SOLVED "authentication required" on User Portal

[Byron Leonard]

I get an "authentication required" for the User Portal when I try to access my voice mail.

It does not take the extension and vm password as it should.

Instead I have to login as maint first before I can get to the screen where I enter the extension and vm password.

 

[tm1000]

Yup. There are many posts here on how to fix that. Many many.

 

[Twilight Sparkle]

maint | password

 

[tm1000]

The user wants it to go away. They know the login. They stated that.

maint | password

 

[Twilight Sparkle]

im so bad at reading...... wow now i feel even stupider, but its ok im a pony!
Yes this topic dose come up a lot!

You can try this one i found: http://pbxinaflash.com/community/in...dings-menu-link-prompts-for-maint-login.8316/

Try using the Search Box above or Search, Search, Search tell you find what you are looking for, thats what i do [ most of the time ] i also go to google and type in [ pbx in a flash - then what im looing for ]

 

[Byron Leonard]

Yes, I found that article. I did all that it said and even rebooted a couple of times. If you read it all the way through the person asking never gets it figured out. I guess he just gave up. Thx.

 

[Byron Leonard]

Yup. There are many posts here on how to fix that. Many many.

Any posts that I found leave the issue unresolved. And yes I've googled and googled ... Thx.

 

[Twilight Sparkle]

i think this is the way you need it in WebMin

 

[tm1000]

Yup twilight sparkle pretty much nailed what you have to change

 

[Byron Leonard]

i think this is the way you need it in WebMin

OK, I did that and I still can't get it to work. I tried every combination of access control. I even tried to turn it off completely and it did not work. I still get the login request.

 

[Byron Leonard]

Here is another example of it not getting solved ...
http://pbxinaflash.com/community/in...-and-recordings-asks-for-auth-password.12407/

 

[tm1000]

That's because every version of pbx in a flash does this different. There's no better solution that what we have given you. You will just have to remove or modify htaccess files and the apache conf files. Whether it's pbx.conf or ARI.conf or whatever.

 

[billsimon]

Yup twilight sparkle pretty much nailed what you have to change

How can you tell? Unintelligible English and two unexplained screen shots are all I see. One of those screen shots appears to open the whole web server to unauthenticated access.

 

[tm1000]

Because you have to change the apache htaccess/security methods. Geesh. I need to stay out of these threads. This whole topic is out of control because PBX in a flash does it different with different versions and users are always going to be eternally confused with this issue regardless of the solutions. The area to change things IS the right area because it's the area in apache where one changes the security. He wants to open up the recording interface. Are the normal routines working for him? No. So basically he has to go back and figure it out himself by deleting security. How else would you recommend it Bill. Because I see no solution from you? I just see you talking about security....

These threads are an ongoing cycle for any person who has dealt with this. What do I tell the user? Edit pbx.conf? ari.conf? edit the .htaccess file? which one? Like I said it's changed through versions of pbx in a flash and I hold no ill-will towards them for that and I'm not saying anyone has done anything wrong. But what do you expect to to? and in regards to the unauthenticated access, there are plenty of FreePBX distro systems out there without all of these extra apache digest authentication methods. I digress. Ward can do it however he likes and whatever way(s) makes his users feel more comfortable and I am fine with that. I don't have a problem.

The problem with this thread and as MANY other threads have said before is delete or edit the .htaccess files or pbx.conf or ari.conf so I am sort of confused on why security is coming up here against me but in other threads it's ok to mention these .conf files and edit them freely or delete them..............

I'll just be staying away from this topic from now on mainly because I don't know what the hell I'm talking about in regards to what version uses what trick for what digest method. Not because of any ill-will.

End point: Why isn't there a real solution. Why is it hacky. Why can't PBX in a flash users hit a button someone to turn this stuff off. Why can't it be fixed by PBX in a flash? Those are my unanswered questions.

How can you tell? Unintelligible English and two unexplained screen shots are all I see. One of those screen shots appears to open the whole web server to unauthenticated access.

 

[wardmundy]

The PBX in a Flash authentication method has stayed the same for at least the last 5 years. We use Apache authentication, not FreePBX authentication. Why? Because it's more secure and because it has never been hacked to our knowledge. If you want a server with FreePBX authentication and no Apache authentication, there are plenty of choices available including Incredible PBX for the Raspberry Pi. But trying to retrofit the security mechanisms in PIAF to use FreePBX authentication is a very bad idea.

 

[tm1000]

I never said use FreePBX authentication. EVER. I said provide your users with an option to remove the authentication. A button. A script. Provide it. Your users want it. Obviously.

Or just fix it. Why is this still debated? Just fix the issue. Or what do we need to fix for you so that it's fixed.

How many threads in the last two months have there been with "how do I use FreePBX authentication to add/remove users" or "How do I remove the login prompt on the recording interface". Too many!

Edit: I dont understand how if nothing has changed in the last 5 years why users here say things like "I dont have pbx.conf/ari.conf" or "the methods in those threads dont work for me" if it's always been the same then I would assume something would work.

Maybe we just need a resource or whatever it's called here so we don't have to keep rehashing this topic.

<---THIS TOPIC

The PBX in a Flash authentication method has stayed the same for at least the last 5 years. We use Apache authentication, not FreePBX authentication. Why? Because it's more secure and because it has never been hacked to our knowledge. If you want a server with FreePBX authentication and no Apache authentication, there are plenty of choices available including Incredible PBX for the Raspberry Pi. But trying to retrofit the security mechanisms in PIAF to use FreePBX authentication is a very bad idea.

 

[wardmundy]

Because a handful of users (that probably don't know any better) want either FreePBX or no authentication on their web servers doesn't mean we're going to change our security model and leap off the cliff. Nor do we plan to "add a button" to let folks shoot themselves in the foot. We're willing to live (and die) with the moniker of old-fashioned, but safe. Like I said, there are other options available. We have no plans to open PIAF web servers to worldwide access. Sorry.

It's been a very long time since I looked at ARI. Leaving the security issues aside (which are huge), my recollection is that ARI was so intertwined with FreePBX that it was impossible to decouple Apache authentication from it without also doing the same for FreePBX (which we were/are unwilling to do).

As tm1000 said, we've been down this road once or twice before.

 

[tm1000]

So the "broken" (and yes it is broken) recording interface digest authentication will stay. Why do I say it's broken? Because it doesn't prevent anything. If you click cancel you can still get to the login page. If you enter the credentials you still get to the login page. I dont understand the point in the brokenness of this.

Is something lost in communication here? This WHOLE thread is about the brokeness of the ARI digest authentication. It's not stopping anything.

Because a handful of users (that probably don't know any better) want either FreePBX or no authentication on their web servers doesn't mean we're going to change our security model and leap off the cliff. Nor do we plan to "add a button" to let folks shoot themselves in the foot. We're willing to live (and die) with the moniker of old-fashioned, but safe. Like I said, there are other options available. We have no plans to open PIAF web servers to worldwide access. Sorry.

 

[tm1000]

You added this after I replied. But yes. That makes sense. and since our plan is to re-write ARI...I HOPE these issues die then

It's been a very long time since I looked at ARI. Leaving the security issues aside (which are huge), my recollection is that ARI was so intertwined with FreePBX that it was impossible to decouple Apache authentication from it without also doing the same for FreePBX (which we were/are unwilling to do).

As tm1000 said, we've been down this road once or twice before.

 

[billsimon]

tm1000, I apologize. I should not have jumped in here and I do not have a solution to the original problem. My rant is about nonsensical "answers" in a language barely resembling English that are no help to anyone. Obviously, I'm not speaking about you or Ward here.