(SOLVED) WebUI doesn't ask for password after manual root password change

death.hilarious

By death.hilarious
in General Support

Recommended Posts

death.hilarious Rookie

death.hilarious

Posted
Posted (edited)

unRAID v.6.3.5

 

I tried changing the unRAID root password using the WebUI, but something went wrong and the session crashed after submitting the password. When I reloaded the WebUI I couldn't log in using the old or new password.

 

Since I still had SSH access, I tried to manually change the root password using the following commands:

  

passwd
cp /etc/passwd /etc/shadow /boot/config/
reboot

 

After rebooting, the WebUI now no longer prompts for a password. I've confirmed on multiple browsers on multiple devices, so it's not a cookie issue.

 

How can I restore the login prompt for the WebUI??

 

Any help would be appreciated!

 

Edited by death.hilarious
Edited for clarity
Link to comment
death.hilarious Rookie

death.hilarious

Posted
  • Author
Posted
38 minutes ago, itimpi said:

If any of the clients is a Windows system have you tried using Windows Credentials Manager and clearing any stored credentials for the unRAID server.?  It is quite normal to not get prompted if you have valid stored credentials.

 

It's definitely not a stored credentials issue. I tested on multiple systems that I've never used to access the unRAID server (including my phone, a freshly formatted linux laptop, and windows desktop). My browsers always run in severe sandboxes that auto clear when I close the browser (so it would be fascinating if there was sandbox escape); but it's pretty clear there is just no authentication going on for web access.

 

Link to comment
death.hilarious Rookie

death.hilarious

Posted
  • Author
Posted (edited)
6 hours ago, bonienl said:

This really sounds like there is no password set. What happens if you set (again) the password through the GUI?

 

When I try to set the password through the WebGUI one of two things happen:

 

1. after clicking submit the webgui becomes completely unresponsive (connection refused error), and won't work until I reboot the server through SSH; OR

 

2. seems to work without a problem and I see this in the log: 

Oct 15 09:15:22 unRAID emhttp: shcmd (226): chpasswd <<< 'root':*****
Oct 15 09:15:22 unRAID emhttp: shcmd (227): smbpasswd -L -s -a 'root' <<< *****$'\n'*****
Oct 15 09:15:22 unRAID emhttp: shcmd (228): cp /etc/passwd /etc/shadow /var/lib/samba/private/smbpasswd /boot/config

 

BUT even if I "successfully" change the root password through the GUI the no login prompt problem persists. 

 

I thought maybe the flash drive was getting corrupted (during the password change attempts that result in a crash) and being changed to read-only, so I removed the flash drive and did a chkdsk on it and there were no errors.

Edited by death.hilarious
Link to comment
bonienl Veteran

bonienl

Posted
Posted

Is the content of the passwd and shadow files on your flash device correct?

 

passwd (without user passwords) 

root:x:0:0:administrator:/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
adm:x:3:4:adm:/var/log:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/bin/false
mail:x:8:12:mail:/:/bin/false
news:x:9:13:news:/usr/lib/news:/bin/false
uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false
ftp:x:14:50::/home/ftp:/bin/false
smmsp:x:25:25:smmsp:/var/spool/clientmqueue:/bin/false
mysql:x:27:27:MySQL:/var/lib/mysql:/bin/false
rpc:x:32:32:RPC portmap user:/:/bin/false
sshd:x:33:33:sshd:/:/bin/false
ntp:x:44:44:User for NTP:/:/bin/false
oprofile:x:51:51:oprofile:/:/bin/false
usbmux:x:52:83:User for usbmux daemon:/var/empty:/bin/false
avahi:x:61:214:Avahi Daemon User:/dev/null:/bin/false
avahi-autoipd:x:62:62:Avahi AutoIP Daemon User:/dev/null:/bin/false
sddm:x:64:64:User for SDDM:/var/empty:/bin/false
pulse:x:65:65:User for PulseAudio:/var/run/pulse:/bin/false
apache:x:80:80:User for Apache:/srv/httpd:/bin/false
messagebus:x:81:81:User for D-BUS:/var/run/dbus:/bin/false
haldaemon:x:82:82:User for HAL:/var/run/hald:/bin/false
polkitd:x:87:87:PolicyKit daemon owner:/var/lib/polkit:/bin/false
pop:x:90:90:POP:/:/bin/false
nobody:x:99:100:nobody:/:/bin/false

shadow (without user passwords) 

root:$5$tbjOWWsMO//$bSwgSgSTYP3g/3ZGEMzVXdlEVW5MbkrCPdoPOdtAZmC:17322:0:99999:7:::
bin::14824:0:99999:7:::
daemon::14824:0:99999:7:::
adm::14824:0:99999:7:::
lp::14824:0:99999:7:::
mail::14824:0:99999:7:::
news::14824:0:99999:7:::
uucp::14824:0:99999:7:::
ftp::14824:0:99999:7:::
smmsp::14824:0:99999:7:::
mysql::14824:0:99999:7:::
rpc::14824:0:99999:7:::
sshd::14824:0:99999:7:::
oprofile::14824:0:99999:7:::
usbmux::14824:0:99999:7:::
sddm::14824:0:99999:7:::
pulse::14824:0:99999:7:::
avahi:!:14980:0:99999:7:::
avahi-autoipd:!:14980:0:99999:7:::
messagebus:!:14980:0:99999:7:::
pop::14824:0:99999:7:::
haldaemon::14824:0:99999:7:::
polkitd::14824:0:99999:7:::
nobody::14824:0:99999:7:::

 

  • Like 1
Link to comment
death.hilarious Rookie

death.hilarious

Posted
  • Author
Posted (edited)

That's interesting. 

 

On my end the /etc/passwd file has:

  

root:$5$Qc3qR/iwOba/$Xz11Q9/FYai01GaR3evP3Q0emXJ2cGD0eG/ONjbQjV5:0:0:Console and webGui login account:/root:/bin/bash

 

and my /etc/shadow has:

  

root:x:0:0:Console and webGui login account:/root:/bin/bash

 

Seems like it's reversed somehow, with the password hash in the passwd file and 'x' in the shadow. Can I just swap those lines without screwing anything up?

 

 

Edited by death.hilarious
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing