano in the three conf files that contain it:
But once it was changed, FreePBX lost its Asterisk Status and would not perform a config update. Even forcing a reload through rebooting the server did not change this. So, I changed the password back to the default – and all worked fine once again.
Re-reading the notice at the top of the config files, I went into the Advanced Settings area, revealed the Hidden and Read-Only options to show the Asterisk Manager Password, overrode the Read-Only options and changed the password there.
Yet the same problem, and the same error, occured as when I manually edited the files – a red Asterisk status and FreePBX would not reload its config files.
So, I reverted to the default password and it worked again.
Is there some other area in the FreePBX GUI to change the Asterisk Manager Password, other than the Hidden area under the Advanced Settings tab? What am I doing wrong?
Your not doing anything wrong. Due to the inner workings of FreePBX, your encountering a “race condition” where two event need to take place after each other - and each needs the other to go first. Try this: edit manager.conf then update Advanced Settings. Then, from the asterisk cli do a ‘module reload manager’. Now see if FreePBX will play nice.
Well, the bad news is that someone definitely needed this info. The good news is that you guys worked this out and blazed the trail for me.
I certainly don’t want to cast any stones in my glass house, but as a developer, I have to ask the question, how the heck did this make it through any testing? Changing the password from the default should be a pretty basic test case.
At any rate, I’m just glad to be back up and running. You guys are awesome, thanks for a great product!
I found this thread by searching for errors from the original poster. I’ve tried everything in this thread, including the resolution, but I must be doing it wrong.
To the point, that even the default password doesn’t work.
Can anyone lend a hand?
I have followed this procedure (maybe wrong)
edited /etc/asterisk/manager.conf
edited Advanced Settings (and clicked save, but not Apply – it will fail)
I’ve done “module reload manager” from the CLI.
While in the console, I see this:
== Connect attempt from ‘127.0.0.1’ unable to authenticate
And retrieve_conf shows me this:
[asterisk@pbx ~]$ /var/lib/asterisk/bin/retrieve_conf
[FATAL] Unable to connect to Asterisk Manager from /var/lib/asterisk/bin/retrieve_conf, aborting
Well, I got this working. I went over everything.
Finally, I decided to run a tcpdump on port 5038, and I trapped the password that FreePBX was sending to Asterisk. I changed asterisk to this password, and everything played nice.
It wasn’t the default password, and it wasn’t my new password. but it was a password I had changed while testing. I still do not know where that password was stored. I manually changed amportal.conf and manager.conf… but this password was stored elsewhere.