Submitted by masterg0g0 on Thu, 08/11/2016 - 07:06 Pro Licensee
Hello,
I was trying to configure the password reset option, but may be this does not work with hasshed passwords?
option2: tried to get a reset email: that came through.. Email has been sent to your recovery address rohit@interstellarconsulting.com containing a link that must be clicked on to reset your password.
Modifying administration user .. .. done
Updating Webmin user .. .. done
Password recovery failed : Your virtual server password for login interadmin cannot be recovered as it has not been stored by Virtualmin. Please contact your system administrator to reset the password. but the it did not work with the above message.
with option1: send the original pass to email.. that also gave the above message..
Can someone clarify--
Status:
Closed (fixed)
Comments
Submitted by andreychek on Thu, 08/11/2016 - 08:45 Comment #1
Howdy -- yeah unfortunately that is correct, that module doesn't currently work with hashed passwords.
It may be possible at some point to add in a feature for generating a random password when hashed passwords are in use... however, that would take a bit of time to code properly (ie, it's not going to be this month :-)
Submitted by masterg0g0 on Thu, 08/11/2016 - 08:56 Pro Licensee Comment #2
I hope you agree, i have saved this as a feature request for you guys to track.
Submitted by masterg0g0 on Thu, 08/11/2016 - 13:02 Pro Licensee Comment #3
BTW, i have tried to change the password method to NOT hashed password and then resetted one of the domain admin passwords .. it still gives me that message that the virtualmin does not know of the password.. any ideas?
Submitted by andreychek on Thu, 08/11/2016 - 14:00 Comment #4
I would have thought that changing the password, after changing the password method, would have been what you needed to do.
I'll look into that a bit, though Jamie may also have some thoughts on the matter.
Submitted by JamieCameron on Thu, 08/11/2016 - 22:49 Comment #5
Yeah, you would need to perform a regular password change after changing the hashing method for recovery to be possible.
Submitted by masterg0g0 on Fri, 08/12/2016 - 00:57 Pro Licensee Comment #6
I have tried this twice now, and can seem to get it to work..
Submitted by JamieCameron on Sat, 08/13/2016 - 18:48 Comment #7
I'm having trouble re-producing this bug - can you check which version of the password recovery plugin you have installed? It should be shown on the Features and Plugins page.
Submitted by masterg0g0 on Sun, 08/14/2016 - 01:39 Pro Licensee Comment #8
ok Jamie, seems like we have definitely some issue. i tried to check the version in the plugins sections and i could not fine this. Then i went to the software package section and actually uninstalled it. while doing so it showed version 1.5. i then went to virtualmin packages and there there was an update. webmin-virtualmin-password-recovery
I then installed it and it showed version 1.6, now the weird part is that the, it is still now showing the features and plugins section, (webmin service was restarted) and ofcourse i tested it and it is still not able to send me the password..
Submitted by JamieCameron on Sun, 08/14/2016 - 13:10 Comment #9
That's odd - it sounds like you didn't have the plugin installed at all at first!
We do have a few small fixes that were made since 1.6 that might be relevant. I can email you the next (unreleased) version to try out ... just me know which Linux distro / package format you are using.
Submitted by masterg0g0 on Sun, 08/14/2016 - 14:14 Pro Licensee Comment #10
i am on ubuntu 14.04 x64 with default package system.
Submitted by JamieCameron on Mon, 08/15/2016 - 20:50 Comment #11
Ok, I can email you an updated .deb file. What's your email address?
Submitted by masterg0g0 on Tue, 08/16/2016 - 00:33 Pro Licensee Comment #12
rohit@interstellarconsulting.com
Submitted by JamieCameron on Wed, 08/17/2016 - 00:55 Comment #13
Thanks - I have emailed you an updated module package
Submitted by masterg0g0 on Wed, 08/17/2016 - 07:08 Pro Licensee Comment #14
Hi Jamie, i have installed this version.. but it does not show up in the plugins / features section. i then tested this out but, but it still fails with an errors saying that virtualmin does have the password and that to contact the administrator.. what might be going wrong..
Submitted by JamieCameron on Thu, 08/18/2016 - 01:31 Comment #15
That's odd, the exact same code works fine on my test system.
Are you trying it on a domain user with a hashed password?
Submitted by masterg0g0 on Thu, 08/18/2016 - 02:02 Pro Licensee Comment #16
the server was configured for hashed password.. after i wanted to test this.. i changed the server to use normal password.. and then reset the password of this virtualmin admin user which i was trying to test.. and i have done this again.. and it does not work.. gives me the same error..
"Password recovery failed : Your virtual server password for login interadmin cannot be recovered as it has not been stored by Virtualmin. Please contact your system administrator to reset the password."
there could be 2 things wrong: the plugin is not properly installed, how can i ensure this is done? i have tried to reinstalled.. but not able to get it to show in the plugins section..
2nd: there could be a problem with the hash password and it being not able to switch to a flat file option..
let me know what course of action we should be taking ahead.
Submitted by JamieCameron on Fri, 08/19/2016 - 01:33 Comment #17
Can you try running the following command (via SSH as root) to get the domain ID :
virtualmin list-domains --user interadmin --toplevel --id-onlythen run :
grep pass= /etc/webmin/virtual-server/domains/$IDwhere $ID is the ID from the first command. That will show if Virtualmin has a saved password for the domain.
Submitted by masterg0g0 on Fri, 08/19/2016 - 01:42 Pro Licensee Comment #18
root@server1:~# grep pass= /etc/webmin/virtual-server/domains/14640197722435 stats_pass=/home/interadmin/.stats-htpasswd awstats_pass=/home/interadmin/.awstats-htpasswd enc_pass=$6$71502866$.JknFk7Io/Fw4KpUqD0D5vrrLeo.ZsLKsi2i06hC9R.p.C9kLSB5Cc3j/9tudbyGlHvpeiMG3TpoQjPO8zAOw. crypt_enc_pass=ndvXLD1CESldk hashpass=1 proxy_pass= md5_enc_pass=$1$71502866$QbTNuWzrC.RdtgWMztKzy/ digest_enc_pass=d0d73854e584b461ee38129664e1ed03 mysql_pass=1ZE8j6YovbfdVZOT backup_encpass=
looks like it not saved inside of virtualmin
Submitted by JamieCameron on Sat, 08/20/2016 - 00:44 Comment #19
Looks like the domain still has hashed passwords enabled. How did you turn that off exactly?
Submitted by masterg0g0 on Sat, 08/20/2016 - 00:58 Pro Licensee Comment #20
re-run install wizard, where it asks for for hashed password or normal.. changed it to normal.. i get a feeling that not the place :)
Submitted by JamieCameron on Sat, 08/20/2016 - 16:36 Comment #21
I'm sending you another updated .deb file that should support password recovery properly, even when hashed passwords are in use.
Submitted by masterg0g0 on Sun, 08/21/2016 - 00:53 Pro Licensee Comment #22
the latest .deb file worked :) great .. i will implement this.. this would be useful to avoid tickets on this issue. Thanks once again. leave it to you to close this thread, i guess the next update of virtualmin will include this patch.
Submitted by JamieCameron on Sun, 08/21/2016 - 22:52 Comment #23
Cool - we will release a new version of the plugin shortly.
Submitted by JamieCameron on Sun, 08/21/2016 - 22:52 Comment #24