Koozali.org: home of the SME Server

i-bay user password

i-bay user password
« on: November 30, 2021, 01:46:38 PM »
Hello everyone here,Thanks for the wonderful work, i have a challenge with fresh installation of sme server 10 which succcessfully installed and running well, however i-bay admin password is the same as root/admin password of the server, how can i change or modify only i-bay password as it was the case with sme 9.2.

Kind Regards
Updator

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: i-bay user password
« Reply #1 on: November 30, 2021, 05:24:48 PM »
The admin password is the same wherever it is required. There is only one admin (and one root)

So which what is the name of the ibay and the settings?

Code: [Select]
db accounts show my-i-bay
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: i-bay user password
« Reply #2 on: November 30, 2021, 07:07:17 PM »
my guess is you feat bruteforce against admin password on the ibay since now all the users can log to an ibay with their own pass not only with the dedicated ibay password.
now https is enforced. 

you know that the same bruteforce could be done against smtp?


just add fail2ban to stop bruteforce. 

Re: i-bay user password
« Reply #3 on: December 01, 2021, 06:17:43 PM »
The admin password is the same wherever it is required. There is only one admin (and one root)

So which what is the name of the ibay and the settings?

Code: [Select]
db accounts show my-i-bay

the command does't return any i-bay information
see attachment for i-bays i created

Re: i-bay user password
« Reply #4 on: December 01, 2021, 06:20:26 PM »
my guess is you feat bruteforce against admin password on the ibay since now all the users can log to an ibay with their own pass not only with the dedicated ibay password.
now https is enforced. 

you know that the same bruteforce could be done against smtp?


just add fail2ban to stop bruteforce.
I have installed fail2ban, thanks for this direction, but the i-bays aren't responding to password i have changed to....
the username is the i-bay name, right?

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: i-bay user password
« Reply #5 on: December 01, 2021, 06:50:40 PM »
You are setting the password for the i-bay for when you share it as a web share.

That is NOT the same as accessing it via a network file browser where you use the username and password.

If the i-bay is password protected then use the i-bay name as the user and i-bay password from your browser.

Do not use the user password.

https://wiki.koozali.org/SME_Server:Documentation:Administration_Manual:Chapter14


Code: [Select]
the command doesn't return any i-bay information
It will if you use a terminal. It will not work in a web browser.

https://wiki.koozali.org/SME_Server:Documentation:Administration_Manual:Chapter6#Accessing_the_Linux_Root_Prompt
https://wiki.koozali.org/SSH_Public-Private_Keys

Code: [Select]
db accounts show Primary

Code: [Select]
Primary=ibay
    CgiBin=enabled
    Group=shared
    Modifiable=no
    Name=Primary i-bay
    PasswordSet=no
    Passwordable=no
    PublicAccess=global
    Removable=no
    UserAccess=wr-admin-rd-group

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Re: i-bay user password
« Reply #6 on: December 01, 2021, 07:47:18 PM »
You are setting the password for the i-bay for when you share it as a web share.

That is NOT the same as accessing it via a network file browser where you use the username and password.

If the i-bay is password protected then use the i-bay name as the user and i-bay password from your browser.

Do not use the user password.

https://wiki.koozali.org/SME_Server:Documentation:Administration_Manual:Chapter14


Code: [Select]
the command doesn't return any i-bay information
It will if you use a terminal. It will not work in a web browser.

https://wiki.koozali.org/SME_Server:Documentation:Administration_Manual:Chapter6#Accessing_the_Linux_Root_Prompt
https://wiki.koozali.org/SSH_Public-Private_Keys

Code: [Select]
db accounts show Primary

Code: [Select]
Primary=ibay
    CgiBin=enabled
    Group=shared
    Modifiable=no
    Name=Primary i-bay
    PasswordSet=no
    Passwordable=no
    PublicAccess=global
    Removable=no
    UserAccess=wr-admin-rd-group

i try accessing it using network file browser,thanks for this clarification,,i will try again and see the outcome



Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: i-bay user password
« Reply #7 on: December 02, 2021, 01:43:02 AM »
PublicAccess=global

means acces over the internet without any password.


John

since sme 10 internet with password means :
- https with username and its password of the group owning the ibay
OR
- https with ibay name and its dedicated password. (legacy behaviour)

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: i-bay user password
« Reply #8 on: December 02, 2021, 03:13:15 AM »
Quote
since sme 10 internet with password means :
- https with username and its password of the group owning the ibay
OR
- https with ibay name and its dedicated password. (legacy behaviour)


Oooohhh I missed that!

Thanks.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Re: i-bay user password
« Reply #9 on: December 06, 2021, 10:47:26 AM »
my guess is you feat bruteforce against admin password on the ibay since now all the users can log to an ibay with their own pass not only with the dedicated ibay password.
now https is enforced. 

you know that the same bruteforce could be done against smtp?


just add fail2ban to stop bruteforce.

it has continued using the admin/root password for i-bays.
i have created another user and assigned it to a group and access the i-bays via that user. this the temporal solution i have done.
Thanks

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: i-bay user password
« Reply #10 on: December 06, 2021, 01:14:53 PM »
you know the old behaviour ibayname / its own ibay password still works. so no reason to create an user for that. 

Re: i-bay user password
« Reply #11 on: December 09, 2021, 10:25:44 AM »
you know the old behaviour ibayname / its own ibay password still works. so no reason to create an user for that.
Yeah Indeed, will keep trying
Thanks @Jean