Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: John Willby on June 22, 2003, 01:16:46 AM
-
Hi
I have a wierd problem. My server has been happily running for months now and all of a sudden it has decided it is not going to accept the root password anymore.
I can log in as admin and get the admin panel up.
I can even log in via the server manager panel but it won't accept my root password.
I really don't want to reload the system and have to set up from scratch.
Am I totally and utterly stuffed?
A simple yes or no answer will do as I don't think anybody would thank me if people started mailing in how to hack the root!
John
-
If you can log in via the server manager then just change the system password from here - the server manager should force the admin & root passwords back into sync (as you know they use the same password).
HTH
-
Hi
Tried that it changed the pasword for the server manager but I still get log in failed for root.
Dunno what has gone wrong with it!
Is there anyway I could go through a re-install type process (upgrade option?) with the installation disk that will not reformat the disk and I won't have to reinstall spam assassin and user panel and all the other custom stuff I have installed like ntop etc and allow me to reset the root password and hopefully correct what ever the problem is?
John
-
Yeah, an upgrade procedure may fix it and will install over the top of whats there. As long as the stuff you installed has followed the template rules everything should be preserved.
Is worth a shot!
-
Hi
Well it worked - but only when I upgraded to version 6 beta 2.
So its off to the devel list now for me I guess.
BTW I had no problems with the upgrade it went sweet and all now working according to plan.
Seems Ok so far as well.
John
-
John Willby wrote:
> I have a wierd problem. My server has been happily running
> for months now and all of a sudden it has decided it is not
> going to accept the root password anymore.
...
> A simple yes or no answer will do as I don't think anybody
> would thank me if people started mailing in how to hack the
> root!
My suspicion is that someone has already worked out how to do that on your system. Have you kept your system updated?
JTR
-
Jacko wrote:
>
> John Willby wrote:
>
> > I have a wierd problem. My server has been happily running
> > for months now and all of a sudden it has decided it is not
> > going to accept the root password anymore.
> ...
> > A simple yes or no answer will do as I don't think anybody
> > would thank me if people started mailing in how to hack the
> > root!
>
> My suspicion is that someone has already worked out how to do
> that on your system. Have you kept your system updated?
>
> JTR
Well, if you know how to hack the root acount, please post it. You cannot have real security through obscurity.
Marc
-
No, if you know how to hack root on a stock SME box, mail smesecurity@mitel.com and tell them, so they can fix it.
-
John Willby wrote:
>
> Hi
>
> I have a wierd problem. My server has been happily running
> for months now and all of a sudden it has decided it is not
> going to accept the root password anymore.
You can only log in as root from one of the consoles, not from
the manager.
> I can log in as admin and get the admin panel up.
Which is normal.
> I can even log in via the server manager panel but it won't
> accept my root password.
The server-manager has never accepted "root" as the user. You
must log in as "admin".
The admin/root passwords are kept in
sync (by design) when you change the "admin" password from
the manager.
> I really don't want to reload the system and have to set up
> from scratch.
>
> Am I totally and utterly stuffed?
>
> A simple yes or no answer will do as I don't think anybody
> would thank me if people started mailing in how to hack the
> root!
You haven't provided any evidence that anything is broken.
If you do discover a potential security issue, it should be sent to smesecurity@mitel.com, and only there.
Gordon
-
Marc wrote:
> [....]
> Well, if you know how to hack the root acount, please post
> it. You cannot have real security through obscurity.
Please address any security concerns to smesecurity@mitel.com, and only there.
Posting security issues in public forums before contacting the vendor for comment and allowing them a reasonable time to reply is irresponsible and harmful.
We also do not believe in "security through obscurity". We do, however believe that the vendor should have the opportunity to address security issues before potentially putting large numbers of systems at risk.
That said, there is no evidence that there is anything wrong in this instance.
Gordon
-
Hi
Nobody had hacked root on my system.
As far as I can tell a file had become corrupted that checked the root password against what was stored on the system so when you tried to log in as root at the console any password legitimate or otherwise was rejected.
I manged to get it fixed and so as far as I am concerned this thread is dead.
Gordon is quite right that any questions concerns in this area should be passed on to Mitel security and NOT discussed in an open forum.
John