Zentyal Forum, Linux Small Business Server

Zentyal Server => Installation and Upgrades => Topic started by: kevinmccarthy on September 08, 2011, 02:29:25 am

Title: can't reset admin username / password
Post by: kevinmccarthy on September 08, 2011, 02:29:25 am
I am the sys admin and want to change the username/password to something more secure. When I choose System>General and enter the current username and password and then the new password, the system says it is saved. When I log out and try to log back in, the only combo that works is the old u/p. Help please.
Title: Re: can't reset admin username / password
Post by: aspangilinan on September 08, 2011, 04:53:46 am
try to change password on command line.

thanks.
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 08, 2011, 05:23:02 am
I was said you would say that, haha. I don't have a clue how to do command like work. Still learning all this server stuff. Once I get to the cmd prompt, what would be the command? :)

Thanks
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 08, 2011, 05:24:18 am
*said=afraid haha
Title: Re: can't reset admin username / password
Post by: christian on September 08, 2011, 06:53:57 am
First point, you're question, aside problem you're facing, is an interesting one: Zentyal targeting SMBs where we will have potentially often people not knowing Linux command line, how to investigate such problem using Zentyal itself?

Then I would rather try first to debug this problem before applying workaround.

Once you have command line (either via console or connecting through SSH), can you have a look at /var/log/ebox/ and search for related message in ebox.log. You can have a look also at error.log but, as there is no timestamps there, it's more difficult.

If there is nothing obvious in /var/log/ebox/ebox.log, look also at /var/log/syslog
Title: Re: can't reset admin username / password
Post by: DWAM on September 08, 2011, 10:01:40 am
On Zentyal destop, open "Administrator console",
You are prompted for the admin password, type it,

type :
passwd ADMIN_USERNAME

(replace ADMIN_USERNAME with your admin username)

PS : You may have a problem if you choose a very simple password, the system can "refuse" to take it. Choose a complex one.
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 08, 2011, 05:20:28 pm
I tried Dwam's command and received the following in the console...

Authentication token manipulation error... password unchanged.

Checking the logs now (hopefully)
Title: Re: can't reset admin username / password
Post by: DWAM on September 08, 2011, 05:26:44 pm
My post was meant to change zentyal admin password only... not the couple username/password.

Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 08, 2011, 05:51:03 pm
Okay, I was able to determine that the password was locked and then unlocked it. However, I have still been unsuccessful changing it in the GUI or from the command line.

I checked the error.log and see a repetitive line that reads something like:

use of uninitialized value $reason in length at (eval 2989) line 74... (the eval number is different in each repeat of this error.)

Also, Use of uninitialized value in concatentation (.) or sting at /usr/share/perl5/EBox/Menu/Separator.pm line 44

And many other errors.
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 08, 2011, 06:22:45 pm
in the command line I am typing: passwd chad - d to delete the password and getting nowhere. Am I using the commands incorrectly?

If I want to change the current admin user of "chad" to "admin" and the current password of "xxxxx" to "xx", what would that look like exactly in the console?

Thanks again. Or, maybe there really is an issue that is blocking this change. This would be unfortunate since I just fired the guy who set this up (Chad) and he would have access to my server. Ugh. Thanks again for the help. (And, yes, I am looking for a new guy right away to replace the other guy who had to be released unexpectedly. So, thanks for your patience with my novice questions.)
Title: Re: can't reset admin username / password
Post by: DWAM on September 08, 2011, 06:31:58 pm
- Do you know chad's account password ?
- Can you login to Zentyal using this 'chad' account ?

If yes :

On Zentyal desktop, open "Administrator Console",
You are prompted for chad's password, type it.

Then type :
passwd chad (and press enter)
The prompt invites you to type a new password

Normally it should work this way. And this will suffice to prevent Chad from accessing your server.

To change 'chad' into 'admin', it is possible but maybe this will be the first mission for the new guy!
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 08, 2011, 08:44:23 pm
Ugh, that is what I am doing to no avail.

I enter the admin console. The prompt shows:

root@nas: /home/chad#

I enter passwd chad and press enter

The next line is
passwd: Authentication token manipulation error
passwd: password unchanged
root@nas: /home/chad#
Title: Re: can't reset admin username / password
Post by: DWAM on September 08, 2011, 09:16:00 pm
I just did it on my server, it worked exactly as I said...

Check this :
http://forum.zentyal.org/index.php/topic,7038.msg28313.html#msg28313
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 08, 2011, 10:20:34 pm
Dang, now I'm screwed. I went to that blog and used this command.

chage -d 0 chad

It certainly seems to have disabled Chad from accessing. But, it also disabled me now. None of the user passwords work. I cannot access the panel. Ugh. I really am a novice.
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 08, 2011, 10:42:13 pm
I no longer have access to the console. It won't recognize any of my known passwords. Is there a default u/p that ships with the install?
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 08, 2011, 10:47:06 pm
I must be the biggest idiot in the world... Christian you sent me a message and asked a question. I cannot find a reply button anywhere in my inbox and I am logged in (hence this post).

I have no idea whether Chad set up ldap or not. But, I do believe he was planning on it. Since I now have no access to the console or the panel, I am pretty much screwed. I may have to blow this VM away and start over which would really suck.

Thank you all for being patient and explaining things in a for-dummies fashion - which is what I need. :)
Title: Re: can't reset admin username / password
Post by: christian on September 08, 2011, 10:53:36 pm
you can still revert back...

chage -E -1 chad

should remove the expiration date.
Title: Re: can't reset admin username / password
Post by: DWAM on September 08, 2011, 10:54:46 pm
Simple users of this forum cannot reply to PM... Lucky you, you're not that dumb! ;o)

Find a good linux admin for a 2 hours job... There are tools to recover lost passwords from a recovery boot or from within a LiveCD. You don't have to reinstall everything. Such a guy can do it.
Title: Re: can't reset admin username / password
Post by: DWAM on September 08, 2011, 10:56:09 pm
you can still revert back...

chage -E -1 chad

should remove the expiration date.

Unless he's still logged in, I think he won't be able to do that.
Title: Re: can't reset admin username / password
Post by: christian on September 08, 2011, 10:59:49 pm
 ;) sure, it requires at least account with sudo right...
Title: Re: can't reset admin username / password
Post by: DWAM on September 08, 2011, 11:03:49 pm
You talked about VM... Maybe you have a previous snapshot of your server ?
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 08, 2011, 11:29:11 pm
I wish. This is a new vm that was not snapped. We have not yet started using it in production. I don't want to start over though with the configuration if possible. Worse case we do though.
Title: Re: can't reset admin username / password
Post by: DWAM on September 08, 2011, 11:34:57 pm
If you don't have Zentyal in production yet, reinstall from iso is pretty simple. Then, if you have a clear definition of your needs, many guys could do the config for you, even remotely...

Where are you from ?
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 08, 2011, 11:40:17 pm
Northwest USA
Title: Re: can't reset admin username / password
Post by: DWAM on September 08, 2011, 11:47:51 pm
Another idea... As you use VM, you can also download a pre-built VM image.

Check:
http://trac.zentyal.org/wiki/Download/VMImages

And you've got a fresh install ready to go
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 09, 2011, 01:06:26 am
That's cool to have the VM.

Is it possible to grab a user settings file(s) from the current VM (the troubled one) and just move it over to the new VM so we wouldn't have to spend the time reconfiguring all the accounts, etc?
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 09, 2011, 05:49:58 pm
Well, I hired a linux guy at $50 p/hr and after an hour he was unsuccessful recovering the password. He said the issue is not knowing Zentyal. I did not have him waste any more of my time.

There must be a way to recover access to my installation? Any more help available?
Title: Re: can't reset admin username / password
Post by: DWAM on September 09, 2011, 06:17:36 pm
$50 p/hr for a linux guy ? for a recovery mission ? You're not even half way !

You're not hiring someone for time, but for the warranty of success in a mission. If the guy does not ask for $500 at least, he's not serious and does not take you seriously either... and this one will understand he's working on an Ubuntu server despite the Zentyal stamping and will do the thing in 15 minutes.

My $0.02...
Title: Re: can't reset admin username / password
Post by: christian on September 09, 2011, 06:18:51 pm
Kevin,

As I'm a bit lost with current status, could you clarify some points:
- can you access system console or not?
- in case you can, did you check if Chad's account exists in both /etc/passwd ans /etc/shadow  I'm pretty sure your Linux guru checked if he got access but it's worth to ask.
- if account exists in LDAP:
   PAM may prevent to change password from Linux CLI
   password can still be changed using LDAP command from another machine.

In order to check this, you can search for uid=chad using ldap command line
ldapsearch -x -h your.ldap.server -b "dc=host,dc=domain,dc=com" uid=chad
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 10, 2011, 01:07:00 am
I don't know the name of the ldap server, if there is one. So that command line keeps telling me it can't contact the LDAP server.

Correction on the $50 guy, he is a PHP coder and knows his way around Linux. Not necessarily the other way around.
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 10, 2011, 01:07:35 am
And that is a special friend discount. :)
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 10, 2011, 01:31:22 am
Oh, when I use this command, Chad shows in the passwd file. That command for the shadow file says permission denied.

grep chad /etc/passwd

(Results:)
chad:x:1000:1000:chad,,,:/home/chad:/bin/bash

When I first log in to vsphere and select the Zentyal VM, I select the console tab. It brings up a Zentyal logo and username box. I enter the only one that works there: chad & password. It still works here. But, I cannot access the Administrator Console. Double clicking on that brings up a password box. The old admin password (chad's) doesn't work. The dialogue just goes away - not even an invalid pw error.

The User Console works, but does not appear to have enough permissions to change the password.

However, in the User Console, I used this line and had better success:

sudo grep chad /etc/shadow

Result:
[sudo] password for chad: (i entered it)
sudo: account or password is expired, reset your password and try again
changing password for chad.
(current) UNIX password: (I entered a new pw)
sudo: pam_chauthtok: Authentication token manipulation error
Sorry, try again.
[sudo].... I tried this a few times then got this error...

3 incorrect password attempts

It brought me back to a command line.

Does that provide any further info that is helpful?
Title: Re: can't reset admin username / password
Post by: christian on September 10, 2011, 09:23:21 am
I was thinking about this:
sudo chage -E -1 chad
which should reactivate account...

but you can't "sudo" isn't it?
any other account with sudo privileges?
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 10, 2011, 06:56:48 pm
The same errors occur.

I typed as you stated:
sudo chage -E -1 chad

Results:
[sudo] password for chad: (I typed the original pw)
sudo: Account or password is expired, reset your password and try again
Changing password for chad.
(current) UNIX password: (I typed the original pw)
sudo: pam_chauthtok: Authentication token manipulation error
Sorry, try again.
[sudo] password for chad: (I typed the original pw)
sudo: Account or password is expired, reset your password and try again
Changing password for chad.
(current) UNIX password: (I typed a "new" pw just in case that is what it was wanting)
sudo: pam_chauthtok: Authentication token manipulation error
Sorry, try again.
[sudo] password for chad: (I typed the original pw)
Sorry, try again.
sudo: 3 incorrect password attempts

It seems that sudo is working. But, the commands are not. I am beginning to think maybe his pw is not in the shadow file (like I know what I'm talking about, haha). But, I could not check it as stated above.
Title: Re: can't reset admin username / password
Post by: christian on September 10, 2011, 07:19:22 pm
I don't think sudo "works".

To summarize: the only local account you can use to open session (terminal) is "chad" but you can't use it with sudo privileges because account expired (due to the chage command you type some days ago).
If you don't have any other account at system level (btw I don't understand how you can authenticate if chad account expired), the only way it to reset root password and change chad's password as root.

You can do it restarting your system in single user mode (e.g. look at this http://www.debuntu.org/recover-root-password-single-user-mode-and-grub (http://www.debuntu.org/recover-root-password-single-user-mode-and-grub))

BTW what's the result of ldapsearch command?
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 10, 2011, 08:19:14 pm
I don't think sudo "works".

To summarize: the only local account you can use to open session (terminal) is "chad" but you can't use it with sudo privileges because account expired (due to the chage command you type some days ago).
If you don't have any other account at system level (btw I don't understand how you can authenticate if chad account expired), the only way it to reset root password and change chad's password as root.

You can do it restarting your system in single user mode (e.g. look at this http://www.debuntu.org/recover-root-password-single-user-mode-and-grub (http://www.debuntu.org/recover-root-password-single-user-mode-and-grub))

BTW what's the result of ldapsearch command?

I don't know the name of the ldap server, if there is one. I was left with no notes regarding this. So that command line keeps telling me it can't contact the LDAP server.

I am using VMWare's vSphere to access the virtual server. I select to reboot. But, while in the console, if I press esc, an error message shows up...

* to run ddclient as a daemon, please set run_daemon to 'true' in /etc/default/ddclient
...done

The only way to proceed is to hit escape again which continues the boot with the zentyal logo and brings me to the zentyal login screen. Ugh. Circles.

Title: Re: can't reset admin username / password
Post by: christian on September 10, 2011, 08:27:29 pm
if you run the ldapsearch from Zentyal server, you can type here 127.0.0.1 (localhost) as ldap server is one of Zentyal components.

and I forgot about the VM  >:(

Try this http://ubuntuforums.org/showthread.php?t=1655265 (http://ubuntuforums.org/showthread.php?t=1655265)
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 10, 2011, 08:37:28 pm
if you run the ldapsearch from Zentyal server, you can type here 127.0.0.1 (localhost) as ldap server is one of Zentyal components.

and I forgot about the VM  >:(

Try this http://ubuntuforums.org/showthread.php?t=1655265 (http://ubuntuforums.org/showthread.php?t=1655265)

Okay, that worked better. Here are the results:

# extended LDIF
#
# LDAPv3
# base <dc=host,dc=domain,dc=com> with scope subtree
# filter: uid=chad
# requesting: ALL
#

# search result
search: 2
result: 32 no such object

# numResponses: 1

Title: Re: can't reset admin username / password
Post by: christian on September 10, 2011, 08:42:13 pm
kind off... no such object because you have to replace "host" with Zentyal host name. Well, this is in fact a short -cut that might be wrong, depending on how Zentyal has been configured.
to find the right baseDN, you should look at Zentyal "users & groups" -> LDAP settings
If you can't access it, then root baseDN can be discovered searching for RootDSE but let's focus on resetting root password first  ;)
Title: Re: can't reset admin username / password
Post by: christian on September 13, 2011, 10:10:29 pm
Just curious: where do you stand with this? Did you reset root password mounting disk as described in link I provided?
Title: Re: can't reset admin username / password
Post by: kevinmccarthy on September 13, 2011, 11:38:43 pm
Thanks for all the help. After pulling out the rest of my hair, I just blew away the VM and started over. Seems to be working now just fine - other than a slow learning curve. :)