NAS542 ADMIn login phenomen
frameworker
Posts: 23 
Freshman Member
Freshman Member
Hi all,
after running a few days or hours (not exactly prooved) the web interface reject any login to the ADMIN account with "account name wrong". To check whether this is right, I've tried to login via ssh.
And it works. So the password is correct.
The workaround is to reboot the whole box via ssh/reboot after login to admin and su -.
I'm working with the most current available firmware. It doesn't matter whether the login happens via firefox, opera or safari or if I using alternative hardware *win 10 box with edge for example.
I think it's a bug. I have tried to restart httpd on the box, but this seems not to make the effort.
Anz ideas or help?
#NAS_Dec_2018
#NAS_Dec_2018
0
All Replies
-
Even if you reset the device, then problem is still exist?
0 -
The webinterface login is managed by samba, while the ssh login is handled by /bin/login.Samba uses /etc/samba/smbpasswd, while /bin/login uses /etc/shadow.So the question is: is /etc/samba/smbpasswd changed/damaged when webinterface login no longer works?
0 -
Looks like this:
<div>BusyBox v1.19.4 (2018-05-22 01:24:01 CST) built-in shell (ash)<br>Enter 'help' for a list of built-in commands.<br><br>~ # cd /etc/samba/<br>/etc/samba # ls -l<br>-rw------- 1 root root 430080 Nov 22 14:59 secrets.tdb<br>-rwxr-xr-x 1 root root 3389 Nov 22 14:59 smb.conf<br>-rwxr-xr-x 1 root root 3167 Nov 22 14:59 smb.conf.bak<br>-rw------- 1 root root 967 Nov 22 14:59 smbpasswd<br>-rwxr-xr-x 1 1011 1000 211 May 21 2018 smbpasswd.default<br>/etc/samba # ps -ef|grep samba<br>ps: invalid option -- 'e'<br>BusyBox v1.19.4 (2018-05-22 01:24:01 CST) multi-call binary.<br><br>Usage: ps <br><br>/etc/samba # ps |grep smbd<br> 2969 root 26020 S N /usr/sbin/smbd -D<br> 2972 root 26028 S N /usr/sbin/smbd -D<br>22871 root 28888 S N /usr/sbin/smbd -D<br>26314 root 29156 S N /usr/sbin/smbd -D<br>26808 root 2652 S grep smbd<br>/etc/samba # <br>/etc/samba # uptime<br> 16:38:14 up 20 days, 1:38, load average: 2.04, 1.55, 1.28<br>/etc/samba # <br><br></div>
I guess smbpasswd was changed the last time I was rebooting the device. ==> Uptime 20 daysSo what should I do?Restarting smbd via /etc/init.d/samba.sh restart doesn't help. Login failed.The /var/log/samba/smbd.log looks like this:<div><br></div><div>2018/12/12 15:53:49.874824, 0] ../source3/printing/print_standard.c:68(std_pcap_cache_reload)<br> Unable to open printcap file /etc/printcap for read!<br>[2018/12/12 16:06:51.127661, 0] ../source3/printing/print_standard.c:68(std_pcap_cache_reload)<br> Unable to open printcap file /etc/printcap for read!<br>[2018/12/12 16:19:52.410574, 0] ../source3/printing/print_standard.c:68(std_pcap_cache_reload)<br> Unable to open printcap file /etc/printcap for read!<br>[2018/12/12 16:32:53.660603, 0] ../source3/printing/print_standard.c:68(std_pcap_cache_reload)<br> Unable to open printcap file /etc/printcap for read!<br>[2018/12/12 16:43:15.785678, 0] ../lib/util/pidfile.c:153(pidfile_unlink)<br> Failed to delete pidfile /var/run/smbd.pid. Error was No such file or directory<br>[2018/12/12 16:43:18, 0] ../source3/smbd/server.c:1205(main)<br> smbd version 4.1.7 started.<br> Copyright Andrew Tridgell and the Samba Team 1992-2013<br>[2018/12/12 16:43:18.531197, 0] ../source3/printing/print_standard.c:68(std_pcap_cache_reload)<br> Unable to open printcap file /etc/printcap for read!<br>[2018/12/12 16:44:18.620703, 0] ../source3/printing/print_standard.c:68(std_pcap_cache_reload)<br> Unable to open printcap file /etc/printcap for read!<br></div><div></div>
0 -
I guess smbpasswd was changed the last time I was rebooting the device. ==> Uptime 20 days
Yes, that makes sense. The whole /etc directory is on a ramdrive, and on boot the password hashes are restored from some database in flash. So it's not a filesystem action which corrupted smbpasswd.
So what should I do?Don't know. My knowledge on this matter is not bigger than the last time you asked. https://homeforum.zyxel.com/discussion/comment/2400#Comment_2400
Program a weekly reboot, as work-around?
0 -
Are you sure that samba comes into play when trying to logon?I've added
log level = 3 passdb:5 auth:5
to the global section of /etc/samba/smb.conf. After restarting smbd I see nothing. Expecting a lot of data between httpd and possible the samba daemon, but it seems the login process will not use samba?
0 -
I seems samba is only be used when making connections to volumes. I've checked this now.Then I looked into httdp.conf and found a module calledLoadModule auth_zyxel_module /usr/local/apache/modules/mod_auth_zyxel.so
0 -
it seems the login process will not use samba?
Possibly. Don't know how the internals work, it uses smbpasswd. Have a look at /etc/pam.conf, which shows that all services except ssh (and telnet, but I don't think it supports pam), use at least /lib/security/pam_smbpass.so
0
Master Member
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 238 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
