Hello, I am new to jitsi and have installed it from apt on Ubuntu 18 with Java 11. I am currently having two issues. The first of which is that my website my-domain currently allows anyone to set up a video conference. I would welcome anyone to do so in the future, but it seems like a bot could do the same so I would like to only allow humans to set up rooms/conferences. This is probably a prosody issue but that’s the default included in the apt package.

prosodyctl adduser me@my-domain gives: “Account creation/modification not supported”

I referred to github /jitsi/jicofo#secure-domain and first did the first four steps but got the same message as above when trying either:

prosodyctl register me jitsi-meet.my-domain

prosodyctl adduser me@my-domain

My /etc/prosody/conf.avail/[your-hostname].cfg.lua is a little bit different:

-- Plugins path gets uncommented during jitsi-meet-tokens package install - that's where token plugin is located
--plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- added bc of error messages in prosody logs
-- Feb 16 10:21:04 certmanager     error   SSL/TLS: Failed to load '/etc/letsencrypt/live/my-domain/privkey.pem': Check that the permissions allow Prosody t$
-- Feb 16 10:21:04 portmanager     error   Error binding encrypted port for https: error loading private key (Permission denied)

consider_bosh_secure = true

http_ports = { 5280 }
http_interfaces = { "localhost" }

https_ports = { 5281 }
https_interfaces = { "localhost" }

https_ssl = {
    certificate = "/etc/letsencrypt/live/my-domain/fullchain.pem";
    key = "/etc/letsencrypt/live/my-domain/privkey.pem";
}

VirtualHost "my-domain"
        authentication = "anonymous"
        ssl = {
                key = "/etc/prosody/certs/my-domain.key";
                certificate = "/etc/prosody/certs/my-domain.crt";
        }

        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; 
            "register";
        }

        c2s_require_encryption = false

Component "conference.my-domain" "muc"
    storage = "none"
    --modules_enabled = { "token_verification" }
admins = { "focus@auth.my-domain" }

Component "jitsi-videobridge.my-domain"
    component_secret = ""

VirtualHost "auth.my-domain"
    ssl = {
        key = "/etc/prosody/certs/auth.my-domain.key";
        certificate = "/etc/prosody/certs/auth.my-domain.crt";
    }
    authentication = "internal_plain"

-- github.com/jitsi/jicofo#secure-domain
VirtualHost "guest.my-domain"
    ssl = {
        key = "/etc/prosody/certs/auth.my-domain.key";
        certificate = "/etc/prosody/certs/auth.my-domain.crt";
    }
    authentication = "anonymous"
    c2s_require_encryption = false

Component "focus.my-domain"
    component_secret = ""

/etc/jitsi/jicofo/sip-communicator.properties is/was empty before adding org.jitsi.jicofo.auth.URL=XMPP:jitsi-meet..com

the auth.my-domain, guest.my-domain, focus.my-domain and conference.my-domain do not work by the way, when I type them into my browser address bar so I guess they are used internally or only accessible after some other operations

Have you restarted prosody and jicofo after making the changes?

I have, yes. I cannot adduser

$cat /etc/prosody/prosody.cfg.lua :

admins = { }

modules_enabled = {

	-- Generally required
		"roster"; -- Allow users to have a roster. Recommended ;)
		"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
		"tls"; -- Add support for secure TLS on c2s/s2s connections
		"dialback"; -- s2s dialback support
		"disco"; -- Service discovery

	-- Not essential, but recommended
		"carbons"; -- Keep multiple clients in sync
		"pep"; -- Enables users to publish their mood, activity, playing music and more
		"private"; -- Private XML storage (for room bookmarks, etc.)
		"blocklist"; -- Allow users to block communications with other users
		"vcard"; -- Allow users to set vCards

	-- Nice to have
		"version"; -- Replies to server version requests
		"uptime"; -- Report how long server has been running
		"time"; -- Let others know the time here on this server
		"ping"; -- Replies to XMPP pings with pongs
		"register"; -- Allow users to register on this server using a client and change passwords

	-- Admin interfaces
		"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
		"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
}

modules_disabled = {
}

allow_registration = false

daemonize = true;

pidfile = "/var/run/prosody/prosody.pid";

c2s_require_encryption = true

s2s_require_encryption = true

s2s_secure_auth = false
authentication = "internal_hashed"
archive_expires_after = "1w" -- Remove archived messages after 1 week
log = {
	-- Log files (change 'info' to 'debug' for debug logs):
	info = "/var/log/prosody/prosody.log";
	error = "/var/log/prosody/prosody.err";
	-- Syslog:
	{ levels = { "error" }; to = "syslog";  };
}
certificates = "certs"

Component "callcontrol.my-domain"
	component_secret = "ugsfFI"

Include "conf.d/*.cfg.lua"

This command does not go over the internet does it? Or over different services connected via ports? It’s just a local command to the prosody.service, isn’t it?

It’s just a clocal command to the prosody service.

Show tthe cocnfiguration for your domain’s VirtualHost.

That’s in my initial post here, isn’t it?

VirtualHost "my-domain"

Oops, right, I forgot.

This is wrong. You must have internal_plain here if you want auth on your domain. GitHub - jitsi/jicofo: JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences.

Thanks. I tried that before, but now rebooted afterwards and it seems to work.

Doesn’t prosodyctl register test123 my-domain password123 work? Make sure the second argumentt is exactly what your VirtualHost says and that you have restarted prosody after making changes.

Yes, it does work now. I am not 100% sure but nearly so that I tried this before and restarted the prosody and jitsi related services. So thank you very much for your help.

Hello,
Could you, please, help me with the same problem. I cannot create new user using the command like this:
sudo prosodyctl register user 192.168.0.164 pwd
because of the error:
Account creation/modification not supported
I have made all the steps described in jicofo readme page and was able to add focus user. Jicofo log shows that focus user can connect to the server. I rebooted the computer after changes in config files. My server is currently works in a home LAN, so the server name is its IP: 192.168.0.164 and it uses self-signed certificate.
Here is that part of prosody.cfg.lua, which has been added by me:

admins = { "focus@auth.192.168.0.164" }
.....
allow_registration = false;
......
authentication = "internal_hashed"

-- Jibri related config
Component "internal.auth.192.168.0.164" "muc"
    modules_enabled = {
      "ping";
    }
    storage = "null"
    muc_room_cache_size = 1000

VirtualHost "recorder.192.168.0.164"
  modules_enabled = {
    "ping";
  }
  authentication = "internal_plain"
-- end of Jibri config

-- jocofo authentication
VirtualHost "auth.192.168.0.164"
    authentication = "internal_plain"

Component "focus.192.168.0.164"
    component_secret = "focus_secret"

VirtualHost "192.168.0.164"
    authentication = "internal_plain"

VirtualHost "guest.192.168.0.164"
    authentication = "anonymous"
    c2s_require_encryption = false

-- end of jocofo authentication

Thank you
Victor

The thread here contains everything I know. did you restart the services?

Yes. I restarted the services and rebooted the computer.

How about using only the setting in this thread first, then changing a working conf to what you want?

I have an error when create the user :
#prosodyctl register jibri auth.vicon.mycompany.com jibriauthpass
the error is :
Error: Account creation/modification not available with LDAP.

my configuration file use authentication = ‘ldap2’
how to fix this, without change authentication to eksternal LDAP ?

How about using only the setting in this thread first, then changing a working conf to what you want?

check the logs in /var/log

I think this may not be supported though. If you get the standard (i.e. =‘internal’) working, you may try to attach a debugger when running it with the source.