Password change in Roundcube does not work

Discussion in 'Installation/Configuration' started by muekno, Mar 13, 2022.

  1. muekno

    muekno Active Member HowtoForge Supporter

    I followed https://www.howtoforge.com/install-ispconfig-3-roundcube-plugins-on-debian-10/
    I can see the new Tab account and I can come to the where changing password. After setting a new password the page do not change , no message about success or similar.
    After that no logging is possible, wether the old nor the new password works. I have to reset the password in ISPConfig Mailbox itself.
    Thanks for help
    Regards
    Rainer
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Which Roundcube theme do you use?
     
  3. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  4. muekno

    muekno Active Member HowtoForge Supporter

    Larry, I think it is the default, I do not remember that I changed it
    Rainer
     
  5. muekno

    muekno Active Member HowtoForge Supporter

    I do not think it's that problem, all other changes I make in ISPConfig (using since at least 10 years) are written to disk, even the changed password within the ISPConfig Panel. The problem is if I change the password within roundcube snapin the new password.
    Waited more than 1 Minute. After the first attempt to login I get the following notice
    Code:
    ANFORDERUNGSPRÜFUNG FEHLGESCHLAGEN
    Zu Ihrer Sicherheit wird der Zugriff auf diese Ressource mit CSRF geschützt.
    Wenn Sie dies sehen, haben Sie sich wahrscheinlich vor dem Verlassen der Webanwendung nicht abgemeldet.
    
    Nun ist eine menschliche Interaktion erforderlich, um fortzusetzen.
    Bitte kontaktieren Sie Ihren Server-Administrator.
    
    Whats not right, I left roundcube with "abmelden" and returned to the Login page.
    Code:
     cat /var/log/roundcube/errors
    [14-Mar-2022 12:40:21 +0100]: <tclvte0p> PHP Error: Request security check failed (POST /webmail/?_task=login&_action=login)
    
    The plugin troubleshooting do no not help, I get nor error messages than these noted above
    Regards Rainer
     
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    The error messages you show look like coming from the login attempt after password change.
    But the error is in not writing the changed password to database. Examine that part to see what is wrong.
     
  7. muekno

    muekno Active Member HowtoForge Supporter

    Yes thats what i wrote, but when the password is not written to the database, then the old password should work, whats not the case, so something seams to be written to the database.
    May it be that there are different encryption of the password. The encryption of ISPConfig panel seams to be the same used by verifying the password on logging in, but the encryption made when changing via the roundcube interface is an other.
    "Examine that part to see what is wrong." How can I do this?
    Regards
    Rainer
     
  8. muekno

    muekno Active Member HowtoForge Supporter

    Still looking for help or hint
    Regards
    rainer
     
  9. muekno

    muekno Active Member HowtoForge Supporter

    I just installed a complete new ISPConfig single Server
    following minimal Debian 10 server, perfect Debian 10 server, roundcube plugins on Debian 10
    Roundcube works, but the additional tab Account is not shown
    I went through all the troupbleshooting. I have no soap errors shown, or is the a logfile whre I can look. I get no Roundcube errors too.
    The references to the git hub installer is not usefull as the pathes are not complete, you do not know from where they start.
    The soap path should work as I can go to it with the browser getting a blank page without error.
    Still need help
    Regards Rainer
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    If you like to have someone look into it on your server directly, you might want to send @Th0m a pm.
     
  11. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    I believe that tab is added by the ispconfig3_roundcube plugins, it sounds like those are not enabled. What do you mean by the pugins work? (I think the lack of the Account tab is evidence they are not working/running?)
     
  12. muekno

    muekno Active Member HowtoForge Supporter

    The new installed server is on an internal test network, so it is not easy to access it but possible. The real problem server is public and works as mailserver for my domain and customers. So I can give you access.
    The funny thing there the additional tab exists. I installed the plugins last year but did not follow the password problem as it was not urgent, but now some of my customers want to to have this future. But I can not change password, if I try wether the old nor the new password works. So snapins should be enabled. Are there any other things I can do or test i.e. loglevels to get more information in log file. The new server was just to have something working to compare with. it will be delete when everthing works.
    Will check the production server against the troupshooting list again, perhaps I have overseen something, but waiting for alternate troupleshouting tips too.

    Regards Rainer
     
  13. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    So the old and new server have different problems.

    In general, watch the error log find php related issues. Configuration issues may or may not make an appearance there, I don't know (I'd expect a wrong remote uri to produce an error .. don't know about a bad api username/password). I believe the troubleshooting steps were pretty comprehensive, if I'm thinking of the same ones.
     
  14. muekno

    muekno Active Member HowtoForge Supporter

    The new server was just a test to see how everything works on new clean system, you must not care about it, it will be deleted anyhow.
    i started the treat cause the problems on the production server in a multiserver installation. After I didn't get new responses i tried this with the clean test installation, to find differences. Didn't expect the problem.
    "if I'm thinking of the same ones." I followed these on the link at the end of the tutorial https://www.howtoforge.com/install-ispconfig-3-roundcube-plugins-on-debian-10/
    Regards
    Rainer
     
  15. muekno

    muekno Active Member HowtoForge Supporter

    On the production server I followed this https://www.howtoforge.de/anleitung/ispconfig-3-roundcube-plugins-unter-debian-10-installieren/ tutorial, as it seams me newer than the english version, but can not see differences to the english version without any effect solving the problem. Did go through https://github.com/w2c/ispconfig3_roundcube/wiki/Troubleshooting---FAQ but as there a no errors or other effects the questions there match that does not help.
    Loooked at the roundcube logs, found nothing concerning my problem or even any problem.
    I found that there a password successfully changed notice should come, but I do not see it.
    Going again through https://www.howtoforge.com/community/threads/roundcube-password-change-does-not-work.87382/ I waited quite a while leaving roundcube open and after a minute or more I got a soap error message but too short to read. Is this logged anywhere.
    But then I can log in with my old password. Try again the error was "Could not connect to host"
    Any hint what to do now
    Regards
    Rainer
     
    Last edited: Mar 18, 2022
  16. muekno

    muekno Active Member HowtoForge Supporter

    Additional information, if I select any other option under account i.e. automatic reply the same affect after some minutes Can not Connect to host, so SOAP connection should be the problem, but I can find nothing in apache or ispconfig logs.
    I double checked remote_soap_user and remote_soap_pass. soap_url is https://ipaddress:8080/remote/ while ipaddress is the the private address of the admin server (all servers are behind NAT on a 10.10.1.0/24 network. I also tried soap_validate_cert true and false.
    If I access the admin server from extern with https://admin_server_ip:8080/remote/ I get a blank page as expected. The server has valid LE certificate
    Regards
    Rainer
     
  17. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Your soap URL is using an IP address, which is not a name covered by the letsencrypt certificate; change the URL to the hostname.
     
  18. muekno

    muekno Active Member HowtoForge Supporter

    Still the same "could not connect to host" after a while.
    soap_validate_cert is set to false. And remember all servers are on an internal private network.
    I left "Remote Access IPs / Hostnames (separate by , and leave blank for any" under System/remote user blank to not get problems from there but i checked "remote access"
    ISPConfig panel server is not the mail server with roundcube.
    For the soap url, the /etc/hosts points to the internal private addresses
    Regards Rainer
     
  19. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    is the server listening on that IP?
     
  20. muekno

    muekno Active Member HowtoForge Supporter

    netstat on Admin Server
    Code:
    tcp6       0      0 :::8080                 :::*                    LISTEN      0          3839421    1558/apache2       
    tcp6       0      0 :::80                   :::*                    LISTEN      0          3839407    1558/apache2       
    tcp6       0      0 :::8081                 :::*                    LISTEN      0          3839415    1558/apache2       
    
    I think it does, even if I do not use IPv6
    ifconfig
    Code:
    ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 10.10.1.10  netmask 255.255.255.0  broadcast 10.10.1.255
            inet6 fe80::20c:29ff:fec7:4ed4  prefixlen 64  scopeid 0x20<link>
            ether 00:0c:29:c7:4e:d4  txqueuelen 1000  (Ethernet)
            RX packets 6187195  bytes 1629422935 (1.5 GiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 5572363  bytes 1398859572 (1.3 GiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    Mail server
    config.inc.php partly
    Code:
    $config['soap_url'] = 'https://admin.domain.de:8080/remote/';
    
    /etc/hosts partly
    Code:
    10.10.1.10      admin.domain.de admin
    
    Regards rainer
     

Share This Page