FOP2 Manager login fails, not enough privledges

  1. 7 years ago

    Just updated to 2.31.11 and my FreePBX credentials are no longer allowing me to login to the FOP2 Manager section. Before the upgrade I was able to login without issue. After the upgrade of FOP2, and no other changes, I wasn't able to. Logging into FreePBX Admin first and then trying to login to FOP2, which used to automatically log me in, no longer works.

    What I've figured out so far in working on this;

    FreePBX has two sections where you can define user permissions. The old area is under Admin -> Administrators (with a big warning about how this is going away, mind you my FreePBX install isn't 100% updated right now). The other area is under Admin -> User Management. That is where everything is moving, or has been moved.

    I created a user in Admin -> Administrators and granted all the permissions. That login WORKS with FOP2.
    I created a user in Admin -> User Management and granted all the permission. That login DOESN'T WORK with FOP2.

    Now, keep in mind that before upgrade FOP2 just now it DID work with the user created in Admin -> User Management.

    I will note that my FreePBX is setup in Admin -> User Management -> Authentication Setting to use Authentication Engine Microsoft Active Directory. But AGAIN, this worked before the FOP2 upgrade.

    Also, adding to /var/www/html/fop2/admin/config.php

    define('USE_BACKEND_AUTH',false);

    allows me to login with the defined admin user/password. But that isn't what I want to do.

    What should I do? Everything else is working fine.

  2. When you login to the admin are you seeing the plugins section?

  3. @mvogel@cqsimple.com When you login to the admin are you seeing the plugins section?

    Nope. Not unless I log in using last method, bypassing FreePBX authentication mechanism.

    define('USE_BACKEND_AUTH',false);
  4. Did some digging. During the install/upgrade I went from 2.31.04 to 2.31.11.

    At the end I got this;

    New configuration file /usr/local/fop2/fop2.cfg.new installed. Original fop2.cfg preserved.
    New configuration file /var/www/html/fop2/config.new.php installed. Original config.php preserved.
    New configuration file /var/www/html/fop2/admin/config.new.php installed. Original config.php preserved.

    Looking at those 3 files I noted that they had some changes, specifically around authentication. So I moved the original files out of the way and renamed the .new files in their place. I also took note of the permissions on the original files and made sure the new ones going in their place matched.

    I have 2 FreePBX/FOP2 systems. One uses is using the FreePBX database backed for users (set in User Manager), while the other one that I mentioned in my original post uses an AD backend.

    Results
    Neither system seemlessly logs into FOP2 after authenticating to FreePBX with my Admin account. HOWEVER, the system using the FreePBX internal backed for users DOES accept the credentials when I provide them at the FOP2 Manager login screen AND the plugins section is shown. The system using the AD backend does NOT accept the credentials for the AD account that I use to login to FreePBX.

    My Guess
    This did work previously with FOP2/FreePBX. I suspect when FreePBX is set to use AD credentials it only worked before because FreePBX and FOP2 were "passing" the FreePBX login session along. That actually trying to type the login credentials into FOP2 Manager would have failed. And currently this passing of the session is broken due to a change on FreePBX or FOP2.

  5. Edited 7 years ago by jgould

    Read through THIS THREAD.

    Correct permissions are set on

    /var/lib/php/session

    Performed the mysql queries as well, and it looks correct.
    My admin account exists (the one I'm logging in with) and the SHA1 hash matches.

    [root@pbx]# mysql -p asterisk -e "select * from ampusers"
    Enter password:
    +----------+---------------+---------------+----------------+----------+---------+
    | username | password_sha1 | extension_low | extension_high | deptname | sections|
    +----------+---------------+---------------+----------------+----------+---------+
    | jgould   | xxxxxxxxxxxxx |               |                |          | *       |
    +----------+---------------+---------------+----------------+----------+---------+
    
    [root@pbx]# mysql -u root -p asterisk -e "select sha1('xxxxxxxx')"
    Enter password:
    +------------------------+
    | sha1('mypass')         |
    +------------------------+
    | xxxxxxxx               |
    +------------------------+

    At least on the system that uses the FreePBX internal database. The system that pulls accounts into user manager from AD does not show the AD user account I use for FreePBX GUI Admin access. I suspect those are stored differently.

    Again, all I did between it working and when it stopped was download the latest fop2.tgz to /usr/src, extract, run make file, restart service. This moved me from 2.31.04 to 2.31.11.

  6. admin

    4 Sep 2017 Administrator

    Hi,

    The issue you had with the system that has FreePBX and worked after entering credentials again was fixed in today's release (FOP2 access control was not initiated when a backend session was already present).

    Another change you need to do in config.php is to set USE_BACKEND_AUTH instead of USE_FREEPBX_AUTH

    Not sure what you mean with AD (is active directory)? FOP2 Manager won't authenticate with that, you will have to set USE_BACKEND_AUTH to false and use own FOP2 Manager admin users administration.

    Best regards,

or Sign Up to reply!