# can't login into webmin

## carpman

Hello, building a server that i will need to admin remotely so have installed webmin, although i currently have local access there is browser/X installed. I have tried connectiong from other pc on network but cannot log onto webmin. The login page appears but it does not accept root login, though can log on via ssh with same details.

Is there a config file somewhere that i can edit to allow root login so i can configure webmin?

cheers

----------

## hanj

Hello

Config is at:

```
/etc/webmin/miniserv.conf
```

I think you want to have no_pam=0 in there.

HTH 

hanji

----------

## carpman

Hello, tried it also with no_pam=1 but no joy.

miniserve.conf

```

port=10000

root=/usr/libexec/webmin

mimetypes=/usr/libexec/webmin/mime.types

addtype_cgi=internal/cgi

realm=Webmin Server

logfile=//var/log/webmin/miniserv.log

errorlog=//var/log/webmin/miniserv.error

pidfile=/var/run/webmin.pid

logtime=168

ppath=

ssl=1

env_WEBMIN_CONFIG=//etc/webmin

env_WEBMIN_VAR=//var/log/webmin

atboot=0

logout=//etc/webmin/logout-flag

listen=10000

denyfile=\.pl$

log=1

blockhost_failures=5

blockhost_time=60

syslog=1

session=1

userfile=//etc/webmin/miniserv.users

keyfile=//etc/webmin/miniserv.pem

passwd_file=/etc/shadow

passwd_uindex=0

passwd_pindex=1

passwd_cindex=2

passwd_mindex=4

passwd_mode=0

preroot=mscstyle3

listen=10000

denyfile=\.pl$

log=1

blockhost_failures=5

blockhost_time=60

syslog=1

session=1

userfile=//etc/webmin/miniserv.users

keyfile=//etc/webmin/miniserv.pem

passwd_file=/etc/shadow

passwd_uindex=0

passwd_pindex=1

passwd_cindex=2

passwd_mindex=4

passwd_mode=0

preroot=mscstyle3

no_pam=0

```

----------

## hanj

Anything in logs? /var/log/messages? or authlog? 

hanji

----------

## carpman

 *hanj wrote:*   

> Anything in logs? /var/log/messages? or authlog? 
> 
> hanji

 

```

 /var/log/messages

webmin[6294]: Invalid login as root from 192.168.1.6

```

Can't find an authlog

----------

## hanj

Are you sure you are typing the correct passwd? Did you reset root's password recently? I know if you reset root's password, webmin will keep the original password, unless you change it within the module. Any info in /var/log/webmin ?.

Have your tried re-emerging webmin, resetting your configs?

hanji

----------

## carpman

 *hanj wrote:*   

> Are you sure you are typing the correct passwd? Did you reset root's password recently? I know if you reset root's password, webmin will keep the original password, unless you change it within the module. Any info in /var/log/webmin ?.
> 
> Have your tried re-emerging webmin, resetting your configs?
> 
> hanji

 

thanks for reply.

No nothing of interest in webmin logs.

I have changed the root password but not sure if i had webmin installed at the time, and if i did i had not run it.

So how can i change the root password in webmin?

seem pretty dumb not recognise new password, and no i can't remember what the old password was.

----------

## asiobob

Open up /etc/webmin/miniserv.users 

and you might see something like this...

```
root:XXX:0
```

replace the XXX with 1 single lower case x

i.e 

```
root:x:0
```

restart webmin, /etc/init.d/restart and all should be well.

----------

## carpman

 *ASIO_BOB wrote:*   

> Open up /etc/webmin/miniserv.users 
> 
> and you might see something like this...
> 
> ```
> ...

 

That did it, cheers.

Will make a note of that one.

----------

## ryker

That worked for me also, thanks.  I had a working 1.16 webmin and emerged 1.170 and I couldn't log in.

But why did I need to do that?  What does that line mean?

----------

## thdrcat

if i had to bet, it would be the line that counts bad logins...

i.e. a manual lockout for brute force protection.

----------

## ryker

 *thdrcat wrote:*   

> if i had to bet, it would be the line that counts bad logins...
> 
> i.e. a manual lockout for brute force protection.

 

I guess it could be, but there's really nothing to indicate that.  Except for the good ol, 3 strikes(XXX) and your out!

----------

## anunakin

Thax, a lot, this worked for me too, but this change from XXX to x, are there any security problems?  :Confused: 

 :Mr. Green: 

----------

## asiobob

no there isn't any security problems. It should have always been a lowercase x. That way it uses the password in your /etc/shadow file.

Alternativlely you could replace the XXX would an encrypted password then that would work. By having a lower case x it uses root users password which is the intended design. So when you can root, it "changes" in webmin, I put that in quotes cause nothing really changes. It changes in one place and anything that uses it well uses the new one

----------

## mystified

I tried the above fixes and still no go.  Any ideas?

----------

## frozenJim

 *Quote:*   

> I tried the above fixes and still no go. Any ideas?

 

Mystified, I had the same problem briefly.  It turned out that I had to restart the webmin before the changes to miniserv.users took effect.  

```
/etc/init.d/webmin restart
```

(my problem was a bit different, I had a previous install {non-portage} that had a user called "admin" but none called "root".  Still, the solution should be the same.)

----------

