Changing the Asterisk manager password
If you are using the default password, you will see the message:
Warning: You are running FreePBX and Asterisk with the default manager pass. You should consider changing this to something else.
Running with the default password is a bad idea, simply because everyone else in the world knows it, and (if not properly firewalled, etc etc) could potentially connect to your asterisk box and do bad things(tm).
Warning: Don't get cute and try to use a password with non-alphabetic or non-numeric characters - things may break in strange ways if you try to use punctuation characters in passwords. Unless you really know what you are doing, stick to numbers and standard alphabetic characters. Also, you should probably read the comments below, to understand the importance of making a full backup before changing anything in case something goes wrong.
Changing the password
To do this, you need to edit two files: /etc/asterisk/manager.conf and /etc/amportal.conf
manager.conf
This controls the asterisk 'manager' users that are allowed to connect to the asterisk manager interface.
For full information on the file, see http://www.voip-info.org/wiki/index.php?page=Asterisk+config+manager.conf
You can have as many users in here as you'd like (for example, an operator panel might use one) and in fact, you should have different users for each application.
FreePBX requires a user that has a definition like the following:
[admin] secret = secret123password deny=0.0.0.0/0.0.0.0 permit=127.0.0.1/255.255.255.0 read = system,call,log,verbose,command,agent,user write = system,call,log,verbose,command,agent,user
amportal.conf
There needs to be a corresponding entry in /etc/amportal.conf
AMPMGRUSER=admin AMPMGRPASS=secret123password
Obviously you just need to use the same username (inside the square brackets) and password as above.
Once you have made the changes, you need to click on "Apply Configuration Changes" in order for the change to propagate throughout the system (If you don't see the orange "Apply Configuration Changes" bar, go to one of the GUI screens in the system and re-submit the page, no changes necessary). If you don't do this, then extensions_additional.conf will have stale data resulting in a broken phone system.
- Printer-friendly version
- Login or register to post comments
Following these instructions leads to broken system
I tried changing my system's password following the steps here and wound up unable to direct calls (internal or external) to extensions. For some reason the dialparties.agi script was still pulling the default "amp111" password from somewhere and failing to authenticate. Once I undid the changes detailed above things went back to normal.
Very frustrating.
edit:
While looking at amportal.conf for another issue I noticed in the header that you have to run apply_conf after changing anything. I was unaware of this...maybe this should be added to the end of this FAQ.
edit2:
I also see now that the default password can be found in "extensions_additional.conf". I have to wonder what kind of trouble can be caused by not changing it there.
FEEDBACK COMMENT: it is included in extensions_additional.conf which is auto-generated. See comment above added that you need to press "Apply Configuration Changes" have that change occur.
This just sucks
When you log into the freepbx web gui it gives you a notice that you need to change the passwords. You do a search on how to change it and the very first FAQ says "how to change the password". So you say great. It says change the password in two files and that is it. So you say ok that is easy enough and you make the change reboot. And then you get prompted with the unable to connect to database error. So you go searching and you find this site where people say don't change the passwords use a firewall etc etc. I've tried putting the original passwords back into the files that I modified and still get can not connect to database. Along with this issue and a few others I'm done working with this software. I'll go back to my Asterisk 1.6 at least it works without having someone fuss at you after you were lead on by the "security" alerts by the software.
FEEDBACK COMMENT: The security warnings are to make you aware you are using default information. If you made changes that broke the system, and then reverted those changes and the system is still broken, it would appear that there is something that was missed when reverting. That is unfortunate. Also, if you are getting messages that you can't connect to the database, then it would appear that you may have inadvertently made changes to the AMPDBPASS or related amportal.conf settings, which have different default values then the manager.
I had the same problem but didn't just give up.
Hi all,
New user alert go easy on me if this has been posted already.
I followed the above instructions also, but while I was perusing the above files I made notes of the other accounts and passwords found in the system (so far... I told you I was new.)
The one that let me into the admin module was user: freepbx and password: fpbx.
Hope this helps, and thanks to the people who obviously worked so hard to produce this software.
Peace,
templewolf
tempwolf, that must have
tempwolf, that must have been a username and password you picked or was one that was pre-configured from a distro that you used to build the system as it's not a stock username and password.
It does not work at all as I
It does not work at all as I have followed all the guides here. I'm not able to make any calls.
Please help to solve. Thank you
This is crazy... free but crazy
Thanks to this I'm doing very well with linux. I'm an open mind windows guy. I found this little amp111 in this files:
/etc/asterisk/manager.conf
/etc/amportal.conf
/var/lib/asterisk/agi-bin/user_login_out.agi
/var/www/html/admin/modules/core/agi-bin/user_login_out.agi
/var/www/html/framework/modules/trixbox/libraries/Trixpbx.php
/var/www/html/maint/modules/asterisk_info/asterisk_info.php
/var/www/html/admin/modules/framework/htdocs/admin/functions.inc.php
/var/www/html/admin/modules/endpointcfg/framework/modules/trixbox/libraries/Trixpbx.php
/var/www/html/admin/functions.inc.php
/etc/asterisk/extensions_additional.conf
/usr/scr/tbm-pbxconfig-5.5.1/amportal.conf
/usr/scr/tbm-pbxconfig-5.5.1/install_amp
this is free I think in all this cases.... my next step is go file by file trying calls and everything and we'll see.
If somebody knows a better solution like a automated module to change main passwords?
Now what about to change "amp111" in all the files? and I mean ALL the files? with something like this:
find / -name *|xargs perl -w -i -p -e "s/amp111/newpassword/g"
some time I read if you change the password in the file where the trixbox compare the used one with. I mean it needs to compare with something to know if it's the default or isn't. But if you change it there to, you are gonna keep seeing the warning message but from the security side you are gonna be safe because this is a new one....
juangabriel, Please be
juangabriel,
Please be careful as 1. you are using a trixbox setup which has extra files and they should have there own password changing routine (did for versions pre 2.6 at least). 2. you are using the bastardized version of trixbox where they forked FreePBX and didn't provide the "bug fixes" they said existed and fixed. 3. they bumped the version numbering system to 5.5 which means there is no known way to roll back to a real version of FreePBX, so much of the potential information you are providing can be misleading to the rest of the FreePBX user base.
Also that is the one problem with using Distro's. They add options and/or features past FreePBX which might need those passwords and it is then up to those distro providers to document the proper way to change the password as they have now created extra reliances on a password that FreePBX would not know about. Yes many of the smart ones make it read from the amportal.conf file so that if it get's changed it knows about it but not all do as those authors are then typing themselves to FreePBX which some don't consider a good thing....
do not have amportal.conf file
I have /etc/asterisk/manager.conf file but not a amportal.conf file. Using freepbx 2.5.2.2 and asterisk by repos for ubuntu 8.04. what should I do
found it
sorry yes I do it is /etc/amportal.conf. changed passwords.
templewolf -- same issue
I have the same issue as templewolf. With a brand new FreePBX install (AsteriskNOW distro), I get stuck with the "freepbx" user and "fpbx" password and the interface squawks, but there seems to be no way to change or edit the 'freepbx' admin user.
How do I change that password? I've looked in /etc/amportal.conf and it links to the SQL database. When changed, I lose my database connection. Is there a way to change it from within the web interface of freepbx?
Fix to freepbx/fpbx issue is here
http://www.freepbx.org/support/documentation/faq/changing-the-mysql-pass...
Once you've changed the SQL password you can then change the AMPDBPASS in /etc/amportal.conf
It worked for me - Perhaps that page should make reference to "This is how you change the default freepbx/fpbx" then google would list it!
command-line fu
Below are the files on my 2.6 trixbox that I needed to update. These files held the password for the "asteriskuser"; used to connect to mysql on the localhost.
The files are:
* /etc/asterisk/extensions_additional.conf
* /etc/asterisk/manager.conf
* /etc/asterisk/phpagi.conf
* /etc/amportal.conf
* /var/www/html/maint/modules/asterisk_info/asterisk_info.php
* /var/www/html/maint/modules/cdrreport/config/database.php
* /etc/asterisk/cdr_mysql.conf
And this bit of command-line fu will change them all at one go.
sed -i -e 's/amp111/newpassword/g' /etc/asterisk/extensions_additional.conf /etc/asterisk/manager.conf /etc/asterisk/phpagi.conf /etc/amportal.conf /var/www/html/maint/modules/asterisk_info/asterisk_info.php /var/www/html/maint/modules/cdrreport/config/database.php /etc/asterisk/cdr_mysql.conf
Hope this helps. this is really for my own reference :)