User authentication issue

[vasureddy619]

Hi all,

I am using winscp for the clients to login to their accounts and they able to change the passwords using putty and they are able to login using their new passwords, but the issue is that when i restart or shutdown the freenas server their new passwords are not working and changing to the old default password which is created by the admin using the webgui.

And I have observed that one of the filesystems is readonly (/dev/ufs/FreeNASs1a on / (ufs, local, read-only), because of this root user is unable to gain full access, I changed it to read write in the fstab and mounted it using mount -a, it works beautifully until unless i restart the freenas server.
Is there any permanent solution for this.
Please tell me a solution for this. eagerly waiting

 

[cyberjock]

Yes, the solution is to NOT try to change passwords from the CLI. It should only be done by the server admin from the webgui. Since the username and passwords are stored in the config file (which gets its info from the WebGUI and NOT the CLI) you reboot and they all magically reset because the config file is not updated when you do password changes from the CLI.

If this is inconvenient the two options are to write a program to interact with the API for password changes (which I think is possible but I haven't done myself...) or use a domain and have the users change their passwords through the domain's typical password changing methods.

Editing things from the command line is not supported and not recommended. The read-only filesystems are set to prevent excessive writing to the USB stick as well as prevent users from modifying the OS. Modifying the OS voids all warranties that FreeNAS will continue to work properly.

 

[vasureddy619]

Yes, the solution is to NOT try to change passwords from the CLI. It should only be done by the server admin from the webgui. Since the username and passwords are stored in the config file (which gets its info from the WebGUI and NOT the CLI) you reboot and they all magically reset because the config file is not updated when you do password changes from the CLI.

If this is inconvenient the two options are to write a program to interact with the API for password changes (which I think is possible but I haven't done myself...) or use a domain and have the users change their passwords through the domain's typical password changing methods.

Editing things from the command line is not supported and not recommended. The read-only filesystems are set to prevent excessive writing to the USB stick as well as prevent users from modifying the OS. Modifying the OS voids all warranties that FreeNAS will continue to work properly.

As of now we do not have any domain where can i find a program to interact with the API for password changes

 

[cyberjock]

Not sure. :( The API is relatively new. I know some programs are in the works by 3rd parties and such, but who and when they will "come to market" is anyone's guess. :(

 

[vasureddy619]

so there is no solution for this :(, as the users have some secure data which others do not want to see, how can I provide that security.

Suppose if there are 100 users the admin cannot go their place all the time and change the passwords whenever they require na.

 

[vasureddy619]

Not sure. :( The API is relatively new. I know some programs are in the works by 3rd parties and such, but who and when they will "come to market" is anyone's guess. :(

Please cyberjock please tell some solution otherwise my boss will not approve this and my marks will be reduced

 

[Dennis K.]

There are examples on how to use the API here: http://doc.freenas.org/index.php/Section_5:_Using_the_FreeNAS®_API
Changing passwords is documented here: http://api.freenas.org/resources/account.html#change-password
So as the API makes changing passwords possible, you could roll your own solution.

 

[vasureddy619]

thanks for the reply i will check and come back to you dennis

 

[vasureddy619]

i tried dennis but it isn't working
i am getting these errors

[root@HALSEF] ~# pkg_add -r git
Error: Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9-stable/Latest/git.tbz: No address record
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9-stable/Latest/git.tbz' by URL
[root@HALSEF] ~# pkg_add -r py-oauth2
Error: Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9-stable/Latest/py-oauth2.tbz: No address record
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9-stable/Latest/py-oauth2.tbz' by URL
[root@HALSEF] ~# pkg_add -r py-sphinxcontrib-httpdomain
Error: Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9-stable/Latest/py-sphinxcontrib-httpdomain.tbz: No address record
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9-stable/Latest/py-sphinxcontrib-httpdomain.tbz' by URL

what shall i do now, please help me out

 

[Dennis K.]

The steps you are trying to do aren't really neccesary. They're just for building the API documentation locally. But they're also available online (The second link I posted). Just move on to http://doc.freenas.org/index.php/Section_5:_Using_the_FreeNAS®_API#A_Simple_API_Example. If that simple example works, adapt the code to use the changing passwords API.

I don't know if you realize, that you have to do some development yourself. You need some kind of webapp or something else that presents everything to your users. You also have to make sure that only authenticated users can change their own password.

 

[vasureddy619]

Thanks for the Reply.
Actually i was trying something different, client will be getting logged in from WINSCP, which is not having the possibility for changing the password.
If you can guide me as you said that we can develop a webapp, as i am not from programming environment i cannot develop so easily, So kindly help me out, like what software i need to use for developing that webapp and how !!.

Looking for positive reply and thanks for your constant support.

 

[Dennis K.]

Iif you don't have any experience in software development you need a software developer to do that for you.

 

[vasureddy619]

Iif you don't have any experience in software development you need a software developer to do that for you.

I did some small changes, in cron jobs i am running a script to copy the groups, spwd.db, pwd.db, passwd, master.passwd files each and every second and in the post int i am running a script to copy those to the /etc folder and this is working. Is this process correct, are there any flaws in this, please help me out

 

[Dennis K.]

This might possible break with future upgrades, as this is totally unsupported. I also can't really estimate if this breaks anything in the current version.

 

[cyberjock]

The only thing you should be worried about backing up is your config file. I shivered when I saw you running cronjobs to backup other files.

 

[Whattteva]

I'm pretty surprised that even works. I thought / is mounted read-only.

 

[cyberjock]

/etc is a ramdisk and isn't read-only because 'who cares? it's a ramdisk!'

 

[Whattteva]

Ah I see, wasn't aware that /etc is a different mount.

 

[vasureddy619]

The only thing you should be worried about backing up is your config file. I shivered when I saw you running cronjobs to backup other files.

Is the process which i am going wrong

 

[vasureddy619]

I'm pretty surprised that even works. I thought / is mounted read-only.

I mount it at post init as read write