Topic: Won't accept root password anymore

[John Willby]

Hi

I have a wierd problem. My server has been happily running for months now and all of a sudden it has decided it is not going to accept the root password anymore.

I can log in as admin and get the admin panel up.

I can even log in via the server manager panel but it won't accept my root password.

I really don't want to reload the system and have to set up from scratch.

Am I totally and utterly stuffed?

A simple yes or no answer will do as I don't think anybody would thank me if people started mailing in how to hack the root!

John

[Graeme Fleming]

If you can log in via the server manager then just change the system password from here - the server manager should force the admin & root passwords back into sync (as you know they use the same password).

HTH

[John Willby]

Hi

Tried that it changed the pasword for the server manager but I still get log in failed for root.

Dunno what has gone wrong with it!

Is there anyway I could go through a re-install type process (upgrade option?)  with the installation disk that will not reformat the disk and I won't have to reinstall spam assassin and user panel and all the other custom stuff I have installed like ntop etc and allow me to reset the root password and hopefully correct what ever the problem is?

John

[Graeme Fleming]

Yeah, an upgrade procedure may fix it and will install over the top of whats there.  As long as the stuff you installed has followed the template rules everything should be preserved.

Is worth a shot!

[John Willby]

Hi

Well it worked - but only when I upgraded to version 6 beta 2.

So its off to the devel list now for me I guess.

BTW I had no problems with the upgrade it went sweet and all now working according to plan.

Seems Ok so far as well.

John

[Jacko]

John Willby wrote:

> I have a wierd problem. My server has been happily running
> for months now and all of a sudden it has decided it is not
> going to accept the root password anymore.
...
> A simple yes or no answer will do as I don't think anybody
> would thank me if people started mailing in how to hack the
> root!

My suspicion is that someone has already worked out how to do that on your system. Have you kept your system updated?

JTR

[Marc]

Jacko wrote:
>
> John Willby wrote:
>
> > I have a wierd problem. My server has been happily running
> > for months now and all of a sudden it has decided it is not
> > going to accept the root password anymore.
> ...
> > A simple yes or no answer will do as I don't think anybody
> > would thank me if people started mailing in how to hack the
> > root!
>
> My suspicion is that someone has already worked out how to do
> that on your system. Have you kept your system updated?
>
> JTR

Well, if you know how to hack the root acount, please post it. You cannot have real security through obscurity.

Marc

[Dan Brown]

No, if you know how to hack root on a stock SME box, mail smesecurity@mitel.com and tell them, so they can fix it.

[Gordon Rowell]

John Willby wrote:
>
> Hi
>
> I have a wierd problem. My server has been happily running
> for months now and all of a sudden it has decided it is not
> going to accept the root password anymore.

You can only log in as root from one of the consoles, not from
the manager.

> I can log in as admin and get the admin panel up.

Which is normal.

> I can even log in via the server manager panel but it won't
> accept my root password.

The server-manager has never accepted "root" as the user. You
must log in as "admin".

The admin/root passwords are kept in
sync (by design) when you change the "admin" password from
the manager.

> I really don't want to reload the system and have to set up
> from scratch.
>
> Am I totally and utterly stuffed?
>
> A simple yes or no answer will do as I don't think anybody
> would thank me if people started mailing in how to hack the
> root!

You haven't provided any evidence that anything is broken.

If you do discover a potential security issue, it should be sent to smesecurity@mitel.com, and only there.

Gordon

[Gordon Rowell]

Marc wrote:
> [....]
> Well, if you know how to hack the root acount, please post
> it. You cannot have real security through obscurity.

Please address any security concerns to smesecurity@mitel.com, and only there.

Posting security issues in public forums before contacting the vendor for comment and allowing them a reasonable time to reply is irresponsible and harmful.

We also do not believe in "security through obscurity". We do, however believe that the vendor should have the opportunity to address security issues before potentially putting large numbers of systems at risk.

That said, there is no evidence that there is anything wrong in this instance.

Gordon

[John Willby]

Hi

Nobody had hacked root on my system.

As far as I can tell a file had become corrupted that checked the root password against what was stored on the system so when you tried to log in as root at the console any password legitimate or otherwise was rejected.

I manged to get it fixed and so as far as I am concerned this thread is dead.

Gordon is quite right that any questions concerns in this area should be passed on to Mitel security and NOT discussed in an open forum.

John