"No Permissions" Error on Debian 8 with a Vanilla Asterisk 11
I've been trying to nail down a working setup of FOP2 for the better part of two weeks now, and I think it's time to ask for some help.
Ideally, this will be running Debian 8 in a VM, with asterisk and scarcely anything else. In other words, the "LAMP" stack is there for no other reason than FOP2, and is of default configuration. I am editing my own users, groups, and button. However, I have also tried to do use FOP2 admin--which, for me, also appears to be broken.
The most tangible problem I have is that of "You do not have permission to access this resource", for each: the Recordings, Contacts, and Call History. Also, the login page reloads frequently. I've seen the Trixbox, PHP Sessions and FOP2 post, and it would seem I indeed have a problem with sessions but I am at a loss as to how to configure on a vanilla system.
I don't believe it's actually a permissions problem, because I've granted "all" of them, like so...
Ideally, this will be running Debian 8 in a VM, with asterisk and scarcely anything else. In other words, the "LAMP" stack is there for no other reason than FOP2, and is of default configuration. I am editing my own users, groups, and button. However, I have also tried to do use FOP2 admin--which, for me, also appears to be broken.
The most tangible problem I have is that of "You do not have permission to access this resource", for each: the Recordings, Contacts, and Call History. Also, the login page reloads frequently. I've seen the Trixbox, PHP Sessions and FOP2 post, and it would seem I indeed have a problem with sessions but I am at a loss as to how to configure on a vanilla system.
I don't believe it's actually a permissions problem, because I've granted "all" of them, like so...
group=queues_company:QUEUE/company-general,QUEUE/company-sales,QUEUE/company-support,QUEUE/company-test
group=extensions_company:SIP/company-401,SIP/company-402,SIP/company-403,SIP/company-404,SIP/company-405,SIP/company-406,SIP/company-407
user=company-401:redacted:all:extensions_company,queues_company
user=company-402:redacted:all
user=company-403:redacted:all:extensions_company,queues_company
user=company-404:redacted:all:extensions_company,queues_company
user=company-405:redacted:all:extensions_company,queues_company
user=company-406:redacted:all:extensions_company,queues_company
user=company-407:redacted:all:extensions_company,queues_company
buttonfile=buttons_custom.cfg
Comments
That is much more "down level" than whatever you can configure via FOP2.
The recordings, phonebooks and call history are a kind of sub application from the main FOP2 dashboard. Those are written in PHP while FOP2 is an html5/websocket application. They are different beasts. The authentication is done via websocket, and that cannot be 'shared' with php apps. So the browser will try to set php session variables, but it has to authenticate first doing a connection to port tcp/4445 locally, when that is done and the authentication is validated, then session variables are configured.
So your problem could be that PHP session are totally broken, due to permission issues or similar.. or maybe the connection to localhost/4445 is not allowed because of selinux or local firewall rules.
Do not look at FOP2 configurations, they are *not* related at this point.
You can try to disable selinux and try again, type:
setenforce 0
service httpd restart
Then log back into FOP2 and try to open call history or contacts. If it works, then you know problem is selinux and you should disable it or configure it to allow socket connections.. There is an entry in the FAQ on www.fop2.com telling you how to add those permissions, or it might be simpler to disable it altogether in /etc/selinux/config
If you still have issues, then look at your web server error log file and see if you can spot any errors regarding file permissions for the session directory (that is probably /var/lib/php/session). As you use vanilla everything, that directory should be owned by the same user apache is running as, and not the "asterisk" user.