I'm trying to get ejabberd to allow in-channel registration from a single IP address using mod_register and ip_access. However, when I try to do an in-channel registration from that IP address using Adium on OS X, I get a 503 "service unavailable" status message, and the following is printed in /etc/ejabberd/ejabberd.log:
=INFO REPORT==== 2015-09-24 13:13:19 ===
I(<0.443.0>:ejabberd_listener:281) : (#Port<0.1968>) Accepted connection {{MY IP},59327} -> {{ANOTHER IP},5222}
=ERROR REPORT==== 2015-09-24 13:13:22 ===
E(<0.470.0>:ejabberd_hooks:335) : {function_clause,
[{mod_register,'-get_ip_access/1-fun-0-',
"7",
[{file,"mod_register.erl"},{line,564}]},
{lists,flatmap,2,
[{file,"lists.erl"},{line,1235}]},
{mod_register,try_register,5,
[{file,"mod_register.erl"},{line,328}]},
{mod_register,
try_register_or_set_password,9,
[{file,"mod_register.erl"},{line,281}]},
{mod_register,
unauthenticated_iq_register,4,
[{file,"mod_register.erl"},{line,78}]},
{ejabberd_hooks,run_fold1,4,
[{file,"ejabberd_hooks.erl"},{line,331}]},
{ejabberd_c2s,
process_unauthenticated_stanza,2,
[{file,"ejabberd_c2s.erl"},{line,2179}]},
{ejabberd_c2s,wait_for_feature_request,2,
[{file,"ejabberd_c2s.erl"},{line,731}]}]}
running hook: {c2s_unauthenticated_iq,
["SERVER IP",
{iq,"purple5b6ad190",set,"jabber:iq:register",[],
{xmlelement,"query",
[{"xmlns","jabber:iq:register"}],
[{xmlelement,"username",[],
[{xmlcdata,<<"test-new">>}]},
{xmlelement,"password",[],
[{xmlcdata,<<"test">>}]}]}},
{{MY IP},59327}]}
I've never worked with ejabberd or Erlang before, so this is all Greek to me. What's happening? Why can't I perform in-channel registration from that IP? What can I do to allow it?
Thanks
Using ejabberd 15.07 and this
Using ejabberd 15.07 and this configuration, a client already logged in can register another account:
acl: loopback: ip: - "127.0.0.0/8" - "::1" access: mynetworks: loopback: allow all: deny modules: mod_register: ip_access: mynetworks access_from: register access: registersent: <iq id='96:885601' type='set' to='localhost'> <query xmlns='jabber:iq:register'> <username>user1234</username> <password>somepass</password> <registered/> </query> </iq> received: <iq from='localhost' to='asdaADS2323@localhost/tka1' id='96:885601' type='result'/>Thanks, but that's not quite
Thanks, but that's not quite what I'm looking for.
I don't want to allow logged-in users on non-whitelisted networks to be able to register. Say someone logs into an existing account from the public Wi-Fi at a mall or an airport, I don't want to allow everyone on that network to register.
(Based on my test, this does let anyone from a network with a logged-in client create an account, even from separate clients).
The provided example does not
The provided example does not allow anyone to register. From what I see, it is tight to loopback. Only user connected on local machine can register. So it is probably more secured that you wish. You need to adapt to your case.