1 (edited by bolinches 2020-06-02 14:43:01)

Topic: iRedAdmin-Pro always fails with msg=INVALID_CREDENTIALS [FIXED]

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):  1.2.1
- Deployed with iRedMail Easy or the downloadable installer? No
- Linux/BSD distribution name and version: FreeBSD 12.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi

I admit I have done more changes I would like to do in one go but as I shown that FreeBSD 11.x was out of the list of supported I upgraded to FreeBSD 12.1 and rebuild every single port in the system.

I did upgrade to 1.2.1 (from 1.0 I missed few alerts it seems) and IRedAdminPro was already on 4.3


Sending and receiving email via daemons and roundcube is working perfectly, no issues there (that I can tell)

My only issue left is I simple cannot login with postmaster (or any other account) to ireadmin (iRedAdminPro 4.3), which is annoying and will become problematic rather soon when spam piles up and maybe some false positives get deleted.

I did reinstall 4.3, linked to 4.2 and few other versions I get always the same credential invalid message.

I look into the iredadmin SQL DB and seems rather thin, settings talbe is empty but seems ot be empty on the backups before I got this issue, I find it worth to mention anyway.

on nginx I see

33970#100149: *303 connect() to 127.0.0.1:7791 failed (61: Connection refused) while connecting to upstream, client: xx.xx.xx.xx, server: _, request: "GET /iredadmin/login?msg=INVALID_CREDENTIALS HTTP/1.1", upstream: "uwsgi://127.0.0.1:7791", host: "xxxxxxxxx", referrer: "https://xxxxxxxxxx/iredadmin/login"

7791 is listening
iredadmin uwsgi-2.7 64886 6  tcp4   127.0.0.1:7791        *:*
iredadmin uwsgi-2.7 62629 6  tcp4   127.0.0.1:7791        *:*
iredadmin uwsgi-2.7 59881 6  tcp4   127.0.0.1:7791        *:*
iredadmin uwsgi-2.7 58478 6  tcp4   127.0.0.1:7791        *:*
iredadmin uwsgi-2.7 55948 6  tcp4   127.0.0.1:7791        *:*
iredadmin uwsgi-2.7 8383  6  tcp4   127.0.0.1:7791        *:*



Ah, forgot to mention that credentials are fine and I can use the same to login to roundcube

Any hints are really welcome. Thanks in advanceand thanks for a great product.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iRedAdmin-Pro always fails with msg=INVALID_CREDENTIALS [FIXED]

"INVALID_CREDENTIALS" means incorrect login username (email) or password, or the login user doesn't have admin privilege. Please double check (with SQL command line tools).

3 (edited by bolinches 2020-05-28 13:26:47)

Re: iRedAdmin-Pro always fails with msg=INVALID_CREDENTIALS [FIXED]

Hi

I am loginf wiht postmaster (trying)

+-------------------------+---------+---------------+
| username                | isadmin | isglobaladmin |
+-------------------------+---------+---------------+
| postmaster@XXXXXX |       1 |             1 |
+-------------------------+---------+---------------+
1 row in set (0.00 sec)


+-------------------------+--------+---------------------+---------------------+---------------------+--------+
| username                | domain | created             | modified            | expired             | active |
+-------------------------+--------+---------------------+---------------------+---------------------+--------+
| postmaster@XXXXX | ALL    | 2017-09-23 06:02:50 | 1970-01-01 01:01:01 | 9999-12-31 00:00:00 |      1 |
+-------------------------+--------+---------------------+---------------------+---------------------+--------+


The credentials should be right as I can log in with those to the webmail for postmaster.

Any other path to look?

4

Re: iRedAdmin-Pro always fails with msg=INVALID_CREDENTIALS [FIXED]

I just tried to promote a normal user to global admin (which I am 100% sure the password is OK as is my normal mail user) and I get the same invalid credentials.

I promoted my account with:

MariaDB [vmail]> UPDATE mailbox SET isadmin=1, isglobaladmin=1 WHERE username='myemail@mydomain';
Query OK, 1 row affected (0.02 sec)
Rows matched: 1  Changed: 1  Warnings: 0

MariaDB [vmail]>  INSERT INTO domain_admins (username, domain) VALUES ('myemail@mydomain', 'ALL');
Query OK, 1 row affected (0.01 sec)

5 (edited by bolinches 2020-05-28 13:38:55)

Re: iRedAdmin-Pro always fails with msg=INVALID_CREDENTIALS [FIXED]

I also tried to reset postmaster password with https://docs.iredmail.org/reset.user.pa … mmand-line

and I get the same invalid credeniails message when trying to log on iredadminpro (while I can log in with the new password on the webmail of postmaster)

6

Re: iRedAdmin-Pro always fails with msg=INVALID_CREDENTIALS [FIXED]

Which password scheme do you use for postmaster@ user? SSHA512, BCRYPT?

7 (edited by bolinches 2020-05-30 18:08:08)

Re: iRedAdmin-Pro always fails with msg=INVALID_CREDENTIALS [FIXED]

Hi

It was originally CRYPT, I set it to BLF-CRYPT on the change I mentioned here. I roll it back to CRYPT, no difference. I will try SSH512 ....

8 (edited by bolinches 2020-05-30 18:12:09)

Re: iRedAdmin-Pro always fails with msg=INVALID_CREDENTIALS [FIXED]

Well .... SHA512 went through!

I really do not understand the reason here to be honest. web mail I could log in with CRYPT, BLF-CRYPT and SHA512 but iredmail only SHA512 .... originally it was CRYPT .... I am a bit lost but works!

Thanks a lot

9

Re: iRedAdmin-Pro always fails with msg=INVALID_CREDENTIALS [FIXED]

I hope you enjoy the coffee wink

Thanks a ton

10

Re: iRedAdmin-Pro always fails with msg=INVALID_CREDENTIALS [FIXED]

What’s the prefixed password scheme name in your password bash?

11

Re: iRedAdmin-Pro always fails with msg=INVALID_CREDENTIALS [FIXED]

Hi

My root password is using SHA512 (or SHA256 as hash starts with '$6$'). However having in mind that SHA512 is the default password hash since FreeBSD 9.1 I say is SHA512. But there is no postmaster OS user in my system

My /etc/login.conf uses the default SHA512

        :passwd_format=sha512:\

I am quite sure this was not changed from 11.3 to 12.1 (as mentioned since 9.1 SHA512 is the default). And postmaster was working on 11.3 as CRYPT

I find this issue rather weird, but I am happy is mitigated.

12

Re: iRedAdmin-Pro always fails with msg=INVALID_CREDENTIALS [FIXED]

I think it's CRYPT-SHA512, not SHA512. It's different. Upcoming iRedAdmin-Pro will support CRYPT-SHA512 (with 'doveadm pw' command).
As a temporary solution, you can use "BCRYPT" or "SSHA512" instead.

13

Re: iRedAdmin-Pro always fails with msg=INVALID_CREDENTIALS [FIXED]

Thanks I moved to SHA512 and all fixed I will stay there for some time ... and I learned something with this. Thanks a lot.

14

Re: iRedAdmin-Pro always fails with msg=INVALID_CREDENTIALS [FIXED]

You may want to check this tutorial, but i guess you already did smile
https://docs.iredmail.org/password.hashes.html

15

Re: iRedAdmin-Pro always fails with msg=INVALID_CREDENTIALS [FIXED]

Yes I did. it was before the 1.2.1 to BCRYPT and it stop working ..but now SHA512 it i sOK. It does not bother me too muhc and I might try to go back to other hash later or just never again smile Either way it is working really nice and after too many changes on one go for my taste it is back to full operation (FreeBSD upgrade, 1.0 to 1.2.1)