Koozali.org: home of the SME Server
Contribs.org Forums => Koozali SME Server 10.x => Topic started by: waldviertler on June 26, 2021, 05:20:12 PM
-
I have the same problem. A fresh install BUT I used the console restore, to restore from 9.2 Backup.
I get "Invalid username or password." but I am sure the username and the password are correct. I typed the pw in editor and pasted it.
What can I do?
THanks in advice.
Martin
-
is the username admin?
if not, the username is not correct.
-
Yes, the user is "admin".
-
I typed the pw in editor and pasted it.
Can you explain this please, what editor and why not just type into server-manager directly?
-
The situation is:
I use Chrome to log in at the server manager since long time ago. Usually I only have to type the a from admin and auto fill in appears with username and pw. So I tried this a few times, then typed the password in and since there are no visible letters I typed the server password in the microsoft editor and pasted it to the pw field - just to make sure I typed it correctly. (I tried other browsers also.)
So after typing in username and pw and clicking on login, the fields are empty and above the field appears "Invalid username or password."
I use the SME-server since 1999 an I am pretty sure, how to use the login to the server-manager.
Martin
-
Have you tried a ssh login?
If you use ssh keys as you should, then you should be able login and reset your password.
You can then also check the logs for login errors too.
-
the login works on the console on the server and it works well over putty.
I get this in the admin_error_log:
[Mon Jun 28 00:16:15.066253 2021] [cgi:error] [pid 15182] [client 127.0.0.1:40130] AH01215: Can't exec "/usr/bin/pwauth": Permission denied at /etc/e-smith/web/common/cgi-bin/login line 56., referer: https://192.168.1.254//server-common/cgi-bin/login?back=https%3a%2f%2f192.168.1.254%2fserver-manager
[Mon Jun 28 00:16:15.066940 2021] [cgi:error] [pid 15182] [client 127.0.0.1:40130] AH01215: Could not open pipe to pwauth: Permission denied at /etc/e-smith/web/common/cgi-bin/login line 58., referer: https://192.168.1.254//server-common/cgi-bin/login?back=https%3a%2f%2f192.168.1.254%2fserver-manager
When I look with chown: the user and the group of /etc/e-smith/web/common/cgi-bin/login is "root".
-
Hmmm. Permission is likely right. Don't try and change it.
Have you got any custom-templates lying about?
Think there is one or more threads here on failure to access server-manager on previous version upgrades.
This is an old one but similar so I'm thinking something you have restored from v9 is giving v10 indigestion.
https://forums.contribs.org/index.php/topic,50179.15.html
Can you check the logs during restore? May be an errror there somewhere.
See here for some command to parse errors:
https://wiki.koozali.org/User_talk:Stephdl
Was it a brand new and fully updated v10 prior to restore?
Have you added any contribs or custom items at all?
-
I don't have any errors seen, while installation.
The version, that I installed, was the download from the website.
Then I restored from my backup, after that I updated SME10.
I added
Dehydrated
phpmyadmin
Thanks
Martin
-
Can you be a bit more specific please.
Did you test directly after the restore BEFORE you added contribs?
Exactly which contribs did you install and the commands did you use?
Have you any other repos installed?
-
No, I restored and added deydrated and myphpadmin, after that I checked the server-manager.
I installed both like in wiki suggested:
yum install --enablerepo=smecontribs smeserver-phpmyadmin
and
yum install smeserver-letsencrypt --enablerepo=smecontribs
-
OK, just to make sure, anything in
# ls -l /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
and just poking about, contents of
# ls -l /etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf
-
This is from my server:
[root@www Cal-neu]# ls -l /etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf
insgesamt 36
-rw-r--r--. 1 root root 667 2. Nov 2006 01localAccessString
-rw-r--r--. 1 root root 4022 19. Mär 04:33 20Manager
-rw-r--r--. 1 root root 250 19. Mär 04:33 20ManagerAuthTKT
-rw-r--r--. 1 root root 215 2. Nov 2006 85DefaultAccess
-rw-r--r--. 1 root root 212 2. Nov 2006 85ServerResourcesAccess
-rw-r--r--. 1 root root 349 2. Nov 2006 90e-smithAccess15brand
-rw-r--r--. 1 root root 1369 19. Mär 04:33 90e-smithAccess15common
-rw-r--r--. 1 root root 1536 19. Mär 04:33 90e-smithAccess20manager
-rw-r--r--. 1 root root 463 19. Mär 04:33 90e-smithAccess20password
[root@www Cal-neu]# ls -l /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
insgesamt 12
-rw-r--r-- 1 root root 117 22. Jän 2020 75AddTypePlist
-rw-r--r-- 1 root root 2130 5. Dez 2019 92nutupscmon
-rw-r--r-- 1 root root 124 9. Jän 2017 VirtualHosts40ACME
-
[quote author=waldviertler link=topic=54516.msg285645#msg285645 date=1624874881]
This is from my server:
[root@www Cal-neu]# ls -l /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
insgesamt 12
-rw-r--r-- 1 root root 117 22. Jän 2020 75AddTypePlist
-rw-r--r-- 1 root root 2130 5. Dez 2019 92nutupscmon
-rw-r--r-- 1 root root 124 9. Jän 2017 VirtualHosts40ACME
[/quote]
Delete all and give the httpd service a kick or reboot/reconfig
or better still, move all to a safe place and give the httpd service a kick or reboot/reconfig
-
See https://forums.contribs.org/index.php/topic,54433.0.html
Particularly item 2
-
I have tried #2 and #3 - but no avail.
Should I delete all files from 2006?
[root@www Cal-neu]# ls -l /etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf
insgesamt 36
-rw-r--r--. 1 root root 667 2. Nov 2006 01localAccessString
-rw-r--r--. 1 root root 215 2. Nov 2006 85DefaultAccess
-rw-r--r--. 1 root root 212 2. Nov 2006 85ServerResourcesAccess
-rw-r--r--. 1 root root 349 2. Nov 2006 90e-smithAccess15brand
-
No, was just ensuring they were there..
Just the removal of the custom template ones is sufficent..
Did you attempt to restart httpd?
Or do a reconfig and reboot?
-
What is result of
# systemctl status httpd-e-smith.service
-
I have done a restart of httpd, but no reconfig and reboot.
I'll try these next.
This is the result of
systemctl status httpd-e-smith.service
[root@www ~]# systemctl status httpd-e-smith.service
● httpd-e-smith.service - httpd-e-smith The Koozali SME Server Apache HTTP Service
Loaded: loaded (/usr/lib/systemd/system/httpd-e-smith.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-06-28 14:10:34 CEST; 12s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 26798 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Process: 26828 ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare (code=exited, status=0/SUCCESS)
Process: 26824 ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf (code=exited, status=0/SUCCESS)
Process: 26818 ExecStartPre=/sbin/e-smith/service-status httpd-e-smith (code=exited, status=0/SUCCESS)
Main PID: 26833 (/usr/sbin/httpd)
Status: "Total requests: 26; Current requests/sec: 2.89; Current traffic: 28KB/sec"
Memory: 18.3M
CGroup: /system.slice/httpd-e-smith.service
├─26833 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
├─26834 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
├─26835 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
├─26836 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
├─26837 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
├─26838 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
├─26839 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
├─26840 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
├─26841 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
├─26842 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
├─26843 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
├─26844 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
├─26845 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
├─26846 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
├─26847 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
├─26848 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
├─26849 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
└─26850 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
Jun 28 14:10:33 www.pdorf.at systemd[1]: Starting httpd-e-smith The Koozali SME Server Apache HTTP Service...
Jun 28 14:10:34 www.pdorf.at systemd[1]: Started httpd-e-smith The Koozali SME Server Apache HTTP Service.
[root@www ~]#
In the meantime I have done:
signal-event post-upgrade
signal-event rebootBut also no avail.
-
stumped, reached my limit..need one of the samrt guys to chime in here
-
This is from my server:
[root@www Cal-neu]# ls -l /etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf
insgesamt 36
-rw-r--r--. 1 root root 667 2. Nov 2006 01localAccessString
-rw-r--r--. 1 root root 4022 19. Mär 04:33 20Manager
-rw-r--r--. 1 root root 250 19. Mär 04:33 20ManagerAuthTKT
-rw-r--r--. 1 root root 215 2. Nov 2006 85DefaultAccess
-rw-r--r--. 1 root root 212 2. Nov 2006 85ServerResourcesAccess
-rw-r--r--. 1 root root 349 2. Nov 2006 90e-smithAccess15brand
-rw-r--r--. 1 root root 1369 19. Mär 04:33 90e-smithAccess15common
-rw-r--r--. 1 root root 1536 19. Mär 04:33 90e-smithAccess20manager
-rw-r--r--. 1 root root 463 19. Mär 04:33 90e-smithAccess20password
[root@www Cal-neu]# ls -l /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
insgesamt 12
-rw-r--r-- 1 root root 117 22. Jän 2020 75AddTypePlist
-rw-r--r-- 1 root root 2130 5. Dez 2019 92nutupscmon
-rw-r--r-- 1 root root 124 9. Jän 2017 VirtualHosts40ACME
you are not systematic here and are just looking at random place.
not being systematic increases risk or adding more problems and not seeing where is the original problem
on httpd-admin you check templates and on httpd-e-smith you check the templates-custom.
please just paste the result of
/sbin/e-smith/audittools/templates
and
systemctl status -l httpd-admin
also by unable to login with admin password, I start to understand there you are not even able to get the login page while you can access the ibays ?
-
please report
rpm -q pwauth
should be pwauth-2.3.10-10.el7.sme.x86_64 or else you got into trouble there.
also how did you install SME 10 ? from 10.0 final iso? from previous iso? from a centos box using sme2centos?
is it fully updated with yum update ?
is there any extra repo configured ? what gives:
/sbin/e-smith/audittools/repositories
-
Thank you for your time.
/sbin/e-smith/audittools/templates
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40DenyRiffRaff: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/sudoers/30nut: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/sudoers/10sudoers: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/ups/upssched.conf/01CONFIG: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/ups/upsmon.conf/NOTIFYCMD: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/dar/DailyBackup.dcf/41go-into: MANUALLY_ADDED, ADDITION
systemctl status -l httpd-admin :
● httpd-admin.service - httpd-admin The Koozali SME Server Server-Manager web service
Loaded: loaded (/usr/lib/systemd/system/httpd-admin.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-06-28 14:32:49 CEST; 6h ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 7769 (httpd)
Status: "Total requests: 11; Current requests/sec: 0; Current traffic: 0 B/sec"
Memory: 1.7M
CGroup: /system.slice/httpd-admin.service
├─ 7769 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND
├─ 7809 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND
├─10204 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND
└─10218 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND
Jun 28 14:32:48 www.pdorf.at systemd[1]: Starting httpd-admin The Koozali SME Server Server-Manager web service...
Jun 28 14:32:49 www.pdorf.at systemd[1]: Started httpd-admin The Koozali SME Server Server-Manager web service.
[root@www ~]#
I can get the login page, and I can also access the ibays.
(https://www.perchtoldsdorf.com/images/koozali.jpg)
-
please provide content of the following command while trying to login
tail -f /var/log/httpd/admin_error_log
-
again, need to stick with my small area of activity, testing
-
This is the content of
tail -f /var/log/httpd/admin_error_log while trying to login:
[Mon Jun 28 22:38:26.439424 2021] [cgi:error] [pid 7809] [client 127.0.0.1:47002] AH01215: Can't exec "/usr/bin/pwauth": Permission denied at /etc/e-smith/web/common/cgi-bin/login line 56., referer: https://192.168.1.254/server-common/cgi-bin/login?redirect=1&back=https%3A%2F%2F192.168.1.254%2Fserver-manager
[Mon Jun 28 22:38:26.440051 2021] [cgi:error] [pid 7809] [client 127.0.0.1:47002] AH01215: Could not open pipe to pwauth: Permission denied at /etc/e-smith/web/common/cgi-bin/login line 58., referer: https://192.168.1.254/server-common/cgi-bin/login?redirect=1&back=https%3A%2F%2F192.168.1.254%2Fserver-manager
-
rpm -q pwauth:
pwauth-2.3.10-10.el7.sme.x86_64
I installed SME10 with "smeserver-10.0-x86_64.iso" that I downloaded from: http://mirror.pialasse.com/releases/10/iso/x86_64/
I burned the iso on a DVD and installed it in text mode.
I have all available updates installed.
/sbin/e-smith/audittools/repositories gives:
base: enabled
centosplus: disabled
epel: disabled
extras: disabled
fasttrack: disabled
fws: disabled
remi-safe: enabled
smeaddons: enabled
smecontribs: disabled
smedev: disabled
smeextras: enabled
smeos: enabled
smetest: disabled
smeupdates: enabled
smeupdates-testing: disabled
stephdl: disabled
testing: disabled
updates: enabled
-
I chownd
/usr/bin/pwauth
from root apache to root www - and now I can login to the server-manager!
Thank you for your time!
-
but we will never know why... checked on 2 fresh install and pwauth is with correct permission.
how did you restore ?
-
After installing SME10 it asked if I wanted to restore....
But now after
signal-event post-upgrade
signal-event reboot
chown is back to root apache.
How can I change this to root www permanently?
-
please give the result of
ll /usr/bin/pwauth
rpm -q pwauth
rpm -V pwauth
then do
rpm —setugids pwauth
rpm —setperms pwauth
-
[root@www ~]# ll /usr/bin/pwauth
-rwsr-x---. 1 root apache 11272 12. Apr 2016 /usr/bin/pwauth
[root@www ~]#
[root@www ~]# rpm -q pwauth
pwauth-2.3.10-10.el7.sme.x86_64
[root@www ~]# rpm -V pwauth
SM5....T. /etc/pam.d/pwauth
And after that I have done:
rpm -setugids pwauth
rpm -setperms pwauth
-
Still the same thing.
Have to change from root apache to root www -> then I have access.
-
there is an issue in your install. www and apache should be the same user
chown root:www is not the solution even if you got access back. you will have a lot more hidden issues
grep apache /etc/passwd
grep www /etc/passwd
-
[root@www ~]# grep apache /etc/passwd
apache:x:102:102:Apache:/var/www:/sbin/nologin[root@www ~]# grep www /etc/passwd
apache:x:102:102:Apache:/var/www:/sbin/nologin
www:x:102:102:SME Server web server:/home/e-smith:/bin/false
-
grep apache /etc/group
-
grep apache /etc/group
apache:x:102:
-
ok,
first thing I managed to split the two topics correctly, so we will be at ease now to focus on your issue : pwauth
this one should give the full picture:
grep 102 /etc/passwd /etc/group
-
Thanks!
grep 102 /etc/passwd /etc/group
/etc/passwd:apache:x:102:102:Apache:/var/www:/sbin/nologin
/etc/passwd:www:x:102:102:SME Server web server:/home/e-smith:/bin/false
/etc/group:apache:x:102:
-
- you are missing a group, or www group has an incorrect gid
- expected order in passwd is reversed
# grep 102 /etc/passwd /etc/shadow /etc/group
/etc/passwd:www:x:102:102:SME Server web server:/home/e-smith:/bin/false
/etc/passwd:apache:x:102:102:Apache:/var/www:/sbin/nologin
/etc/group:www:x:102:admin
/etc/group:apache:x:102:
first thing first :
grep www /etc/group
-
grep www /etc/group
(I changed here the real user names to user1 and so on, and the real ibay names to ibay1 and so on.)
shared:x:500:admin,ibay1,user1,user2,user3,user4,user5,ibay2,ibay3,ibay4,user6,user7,ibay5,public,user8,ibay6,ibay7,user8,sysinfo,user9,uucp,ibay8,user10,www
www:x:104:admin
test:x:5009:admin,user1,user2,user3,user4,www
faxmaster:x:5016:admin,user1,user2,www
-
ok quite unexpected.
www gid is defined upon installation of base rpm and is set to 102.
are you able to check files from your backup you restored to see what in the /etc/group for www?
also check if this command (which can take a while to run depending on the amount of data you have)
find / -group 104
the fix will be to restore the correct gid to www group but first need to see if any files have been incorrectly set. this could maybe help find the issue and discover if we only need a temp fix for you or need to implement something.
please send the list to security at koozali dot org.
also this command could help see the process of restore if you used console restore
grep ^www -r /var/cache/e-smith/restore/etc/
-
I mailed the list.
I have problems with major updates since SME7...
I will check the /etc/group in backup as soon as possible -
grep ^www -r /var/cache/e-smith/restore/etc/
/var/cache/e-smith/restore/etc/passwd.1624659034:www:x:102:102:SME Server web server:/home/e-smith:/bin/false
/var/cache/e-smith/restore/etc/shadow.1624659034:www:!!:18803:0:99999:7:::
/var/cache/e-smith/restore/etc/group.1624659034:www:x:102:admin
/var/cache/e-smith/restore/etc/gshadow.1624659034:www:!::admin
-
this last grep tell me you were correct before migration. this is a copy of the migration process.
the fix
groupmod -g 102 www
a last check, you do not want to do the next step if 104 is also in use for something else than www so
grep :104: /etc/group
then to fix existing files, i saw in your sent file
find / -group 104 -not -path "/proc*" -exec chgrp -h www {} \;
just to be safe i would restart httpd-e-smith first and try to acces horde webmail. then do a post-upgrade reboot
-
This is the result from check:
grep :104: /etc/group
www:x:104:admin
Is it save to apply the fix?
-
This is the result from check:
grep :104: /etc/group
www:x:104:admin
Is it save to apply the fix?
seems to be.
but always good to have backups ;)
-
I have done a backup.
groupmod -g 102 www
gives
groupmod: GID »102« existiert bereits.
while "existiert bereits" means "exists already".
Is that ok?
-
I have done this:
[root@www ~]# groupmod -g 102 www
groupmod: GID »102« existiert bereits.
[root@www ~]# find / -group 104 -not -path "/proc*" -exec chgrp -h www {} \;
[root@www]# expand-template /etc/httpd/conf/httpd.conf
[root@www]# httpd -t
Syntax OK
[root@www]# systemctl restart httpd-e-smith.service
signal-event post-upgrade
signal-event reboot
When I try to access horde webmail - I got this error in the browser:
A fatal error has occurred
Cannot write to cache directory /var/lib/php/horde/tmp
Details have been logged for the administrator.
-
ok then what gives now
grep ^www /etc/group
ll -d /var/lib/php/horde/tmp
-
ok forgot the -o option
groupmod -o -g 102 www
-
Fine! It works! (Manager and Horde) Thank you!!!!
I have done:
groupmod -o -g 102 www
find / -group 104 -not -path "/proc*" -exec chgrp -h www {} \;
expand-template /etc/httpd/conf/httpd.conf
httpd -tgot:
Syntax OK
systemctl restart httpd-e-smith.service
signal-event post-upgrade
signal-event reboot