FireFly Media Server › Firefly Media Server Forums › Firefly Media Server › Setup Issues › Admin Interface results in 401
- This topic has 6 replies, 5 voices, and was last updated 15 years, 8 months ago by mplak.
-
AuthorPosts
-
05/07/2008 at 12:08 PM #2540AnonymousInactive
Hi guys,
I installed mt-daapd on Debian using apt-get. I configured /etc/mt-daapd.conf properly (I guess) and set the admin_pw to 0000. Although I can access all my mp3s using iTunes, I am not able to access to administration pages. The browser asks me for the account data, I enter no user name and the 0000-password, and then I get the 401. I tried to change the ownership of all mt-daapd-web-pages to the mt-daapd-user, but that wasn’t helping.
Any idea?
Thanks in advance,
Rob06/07/2008 at 10:56 AM #17390fizzeParticipantThere is some sort of bug in some debian packages, that have to do with SELinux or at least security enhancements. This has been discussed here before, but IIRC there was no solution posted. 😕
06/07/2008 at 11:13 AM #17391AnonymousInactiveI see. Well, I’ll try to figure out how to create smart playlist manually and where to put them afterwards. Not that big a deal I guess.
Thanks nevertheless!
06/07/2008 at 12:13 PM #17392stretchParticipantTry using the Java Firefly client found in the 3rd party add-ons section to build playlists within Firefly’s db.
08/07/2008 at 5:58 PM #17393chrisGuestI’m experiencing something similar, stable Debian, all updates.
Here are the relevant sections from my mt-daap.conf and the mt-daap log (at level 9):
(conf):
# admin_pw (required)
#
# This is the password to the administrative pagesadmin_pw = coachz
(log):
2008-07-08 12:53:35 (b54bbbb0): Decoded admin:coachz
2008-07-08 12:53:35 (b54bbbb0): Decoded user=admin, pw=coachz
2008-07-08 12:53:35 (b54bbbb0): Added *WWW-Authenticate=Basic realm=”webserver”*
2008-07-08 12:53:35 (b54bbbb0): Thread 7: Entering ws_returnerror (401: Unauthorized)Does anyone know what deb package this is related too? Maybe something I should try from “unstable”?
26/08/2008 at 4:47 AM #17394DavesNotHereManParticipantAny idea why this is happening or what to do about it?
I just got bit by the same thing – updating mt-daapd and the rest of my SLUG running Debian Etch cost me the ability to administer the thing via the web.
27/08/2008 at 12:17 AM #17395mplakGuest@robertcraven wrote:
The browser asks me for the account data, I enter no user name and the 0000-password, and then I get the 401.
I ran into the same problem: can’t get onto the admin pages, 401 error.
I debugged it and found a potential problem, which does not seem to be debian specific. [ Update: Looks like a debian specific problem after all, the security backport in webserver.c wasn’t compatible with the ws_decodepassword in r1376). ]The problematic code was introduced in webserver.c by change 1679, which is a security fix. This fix was included in the debian package (0.2.4+r1376-1.1+etch1) on 9th Jun 2008.
My fix was to rebuild the package (mt-daapd-0.2.4+r1376) from source, and change webserver.c on line 969 from:
if((auth) && (ws_decodepassword(auth,&username, &password))) {
to
if((auth) && (0==ws_decodepassword(auth,&username, &password))) {
[ Update: this change is needed for debian patches applied to r1376 only.]
I’ve sent the details to Ron.
You can look for an older binary debian package, 0.2.4+r1376-1, that does not include this security fix, as a temporary workaround.
[ Update: mt-daapd_0.2.4+r1376-1.1+etch2_amd64.deb contains this fix ]. -
AuthorPosts
- The forum ‘Setup Issues’ is closed to new topics and replies.