I’m currently running FreePBX 2.10 on asterisk 1.8, and I’m trying to set AUTHTYPE to “database” via the UI settings rather than editing /etc/amportal.conf but am not able to find it under “advanced settings”, or any other menu location. Any pointers would be great.
Also, related question: do I need to remove the “admin” administrator prior to changing AUTHTYPE to “Database”? There seems to be different thoughts on that in the support pages so again any pointers would be helpful.
Make sure to enable Display Readonly Settings and Override Readonly Settings, then locate under System Setup, locate Authorization Type.
Default is turned on…
Yes, as soon as I turned those two on, they were visible and editable. Thanks!
Any thoughts on second question: Do I need to remove the current “admin” account PRIOR to setting to “database”?
Its already database by default …
It might have been a default at one point, but Currently mine is set to “none”. Admin panel also concurs on this setting as it says “please change settings before adding users”. But “admin” user already exists s want to make sure I don’t lock myself out…
Oh you’re probably right, its set to none, i had it set to default in my install scripts that’s why all my clients (that i’ve seen before replying you) was database as authtype.
Go ahead and change it, should not break anything besides, we can fix it via mysql in worst case.
Ill just take a snapshot of it before I make a change, so I can reset just prior to making change.
It’s not that big a deal, you can do an ‘amportal authtype’ and change it from the shell if you ever get stuck.
yeah Im sure I can do cmdline changes, but trying to stay within UI so that any “necessary” changes are handled by freepbx. Ideally, nothing would need be done outside the UI, to ensure all changes are made correctly.
I havent tried logging in yet after the change, so hopefully I wont be locked out.
amportal is FreePBX!
FreePBX has several command line tools. You need to know amportal, that is how you start/stop and control FreePBX. Module_admin allows you to manage modules from the shell. Very important if you hose something in the GUI.
Yes, sorry I spoke imprecisely. Let me rephrase…
Getting locked out of freepbx via password protected modules I fear would also mean being locked out of AMPortal, and necessitating manual manipulation of .conf files they touch, and / or mysql records, actions I’m very comfortable taking so long as I have the complete set of things I must do (e.g. changing default passwords on FPBX prior to 2.9 often led to lock out if all files weren’t changed).
The UI/Amportal scripts “ensure” all the things required to be touched and changed for a given function are completed.
You are exactly right, my intent is I don’t want people to be scared of amportal. It is a very important tool if you need to start/stop your server or just to make sure all the permissions are right (amportal chown). In addition amportal allows you to bump the authtype if you forget your password.
Changing passwords from SQL is a pain because the data is hashed.
Agreed, being fearful of good tools is not a good thing.
But I can’t help but wonder if some of that fear is borne from lack of complete and authoritative documentation of how to wield the tool.
I feel badly for even discussing this given the herculean effort put forth by the FreePBX team in delivering an amazing experience FOR FREE, but I often find the docs for FreePBX struggling to keep pace with the product itself, leaving non-obvious aspects of Asterisk and FreePBX settings ambiguous. I know for me, the hesitancy in setting some feature is really of not knowing what to do, or having conflicting instructions, or just generally doing the wrong thing, and then not knowing how to “revert” (which would be a nice feature: “Restore points”) or perhaps not being able to revert.
The authtype is one such item. Until you guys replied, I really wasn’t clear how far I was sticking my finger into the socket with the given context-sensitive help in enabling “database” even though the doc wording was clear enough, since there was conflicting info on whether administrator accounts could be existing before enabling “database” setting, and the info found in forums didn’t provide enough detail to decide. Direct answers from you and Sanjay lead me to “take a chance”, and hopefully I won’t be hosed when I have to re-login to UI.
Prior to 2.9 (or post for that matter) feel free to edit /etc/amportal ad-hoc in real-time as to AUTHTYPE=none, FreePBX will let you in without creds. after saving the file, it won’t let you commit the admins changes until you change back to AUTHTYPE=database and save amportal.conf ( you can do that in real time too, just an ssh shell, nano and a quick ctrl-o BEFORE hitting the red bit )
(Very handy whilst migrating machines with backup/restore to different platforms/distributions with different admin credentials (using similar versions of course), it even works with Trickbox! )
The state of Asterisk/FreePBX is nicely static as to the textual version of amportal.conf as long as you don’t hit the red thingy at the wrong time and have it regenerated. (if you think about it, it has to be )
The documentation is likely going to continue to be an issue until a group steps up and takes on the task. Developers should be developing, we really need tech writer volunteers.
Thanks for responding. This is exactly the consistency issue I was referring to.
With AUTHTYPE=none was set, when I slid the control from “user” to “admin” on home page, a password challenge popped up. Entering current “master” password let me in. Then when I clicked on “FreePBX” GUI element, a password challenge popped up, and I entered “maint” as account, and the master password, and the FreePBX GUI popped up.
Now with AUTHTYPE-database set, I’m curious 1. which challenges I will see and 2. which accounts and password combos I will need to pass the challenge(s). It is not clear from documentation what to expect after setting database mode. I guess I will find out! Just hope I won’t get “lost in the maze of twisty little passages, all which look alike”…
I think I suggested not using the GUI, just modify amportal.conf, when FreePBX is running, it is basically a set of static html pages, the php based “lookup” is done also ad-hoc into those pages including amportal.conf that right now only query the html and not the mysql stuff. So a little oppertunity there to set up new admin creds, change back to database, save the file, then the new creds back into the mysql tables, thus tricking FreePBX into thinking it’s in charge again even though it was asleep for a while. Just a pragmatic solution using lateral thinking, but it works. and certainly way easier for me than writing a script to inject straight into mysql, like:-
cat /etc/amportal.conf |grep -r "^AMPDBPASS"|cut -d "=" -f2 -u
cat /etc/amportal.conf |grep -r "^AMPDBUSER"|cut -d "=" -f2 -D asterisk -e “INSERT INTO ampusers (username, password_sha1, sections) VALUES (‘dicko’, ‘
echo -n "mypassword"|sha1sum|cut -d " " -f1’, ‘*’)”
but that should work as well if you want to do it that way or you need a “belt and braces” recovery strategy
(hmm, seem to have pretty well written it anyway, I need to get a life!)
What user admin slider? What distro are you using?
“maint” and “master” sounds to me like PIAF, haven’t been there for a while though, I don’t trust anything that “compiles” things for me (that goes for Schmooze commercial stuff too, just in case anyone cares, I’m just kindof a true “open sources” guy, just like FreePBX used to be . . .)
Edit the admin user in the “Administrators” module. click it and change the password click save and reload