1 Topic by andypoms (edited by andypoms 2015-08-25 03:46:47)

  • andypoms
  • Member
  • Offline
  • Registered: 2015-08-25
  • Posts: 5

Topic: New Install - Can't Access cluebringer & awstats

======== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: Debian GNU/Linux 7.8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====

Over the last few days I've done several installs of iRedMail using a virtual machine (so I can roll back to before the install) and have not been able to access Policyd (cluebringer) & Awstats using the web interfaces.  They both keep throwing a 401 Authorization Required error.  Each time I've rebuilt the server I've used different passwords of varying complexity (see list below).

  • all lower case letters

  • lower case letters & numbers

  • upper & lower case letters and numbers

  • upper & lower case letters, numbers, and symbols (exclamation point)

I've also had issues connecting to the SQL Server remotely (after doing a GRANT ALL ON *.* TO 'root'@<IP ADDRESS> IDENTIFIED BY '<rootpassword>';).  I'm still looking into this one myself...

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by andypoms (edited by andypoms 2015-08-25 04:41:19)

  • andypoms
  • Member
  • Offline
  • Registered: 2015-08-25
  • Posts: 5

Re: New Install - Can't Access cluebringer & awstats

SQL Issue Update
=====================

If I change the "bind-address" from 127.0.0.1 to the actual IP address ALL webservices (RoundCube, SOGo, iRedAdmin, ClueBringer, Awstats) will fail with either a DB error or a 500 Internal Server Error.

As noted in /etc/default/iptables...

# MySQL service.
# Note: Please make sure MySQL service is not binding to localhost with
#       'bind-address=127.0.0.1'.
-A INPUT -p tcp --dport 3306 -j ACCEPT

NOTE: Error remains the same whether "skip-external-locking" is commented out or not.

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: New Install - Can't Access cluebringer & awstats

Please reset your admin password to salted MD5, then you should be able to login to Cluebringer & Awstats.

4 Reply by andypoms

  • andypoms
  • Member
  • Offline
  • Registered: 2015-08-25
  • Posts: 5

Re: New Install - Can't Access cluebringer & awstats

As per the documentation on http://www.iredmail.org/docs/password.hashes.html running the following results in an error - "ERROR 1046 (3D000): No database selected".

UPDATE mailbox SET password='{CRYPT}MyNewPassword' WHERE username='postmaster@domain.internal';

Adding the database to the string, results in the password not being accepted on the webinterface (both as "MyNewPassword" and "{CRYPT}MyNewPassword".

UPDATE vmail.mailbox SET password='{CRYPT}MyNewPassword' WHERE username='postmaster@domain.internal';

Good thing I took a snapshot of the server before I made this change....

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: New Install - Can't Access cluebringer & awstats

Did you try this tutorial?
http://www.iredmail.org/docs/reset.user.password.html

6 Reply by andypoms

  • andypoms
  • Member
  • Offline
  • Registered: 2015-08-25
  • Posts: 5

Re: New Install - Can't Access cluebringer & awstats

That tutorial is a good starting point, but I it doesn't give specifics of creating a "Salted MD5" as you requested.

I was able to find more details about dovecot & the different encryption schemes at http://wiki2.dovecot.org/Tools/Doveadm/Pw

See attached screenshot.  This is a virtual machine inside a private network (so I'm ok with using '123456' as a test password.

I also tried a plain text password & that didn't work either.

sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='user@domain.ltd';

I still have access to Roundcube, but no access to Cluebringer & Awstats.

Post's attachments

SaltedMD5pw.png
SaltedMD5pw.png 37.13 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: New Install - Can't Access cluebringer & awstats

I updated the tutorial, it now mentions how to generate MD5. please take a look:
http://www.iredmail.org/docs/reset.user.password.html

8 Reply by andypoms (edited by andypoms 2015-08-28 21:54:04)

  • andypoms
  • Member
  • Offline
  • Registered: 2015-08-25
  • Posts: 5

Re: New Install - Can't Access cluebringer & awstats

Good news/Bad news.

That worked - I now have access to Cluebringer & Awstats, BUT I lost access to SOGo...

Also, if I reset the password using iRedAdmin, I get access back to SOGo, but lose it to Cluebringer & Awstats.

=================
UPDATE: Found that awstats was not updating properly because it was reading the wrong log file - had to update awstats.conf & awstats.web.conf files to point to the correct (SSL) log file.
Change 

LogFile="/var/log/apache2/access.log"

to 

LogFile="/var/log/apache2/ssl_access.log"

9 Reply by dittman

  • dittman
  • Member
  • Offline
  • Registered: 2015-08-15
  • Posts: 55

Re: New Install - Can't Access cluebringer & awstats

I'm having this same issue.

If I understand what I've been able to gather reading different posts, it sounds like using nginx instead of Apache is the way to avoid having to manually set the password to access awstats and cluebringer.  Is that correct?

10 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: New Install - Can't Access cluebringer & awstats

@andypoms, make sure you're using a salted MD5 hash without '{MD5}'. And SOGo doesn't work with salted MD5 hash without '{CRYPT}' prefix.

@dittman: Nginx doesn't have SQL/LDAP authentication module, so you can setup basic http authentication for Awstats/Cluebringer with Nginx at all.

11 Reply by vinte

  • vinte
  • Member
  • Offline
  • Registered: 2015-10-08
  • Posts: 1

Re: New Install - Can't Access cluebringer & awstats

I got the same. Is it a bug?
Could you tell me why i have to reset user password with a new clean install iRedMail ?
Thank a mil.

12 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: New Install - Can't Access cluebringer & awstats

vinte wrote:

Could you tell me why i have to reset user password with a new clean install iRedMail ?

iRedMail stores {SSHA512} password hash by default, but Apache doesn't support it. so you have to reset password the the one supported by Apache, and MD5 is one of them.