When attempting to register new users through a client like Pidgin, the 403 Forbidden response typically indicates that the XMPP server (in this case eJabberd) has registration disabled by default. This is a common security measure in many XMPP server implementations.
The primary configuration file for eJabberd is typically located at /etc/ejabberd/ejabberd.cfg (or /etc/ejabberd/ejabberd.yml for newer versions). Here's how to enable registration:
% Allow registration from any client
{access, register, [{allow, all}]}.
For more granular control, you might want to restrict registration to certain IP ranges:
% Allow registration only from local network
{access, register, [
{allow, {ip, "192.168.1.0/24"}},
{deny, all}
]}.
Here's a more comprehensive example that includes both registration and related settings:
%%% Registration
{access, register, [{allow, all}]}.
%% Registration watchdog
{registration_timeout, 600}.
%% Rate limit registration attempts
{registration_limit, {10, 86400}}.
%% Require CAPTCHA for registration
{captcha_cmd, "/usr/bin/captcha"}.
{captcha_host, "yourdomain.com"}.
{captcha_limit, {5, 86400}}.
After making changes to the configuration file, you'll need to restart the eJabberd service:
sudo systemctl restart ejabberd
Or for older systems:
sudo /etc/init.d/ejabberd restart
If you prefer not to modify the configuration file, you can temporarily enable registration via the admin command line:
ejabberdctl register user example.com password
Or through the web admin interface at http://your-server:5280/admin/.
After enabling registration, test it with Pidgin or another XMPP client. The registration should now complete without the 403 error.
While open registration is convenient, it can lead to spam issues. Consider implementing these additional measures:
- Enable CAPTCHA (as shown in the configuration example)
- Set up registration limits
- Monitor registration attempts
- Consider using invite-only registration for production systems
If you're still encountering issues, check:
sudo tail -f /var/log/ejabberd/ejabberd.log
This will show real-time server logs that might reveal additional details about the registration attempts.
When setting up an eJabberd server, one common roadblock is encountering a 403 Forbidden error during user registration attempts through clients like Pidgin. This typically occurs because eJabberd's default configuration restricts open registrations for security reasons.
The primary solution involves editing the ejabberd.yml configuration file (or ejabberd.cfg in older versions). Here's how to enable registration:
# Locate the access rules section in ejabberd.yml
access:
register:
all: allow
# Then enable registration in the listener configuration
listen:
-
port: 5222
module: ejabberd_c2s
access: c2s
shaper: c2s_shaper
starttls: true
register: true # This is the critical line
If you prefer not to enable open registration, consider these alternatives:
- Admin registration via CLI:
ejabberdctl register username localhost password - Web-based registration:
listen: - port: 5280 module: ejabberd_http request_handlers: "/admin": ejabberd_web_admin "/register": mod_register_web
After making changes, restart eJabberd and test registration:
sudo systemctl restart ejabberd
ejabberdctl registered-users localhost- Ensure ports 5222 (client) and 5269 (server) are open
- Verify TLS/SSL configuration if registration fails
- Check authentication method in ejabberd.yml:
auth_method: internal
Once registration works, implement these security measures:
# Enable CAPTCHA for registration
captcha_cmd: /usr/lib/ejabberd/priv/bin/captcha.sh
# Rate limit registration attempts
shaper:
normal: 1000
fast: 50000
access_rules:
max_user_offline_messages:
admin: 5000
all: 100