Submitted by michal@trustica.cz on Tue, 01/10/2012 - 09:37
Hello,
please consider this forum topic as a bug
https://www.virtualmin.com/node/20660
I need to solve it quite quickly.
Thank you
Status:
Active
Hello,
please consider this forum topic as a bug
https://www.virtualmin.com/node/20660
I need to solve it quite quickly.
Thank you
Comments
Submitted by JamieCameron on Tue, 01/10/2012 - 12:12 Comment #1
Are you creating this user from the command line?
If so, make sure you quote the value of the
--encpass
parameter if it contains special characters like$
.Submitted by michal@trustica.cz on Tue, 01/10/2012 - 12:40 Comment #2
Hello,
sure it contains $, as I wrote to the forum post.
I addedd debug print $encpass to line 96 of create-user.pl.
When I don't escape $s (only put the password to "..."), it takes only half of the hash.
When I escape $s, (\$), printed hash looks good, but it still does not work.
Try it:
virtualmin create-user --domain domain.tld --user user --encpass \$1\$d4307605\$wL5l4z1.5bus0YvEUzKZL0
Unencrypted password is UQe7AnELA7aGEQA6
Then i test
telnet localhost 110 user user@domain.tld pass UQe7AnELA7aGEQA6
Michal
Submitted by michal@trustica.cz on Tue, 01/10/2012 - 12:43 Comment #3
virtualmin create-user --domain easyczech.com --user info --encpass '$1$d4307605$wL5l4z1.5bus0YvEUzKZL0'
does the same
Submitted by JamieCameron on Tue, 01/10/2012 - 13:32 Comment #4
Can you check if the user's entry in the
/etc/shadow
file is getting the same encrypted password as you are specifying on the command line?Submitted by michal@trustica.cz on Tue, 01/10/2012 - 14:04 Comment #5
Passwords are stored in LDAP.
dn: uid=user-domain.tld,dc=Users,dc=provider,dc=net cn: user-domain.tld uid: user-domain.tld uidNumber: 1646 loginShell: /dev/null homeDirectory: /home/domain/homes/user gidNumber: 1237 userPassword:: e3NzaGF9JDEkMzl0anJuejEkdzIwbnB0emtic3J0My52NmVlMWU4MQ== objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: person sn: user-domain.tld structuralObjectClass: inetOrgPerson entryUUID: 259ac554-d007-1030-97ef-6dd64d4db36d creatorsName: cn=manager,dc=provider,dc=net createTimestamp: 20120110184627Z entryCSN: 20120110184627.135994Z#000000#000#000000 modifiersName: cn=manager,dc=provider,dc=net modifyTimestamp: 20120110184627Z
dn: mailLocalAddress=user@domain.tld,dc=Virtual,dc=provider,dc=net objectClass: inetLocalMailRecipient mailLocalAddress: user@domain.tld mailRoutingAddress: user-domain.tld structuralObjectClass: inetLocalMailRecipient entryUUID: 259bc918-d007-1030-97f0-6dd64d4db36d creatorsName: cn=admin,dc=provider,dc=net createTimestamp: 20120110184627Z entryCSN: 20120110184627.142647Z#000000#000#000000 modifiersName: cn=admin,dc=provider,dc=net modifyTimestamp: 20120110184627Z
In this case, the hash is '$1$39tjrnz1$w20nptzkbsrt3.v6ee1e81', the plaintext password is the same.
Submitted by JamieCameron on Tue, 01/10/2012 - 14:57 Comment #6
Ok, the use of LDAP is probably the issue here - try prefixing your encrypted password with
{md5}
, as this is the format used in the LDAP database.Submitted by michal@trustica.cz on Tue, 01/10/2012 - 17:12 Comment #7
no way
vm1:~# virtualmin create-user --domain domain.tld --user user --encpass '{md5}$1$39tjrnz1$w20nptzkbsrt3.v6ee1e81'
does not work
Submitted by JamieCameron on Tue, 01/10/2012 - 22:08 Comment #8
What is being put into ldap when you use the {md5} prefix?
Submitted by michal@trustica.cz on Wed, 01/11/2012 - 02:47 Comment #9
'{md5}$1$d4307605$wL5l4z1.5bus0YvEUzKZL0'
userPassword:: e21kNX0kMSRkNDMwNzYwNSR3TDVsNHoxLjVidXMwWXZFVXpLWkww
Submitted by michal@trustica.cz on Wed, 01/11/2012 - 04:39 Comment #10
even {smd5} not working
Submitted by michal@trustica.cz on Wed, 01/11/2012 - 05:25 Comment #11
ok, {crypt} worked. My pain in the head is removed.
Submitted by JamieCameron on Wed, 01/11/2012 - 12:51 Comment #12
That is really odd .. so when you use the {crypt} prefix, what gets stored in the userPassword: field?
It almost seems like the LDAP server is modifying the value Virtualmin inserts.
Submitted by michal@trustica.cz on Wed, 01/11/2012 - 16:55 Comment #13
userPassword:: e2NyeXB0fSQxJGQ0MzA3NjA1JHdMNWw0ejEuNWJ1czBZdkVVektaTDA=
Submitted by JamieCameron on Wed, 01/11/2012 - 23:04 Comment #14
What program are you using the display the contents of your LDAP database?
Submitted by michal@trustica.cz on Thu, 01/12/2012 - 00:23 Comment #15
slapcat
Submitted by JamieCameron on Thu, 01/12/2012 - 16:36 Comment #16
If you use Webmin's LDAP Client module to browser the server, does it show the password in the same format?
Submitted by michal@trustica.cz on Fri, 01/13/2012 - 05:44 Comment #17
no, this one base64-d's it.
userPassword : {crypt}$1$d4307605$wL5l4z1.5bus0YvEUzKZL0
Submitted by JamieCameron on Fri, 01/13/2012 - 11:43 Comment #18
That looks a little better. Although it seems you are using the {crypt} prefix even though the password is in md5 hash format.