FOP2 Manager Access and Login Issue
I've been successfully using FOP Version 2.28 (final) for CentOS and FOP2 Manager 1.0.4 and all has been great... until recently. FOP2 coexists on PBX in a Flash based Asterisk (Ver. 11.4.0).
Just recently I've noticed access to FOP2 Manager works intermittently from select PC's. I'm prompted to log in and all attempts return a message of "Invalid Credentials".
At the same time, I've noticed FOP2 Manager "can never be accessed" from select other PC's even though some others still can. All PC's are on the same internal network subnet and the symptom outlined is experienced regardless of the browser type used. I've tried Firefox, IE and Chrome from all PC's with the same exact results. Again, some PC's can successfully access FOP2 Manager while others cannot. At other times none of my PC's can access FOP2 Manager. I'm prompted to log in and all possible credentials fail.
I've checked the FOP2.cfg and manager.conf files and all appears to be correct based on the FOP2 installation instructions. This particular system never used FOP1 and as stated everything has been fine until just recently.
I've run the following commands and received the results shown. I "assume" the bind: Address already in use at script/fop2_server.pl line 11308 message is not normal.
I've performed the usual, stop and restart FOP2, rebooting the entire server, PC's, clearing my browser cache and cookies, etc. The FOP2 client interface works fine. Only the FOP2 Manager experiences this condition.
I welcome thoughts on how I may overcome this both intermittent and consistent FOP2 Manager failure. Thank you!
root@pbxinaflash:~ $ /usr/local/fop2/fop2_server --test
Flash Operator Panel 2 - White Label Version.
Flash Operator Panel 2 - Valid License (7)
Connection to manager OK!
root@pbxinaflash:~ $ /usr/local/fop2/fop2_server -X 3
Flash Operator Panel 2 - White Label Version.
bind: Address already in use at script/fop2_server.pl line 11308.
Just recently I've noticed access to FOP2 Manager works intermittently from select PC's. I'm prompted to log in and all attempts return a message of "Invalid Credentials".
At the same time, I've noticed FOP2 Manager "can never be accessed" from select other PC's even though some others still can. All PC's are on the same internal network subnet and the symptom outlined is experienced regardless of the browser type used. I've tried Firefox, IE and Chrome from all PC's with the same exact results. Again, some PC's can successfully access FOP2 Manager while others cannot. At other times none of my PC's can access FOP2 Manager. I'm prompted to log in and all possible credentials fail.
I've checked the FOP2.cfg and manager.conf files and all appears to be correct based on the FOP2 installation instructions. This particular system never used FOP1 and as stated everything has been fine until just recently.
I've run the following commands and received the results shown. I "assume" the bind: Address already in use at script/fop2_server.pl line 11308 message is not normal.
I've performed the usual, stop and restart FOP2, rebooting the entire server, PC's, clearing my browser cache and cookies, etc. The FOP2 client interface works fine. Only the FOP2 Manager experiences this condition.
I welcome thoughts on how I may overcome this both intermittent and consistent FOP2 Manager failure. Thank you!
root@pbxinaflash:~ $ /usr/local/fop2/fop2_server --test
Flash Operator Panel 2 - White Label Version.
Flash Operator Panel 2 - Valid License (7)
Connection to manager OK!
root@pbxinaflash:~ $ /usr/local/fop2/fop2_server -X 3
Flash Operator Panel 2 - White Label Version.
bind: Address already in use at script/fop2_server.pl line 11308.
Comments
The fop2 manager is a php application, totally independent from FOP2 itself. Restarting FOP2, running --test, trying to start it in debug, or anything like that, will not affect at all the access to the fop2 manager page.
The bind address already in use you see is because FOP2 *is already* running, and you attempt to start another instance. That is not allowed, and it says so. It is also normal, you have to stop the running instance if you want to start it in debug mode without detaching from the console.
Anyways, as I said before, the fop2 server in itself does not have anything to do with the ability to load the manager pages. Invalid credentials means what it means, and it does not make sense that you can access it from some machine/browser, and you can't do it from a different one. It is a web based application, ability to log or not is not dependant on the browser... you might need to enable cookies, not sure what would happen if cookies are not allowed... check that you do enable/allow cookies for that domain on those failing browsers.
Best regards,
While investigating further, the situation has unfortunately changed for the worse. Now none of the PC's on the same local subnet as the server can access FOP2 Manager using http://myserveripaddress/fop2/admin/. Every PC and browser is now prompted to log in as reflected within the attached screen shot. I've attempted to log in using all possible user names and passwords and receive an "Invalid Credentials" message as shown in the second screen shot also attached.
Here's the general section from my current fop2.cfg file.
[general]
; AMI definitions
; manager_host=localhost
manager_host=127.0.0.1
manager_port=5038
manager_user=fop2
manager_secret=myfop2secrethere
;event_mask=agent,call,command,system,user,dialplan
Here's the FOP2 related sections from my current manager.conf file.
[general]
enabled = yes
port = 5038
bindaddr = 127.0.0.1
[fop2]
secret = myfop2secrethere
deny = 0.0.0.0/0.0.0.0
permit = 127.0.0.1/255.255.255.0
read = all
write = all
writetimeout = 1000
eventfilter=!Event: RTCP*
eventfilter=!Event: VarSet
eventfilter=!Event: Cdr
eventfilter=!Event: DTMF
eventfilter=!Event: AGIExec
eventfilter=!Event: ExtensionStatus
eventfilter=!Event: ChannelUpdate
eventfilter=!Event: ChallengeSent
eventfilter=!Event: SuccessfulAuth
[admin]
secret = myadminsecrethere
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.0
read = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate
write = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate
writetimeout = 5000
I read the following post and confirmed the group and owner of the /var/lib/php/session folder is asterisk asterisk. The current permissions on that folder is rwxrwx---.
http://forum.fop2.com/3847-no-manager-login-anymore/0
I completely understand your point that FOP2 Manager is a PHP application and should simply work from any internal PC or browser. At one point it did but it no longer does.
I've been trying to figure out what would cause FOP2 Manager to prompt for credentials. Are there any logs I can view that might provide some insight?
Thanks again.
Anyways, if you cannot login from ANY machine, that is actually a good sign ,and an indication of that what you might have broken is not related to fop2 manager at all, but to your php sessions. Check your apache error log file, and look for session errors/problems.
It is surprisingly usual when using some ready made distros, where they offer an apache web server that runs under the "asterisk" user, that is different from the regular distro web server that usually has a special user like nobody, www-data, or similar. Whe those systems update apache or php via yum or repositories, they might install the original distro package and not the modified asterisk distro one, so files and directories change ownership back to apache, www-data or whatever. However, the configuration file remains the same and runs under 'asterisk'. That effectively breaks php session handling
The fix is usually changing ownership of the session variable, something like:
chown asterisk.asterisk /var/lib/php/session
Best regards,
Anyways, if you cannot login from ANY machine, that is actually a good sign ,and an indication of that what you might have broken is not related to fop2 manager at all, but to your php sessions. Check your apache error log file, and look for session errors/problems.
It is surprisingly usual when using some ready made distros, where they offer an apache web server that runs under the "asterisk" user, that is different from the regular distro web server that usually has a special user like nobody, www-data, or similar. Whe those systems update apache or php via yum or repositories, they might install the original distro package and not the modified asterisk distro one, so files and directories change ownership back to apache, www-data or whatever. However, the configuration file remains the same and runs under 'asterisk'. That effectively breaks php session handling
The fix is usually changing ownership of the session variable, something like:
chown asterisk.asterisk /var/lib/php/session
Best regards,
I've tried using both the internal host name as well as the server IP address. No change in FOP2 Manager behavior.
I can successfully log in to the PBX in a Flash FreePBX interface just fine. All PC's and browsers being used can access all other applications and websites without issue, both internal and external.
I've attached the associated access logs from within /var/log/httpd for your review. Nothing stood out to me. The error_log had nothing to report.
By the way, I'm again experiencing intermittent FOP2 Manager access issues again. While typing this message I used a separate Firefox browser tab to perform another FOP2 Manager attempt and it worked. I closed that session and tried again from the same PC using IE and Chrome and they both prompted me to log in and failed. I then opened another Firefox tab and it failed there as well. This condition is only experienced when I access the FOP2 Manager interface.
I've confirmed the /var/lib/php/session folder has asterisk as the owner (see attached). I also ran chown asterisk.asterisk /var/lib/php/session without any change in this behavior.
Here are the access logs. Any other thoughts? Thank you!
Interesting. After changing the define('USE_FREEPBX_AUTH',true); to define('USE_FREEPBX_AUTH',false) attempting to access FOP2 Manager from any PC and browser does not present the login page, but it also doesn't present the FOP2 Manager page. Internet Explorer reports HTTP 500 The website cannot display the page •The website is under maintenance. •The website has a programming error. Firefox and Chrome simply present a blank page. Changing back to define('USE_FREEPBX_AUTH',true); again prompts me to log in to FOP2 Manager. As experience before, all credentials used come back as invalid. Hopefully this offers a hint as to what might be wrong.
Thanks
I've since corrected the syntax issue and have it set to define('USE_FREEPBX_AUTH',false);. I'm again presented with the Fop2 Manager log in page but can now successfully log in using the admin credentials defined within /var/www/html/fop2/admin/config.php. I can now log into FOP2 Manager from all PC's and browsers that previously failed.
It appears FOP2 is having difficulty detecting FreePBX. My PBX in a Flash system is currently running FreePBX 2.11.0.42.
[Mon Mar 09 05:07:19 2015] [error] [client ::1] script not found or unable to stat: /var/www/cgi-bin/awstats.pl
[Mon Mar 09 05:14:37 2015] [notice] caught SIGTERM, shutting down
[Mon Mar 09 05:18:47 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Mar 09 05:18:47 2015] [notice] Digest: generating secret for digest authentication ...
[Mon Mar 09 05:18:47 2015] [notice] Digest: done
[Mon Mar 09 05:18:47 2015] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips mod_wsgi/3.3 Python/2.6.6 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
[Mon Mar 09 05:37:49 2015] [error] [client 192.168.1.194] script not found or unable to stat: /var/www/cgi-bin/awstats.pl
What is the output of this mysql query? (If you get results, do not post the sha1 pass, change it for xxxx)
mysql -p asterisk -e "select * from ampusers"
Best regards,
+
+
+
+
+
+
+
| username | password_sha1 | extension_low | extension_high | deptname | sections |
+
+
+
+
+
+
+
| admin | | | | | * |
+
+
+
+
+
+
+
mysql -u root -p asterisk -e "select sha1('mypassword')"
Do they match?
My guess is that you are not using database based auth in freepbx, but .htaccess file based, and password stored in the DB is not the one stored in .htaccess , or something to that effect.
In any case, just leave the use_freepbx_auth set to false and set whatever user/password you want in the config.php.
Best regards,
Regardless, I'll simply leave the use_freepbx_auth setting to false in the config.php file and define a password of choice as suggested. All is good as long as I can access FOP2 Manager.
Thank you very much for the outstanding support!
Best regards,