[jitsi-users] limited room creation to admins but now everyone is asked for user/passwd

HI

Question how to limit room creation to admin only but allow all other to
join a created room without a userid/passwd prompt??

I have restricted room creation to only admin users

VirtualHost "jitsi.example.com"
         authentication =
"internal_plain"
<---------------- changed from anonymous

Component "conference.jitsi.example.com" "muc"

    restrict_room_creation =
"admin"
<---------------- added config line

1. This works .... a userid and password are prompted prior to room creation

2. however all other users are also prompted for a userid/passwd prior
to joining this created room

Regards

Herb Swanson

I have a config of:
  - any registered prosody user can create a room
  - any anonymous user can join a room, but cannot create a room

I don’t know how much of the stack you have installed, but the instructions for “Secure Domain” on this page worked for me:

https://github.com/jitsi/jicofo

You need a prosody user to create the room:

prosodyctl adduser username@subdomain.domain.tld <mailto:username@subdomain.domain.tld>

Neil

···

On 21 Aug 2017, at 13:47, Herb Swanson <herbswanson@gmail.com> wrote:

Question how to limit room creation to admin only but allow all other to
join a created room without a userid/passwd prompt??

1 Like

*Resolved.*... I followed the instructions provided in
https://github.com/jitsi/jicofo (suggested by Neil) and it worked
perfectly the first time.

···

On 08/21/2017 05:56 AM, jitsi@neilzone.co.uk wrote:

On 21 Aug 2017, at 13:47, Herb Swanson <herbswanson@gmail.com >> <mailto:herbswanson@gmail.com>> wrote:

Question how to limit room creation to admin only but allow all other to
join a created room without a userid/passwd prompt??

I have a config of:
- any registered prosody user can create a room
- any anonymous user can join a room, but cannot create a room

I don’t know how much of the stack you have installed, but the
instructions for “Secure Domain” on this page worked for me:

https://github.com/jitsi/jicofo

You need a prosody user to create the room:

prosodyctl adduser username@subdomain.domain.tld
<mailto:username@subdomain.domain.tld>

Neil

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

I tried following the instructions and got to a point where any attempt to enter a room or create a room resulted in an error joining the room.

Do you need 2 domain names to set this up? I notice that the instruction refer to guest.. Is that a real domain name or is that just something internal?

Do you need 2 domain names to set this up?

No.

I notice that the instruction refer to guest… Is that a real domain name or is that just something internal?

Internal. You don’t need to set up DNS for it.

So if your normal domain is:

meet.example.com

You would use:

guest.meet.example.com

1 Like

Thank you. I’ve made the changes.

When I type in a new room name and connect I don’t get prompted for a username or password. I goto the page that’s asking to use my mic and camera and then I get an error that something went wrong and about a few seconds the page reloads and the process repeats.

I found that I didn’t restart the jicofo service. Then I get prompted for a host password when creating a new room.

Is there a list of services that jitsi uses somewhere? So that I know what services to restart?

It depends what you have installed. If it’s just the basic installation, it’s probably just:

jitsi-videobridge
jicofo

Thanks. It seems that there is also prosody as well. That was involved in me setting up the account that can create rooms.

It seems that there is also prosody as well

It’s not something I’ve had to restart — I tend to restart jitsi-videobridge and jicofo together — but, yes, prosody is there.

https://github.com/jitsi/jicofo#secure-domain

Can you explain please 1. In Prosody B) ?
Shall i dubplicate that file and rename it to new name? Or what exactly does “) Add new virtual host with anonymous login method for guests:” mean?

Paste the code below it right at the bottom of your Prosody config file. If you’re using Debian, it’s /etc/prosody/conf.avail/[your-hostname].cfg.lua)

Its working now, like charm! Thank you.

My fail was: I tought I have to set DNS for that second Domain and also create new nginx conf and so on.
I didn’t know, that this second Domain with anymous is just a internal think and setup in few Minutes.
Uff. :slight_smile:

This is a common mistake. I’ve put in a pull request to update the documentation to make it clear that this is not required.

1 Like

thank you for suggesting that solution @Neil_Brown, it worked perfectly.

Now I’m wondering if it’s possible to assign specific rights so that a particular admin can create only specific rooms, assigning different conferences to specific admins for “management”: anyone knows if it’s possible?

thanks again meanwhile!

Hii! I think I followed all the steps, when i create a conference room, it ask for a password a user. I entered credential i created in one of the last step. But when i’m trying to join someone to the conference, it also ask for a user/password and it looks like i cannot set a password anymore from the conference directly. Is there something i’m missing?
Thanks!!
Rick

If it’s asking for username and password, it sounds like you have “secure domain” configured and working.

This prevents anyone other than an administrator from creating a room.

Once the room is opened by an administrator, you can still add a password, in the usual way.

Wow thanks for quick reply!! Do you know where i can (is it okay to) disable the “secure domain”?
Thanks!!

If you’ve set it up, just reverse the instructions.

If you didn’t set it up (which now sounds possible), I’m not sure what the username and password is. It’s not there by default.

Just to be sure, what i’m trying to achieve is to allow only user created in prosody to be able to create new conference room. The people who will be invited to join the meeting doesnt need to have a user created in posody (it will be always new people that will join new conference). i would like to keep the settings to be able to manually set a password to join the meeting (set by the admin directly in the conference room). Before following the procedure, there was no password needed to create a room but password can be created in the room directly (option is missing after procedure)
jitsi

Weird. I can’t replicate this, I’m afraid. I have “secure domain” set up, and so have to enter a username and password for a prosody user to be able to open a room, but my administrator account (i.e. the person who opened the room) can still set a password.

However, anyone who is not an administrator cannot set a password. Is it possible that you’re looking at the screen of a user who is not an administrator (i.e. a normal guest user)?