Koozali.org: home of the SME Server
Contribs.org Forums => Koozali SME Server 10.x Contribs => Topic started by: Updator-Uganda on November 30, 2021, 01:46:38 PM
-
Hello everyone here,Thanks for the wonderful work, i have a challenge with fresh installation of sme server 10 which succcessfully installed and running well, however i-bay admin password is the same as root/admin password of the server, how can i change or modify only i-bay password as it was the case with sme 9.2.
Kind Regards
Updator
-
The admin password is the same wherever it is required. There is only one admin (and one root)
So which what is the name of the ibay and the settings?
db accounts show my-i-bay
-
my guess is you feat bruteforce against admin password on the ibay since now all the users can log to an ibay with their own pass not only with the dedicated ibay password.
now https is enforced.
you know that the same bruteforce could be done against smtp?
just add fail2ban to stop bruteforce.
-
The admin password is the same wherever it is required. There is only one admin (and one root)
So which what is the name of the ibay and the settings?
db accounts show my-i-bay
the command does't return any i-bay information
see attachment for i-bays i created
-
my guess is you feat bruteforce against admin password on the ibay since now all the users can log to an ibay with their own pass not only with the dedicated ibay password.
now https is enforced.
you know that the same bruteforce could be done against smtp?
just add fail2ban to stop bruteforce.
I have installed fail2ban, thanks for this direction, but the i-bays aren't responding to password i have changed to....
the username is the i-bay name, right?
-
You are setting the password for the i-bay for when you share it as a web share.
That is NOT the same as accessing it via a network file browser where you use the username and password.
If the i-bay is password protected then use the i-bay name as the user and i-bay password from your browser.
Do not use the user password.
https://wiki.koozali.org/SME_Server:Documentation:Administration_Manual:Chapter14
the command doesn't return any i-bay information
It will if you use a terminal. It will not work in a web browser.
https://wiki.koozali.org/SME_Server:Documentation:Administration_Manual:Chapter6#Accessing_the_Linux_Root_Prompt
https://wiki.koozali.org/SSH_Public-Private_Keys
db accounts show Primary
Primary=ibay
CgiBin=enabled
Group=shared
Modifiable=no
Name=Primary i-bay
PasswordSet=no
Passwordable=no
PublicAccess=global
Removable=no
UserAccess=wr-admin-rd-group
-
You are setting the password for the i-bay for when you share it as a web share.
That is NOT the same as accessing it via a network file browser where you use the username and password.
If the i-bay is password protected then use the i-bay name as the user and i-bay password from your browser.
Do not use the user password.
https://wiki.koozali.org/SME_Server:Documentation:Administration_Manual:Chapter14
the command doesn't return any i-bay information
It will if you use a terminal. It will not work in a web browser.
https://wiki.koozali.org/SME_Server:Documentation:Administration_Manual:Chapter6#Accessing_the_Linux_Root_Prompt
https://wiki.koozali.org/SSH_Public-Private_Keys
db accounts show Primary
Primary=ibay
CgiBin=enabled
Group=shared
Modifiable=no
Name=Primary i-bay
PasswordSet=no
Passwordable=no
PublicAccess=global
Removable=no
UserAccess=wr-admin-rd-group
i try accessing it using network file browser,thanks for this clarification,,i will try again and see the outcome
-
PublicAccess=global
means acces over the internet without any password.
John
since sme 10 internet with password means :
- https with username and its password of the group owning the ibay
OR
- https with ibay name and its dedicated password. (legacy behaviour)
-
since sme 10 internet with password means :
- https with username and its password of the group owning the ibay
OR
- https with ibay name and its dedicated password. (legacy behaviour)
Oooohhh I missed that!
Thanks.
-
my guess is you feat bruteforce against admin password on the ibay since now all the users can log to an ibay with their own pass not only with the dedicated ibay password.
now https is enforced.
you know that the same bruteforce could be done against smtp?
just add fail2ban to stop bruteforce.
it has continued using the admin/root password for i-bays.
i have created another user and assigned it to a group and access the i-bays via that user. this the temporal solution i have done.
Thanks
-
you know the old behaviour ibayname / its own ibay password still works. so no reason to create an user for that.
-
you know the old behaviour ibayname / its own ibay password still works. so no reason to create an user for that.
Yeah Indeed, will keep trying
Thanks @Jean