Can't get access to web console

Windows 2000 server, Erlang OTP R10B etc in compliance with tutorial.
config file by default (not changed).
then i go to the http://localhost:5280/admin i see the user/password information windows.
in windows i wrote - user - "admin" and password - blank or "admin" and i get the error - 401 Unauthorized.
What the user and password information i must set in this window?
where and how i must write the user name and user password?

Ok. I read the

Ok. I read the reference.
But anyway i can't get access.
This is my config
% $Id: ejabberd.cfg 347 2005-05-15 23:03:25Z alexey $


% Users that have admin access. Add line like one of the following after you
% will be successfully registered on server to get admin access:
{acl, admin, {user, "schess"}}.
{acl, admin, {user, "open"}}.

% Blocked users:
%{acl, blocked, {user, "test"}}.

% Local users:
{acl, local, {user_regexp, ""}}.

% Another examples of ACLs:
%{acl, jabberorg, {server, ""}}.
%{acl, aleksey, {user, "aleksey", ""}}.
%{acl, test, {user_regexp, "^test"}}.
%{acl, test, {user_glob, "test*"}}.

% Only admins can use configuration interface:
{access, configure, [{allow, all}]}.

% Every username can be registered via in-band registration:
{access, register, [{allow, all}]}.

% After successful registration user will get message with following subject
% and body:
"Welcome to Jabber Service. "
"For information about Jabber visit"}}.
% Replace them with 'none' if you don't want to send such message:
%{welcome_message, none}.

% List of people who will get notifications about registered users
%{registration_watchers, ["admin1@localhost",
% "admin2@localhost"]}.

% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.

% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
{allow, all}]}.

% Set shaper with name "normal" to limit traffic speed to 1000B/s
{shaper, normal, {maxrate, 1000}}.

% Set shaper with name "fast" to limit traffic speed to 50000B/s
{shaper, fast, {maxrate, 50000}}.

% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
{normal, all}]}.

% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.

% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.

% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.

% This rule allows access only for local users:
{access, local, [{allow, all}]}.

% Authentification method. If you want to use internal user base, then use
% this line:
{auth_method, internal}.

% For LDAP authentification use these lines instead of above one:
%{auth_method, ldap}.
%{ldap_servers, ["localhost"]}. % List of LDAP servers
%{ldap_uidattr, "uid"}. % LDAP attribute that holds user ID
%{ldap_base, "dc=example,dc=com"}. % Base of LDAP directory

% For authentification via external script use the following:
%{auth_method, external}.
%{extauth_program, "/path/to/authentification/script"}.

% Host name(s):
{hosts, ["localhost"]}.

% Default language:
{language, "en"}.

% Listened ports:
{5222, ejabberd_c2s, [{access, c2s},
{shaper, c2s_shaper}]},

% To create selfsigned certificate run the following command from the
% command prompt:
% openssl req -new -x509 -days 365 -nodes -out ejabberd.pem -keyout ejabberd.pem
% and answer the questions.
% {5222, ejabberd_c2s, [{access, c2s},
% starttls, {certfile, "./ejabberd.pem"},
% {shaper, c2s_shaper}]},

% When using SSL/TLS ssl option is not recommended (it requires patching
% erlang ssl application). Use tls option instead (as shown below).
% {5223, ejabberd_c2s, [{access, c2s},
% tls, {certfile, "./ejabberd.pem"},
% {shaper, c2s_shaper}]},

{5269, ejabberd_s2s_in, [{shaper, s2s_shaper}]},

% {5555, ejabberd_service, [{access, all},
% {host, "icq.localhost", [{password, "secret"}]}]},

{5280, ejabberd_http, [http_poll, web_admin]}

% If SRV lookup fails, then port 5269 is used to communicate with remote server
{outgoing_s2s_port, 5269}.

% Used modules:
{mod_register, [{access, register}]},
{mod_roster, []},
{mod_shared_roster, []},
{mod_privacy, []},
{mod_configure, []},
{mod_disco, []},
{mod_stats, []},
{mod_vcard, []},
{mod_offline, []},
{mod_announce, [{access, announce}]},
{mod_private, []},
{mod_irc, []},
% Default options for mod_muc:
% host: "conference." ++ ?MYNAME
% access: all
% access_create: all
% access_admin: none (only room creator has owner privileges)
{mod_muc, [{access, muc},
{access_create, muc},
{access_admin, muc_admin}]},
{mod_pubsub, []},
{mod_time, []},
{mod_last, []},
{mod_version, []}

% Local Variables:
% mode: erlang
% End:

i create user schess with "pandion". After that i correct config file, located in ejabberd root directory. but i can't get access to web console after that. anyway i see the 401 error. i use the schess@localhost username and pass or simple schess with pass but 401 and nothing else.

Where is the error?
help me!

I am having a similar

I am having a similar problem, with the exception that I have registered a user "admin" and "paulc" both are listed as admin users:
{acl, admin, {user, "admin"}}.
{acl, admin, {user, "paulc"}}

I've tried commenting out admin and just using paulc and commenting out paulc and just using admin.
soemthing I have noticed for example:
When I have just paulc listed as the admin, I then try to open the admin gui. if I type paulc as the user and [password] as the password, it prompts me again, like it didn't accept it. If i use (where is the domain i have it configured with), and the password, it then gives me the Not Allowed error.
Does the configured domain have to be a FQDN? This is an internal machine and not connected to the net. Why would it not allow the admin account I have defined, login? The server is running, I can login to it with both of the accounts I defined above.

Paul C.

You can put as many admins

  • You can put as many admins as you want.
  • Take a look at the logs, too.
  • Instead of just
    {acl, admin, {user, "paulc"}}.
    Try with this:
    {acl, admin, {user, "paulc", "}}.
  • When asked for user and passwd on the wedamin, use
  • If it still says 'Not Allowed', maybe the user is not admin at all.

How to check if a user is admin:

  1. With a 'Jabber Discovery'-enabled client like Exodus, Tkabber, Psi login with that account
  2. Open the Discovery/Browser.
  3. You will be see 'conference', 'pubsub', 'vjud'...
  4. If you can see 'online users', 'all users', 'config'... then that user has admin privileges. If no, then he hasn't.

Thanks!! adding the domain

Thanks!! adding the domain after the username fixed it!

Similar problem

I also cant get access to my new ejabberd implementation web console; i connect on the right url, and it asks for authentication (which apparently is working correctly). But i get this from my browser right after logging in:

An error occurred while loading
Connection to host is broken.

What could cause this?

Check the ejabberd log

Check the ejabberd log files, maybe you find some usefull information. That exact error message doesn't seem to be produced by ejabberd: it isn't a problem with your password, or with your admin rights...

You can try to do this on the same machine where ejabberd is installed, to be sure it isn't an ejabberd problem. If you don't have phisical access to the machine, maybe you can use SSH and a command-line browser like Lynx.

Already tried acessing locally using Lynx, no go...

This is the output of a local lynx access attempt:

[root@NMU-IT-WSDB1 conf]# lynx http://localhost:5280/admin -verbose

Looking up localhost:5280
Making HTTP connection to localhost:5280
Sending HTTP request.
HTTP request sent; waiting for response.
Alert!: Access without authorization denied -- retrying
Retrying with access authorization information.
Looking up localhost:5280
Making HTTP connection to localhost:5280
Sending HTTP request.
HTTP request sent; waiting for response.
Alert!: Unexpected network read error; connection aborted.
Can't Access `http://localhost:5280/admin'
Alert!: Unable to access document.

lynx: Can't access startfile

And this is what the logfile has to say about it:

=INFO REPORT==== 2006-05-02 09:53:05 ===
I(<0.216.0>:ejabberd_listener:90): (#Port<0.1113>) Accepted connection {{127,0,0
,1},38907} -> {{127,0,0,1},5280}

=INFO REPORT==== 2006-05-02 09:53:05 ===
I(<0.209.0>:ejabberd_http:76): started: {gen_tcp,#Port<0.1113>}

=INFO REPORT==== 2006-05-02 09:53:11 ===
I(<0.2142.0>:ejabberd_http:171): (#Port<0.1113>) http query: 'GET' /admin

I dont see much to go on troubleshooting from that information; any ideas?

Surf the web interface with Lynx

My Jabber server is called "localhost":

$ cat ejabberd.cfg | grep "^{host"
{hosts, ["localhost"]}.

I created an account with username "badlop" and password "mypass". That account has admin rigths:

$ cat ejabberd.cfg | grep badlop
{acl, admin, {user, "badlop", "localhost"}}.

If I try to access the web interface, ejabberd will ask me to login:

$ lynx http://localhost:5280/admin -dump
HTTP: Access authorization required.
       Use the -auth=id:pw parameter.

Looking up localhost:5280
Making HTTP connection to localhost:5280
Sending HTTP request.
HTTP request sent; waiting for response.
Alert!: Access without authorization denied -- retrying

lynx: Can't access startfile http://localhost:5280/admin

If I specify wrong user or password I get an error message:

$ lynx http://localhost:5280/admin -dump -auth=badlopqqqq@localhost:iforgotmypass


$ lynx http://localhost:5280/admin -dump -auth=badlop@localhost:iforgotmypass

Looking up localhost:5280
Making HTTP connection to localhost:5280
Sending HTTP request.
HTTP request sent; waiting for response.
Alert!: Access without authorization denied -- retrying
Retrying with access authorization information.
Looking up localhost:5280
Making HTTP connection to localhost:5280
Sending HTTP request.
HTTP request sent; waiting for response.
Alert!: Can't retry with authorization!  Contact the server's WebMaster.
Can't Access `http://localhost:5280/admin'
Alert!: Unable to access document.

lynx: Can't access startfile

If I specify the correct user and password, it works correctly:

$ lynx http://localhost:5280/admin -dump -auth=badlop@localhost:mypass


     * [2]Listas de Control de Acceso
     * [3]Reglas de Acceso
     * [4]Hosts Virtuales
     * [5]Nodos
     * [6]Estadísticas

If you are working on

If you are working on localhost , I think you are not accessing admin
becaue panel because you are using admin instead of 'admin@localhost
because if you just use admin as user name without domain name , access is always denied

I have read all of the

I have read all of the posts, following the instructions, tryed it in lynx and tryed it in firefox, and i still cannot connect. I have edited the config and done everything i could think of. can someone please help me?


Without detailed information

Without detailed information (all your actions) it is very dificult to help you...


I install the ejabberd server

I install the ejabberd server in MacBook-Pro , OS X 10.10.3.I download the package , installed it in my MAC. when installing it asked for Domain , i gave Habiburs-MacBook-Pro.local , then it asked for admin name , i gave "testadmin" , thn i set the password for the admin user.

once the installation is done. i went to /bin folder of the application and gave ./start command in terminal. to ran the server, server run successfully. then i went to /conf folder , gave vi ejabberdctl.cfg to edit the config file for giving Access control list permission to access web console.

Here in this config file i gave , #{acl, admin, {user, "testadmin", "Habiburs-Macbook-Pro.local"}}.

# In this file you can configure options that are passed by ejabberdctl
# to the erlang runtime system when starting ejabberd

#' POLL: Kernel polling ([true|false])
# The kernel polling option requires support in the kernel.
# Additionally, you need to enable this feature while compiling Erlang.
# Default: true

#' SMP: SMP support ([enable|auto|disable])
# Explanation in Erlang/OTP documentation:
# enable: starts the Erlang runtime system with SMP support enabled.
# This may fail if no runtime system with SMP support is available.
# auto: starts the Erlang runtime system with SMP support enabled if it
# is available and more than one logical processor are detected.
# disable: starts a runtime system without SMP support.
# Default: auto

#' ERL_MAX_PORTS: Maximum number of simultaneously open Erlang ports
# ejabberd consumes two or three ports for every connection, either
# from a client or from another Jabber server. So take this into
# account when setting this limit.
# Default: 32000
# Maximum: 268435456

#' FIREWALL_WINDOW: Range of allowed ports to pass through a firewall
# If Ejabberd is configured to run in cluster, and a firewall is blocking ports,
# it's possible to make Erlang use a defined range of port (instead of dynamic
# ports) for node communication.
# Default: not defined
# Example: 4200-4210

#' INET_DIST_INTERFACE: IP address where this Erlang node listens other nodes
# This communication is used by ejabberdctl command line tool,
# and in a cluster of several ejabberd nodes.
# Default:

#' ERL_EPMD_ADDRESS: IP addresses where epmd listens for connections
# IMPORTANT: This option works only in Erlang/OTP R14B03 and newer.
# This environment variable may be set to a comma-separated
# list of IP addresses, in which case the epmd daemon
# will listen only on the specified address(es) and on the
# loopback address (which is implicitly added to the list if it
# has not been specified). The default behaviour is to listen on
# all available IP addresses.
# Default:

#' ERL_PROCESSES: Maximum number of Erlang processes
# Erlang consumes a lot of lightweight processes. If there is a lot of activity
# on ejabberd so that the maximum number of processes is reached, people will
# experience greater latency times. As these processes are implemented in
# Erlang, and therefore not related to the operating system processes, you do
# not have to worry about allowing a huge number of them.
# Default: 250000
# Maximum: 268435456

#' ERL_MAX_ETS_TABLES: Maximum number of ETS and Mnesia tables
# The number of concurrent ETS and Mnesia tables is limited. When the limit is
# reached, errors will appear in the logs:
# ** Too many db tables **
# You can safely increase this limit when starting ejabberd. It impacts memory
# consumption but the difference will be quite small.
# Default: 1400

#' ERL_OPTIONS: Additional Erlang options
# The next variable allows to specify additional options passed to erlang while
# starting ejabberd. Some useful options are -noshell, -detached, -heart. When
# ejabberd is started from an init.d script options -noshell and -detached are
# added implicitly. See erl(1) for more info.
# It might be useful to add "-pa /usr/local/lib/ejabberd/ebin" if you
# want to add local modules in this path.
# Default: ""

#' ERLANG_NODE: Erlang node name
# The next variable allows to explicitly specify erlang node for ejabberd
# It can be given in different formats:
# ERLANG_NODE=ejabberd
# Lets erlang add hostname to the node (ejabberd uses short name in this case)
# ERLANG_NODE=ejabberd@hostname
# Erlang uses node name as is (so make sure that hostname is a real
# machine hostname or you'll not be able to control ejabberd)
# ERLANG_NODE=ejabberd@hostname.domainname
# The same as previous, but erlang will use long hostname
# (see erl (1) manual for details)
# Default: ejabberd@localhost

#' EJABBERD_PID_PATH: ejabberd PID file
# Indicate the full path to the ejabberd Process identifier (PID) file.
# If this variable is defined, ejabberd writes the PID file when starts,
# and deletes it when stops.
# Remember to create the directory and grant write permission to ejabberd.
# Default: don't write PID file

#' CONTRIB_MODULES_PATH: contributed ejabberd modules path
# Specify the full path to the contributed ejabberd modules. If the path is not
# defined, ejabberd will use ~/.ejabberd-modules in home of user running ejabberd.


#{acl, admin, {user, "testadmin", "Habiburs-MacBook-Pro.local"}}.

# Default: $HOME/.ejabberd-modules

# vim: foldmarker=#',#. foldmethod=marker:

After saving this file . i stopped the server. started again.
thn i gave this URL in browser http://localhost:5280/admin/ to launch web console

it asked for NAME and Password. i gave it ..

it showed me::
The user name or password you entered for this area on localhost:5280 was incorrect. Make sure you’re entering them correctly, and then try again.

please help me to solve this problem..


You are using the full JID as

You are using the full JID as username "testadmin@Habiburs-Macbook-Pro.local", right ?



Thanks bro.. its working

Thanks bro..
its working after giving full JID with Domain

I am unable to connect to web

I am unable to connect to web console from remove machine. I started ejabberd server on ec2 instance and I am using ejabberd 15.04.

I have configured ejabberd.yml file like this for web console :
port: 5280
module: ejabberd_http
## request_handlers:
## "/websocket": ejabberd_http_ws
## "/pub/archive": mod_http_fileserver
web_admin: true
http_poll: true
http_bind: true
register: true
## captcha: false

I can connect using lynx on ec2 instance using localhost:5280/admin but I cannot open in remote machine browser. I have also open port in security group with

Am I missing something to access connection from outside? Can anyone help me with this.

I have tried installing

I have tried installing ejabberd using this link and I am unable to open even my home page http://my_server_ip:5280/admin, I have tried everything. Please help

Syndicate content