Reconfigure Icingaweb2

No offend, but if you don’t know how to set a new password for the Icinga Admin User why do you anwser? :wink: I do not make this for a living.

1 Like

You can restart the wizard. Just enable the setup module again (icingacli module enable setup) and visit /icingaweb2/setup (or whatever base url you’re using). Then you generate a new token and continue as before.

4 Likes

@anon66228339 please keep it civil :slight_smile:
this forum is also for users that just want to run Icinga in their private environments and especially for people who just need a little help - without purchasing support :slight_smile:

@bricasti I’ll research whether and how it can be done without reinstalling Icinga in a moment :slight_smile:
Edit: Looks like Johannes was faster than me here :slight_smile:

5 Likes

Thanks! That’s what I was looking for.

1 Like

I have reconfigured icingaweb2 several times. Just like I have done it before. But every time the same error, I can’t log into icingaweb2. “Invalid password or username”. I looked into the database and the username is there. The password is of course hashed. Does anyone have any idea what I am doing wrong?

Have you tried changing the password by changing the password hash inside the DB like describe in the link in post#5?

this unfortunately does not work because in

“SELECT password_hash from icingaweb_user where name = root;
-> $1$EUJCvbry$3zDPZ14RJpNyk7ai5ghBF1”

parts of the hash are covered.

I’ve tried it with

"
sudo htpasswd -c /etc/icingaweb2/.http-users icingaadmin
"
But this doesn’t work either.

This error occurs only since icingaweb2 has the new graphic when logging in. Until recently it never occurred.

this unfortunately does not work because in

“SELECT password_hash from icingaweb_user where name = root;
→ $1$EUJCvbry$3zDPZ14RJpNyk7ai5ghBF1”

parts of the hash are covered.

a) Sorry, but what do you mean by “covered”?

b) Have you actually tried changing the password as documented, and then
logging in with the new password?

I’ve tried it with

sudo htpasswd -c /etc/icingaweb2/.http-users icingaadmin

And did you try it with “openssl passwd -1 -salt EUJCvbry new_password” ?

Antony.

This:

$1▒I]y▒▒▒$cPFEN47/AT.UW/r9YxG2E3

Yes, I did.

Yes, I did.

Please check if the charcter set of your terminal is correct.
I just tried it with a freshly set up icinga2 servre with MySQL and Putty (Character set = UTF-8) and don’t get any strange characters.

I can sort of confirm that the “covered” look resembles what I saw that one time when I blundered my charset A LOT… :thinking:

Now, of course, the question is where I screwed that up. So I looked it up and there it is:

mysql> show variables like ‘char%’;
±-------------------------±---------------------------+
| Variable_name | Value |
±-------------------------±---------------------------+
| character_set_client | utf8 |
| character_set_connection | utf8 |
| character_set_database | latin1 |
| character_set_filesystem | binary |
| character_set_results | utf8 |
| character_set_server | latin1 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql/charsets/ |
±-------------------------±---------------------------+
8 rows in set (0.00 sec)

I was wondering about the Putty character set (if you are using Putty):
image

I’m using MobaXterm. Charset is UTF-8 (Unicode).

:+1:

Then I’m out, as my DB knowledge is too limited to be of more help here :slight_smile:

The charset/encoding shouldn’t matter. A proper hash only includes ASCII chars. Though this depends on how it is generated.

Please try what’s in the official documentation regarding manual user creation.

This should generate a hash like this:

$2y$10$CP/RBu7SIzhWCMeqxmGa8.9HttKMDiHMW4/CdW0dreidNJJ.Bzliq

If it still doesn’t work, have you already taken a look into the log? (/var/log/icingaweb2/icingaweb2.log) Maybe there’s an error regarding the authentication backend?

2 Likes

Hi.

The linked guide, to change the password directly in MySQL, should work.
Except problems that may occur depending on missing quotes.

( I tried this already yesterday but thought it is unnecessary to post it)

Example execution
mysql> use icingaweb2;

mysql> select * from icingaweb_user where name = 'my_damaged_account';

Example output:
+--------------------+--------+--------------------------------------------------------------+---------------------+-------+
| name               | active | password_hash                                                | ctime               | mtime |
+--------------------+--------+--------------------------------------------------------------+---------------------+-------+
| my_damaged_account |      1 | $2y$10$Vh2YlqZoXwCRc6BhiV9I9uCHF9AE9gIDaLUQmCiBkNXvvqrMRiGY. | 2020-06-25 13:52:24 | NULL  |
+--------------------+--------+--------------------------------------------------------------+---------------------+-------+

# in a shell: please try to avoid special characters for testing purposes
openssl passwd -1 -salt 10 i_want_this_as_password
Output:
$1$10$dICVmz55eGloV8kHzSm9x.

# Back in mysql:
# maybe again: mysql> use icingaweb2;
# Important: Please note the quotes:
mysql> UPDATE icingaweb_user SET password_hash='$1$10$dICVmz55eGloV8kHzSm9x.' WHERE name = 'my_damaged_account';

mysql> select * from icingaweb_user where name = 'my_damaged_account';
+--------------------+--------+------------------------------+---------------------+---------------------+
| name               | active | password_hash                | ctime               | mtime               |
+--------------------+--------+------------------------------+---------------------+---------------------+
| my_damaged_account |      1 | $1$10$dICVmz55eGloV8kHzSm9x. | 2020-06-25 13:52:24 | 2020-06-25 14:01:24 |
+--------------------+--------+------------------------------+---------------------+---------------------+
1 row in set (0.00 sec)
# The password_hash has to be the same as in the output of the openssl-command.

As result, I was able to log in with:
Username: my_damaged_account
Password: i_want_this_as_password

If this still does not work:

  • Are there any error-messages when you execute any of the commands?
  • Are you maybe running the commands at the wrong SQL-Host? (Sorry, but this may happen, especially if you run multiple Icinga2 instances)
  • Are you maybe calling the wrong Icingaweb2 GUI? (Sorry, this may happen for the same reasons)

Greetings.

5 Likes

This is it! Thank you so much!