Ronan0's picture

I'm having trouble with the smtp server which is meant to be already set up and ready to go according to Turnkey documentation.

Getting error - missing 'From:' at /var/www/twiki/lib/TWiki/Net.pm line 450.

Also, when I go to Twiki configure, my password is not working. Is it looking for the one generated on first starting the instance? If so, I have stopped and restarted instance in meantime, so I cannot retrieve it anymore. Do I need to FTP in to reset the password?

 

Thanks.

Forum: 
Tags: 
Jeremy Davis's picture

Does the error you mention refer to your issue with sending email? Or is that another issue?

Yes the password should be the one you configure on first boot. You can reset the password from the commandline (using SSH) but only if the root password works. Otherwise probably best to just start again.

Ryan Hall's picture

Ok so how do you go about changing the password for AdminUser on the command line in the OS?

I've installed twice now and the password I have put in does not work period.

Frustrating to say the least.  I just don't know how to change via command line.

Daniel Gonzalez's picture

I've just installed v13 and I'm having the same AdminUser password issue.

Anyone?

Jeremy Davis's picture

Probably best to try to discover what is causing the issue in the first place as I have not had the same problem.

Are you using a non-US keyboard? That can commonly be the cause of issues such as this. Also if your password has special characters that may have been the issue? (I'm not sure about Twiki but some software has limitations on what characters are allowed - and the TKL password setting code may be incorrectly allowing you to set a non-valid password).

FWIW you should be able to rerun the TKL Twiki password/username setting scrpit like this:

/usr/lib/inithooks/bin/twiki.py
Alec G (Xertegi)'s picture

By the by Jeremy, I got this error while running the above script:

Traceback (most recent call last):
File "/usr/lib/inithooks/bin/twiki.py", line 78, in <module>
main()
File "/usr/lib/inithooks/bin/twiki.py", line 65, in main
username, password, mailaddr = line.split(":")
ValueError: too many values to unpack

 

 

I tried editing many .conf's with no avail, and even set up an .htaccess file in /var/www/twiki/bin/. Now, I didn't back up the original apache confs, but, as I'm only using this in an Intranet environment, with the site holding non-sensitive data, I don't have too much worry about..

Here's what I did to gain access to Configure, and hope it helps the next guy:

Notes before the procedure:

Ensure you know what your AdminUser password is, and it works, and you're logged in with it.

If you set configure (or the script above at first-boot) with a special character, it might not work as configure's password. I had a "$" in my initial password. It worked for both "root" and "AdminUser" but not for configure.

I'm not a security buff, and I take no responsibility for any open vunrabilities because you followed my instructions. 

Alright. Let's do this:

  • First thing to do is get to /var/www/twiki/lib somehow, and make a backup of LocalSite.cfg for safe keeping.
    • ​​​​Then, take the real LocalSite.cfg, and edit it with a text editor. (I used Notepad++, Notepad on Windows seemed to screw around with line-breaks)
    • Inside this file is a lot of system-sensitive information, so it's crucial that you don't edit anything else than the below line (if you don't know what you're doing, that is!)
    • You will find the following line @ about line 13-14
      • $TWiki::cfg{Password} = 'dasd231.ozz';
    • Delete this line, save the file, and overwrite the existing LocalSite.cfg file.
  • Set permissions to 666 on LocalSite.cfg (Originally set to 644)
    • The file must be writable while doing anything with configure. If it isn't, nothing gets written!
  • Now, try getting into configure
    • Configure should now ask you to set a new password.  (See *** below)
      • Awesome! Set one now.
      • I set one without any special characters to be on the safe side, and am unsure if setting one in this prompt would be different than setting it with the py script.
    • Once you set a password, back out of configure to the homepage, (or something), and try getting back into configure again
      • This will prove that what you just did actually worked, and changes were written, (before you go and think you change things, and have nothing permanently write!)
  • Now, do what you'd like in configure. :D!

*** If it didn't, something went horribly wrong, and you should probably put the old LocalSite.cfg back, and try once more.

Remember: If you did the above, and you're on the internet with this site, it's highly highly recommended to change permissions of LocalSite.cfg to a 644 once finished using configure. 

Post Notes: 

still have an .htaccess file in my /var/www/twiki/bin folder, just for safe measures (and my stupidity for just editing files); at the bottom (in the code block) is my .htaccess file. If you're not AdminUser, it'll do a basic auth to ensure that you are, then, ask you for the config password. In my instance, that's secure enough as it shouldn't see the light of the WAN anyway.

Good luck! 

---

My .htaccess file (already edited for a stock install of TurnKey TWiki:

# bin/.htaccess.txt
#
# Controls access to TWiki scripts - to make Apache use it, rename this
# file to '.htaccess' and REPLACE THE FOLLOWING STRINGS WHEREVER YOU SEE
# THEM IN THIS FILE WITH PATHS SPECIFIC TO YOUR INSTALLATION.
# Most required values can be seen in the Path Settings section of
# =configure=.
#
# Replace {DataDir} with the value from =configure=
# Replace {DefaultUrlHost} with the value from =configure=
# Replace {ScriptUrlPath} with the value from =configure=
# Replace {Administrators} with a space-separated list of the login
# name(s) of the person(s) allowed to run the configure script
# e.g. admin root superhero

# We set an environment variable called anonymous_spider
# Setting a BrowserMatchNoCase to ^$ is important. It prevents TWiki from
# including its own topics as URLs and also prevents other TWikis from
# doing the same. This is important to prevent the most obvious
# Denial of Service attacks.
# You can expand this by adding more BrowserMatchNoCase statements to
# block evil browser agents trying the impossible task of mirroring a twiki
# Example:
# BrowserMatchNoCase ^SiteSucker anonymous_spider
BrowserMatchNoCase ^$ anonymous_spider

# Now set default access rights.
Order Allow,Deny
Allow from all
Deny from env=anonymous_spider

# Use CGI & Perl to handle all files in 'bin' directory, i.e. run as scripts
# - this should remove the need to rename files to end in '.pl' etc,
# if your web hosting provider permits this.  Remove if using mod_perl.
SetHandler cgi-script

# Password file for TWiki users
#

# Authentication type (htpasswd file) (comment out this if you configure htpasswd / LDAP support)
AuthUserFile /var/www/twiki/data/.htpasswd
AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.'
AuthType Basic

#for htdigest password suport uncomment the following
#AuthDigestDomain {DefaultUrlHost}{ScriptUrlPath}/viewauth {DefaultUrlHost}{ScriptUrlPath}/edit {DefaultUrlHost}{ScriptUrlPath}/preview {DefaultUrlHost}{ScriptUrlPath}/save {DefaultUrlHost}{ScriptUrlPath}/attach {DefaultUrlHost}{ScriptUrlPath}/upload {DefaultUrlHost}{ScriptUrlPath}/rename {DefaultUrlHost}{ScriptUrlPath}/manage {DefaultUrlHost}{ScriptUrlPath}/installpasswd {DefaultUrlHost}{ScriptUrlPath}/passwd
#AuthDigestFile {DataDir}/.htdigest
# For "Digest" authentication to work properly, this string must match
# the value of configuration variable $authRealm
#AuthName 'Enter your WikiName. (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.'
#AuthType Digest

#for LDAP password support uncomment the following (and fix up the paths)
#AuthLDAPURL ldap://yourldapserver/dc=yourldapserver,dc=com?uid?sub?(objectClass=posixAccount)
#AuthLDAPGroupAttribute memberUid
#AuthLDAPGroupAttributeIsDN off
#<Limit GET POST PUT>
#    require group cn=mygroup,ou=groups,dc=yourldapserver,dc=com
#</Limit>
#AuthName ByPassword
#AuthType Basic

# File to return on access control error (e.g. wrong password)
# By convention this is the TWikiRegistration page, that allows users
# to register with the TWiki. Apache requires this to be a *local* path.
# Comment this out if you setup TWiki to completely deny access to TWikiGuest
# in all webs or change the path to a static html page.
ErrorDocument 401 /var/www/twiki/bin/view/TWiki/TWikiRegistration
# Alternatively if your users are all known to be registered you may want
# to redirect them to the ResetPassword page.
# ErrorDocument 401 {ScriptUrlPath}/view/TWiki/ResetPassword 

# Set options for excuting CGI and allow symlinks for e.g. viewauth
# This also unsets any options allowing directory indexing etc.
Options ExecCGI FollowSymLinks

# Limit access to configure to specific IP addresses and or users.
# Make sure configure is not open to the general public.
# The configure script is designed for administrators only.
# The script itself and the information it reveals can be abused by
# attackers if not properly protected against public access.
<FilesMatch "configure.*">
    SetHandler cgi-script
    Order Deny,Allow
    Deny from all
    Allow from all
    Require user AdminUser
    Satisfy Any
</FilesMatch>

# These are scripts that might change content. The regular expression uses ".*"
# at the end so it matches the scripts even if you had to add a .cgi or .pl
# extension. If you want to require login for any other scripts, modify the
# regular expression below as appropriate.

# NB. The resetpasswd & passwd scripts are used to reset and change passwords.
# They do their own validation of the user and therefore
# should not use "require valid-user"

# When using Apache type login the following defines the TWiki scripts
# that makes Apache ask the browser to authenticate. It is correct that
# scripts such as view, resetpasswd & passwd are not authenticated.
# (un-comment to activate)
#<FilesMatch "(attach|edit|manage|rename|save|upload|mail|logon|rest|.*auth).*">
#       require valid-user
#</FilesMatch>
Fritz's picture

I'm also having the same issue. Just installed TWiki, trying to log in as AdminUser but it does not accept the password I entered on first boot.

For reference, I'm using the Chrome web browser and I downloaded the OVF version of the appliance and I'm using VMWare workstation 9

I'm using a US Keyboard, and my password contains no special characters (unless you consider Upper or lower case text 'special')

I haven't tried the work around above yet.

Jeremy Davis's picture

I just downloaded and installed the Twiki appliance and OOTB I could't reproduce this issue. I set a very simple password (6 chars; all lowercase) and it worked fine.

I then set a more complex password (9 chars, upper & lowercase, numbers) - using the Twiki admin area (after logging in) and that too worked fine...

But when I tried to reset the password (as I had posted above) I got the same "too many values to unpack" error as you guys... All of these failed with the same error:

  • 10 chars, upper & lowercase, numbers and special char ('!')
  • 9 chars, upper & lowercase and numbers
  • 8 chars, upper & lowercase
  • 6 chars, all lowercase
  • 4 chars, all lowercase

Not surprisingly it still allowed me to login with the most recent successful password that I had set...

My experience suggests that perhaps that it will accept a password initially if it is a very simple one, but once it errors, then it won't work again. Out of interest I just created a new server and used a more complex password initially (the same 10 char one from above with a '!' in it) and I could reproduce your issue.

Out of interest I just tried re-running the Twiki inithook (on this more recent broken instance) and it is now having a different error. It says "need more than 2 values to unpack"... more strangeness...

Jeremy Davis's picture

See here.

Thanks everyone for your persistence and input.

Fritz's picture

Thanks Jeremy.

I re-installed  the TWiki VM and used a 4-character all lower-case password for AdminUser and I am now able to log in with the AdminUser account.

Still a bug, but now at least I can get logged in. Thanks.

Jeremy Davis's picture

Sorry this has been such a pain and it's definitely a bug that needs fixing, but at least we have a workaround. Its a sub-optimal workaround, but I guess it's better than nothing...

Also not sure whether you saw, but I noted that when I first tested this I changed the password (for a more complex one) from within the Twiki Admin webUI and that seemed to work fine... So it seems that it's the initial password setting (with a complex password) that is the issue, not the complex password itself.

Hugo Quintana Rocha's picture

Hi Jeremy:

Downloaded the version on Turnkey from Twiki and when type http://localhost/bin/configure.

Them write the password ...send :

CGI::param called in list context from package TWiki::Configure::UIs::PromptPASS line 50, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436, <DATA> line 1.

what that's 

Best Regards

Jeremy Davis's picture

This is a really old thread so it is highly unlikely that your issue is relevant to this one (even if it seems like it is). Best to start a new thread.

Assuming that you are using the latest (v14.0) ISO then you probably shouldn't need to follow this thread anyway. Just install and answer the first boot questions and you should be good to go. Perhaps detail your issue a little more (e.g. "installed ISO to VirtualBox VM; followed installation steps; after reboot completed intihook questions...") when you start your new thread.

Oops - Also I probably should have clarified that you should download the latest ISO (v14.0) if that's not what you are using...

Hugo Quintana Rocha's picture

Hi Jeremy:

 

I need know the users and password.

I use virtualbox and install the vm, but not know the users.

Best, regards.

 

Jeremy Davis's picture

We do not currently produce an OVA so I'm guessing that it's nothing to do with us.

My suggestion is that you download the latest TKL Twiki appliance. You'll want the v14.0 ISO and install it into a new VM. Follow the install prompts and answer all the questions. THat should sort you out. The Twiki username is "AdminUser" (as documented on the appliance page) and the password set at first boot.

If you still experience issues, please start a new thread and provide as much detail as possible (I'll see it). A link back here may be useful.

Joe's picture

I installed Twiki 14.0 into a VMware environment. There were no errors in the initial config, but as with the above complaints, I cannot log in as the AdminUser. I also noticed I cannot find the AdminUser via shell (id command), nor in the Users and Groups or Change Passwords applets in Webmin.

The above suggestions (except reload from scratch) have not resolved the issue. I'm going to try the reload and give it the simplest of passwords and see if that helps.

Also, I successfully created a user on the site and can log in as that user, but that user doesn't show up in either the Users and Groups or Change Passwords applets.

These are pretty severe issues.

Jeremy Davis's picture

I think I have answered all your questions in your other thread. If not, please ask for clarification over there...
AnnoyedGerman's picture

Beware of special characters with non-qwerty keyboards. I had password issues as well and probably *did* mess up the special characters. Numbers and upper/lowercase worked for me.

Add new comment