Login fails after hack or upgrade?

juer · November 6, 2021, 8:55am

/ All logins fail (but server works)

Every Saturday nights I usually plan a full backup/update of the server (automatically done by cron). This morning, I can’t access any of my user based app (webmail, baikal, opensync, nextcloud), the login fails. Similarly, I can’t access the admin via ssh (I don’t have the webadmin-api on). I can enter the pwd but it says it’s not the correct password. It looks like someone hacked and changed all my passwords, however it happened exactly when I updated the server. And the website associated with the server is up and running. I’m really puzzled now. Should I try a direct access via keyboard/screen with root?

My YunoHost server

Hardware: Home-made server
YunoHost version: 4.2 ? Maybe 4.3 and the update generated this mess?
I have access to my server : Through SSH, and direct access via keyboard / screen if needed (but complicated.

Plus d’accès au server, tous les mots de passe semblent erronés

Tous les samedis soirs, j’utilise cron pour faire un backup/update complet du serveur. Ca fonctionne très bien habituellement. Ce matin, je ne peux plus accéder aux applications avec login user (webmail, nextcloud, baikal, etc…) Pareil, je ne peux pas accéder à admin via ssh (je n’ai pas la webadmin activée). Le login ne fonctionne pas pour cause de “mot de passe erronée”. On dirait que quelqu’un a changé tous mes mots de passe dans la nuit. Sauf que c’est arrivé en même temps qu’un upgrade, et que le site associé au serveur fonctionne bien et n’est pas modifié. Je suis un peu perdu… Dois-je tenter un accès direct via root avec clavier/ecran ?

Mon serveur YunoHost

Hardware: Home-made server
YunoHost version: 4.2 ? Maybe 4.3 and the update generated this mess?
I have access to my server : Through SSH, and direct access via keyboard / screen if needed (but complicated.

juer · November 6, 2021, 9:38am

I have local access, and it seems to be a LDAP issue, I’ll try to resolve this and give the solution if I find one.

jellium · November 6, 2021, 11:27am

Hello @juer, long time no see
Perhaps you may learn more with ssh -vvv to increase ssh verbosity while reaching your server?
Can you access the server with a system user (outside from YunoHost’s user base) with ssh?

wbk · November 6, 2021, 12:39pm

Do you have public key login enabled? It is no solution for your problem, but will allow one more option for logging in securely.

juer · November 6, 2021, 12:45pm

Hi @wbk,

No I don’t have pub-key systems, I never managed to install this properly

I’ll dig into that once it works here.

Julien

juer · November 6, 2021, 12:48pm

Hey @jellium

Thank for your feedback, actually I login locally via root and the issue is the sladp service is down. I tried many things, restart/reload/ regen-conf and it still does not work.

I even tried restoring the previous backup, but this failed again with the same error message :

Job for slapd.service failed because the control process exited with error code.

juer · November 6, 2021, 12:51pm

it seems the slapd.conf is missing entirely… How can I find a new one?

Aleks · November 6, 2021, 2:21pm

What makes you think that you need a slapd.conf …

juer · November 6, 2021, 9:41pm

Hi @Aleks ,

That’s what the systemctl slapd status returns “missing slapd.conf”. Meanwhile I was informed it’s not useful anymore…
I’m lost tbh, and I’ll dig in old forum topics, and in my backup file if I find a correct configuration for my ldap.

Thanks for your comment anyway

system · December 6, 2021, 9:41pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.