Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: airtonix on June 30, 2012, 12:28:13 pm
-
title says it all...
i CAN ssh to the machine
i CAN use sudo on the machine
so i am god on this machine.
I have purged zentyal and reinstalled it at least four hundred gazillion times....
and it still won't let me login with my sudo enabled password
$ groups
administrator adm sudo admin
administrator@edge:~$ id
uid=1000(administrator) gid=1000(administrator) groups=1000(administrator),4(adm),27(sudo),145(admin)
administrator@edge:~$ sudo service zentyal restart
* Stopping Zentyal module: webmail [ OK ]
* Stopping Zentyal module: usercorner [ OK ]
* Stopping Zentyal module: squid [ OK ]
* Stopping Zentyal module: radius [ OK ]
* Stopping Zentyal module: mailfilter [ OK ]
* Stopping Zentyal module: mail [ OK ]
* Stopping Zentyal module: jabber [ OK ]
* Stopping Zentyal module: ftp [ OK ]
* Stopping Zentyal module: captiveportal [ OK ]
* Stopping Zentyal module: asterisk [ OK ]
* Stopping Zentyal module: webserver [ OK ]
* Stopping Zentyal module: virt [ OK ]
* Stopping Zentyal module: users [ OK ]
* Stopping Zentyal module: trafficshaping [ OK ]
* Stopping Zentyal module: pptp [ OK ]
* Stopping Zentyal module: openvpn [ OK ]
* Stopping Zentyal module: ntp [ OK ]
* Stopping Zentyal module: logs [ OK ]
* Stopping Zentyal module: ipsec [ OK ]
* Stopping Zentyal module: ids [ OK ]
* Stopping Zentyal module: events [ OK ]
* Stopping Zentyal module: ebackup [ OK ]
* Stopping Zentyal module: dns [ OK ]
* Stopping Zentyal module: dhcp [ OK ]
* Stopping Zentyal module: ca [ OK ]
* Stopping Zentyal module: audit [ OK ]
* Stopping Zentyal module: antivirus [ OK ]
* Stopping Zentyal module: firewall [ OK ]
* Stopping Zentyal module: network [ OK ]
* Stopping Zentyal module: apache [ OK ]
* Starting Zentyal module: network [ OK ]
* Starting Zentyal module: firewall [ OK ]
* Starting Zentyal module: antivirus [ OK ]
* Starting Zentyal module: audit [ OK ]
* Starting Zentyal module: ca [ OK ]
* Starting Zentyal module: dhcp [ OK ]
* Starting Zentyal module: dns [ OK ]
* Starting Zentyal module: ebackup [ OK ]
* Starting Zentyal module: events [ OK ]
* Starting Zentyal module: ids [ OK ]
* Starting Zentyal module: ipsec [ OK ]
* Starting Zentyal module: logs [ OK ]
* Starting Zentyal module: ntp [ OK ]
* Starting Zentyal module: openvpn [ OK ]
* Starting Zentyal module: pptp [ OK ]
* Starting Zentyal module: trafficshaping [ OK ]
* Starting Zentyal module: users [ OK ]
* Starting Zentyal module: virt [ OK ]
* Starting Zentyal module: webserver [ OK ]
* Starting Zentyal module: asterisk [ OK ]
* Starting Zentyal module: captiveportal [ OK ]
* Starting Zentyal module: ftp [ OK ]
* Starting Zentyal module: jabber [ OK ]
* Starting Zentyal module: mail [ OK ]
* Starting Zentyal module: mailfilter [ OK ]
* Starting Zentyal module: radius [ OK ]
* Starting Zentyal module: squid [ OK ]
* Starting Zentyal module: usercorner [ OK ]
* Starting Zentyal module: webmail [ OK ]
* Starting Zentyal module: apache [ OK ]
administrator@edge:~$ sudo tail /var/log/zentyal/zentyal.log -f
...
2012/06/30 19:57:48 WARN> Auth.pm:160 EBox::Auth::authen_cred - Failed login from: 10.0.0.10
-
turns out it was a problem with the permission bits of /etc/groups, /etc/passwd, or /etc/shadow (which all need to be 644 )
-
:o :o :o for sure NO !
"644" means that anyone can read /etc/shadow which contains account's password.
644 is ok for passwd and groups but permission for shadow must be 640.
What I really don't understand is why this would have to be manually changed in your installation ???
-
ok so for a while now i've had zentyal 2.3 from the ppa on my server at home..
so on the friday night that just passed, i decided to update the packages and install zentyal-samba....
a few errors later and i decided to remove it....
apparently it's a bad idea to do that since it left me unable to change passwords of users from the commandline....
after i fixed that logging in via ssh left me with a "i have no name!@edge:$" prompt.
after i fixed that zentyal wouldn't let me login to the admin web interface.
I think i would have saved nine hours of piss farting around if the zentyal logs actually said
"oh hey this guy here... yeah that guy who just tried and failed to login... see him? yeah him. he failed to login because the permissions of your /etc/[shadow/group/passws] are wrong... you should fix that ... here's how: <insert steps > "
instead i get this most awesome uberdaciously helpful message which describes the exact situation and how to fix it :
2012/06/30 19:57:48 WARN> Auth.pm:160 EBox::Auth::authen_cred - Failed login from: 10.0.0.10
That's nine hours of my life i'll never get back
-
Tried this after having the same problem, it doesn't help, still stuck with "incorrect password"