Root password has been changed
Root password has been changed
Hi everyone,
I have a problem.
Since a couple of weeks someone changed our root password, but this person is not working at our place anymore.
It's not documented so we are kinda searching for option.
I already cloned it and tried to reset with the "single" method, and changing the password.
But sadly enough, not everything is working after that password reset.
Can you please help me out to change the root password without having the issues.
I have access to another user, but this one is not a superuser/root.
Kind regards.
I have a problem.
Since a couple of weeks someone changed our root password, but this person is not working at our place anymore.
It's not documented so we are kinda searching for option.
I already cloned it and tried to reset with the "single" method, and changing the password.
But sadly enough, not everything is working after that password reset.
Can you please help me out to change the root password without having the issues.
I have access to another user, but this one is not a superuser/root.
Kind regards.
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Root password has been changed
Changing root should have no effect on the functioning of the appliance.
What specific issue(s) are you having?
What specific issue(s) are you having?
Re: Root password has been changed
Have you checked the network settings of the E.F.A?
Cloning a vm may cause issues with networking on a Linux OS. The cloned vm may have a different MAC address and the linux config files will not have updated to mirror this.
Cloning a vm may cause issues with networking on a Linux OS. The cloned vm may have a different MAC address and the linux config files will not have updated to mirror this.
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Root password has been changed
Good point, yes, cloning may wreck havoc on the interaface in udev.
Re: Root password has been changed
I have not cloned it anymore.shawniverson wrote:Good point, yes, cloning may wreck havoc on the interaface in udev.
Just made a Snapshot and changed it after the snapshot was completed.
Everything is working, except for the Mailwatch page. Webmin and all the other applications are working as far as i can see.
Any ideas on fixing this?
Re: Root password has been changed
Well changing the password will probably not be the issue, the root password is only used for 'root' and for webmin
The normal 'user' username and password are used for everything else.
When you say Mailwatch is not working what do you mean exactly, the page is not loading or you just can't login?
The normal 'user' username and password are used for everything else.
When you say Mailwatch is not working what do you mean exactly, the page is not loading or you just can't login?
Version eFa 4.x now available!
Re: Root password has been changed
Webmin is functioning. But when i go to mx01.server.com it does not load anything.darky83 wrote:Well changing the password will probably not be the issue, the root password is only used for 'root' and for webmin
The normal 'user' username and password are used for everything else.
When you say Mailwatch is not working what do you mean exactly, the page is not loading or you just can't login?
One more thing i just found out, webmin mailscanner module is saying "MailScanner has not been configured correctly. You must use the module configuration to set it before this module will work."
When i press save it does nothing, it just jumps back to this message
It is scanning mail etc, this is working fine.
Thanks for helping so far!
Re: Root password has been changed
That is weird, by default we don't have the mailscanner plugin in webmin (as webmin causes issues with efa settings) so something is changed.
If the webpage is not loading the apache might not be started or the local firewall is misconfigured, is it possible to provide some info?
I created a little script that will provide me with some debug info:
first login with SSH to the box and than choose option 1 to get to the command line then run:
It will ask for your normal user password and that will be it, it will send some info to info@efa-project.org
maybe I can find the cause of your problem there
If the webpage is not loading the apache might not be started or the local firewall is misconfigured, is it possible to provide some info?
I created a little script that will provide me with some debug info:
first login with SSH to the box and than choose option 1 to get to the command line then run:
Code: Select all
wget http://dl.efa-project.org/debug/send-debug-report.sh
chmod 700 send-debug-report.sh
sudo ./send-debug-report.sh
maybe I can find the cause of your problem there
Version eFa 4.x now available!
Re: Root password has been changed
Please check the log.darky83 wrote:That is weird, by default we don't have the mailscanner plugin in webmin (as webmin causes issues with efa settings) so something is changed.
If the webpage is not loading the apache might not be started or the local firewall is misconfigured, is it possible to provide some info?
I created a little script that will provide me with some debug info:
first login with SSH to the box and than choose option 1 to get to the command line then run:
It will ask for your normal user password and that will be it, it will send some info to info@efa-project.orgCode: Select all
wget http://dl.efa-project.org/debug/send-debug-report.sh chmod 700 send-debug-report.sh sudo ./send-debug-report.sh
maybe I can find the cause of your problem there
"All done, please notify on the forums that the report is send"
Please note: This server has not been set-up by myself. This person is not working for us anymore.
Re: Root password has been changed
Received it,
The first issue I see is that the IP settings have been manually changed (without using EFA-Config)
You have an public IP set on eth1 but all config items in EFA-Config point to an private IP on eth0 (172.16.x.x range)
So something is broken after the cloning, seems that your NIC ID has changed so the systems configuration is wrong.
Can you plan some downtime for this system? (as in do you have an backup MX setup?) first thing I would do is try to reconfigure the IP settings using EFA-Config from the vmware console (do not try it using SSH in your case).
If that won't work the most easy way in my opinion is to just start over as I can't say if there are any other manual changes made to the system which may cause all kind of issues.
The first issue I see is that the IP settings have been manually changed (without using EFA-Config)
You have an public IP set on eth1 but all config items in EFA-Config point to an private IP on eth0 (172.16.x.x range)
So something is broken after the cloning, seems that your NIC ID has changed so the systems configuration is wrong.
Can you plan some downtime for this system? (as in do you have an backup MX setup?) first thing I would do is try to reconfigure the IP settings using EFA-Config from the vmware console (do not try it using SSH in your case).
If that won't work the most easy way in my opinion is to just start over as I can't say if there are any other manual changes made to the system which may cause all kind of issues.
Version eFa 4.x now available!
Re: Root password has been changed
Thank you for your reply.darky83 wrote:Received it,
The first issue I see is that the IP settings have been manually changed (without using EFA-Config)
You have an public IP set on eth1 but all config items in EFA-Config point to an private IP on eth0 (172.16.x.x range)
So something is broken after the cloning, seems that your NIC ID has changed so the systems configuration is wrong.
Can you plan some downtime for this system? (as in do you have an backup MX setup?) first thing I would do is try to reconfigure the IP settings using EFA-Config from the vmware console (do not try it using SSH in your case).
If that won't work the most easy way in my opinion is to just start over as I can't say if there are any other manual changes made to the system which may cause all kind of issues.
I will try to gather some downtime, since i have installed a backup mx server last week which i (stress)tested yesterday.
If this wont help, i will reinstall the whole thing.
Weirdest part is, the mailscanner page is not functioning anymore after i changed the root password.
Re: Root password has been changed
Probably due to something else that has been manually modified on the system.
Mailwatch uses the SQL password from EFA-Config and this is completely different from the root password, there should not be any link between these two, so my best guess is that modifications are made in the mailwatch config and mysql so that these are linked but that is just a best guess.
Reinstall and move over the user data from the old to the new setup would be your best option I guess, as you don't know what your former admin has changed on the system you might even run into different issues with updates in the future, so to prevent that starting over with an clean system might be your best choice.
Everything is fixable but sometimes just reinstall is the fastest and easiest choice.
Mailwatch uses the SQL password from EFA-Config and this is completely different from the root password, there should not be any link between these two, so my best guess is that modifications are made in the mailwatch config and mysql so that these are linked but that is just a best guess.
Reinstall and move over the user data from the old to the new setup would be your best option I guess, as you don't know what your former admin has changed on the system you might even run into different issues with updates in the future, so to prevent that starting over with an clean system might be your best choice.
Everything is fixable but sometimes just reinstall is the fastest and easiest choice.
Version eFa 4.x now available!
Re: Root password has been changed
Thanks for your opinion.darky83 wrote:Probably due to something else that has been manually modified on the system.
Mailwatch uses the SQL password from EFA-Config and this is completely different from the root password, there should not be any link between these two, so my best guess is that modifications are made in the mailwatch config and mysql so that these are linked but that is just a best guess.
Reinstall and move over the user data from the old to the new setup would be your best option I guess, as you don't know what your former admin has changed on the system you might even run into different issues with updates in the future, so to prevent that starting over with an clean system might be your best choice.
Everything is fixable but sometimes just reinstall is the fastest and easiest choice.
I will reinstall it like you said, this will be a fresh start without any future trouble.
Do you have any guide for the "old to new" data transfer?
Re: Root password has been changed
Not really an guide but I created an small script once when I had to move to an different host.
Note that there is no error checking or whatsoever also note to make sure you have enough disk space available on your root disk, I used this once for a small system so there was hardly any data, if you have more disk usage in /var than you have available in on your root filesystem ( / ) then change the script to backup and restore from something other than /root/migrate-efa (or create a symlink from /root/migrate-efa to some other larger drive (like /var/migrate-efa)
first create an new VM and run the EFA initial configuration make sure everything is the same except for the IP (you can change it later using EFA-Config), just make sure the hostname and domain name are the same as your current/previous system.
Then on your old system run the following script:
backup.sh
This will backup all essential databases and mail queues and place it in /root/migrate-efa.tar.gz
then copy this file over to the new host and make sure it is on the new host as /root/migrate-efa.tar.gz
Turn of your old machine and don't turn it on again! (if you do you need to start over as items have changed)..
On the new host:
as root on the new host login as root and make sure the file you just uploaded is in /root/migrate-efa.tar.gz
then run the following script import.sh:
Reboot your system and you should be ready to go, test if things work and if they do use EFA-Config to change the IP from the new machine to the IP the previous machine had and you have migrated the data...
Note that there is no error checking or whatsoever also note to make sure you have enough disk space available on your root disk, I used this once for a small system so there was hardly any data, if you have more disk usage in /var than you have available in on your root filesystem ( / ) then change the script to backup and restore from something other than /root/migrate-efa (or create a symlink from /root/migrate-efa to some other larger drive (like /var/migrate-efa)
first create an new VM and run the EFA initial configuration make sure everything is the same except for the IP (you can change it later using EFA-Config), just make sure the hostname and domain name are the same as your current/previous system.
Then on your old system run the following script:
backup.sh
Code: Select all
#!/bin/bash
/etc/init.d/saslauthd stop
/etc/init.d/MailScanner stop
/etc/init.d/sqlgrey stop
/etc/init.d/webmin stop
/etc/init.d/httpd stop
MYSQLROOTPWD="`grep MYSQLROOTPWD /etc/EFA-Config | sed 's/.*://'`"
mkdir /root/migrate-efa
mysqldump --user=root --password=$MYSQLROOTPWD --add-drop-table --events efa > /root/migrate-efa/efa.dump
mysqldump --user=root --password=$MYSQLROOTPWD --add-drop-table --events mailscanner > /root/migrate-efa/mailscanner.dump
mysqldump --user=root --password=$MYSQLROOTPWD --add-drop-table --events sqlgrey > /root/migrate-efa/sqlgrey.dump
mysqldump --user=root --password=$MYSQLROOTPWD --add-drop-table --events sa_bayes > /root/migrate-efa/sa_bayes.dump
cp /etc/postfix/transport /root/migrate-efa/transport
tar -cvzf /root/migrate-efa/quarantine.tar.gz /var/spool/MailScanner/quarantine/
tar -cvzf /root/migrate-efa.tar.gz /root/migrate-efa
This will backup all essential databases and mail queues and place it in /root/migrate-efa.tar.gz
then copy this file over to the new host and make sure it is on the new host as /root/migrate-efa.tar.gz
Turn of your old machine and don't turn it on again! (if you do you need to start over as items have changed)..
On the new host:
as root on the new host login as root and make sure the file you just uploaded is in /root/migrate-efa.tar.gz
then run the following script import.sh:
Code: Select all
#!/bin/sh
MYSQLROOTPWD="`grep MYSQLROOTPWD /etc/EFA-Config | sed 's/.*://'`"
/etc/init.d/saslauthd stop
/etc/init.d/MailScanner stop
/etc/init.d/sqlgrey stop
/etc/init.d/webmin stop
/etc/init.d/httpd stop
backupold="/root/migrate-efa-backup-old"
mkdir $backupold
mysqldump --user=root --password=$MYSQLROOTPWD --add-drop-table --events efa > $backupold/efa.dump
mysqldump --user=root --password=$MYSQLROOTPWD --add-drop-table --events mailscanner > $backupold/mailscanner.dump
mysqldump --user=root --password=$MYSQLROOTPWD --add-drop-table --events sqlgrey > $backupold/sqlgrey.dump
mysqldump --user=root --password=$MYSQLROOTPWD --add-drop-table --events sa_bayes > $backupold/sa_bayes.dump
cp /etc/postfix/transport $backupold/transport
tar -cvzf $backupold/quarantine.tar.gz /var/spool/MailScanner/quarantine/
#################
cd /root
tar -xvzf /root/migrate-efa.tar.gz
BASE=/root/root/migrate-efa
mysql --user=root --password=$MYSQLROOTPWD efa < $BASE/efa.dump
mysql --user=root --password=$MYSQLROOTPWD mailscanner < $BASE/mailscanner.dump
mysql --user=root --password=$MYSQLROOTPWD sqlgrey < $BASE/sqlgrey.dump
mysql --user=root --password=$MYSQLROOTPWD sa_bayes < $BASE/sa_bayes.dump
rm -f /etc/postfix/transport
cp -f $BASE/transport /etc/postfix/transport
postmap /etc/postfix/transport
cd /
tar -xvzf $BASE/quarantine.tar.gz
/etc/init.d/saslauthd start
/etc/init.d/MailScanner start
/etc/init.d/sqlgrey start
/etc/init.d/webmin start
/etc/init.d/httpd start
Version eFa 4.x now available!
Re: Root password has been changed
I reinstalled the machine, and it's working better then before. Did not import the old config, as i want it to be as clean as possible.darky83 wrote:Not really an guide but I created an small script once when I had to move to an different host.
...
Whitelist will grow in time, but it's functional.
Thanks for all the help!