FireFly Media Server (formerly mt-daapd) › Firefly Media Server Forums › Firefly Media Server › Setup Issues › Admin Interface results in 401
- This topic has 6 replies, 5 voices, and was last updated 12 years, 5 months ago by
mplak.
-
AuthorPosts
-
5th July 2008 at 12:08 pm #2540
Anonymous
InactiveHi guys,
I installed mt-daapd on Debian using apt-get. I configured /etc/mt-daapd.conf properly (I guess) and set the admin_pw to 0000. Although I can access all my mp3s using iTunes, I am not able to access to administration pages. The browser asks me for the account data, I enter no user name and the 0000-password, and then I get the 401. I tried to change the ownership of all mt-daapd-web-pages to the mt-daapd-user, but that wasn’t helping.
Any idea?
Thanks in advance,
Rob6th July 2008 at 10:56 am #17390fizze
ParticipantThere is some sort of bug in some debian packages, that have to do with SELinux or at least security enhancements. This has been discussed here before, but IIRC there was no solution posted. 😕
6th July 2008 at 11:13 am #17391Anonymous
InactiveI see. Well, I’ll try to figure out how to create smart playlist manually and where to put them afterwards. Not that big a deal I guess.
Thanks nevertheless!
6th July 2008 at 12:13 pm #17392stretch
ParticipantTry using the Java Firefly client found in the 3rd party add-ons section to build playlists within Firefly’s db.
8th July 2008 at 5:58 pm #17393chris
GuestI’m experiencing something similar, stable Debian, all updates.
Here are the relevant sections from my mt-daap.conf and the mt-daap log (at level 9):
(conf):
# admin_pw (required)
#
# This is the password to the administrative pagesadmin_pw = coachz
(log):
2008-07-08 12:53:35 (b54bbbb0): Decoded admin:coachz
2008-07-08 12:53:35 (b54bbbb0): Decoded user=admin, pw=coachz
2008-07-08 12:53:35 (b54bbbb0): Added *WWW-Authenticate=Basic realm=”webserver”*
2008-07-08 12:53:35 (b54bbbb0): Thread 7: Entering ws_returnerror (401: Unauthorized)Does anyone know what deb package this is related too? Maybe something I should try from “unstable”?
26th August 2008 at 4:47 am #17394DavesNotHereMan
ParticipantAny idea why this is happening or what to do about it?
I just got bit by the same thing – updating mt-daapd and the rest of my SLUG running Debian Etch cost me the ability to administer the thing via the web.
27th August 2008 at 12:17 am #17395mplak
Guest@robertcraven wrote:
The browser asks me for the account data, I enter no user name and the 0000-password, and then I get the 401.
I ran into the same problem: can’t get onto the admin pages, 401 error.
I debugged it and found a potential problem, which does not seem to be debian specific. [ Update: Looks like a debian specific problem after all, the security backport in webserver.c wasn’t compatible with the ws_decodepassword in r1376). ]The problematic code was introduced in webserver.c by change 1679, which is a security fix. This fix was included in the debian package (0.2.4+r1376-1.1+etch1) on 9th Jun 2008.
My fix was to rebuild the package (mt-daapd-0.2.4+r1376) from source, and change webserver.c on line 969 from:
if((auth) && (ws_decodepassword(auth,&username, &password))) {
to
if((auth) && (0==ws_decodepassword(auth,&username, &password))) {
[ Update: this change is needed for debian patches applied to r1376 only.]
I’ve sent the details to Ron.
You can look for an older binary debian package, 0.2.4+r1376-1, that does not include this security fix, as a temporary workaround.
[ Update: mt-daapd_0.2.4+r1376-1.1+etch2_amd64.deb contains this fix ]. -
AuthorPosts
- The forum ‘Setup Issues’ is closed to new topics and replies.