Webmin login not working anymore

I had activated 2 factor authentication with google authenticator a week ago and login was working fine. Today I noticed that when i tried to login with root password, it asked me the token in next page instead of on the same page under the password. I entered the token and it consistently is failing saying, " Warning! Login failed. Please try again."

What is it and how can I fix it?

Status: 
Closed (fixed)
Virtualmin version: 
6.12
Webmin version: 
1.955

Comments

Ilia's picture
Submitted by Ilia on Tue, 10/27/2020 - 04:18

Hi,

This problem is caused by not-properly restarted Webmin. If you're running Webmin 1.960, first try restarting Webmin manually using Webmin > Webmin Configuration page (if you have other active login). Does it work?

If it doesn't, then try the way which will certainly work:

/etc/webmin/restart

We would be very interested to know if restart from UI worked on Webmin 1.960.

If you upgraded the theme outside of Webmin, ignoring incompatibility notice, you may have login issues still and would need to install theme 19.61 only with Webmin 1.960.

Thanks. I restarted the webmin from SSH root login with systemctl restart webmin command. Post restart also same issue. I think issue is with 2FA and not with root password because first I get user/passwod which works fine and new page loads with just asking token. I enter the token and it fails.

I have not changed any skins etc.. I don't even know how to do so. But I remember some package updates happened on both live and test servers. May be on either of them I run yum install update and on another one I might have clicked on update packages from Webmin page. Can't remember which one I did from SSH and which one from Webmin page.

On test server I don't have login issue. But then on test server I get one page with 3 text boxes (User, Password and Token). Login works well. For some reason on Live server I get one page with 2 text boxes (User, Password) and when I enter that I get another page asking for Token. Not sure if this behaviour is something to do with theme change as I never changed theme on webmin other than the default one.

Appreciate your comment on how to resolve this.

I tried to find if I had run yum update command from SSH and found that I had run that command in live server and not on test server. So this update might have done something causing the split of user/password and the token entries. Still login should work but on live server login is not working.

Live:

history |grep "yum update"|head -n 1

934 yum update

Test:

history |grep "yum update"|head -n 1

823 history |grep "yum update"|head -n 1

Thought to share this so you get better idea of what might have caused this issue. (One lesson for me going forward is not to run Yum Update manually through SSH but rather run Webmin package update scripts via Webmin page.

Because I couldn't login to webmin I have wrongly provided Webmin version as 1.955. In fact when I checked miniserv.conf file I found that webmin version is 1.960 in live. See below.

LIVE: server=MiniServ/1.960

Test Server: server=MiniServ/1.955

This might be due to package updates done through yum update command in live compared to package update through webmin.

I have also learned that I can just remove twofactor_provider = totp line from config file and remote totp from users file to be able to login to Webmin, but I really don't want to mess things up than what it is already. It would be good to find root cause and fix it properly.

Appreciate your help with it.

Ilia's picture
Submitted by Ilia on Thu, 10/29/2020 - 08:11

Okay, I found a bug which shows itself with passwords containing + and % and other chars that must be escaped. It will be fixed in the next Webmin 1.961 release.

You can fix it by manually applying this patch.

Thanks for the information.

I added following line below to /usr/libexec/usermin/miniserv.pl as per the link you had provided,

$querystring .= "&failed_pass=".&urlize($failed_pass);

And restarted the webmin with systemctl restart webmin

I tried login again but this didn't make any difference. Still I am getting error of "Warning! Login failed. Please try again."

Did I miss anything? Do I need to restart entire server to make it working?

By the way I checked the password and see that it has % in it but it doesn't have + in it.

Just to confirm that I removed % from the password and I could now login to webmin without any issue.

Before we close the ticket, can you kindly advise if I should remove that line I added to miniserv.pl file?

Ilia's picture
Submitted by Ilia on Sat, 10/31/2020 - 02:53

Does the PID before and after restart changes?

What command did you use to restart Webmin.

Try:

/etc/webmin/restart

Ok so you mean I should keep that setting, right?

I restarted webmin with systemctl restart webmin command earlier. I now also restarted webmin with the command you gave. Not sure if pid changed in each case. I'll restart tomorrow when get chance. But my problem is solved for now because i am able to login now.

Thanks again. Appreciate the insights.

TheDave_'s picture
Submitted by TheDave_ on Sat, 11/07/2020 - 18:48

Thanks for the patch! I was pulling my hair out over this.