New installation - admin login failed

Gateway
1

I installed a brand new CipherMail 5.0.4 VM from OVA.

Console login works, configuring network works, looking around in bash looks quite good.

When accessing https:/<<my-ip-address>> and logging in with admin and default PW, I get a "Login failed".
In /var/log/ciphermail-gateway-backend.log I see error mesages (shortened):
INFO Application {http://ws.djigzo.com}PAM#{http://ws.djigzo.application.mitm/\}authenticate has thrown exception
WARN [Admin Login] Authentication failure: Bad credentials, Source: --- Principal: admin; Credentials: [PROTECTED]; Authenticated: false; --- Not granted any authorities

I already did a reset of the admin passwd according to "Forgot GUI admin password" foind in documentation.

Where is my mistake? How can I access the admin pages?

Thanks, Birger

2

Zitat von "birger.kraegelin--- via Users" <users(a)lists.ciphermail.com>:

I installed a brand new CipherMail 5.0.4 VM from OVA.

Console login works, configuring network works, looking around in
bash looks quite good.

When accessing https:/<<my-ip-address>> and logging in with admin
and default PW, I get a "Login failed".
In /var/log/ciphermail-gateway-backend.log I see error mesages (shortened):
INFO Application
{http://ws.djigzo.com}PAM#{http://ws.djigzo.application.mitm/\}authenticate
has thrown exception
WARN [Admin Login] Authentication failure: Bad credentials, Source:
--- Principal: admin; Credentials: [PROTECTED]; Authenticated:
false; --- Not granted any authorities

I already did a reset of the admin passwd according to "Forgot GUI
admin password" foind in documentation.

Where is my mistake? How can I access the admin pages?

Thanks, Birger

From the Release Notes of the 5.x Releases:

"A default built-in administrative user is no longer created on first
start. Administrators should log in with their Unix account after
which they can configure new administrative users if needed."

Regards

Andreas

3

Unfortunately this is a regression :frowning:

When you apply on the admin page, PAM auth will be disabled :frowning:

You can re-enable PAM from the command line

Enable PAM:

java -cp "/usr/share/djigzo/lib/*" \
mitm.application.djigzo.tools.CLITool \
--global --set-property pam.enabled \
--value true

Read PAM enabled status:

java -cp "/usr/share/djigzo/lib/*" \
mitm.application.djigzo.tools.CLITool \
--global --get-property pam.enabled

This will be fixed on the upcoming release.

Kind regards,

Martijn Brinkers

···

On Tue, 2021-10-26 at 06:24 +0000, birger.kraegelin--- via Users wrote:

I installed a brand new CipherMail 5.0.4 VM from OVA.

Console login works, configuring network works, looking around in
bash looks quite good.

When accessing https:/<<my-ip-address>> and logging in with admin and
default PW, I get a "Login failed".
In /var/log/ciphermail-gateway-backend.log I see error mesages
(shortened):
INFO Application {
http://ws.djigzo.com}PAM#{http://ws.djigzo.application.mitm/\}authenticate
has thrown exception
WARN [Admin Login] Authentication failure: Bad credentials, Source:
--- Principal: admin; Credentials: [PROTECTED]; Authenticated:
false; --- Not granted any authorities

I already did a reset of the admin passwd according to "Forgot GUI
admin password" foind in documentation.

Where is my mistake? How can I access the admin pages?

--
CipherMail email encryption
Email encryption with support for S/MIME,
OpenPGP, PDF Messenger and Webmail Messenger

4

If for some reason PAM authentication is not working on a system where
CipherMail is installed using the deb or RPMS, you can add a default
admin by executing some SQL queries

For MySQL/MariaDB:

Login to the database (default password is: djigzo):

mysql -u djigzo -h 127.0.0.1 -p djigzo

The following SQL queries will insert an admin account with

username: admin
password: admin

insert into cm_admin (cm_built_in, cm_enabled, cm_password,
cm_password_encoding, cm_salt, cm_username) values (false, true,
'admin', 0, '', 'admin');

insert into cm_admin_cm_authorities (cm_admin, cm_authorities) values
((select cm_id from cm_admin where cm_username='admin'), (select cm_id
from cm_authority where cm_role='ROLE_LOGIN'));

insert into cm_admin_cm_authorities (cm_admin, cm_authorities) values
((select cm_id from cm_admin where cm_username='admin'), (select cm_id
from cm_authority where cm_role='ROLE_ADMIN'));

For PostgreSQL, change the names of the tables/columns

Kind regards,

Martijn Brinkers

···

On Wed, 2021-10-27 at 11:51 +0200, Martijn Brinkers via Users wrote:

On Tue, 2021-10-26 at 06:24 +0000, birger.kraegelin--- via Users > wrote:
> I installed a brand new CipherMail 5.0.4 VM from OVA.
>
> Console login works, configuring network works, looking around in
> bash looks quite good.
>
> When accessing https:/<<my-ip-address>> and logging in with admin
> and
> default PW, I get a "Login failed".
> In /var/log/ciphermail-gateway-backend.log I see error mesages
> (shortened):
> INFO Application {
> http://ws.djigzo.com}PAM#{http://ws.djigzo.application.mitm/\}authenticate
> has thrown exception
> WARN [Admin Login] Authentication failure: Bad credentials,
> Source:
> --- Principal: admin; Credentials: [PROTECTED]; Authenticated:
> false; --- Not granted any authorities
>
> I already did a reset of the admin passwd according to "Forgot GUI
> admin password" foind in documentation.
>
> Where is my mistake? How can I access the admin pages?

Unfortunately this is a regression :frowning:

When you apply on the admin page, PAM auth will be disabled :frowning:

You can re-enable PAM from the command line

Enable PAM:

java -cp "/usr/share/djigzo/lib/*" \
mitm.application.djigzo.tools.CLITool \
--global --set-property pam.enabled \
--value true

Read PAM enabled status:

java -cp "/usr/share/djigzo/lib/*" \
mitm.application.djigzo.tools.CLITool \
--global --get-property pam.enabled

This will be fixed on the upcoming release.

Kind regards,

Martijn Brinkers

--
CipherMail email encryption
Email encryption with support for S/MIME,
OpenPGP, PDF Messenger and Webmail Messenger

5

Zitat von "birger.kraegelin--- via Users" <users(a)lists.ciphermail.com
>:

> I installed a brand new CipherMail 5.0.4 VM from OVA.
>
> Console login works, configuring network works, looking around in
> bash looks quite good.
>
> When accessing https:/<<my-ip-address>> and logging in with admin
> and default PW, I get a "Login failed".
> In /var/log/ciphermail-gateway-backend.log I see error mesages
> (shortened):
> INFO Application
> {
> http://ws.djigzo.com}PAM#{http://ws.djigzo.application.mitm/\}authenticate
>
> has thrown exception
> WARN [Admin Login] Authentication failure: Bad credentials,
> Source:
> --- Principal: admin; Credentials: [PROTECTED]; Authenticated:
> false; --- Not granted any authorities
>
> I already did a reset of the admin passwd according to "Forgot
> GUI
> admin password" foind in documentation.
>
> Where is my mistake? How can I access the admin pages?
>
> Thanks, Birger

From the Release Notes of the 5.x Releases:

"A default built-in administrative user is no longer created on
first
start. Administrators should log in with their Unix account after
which they can configure new administrative users if needed."

Hi Andreas,

You are right, I misread the report. The OP said:

When accessing https:/<<my-ip-address>> and logging in with admin
and default PW, I get a "Login failed".

As Andreas said, there is no longer a default admin account. You need
to login with your unix credentials:

login name: sa
password: <THE PASSWORD YOU SELECTED ON FIRST LOGIN>

Kind regards,

Martijn Brinkers

···

On Tue, 2021-10-26 at 14:21 +0000, Andi via Users wrote:

--
CipherMail email encryption
Email encryption with support for S/MIME,
OpenPGP, PDF Messenger and Webmail Messenger