virtualmin admin pass reset

Hello,

I was trying to configure the password reset option, but may be this does not work with hasshed passwords?

option2: tried to get a reset email: that came through.. Email has been sent to your recovery address rohit@interstellarconsulting.com containing a link that must be clicked on to reset your password.

Modifying administration user .. .. done

Updating Webmin user .. .. done

Password recovery failed : Your virtual server password for login interadmin cannot be recovered as it has not been stored by Virtualmin. Please contact your system administrator to reset the password. but the it did not work with the above message.

with option1: send the original pass to email.. that also gave the above message..

Can someone clarify--

Status: 
Closed (fixed)

Comments

Howdy -- yeah unfortunately that is correct, that module doesn't currently work with hashed passwords.

It may be possible at some point to add in a feature for generating a random password when hashed passwords are in use... however, that would take a bit of time to code properly (ie, it's not going to be this month :-)

Category: Support request » Feature request

I hope you agree, i have saved this as a feature request for you guys to track.

BTW, i have tried to change the password method to NOT hashed password and then resetted one of the domain admin passwords .. it still gives me that message that the virtualmin does not know of the password.. any ideas?

I would have thought that changing the password, after changing the password method, would have been what you needed to do.

I'll look into that a bit, though Jamie may also have some thoughts on the matter.

Yeah, you would need to perform a regular password change after changing the hashing method for recovery to be possible.

I have tried this twice now, and can seem to get it to work..

I'm having trouble re-producing this bug - can you check which version of the password recovery plugin you have installed? It should be shown on the Features and Plugins page.

ok Jamie, seems like we have definitely some issue. i tried to check the version in the plugins sections and i could not fine this. Then i went to the software package section and actually uninstalled it. while doing so it showed version 1.5. i then went to virtualmin packages and there there was an update. webmin-virtualmin-password-recovery
I then installed it and it showed version 1.6, now the weird part is that the, it is still now showing the features and plugins section, (webmin service was restarted) and ofcourse i tested it and it is still not able to send me the password..

That's odd - it sounds like you didn't have the plugin installed at all at first!

We do have a few small fixes that were made since 1.6 that might be relevant. I can email you the next (unreleased) version to try out ... just me know which Linux distro / package format you are using.

i am on ubuntu 14.04 x64 with default package system.

Ok, I can email you an updated .deb file. What's your email address?

Thanks - I have emailed you an updated module package

Hi Jamie, i have installed this version.. but it does not show up in the plugins / features section. i then tested this out but, but it still fails with an errors saying that virtualmin does have the password and that to contact the administrator.. what might be going wrong..

That's odd, the exact same code works fine on my test system.

Are you trying it on a domain user with a hashed password?

the server was configured for hashed password.. after i wanted to test this.. i changed the server to use normal password.. and then reset the password of this virtualmin admin user which i was trying to test.. and i have done this again.. and it does not work.. gives me the same error..
"Password recovery failed : Your virtual server password for login interadmin cannot be recovered as it has not been stored by Virtualmin. Please contact your system administrator to reset the password."

there could be 2 things wrong: the plugin is not properly installed, how can i ensure this is done? i have tried to reinstalled.. but not able to get it to show in the plugins section..
2nd: there could be a problem with the hash password and it being not able to switch to a flat file option..

let me know what course of action we should be taking ahead.

Can you try running the following command (via SSH as root) to get the domain ID :

virtualmin list-domains --user interadmin --toplevel --id-only

then run :

grep pass= /etc/webmin/virtual-server/domains/$ID

where $ID is the ID from the first command. That will show if Virtualmin has a saved password for the domain.

root@server1:~# grep pass= /etc/webmin/virtual-server/domains/14640197722435 stats_pass=/home/interadmin/.stats-htpasswd awstats_pass=/home/interadmin/.awstats-htpasswd enc_pass=$6$71502866$.JknFk7Io/Fw4KpUqD0D5vrrLeo.ZsLKsi2i06hC9R.p.C9kLSB5Cc3j/9tudbyGlHvpeiMG3TpoQjPO8zAOw. crypt_enc_pass=ndvXLD1CESldk hashpass=1 proxy_pass= md5_enc_pass=$1$71502866$QbTNuWzrC.RdtgWMztKzy/ digest_enc_pass=d0d73854e584b461ee38129664e1ed03 mysql_pass=1ZE8j6YovbfdVZOT backup_encpass=

looks like it not saved inside of virtualmin

Looks like the domain still has hashed passwords enabled. How did you turn that off exactly?

re-run install wizard, where it asks for for hashed password or normal.. changed it to normal.. i get a feeling that not the place :)

I'm sending you another updated .deb file that should support password recovery properly, even when hashed passwords are in use.

the latest .deb file worked :) great .. i will implement this.. this would be useful to avoid tickets on this issue. Thanks once again. leave it to you to close this thread, i guess the next update of virtualmin will include this patch.

Cool - we will release a new version of the plugin shortly.

Status: Active » Fixed