marsbewohner Posted May 23, 2011 Report Posted May 23, 2011 Hello, recently one of our users managed to reconfigure the provisioning admin on his phone, which we deployed via the Snom One. He did so by navigating on the phone to Settings/Network/Webserver/ and just changed the HTTP admin password. How can we remove/protect this option, to avoid that the users will reconfigure their local phone? Especially as we rolled out a global http admin password via Snom One, how can he overwrite this locally if he does not know the one that we've rolled out via PNP? At least the phone should ask for the current one before accepting a new one. Quote
Vodia PBX Posted May 24, 2011 Report Posted May 24, 2011 It is indeed interesting that he could even log on. He should not be able to do that (thats the plan!). Are you keeping the provisioning files in the generated directory? There you can check what has been provisoned to the phone and if it contained the right password. Quote
marsbewohner Posted May 24, 2011 Author Report Posted May 24, 2011 Well, actually I do not delete them but the folder just contains a subfolder with the domain name and there another two with some old test extensions. The current active ones (+30) don't have its own folder. Should they? But nevertheless the phones are working and provisioning too, I add about 1-2 per week. Also the custom provisioning admin name which I provided got installed on the phone, so he could change the specific account, knowing his name (or having it as user name exposed by the phone). Quote
Vodia PBX Posted May 24, 2011 Report Posted May 24, 2011 You mean there is a loop hole so that the user could get from user login to admin login on the phone? Anyway, I think the important part is that when the user reboots, the phone fetches the admin password again and hopefully than local changes that he might have done are overwritten. Quote
marsbewohner Posted May 24, 2011 Author Report Posted May 24, 2011 I'm not sure, he just managed to work it out. The phone just let him naviagte to the position I posted earlier, showed the custom name of the admin which we assigned to the http interface and changed the password locally. From my understanding a) he should not be able to see the actual name of the adminuser and should not be able to change the password without knowing the current one. So it looks like the phone is running in admin mode or he could just switch over from user to admin mode. I expect that the phone automatically switches to user mode after a reboot without any custom actions? Regrading the \generated\%localdomainname%\ folder, should it contain a unique folder for every extension that is running on the Snom one? Quote
Vodia PBX Posted May 24, 2011 Report Posted May 24, 2011 So it looks like the phone is running in admin mode or he could just switch over from user to admin mode. I expect that the phone automatically switches to user mode after a reboot without any custom actions? Good point. I quickly checked the wiki for the phones, but could not figure out what the PBX needs to provision in order to have it in user mode. Regrading the \generated\%localdomainname%\ folder, should it contain a unique folder for every extension that is running on the Snom one? Yes, every extension should have its own folder. Quote
marsbewohner Posted May 24, 2011 Author Report Posted May 24, 2011 Good point. I quickly checked the wiki for the phones, but could not figure out what the PBX needs to provision in order to have it in user mode. Ok, would be great if you or someone from your team could check this I would assume that the system automatically puts the devices in user mode after restarting. Yes, every extension should have its own folder. Thats interesting, what could cause the system not to have or create these folders? Host is a Windows 7 x86 plattform. Quote
Vodia PBX Posted May 24, 2011 Report Posted May 24, 2011 Thats interesting, what could cause the system not to have or create these folders? Host is a Windows 7 x86 plattform. There is a setting in admin/pnp/general weather the PBX should write those files to the file system or to the log. Quote
Guest madigan Posted May 24, 2011 Report Posted May 24, 2011 Unless you don't provision the phone to run in user mode, you will always be able to change both HTTP user name / password and the admin password. I just don't understand how he could login to the webinterface in first place! Is the web interface protected at all? Have you configured HTTP user name and password in your provisioning file? Good point. I quickly checked the wiki for the phones, but could not figure out what the PBX needs to provision in order to have it in user mode. The provisioning file must contain the following entry: <admin_mode perm="">off</admin_mode> (Default value is "on".) Quote
marsbewohner Posted May 24, 2011 Author Report Posted May 24, 2011 There is a setting in admin/pnp/general weather the PBX should write those files to the file system or to the log. Ok, this is set to log, so it explains why there are no files. Unless you don't provision the phone to run in user mode, you will always be able to change both HTTP user name / password and the admin password. This something which should be vice versa by default, as all the other competitors have it. I just don't understand how he could login to the webinterface in first place! Is the web interface protected at all? Have you configured HTTP user name and password in your provisioning file? Yes it is, the http/provisioning admin is set in Snom One, and when I open any of the phones it asks me for the user/password on the http page. He simply worked around this by resetting the admin pw from the phone menu and logged in with that afterwards. The provisioning file must contain the following entry: <admin_mode perm="">off</admin_mode> (Default value is "on".) Thanks, will add this! Quote
pbx support Posted May 24, 2011 Report Posted May 24, 2011 Thanks, will add this! We will make this as part of the PnP template file. Quote
marsbewohner Posted May 25, 2011 Author Report Posted May 25, 2011 We will make this as part of the PnP template file. Great, thanks! Quote
Guest madigan Posted May 25, 2011 Report Posted May 25, 2011 This something which should be vice versa by default, as all the other competitors have it. Good to hear that it will be added to the provisioning template then. If we would disable admin mode by default in the phones we would get flooded with support requests. He simply worked around this by resetting the admin pw from the phone menu and logged in with that afterwards. But then he must have known the admin password too! In order to do a factory reset using the phone GUI you are forced to enter the admin password. And even if he somehow managed to reset the phone, it should have received its passwords through provisioning again. So I'm still wondering what exactly has happened.. Quote
marsbewohner Posted May 25, 2011 Author Report Posted May 25, 2011 Good to hear that it will be added to the provisioning template then. If we would disable admin mode by default in the phones we would get flooded with support requests. Yes, changing that without announcing it could cause some troubles But then he must have known the admin password too! In order to do a factory reset using the phone GUI you are forced to enter the admin password. And even if he somehow managed to reset the phone, it should have received its passwords through provisioning again. So I'm still wondering what exactly has happened.. And that's the point, he did so without knowing or beeing asked for it. The result was that he reconfigured something on the phone interface that caused the phone to be stuck for 2 days without any notice (had to reboot it to unfreeze it, but thats another thing). But as you wrote, thanks to the provisioning the phone reinitialized itself with the correct server based configuration during the restart, I just want to prevent that this happens again. Quote
pbx support Posted May 25, 2011 Report Posted May 25, 2011 Alright, so far we had the admin mode "on" by default. I think it make sense to change the default to "off". That way "user" get access to the phone in the "user mode". If they want to "administer" the phone, then either they have to be administrator or contact the administrator for the PIN (which is actually the Domain->Settings: Authentication PIN" value). Also, if the system administrator decides that it is okay for his users to login to the phone as admins, then he can change the snom_3xx_phone.xml template file(for 3xx series phones). I think that is much easier than introducing another extension level parameter to control this behavior. So the future PBX version will have <admin_mode perm="">off</admin_mode> in the template files. Quote
marsbewohner Posted May 25, 2011 Author Report Posted May 25, 2011 Thats great! Will this setting also cause the phone to hide the question mark symbol on the homescreen? The local IP that is displayed there is an open invitation for some of the users to try all sort of ways to access this IP Quote
Vodia support Posted June 6, 2011 Report Posted June 6, 2011 It will still show the IPs phone but as long as they don't know the admin/pass set in the "Provisioning Parameters" in the Domain-settings then you should be Ok. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.