Zyxel NAS542: Login via Web UI does not work, SSH-Login still works

Mindspeed Comcerto 2000 based
Post Reply
User avatar
RokerHRO
Posts: 12
Joined: Fri Sep 29, 2017 10:38 am
Location: Hamburg, Germany
Contact:

Zyxel NAS542: Login via Web UI does not work, SSH-Login still works

Post by RokerHRO » Mon Jun 25, 2018 9:49 am

Hi there,

I use my Zyxel NAS 542 for several months, mostly as TimeMachine backup storage and media server. Now I want to login via the web UI after several months, but I constantly get "Access denied", both for the "admin" user and for the second non-priviliged user I created some months ago.

When I try to login via ssh it works fine, even "sudo" to get a root shell works. It seems I misconfigured something many months ago, but I can't remember. :-(

Is it possible to reset the web UI password to the same password I use for SSH, at least for the admin user (the other users I can delete/re-create if necessary via the web UI afterwards)

Thank you,

Lars R.

Mijzelf
Posts: 6251
Joined: Mon Jun 16, 2008 10:45 am

Re: Zyxel NAS542: Login via Web UI does not work, SSH-Login still works

Post by Mijzelf » Mon Jun 25, 2018 5:51 pm

Did you already reboot the box?

User avatar
RokerHRO
Posts: 12
Joined: Fri Sep 29, 2017 10:38 am
Location: Hamburg, Germany
Contact:

Re: Zyxel NAS542: Login via Web UI does not work, SSH-Login still works

Post by RokerHRO » Mon Jun 25, 2018 9:10 pm

Sure. Several times, because it does not run 24/7.

Mijzelf
Posts: 6251
Joined: Mon Jun 16, 2008 10:45 am

Re: Zyxel NAS542: Login via Web UI does not work, SSH-Login still works

Post by Mijzelf » Tue Jun 26, 2018 8:02 am

Theoretically you can reset the webinterface password by executing

Code: Select all

smbpasswd <username>
as root.
This will update /etc/samba/smbpasswd, which is used for both samba and the webinterface (the latter using PAM).

The change is volatile. If you have web access again, you'll have to change the password in the webinterface to get it pushed to the non-volatile database.

User avatar
RokerHRO
Posts: 12
Joined: Fri Sep 29, 2017 10:38 am
Location: Hamburg, Germany
Contact:

Re: Zyxel NAS542: Login via Web UI does not work, SSH-Login still works

Post by RokerHRO » Tue Jun 26, 2018 1:52 pm

I ran the smbpasswd command to set a new password for the "admin" user but … the web login still does not work. :-(

I ran smbpasswd for another user, but it also does not get into the web UI.

*sigh*

Mijzelf
Posts: 6251
Joined: Mon Jun 16, 2008 10:45 am

Re: Zyxel NAS542: Login via Web UI does not work, SSH-Login still works

Post by Mijzelf » Thu Jun 28, 2018 7:06 am

Have you checked if /etc/samba/smbpasswd did change by the use of smbpasswd?

Have you installed any additional software which could affect the webserver/PAM link?

User avatar
RokerHRO
Posts: 12
Joined: Fri Sep 29, 2017 10:38 am
Location: Hamburg, Germany
Contact:

Re: Zyxel NAS542: Login via Web UI does not work, SSH-Login still works

Post by RokerHRO » Thu Jun 28, 2018 7:04 pm

Yes, the password hash(?) in the samba/smbpasswd file changes. interestingly the same password always creates in the same hash, so there is now salting. *sigh* Security level of the 80s, or so. :shock:

I installed some "Tweaks" from the "MetaRepository", to have some handy Unix tools on the local shell (e.g. Midnight commander :-) ), but I don't remember which one at all.

What do you mean with webserver / PAM link? how can I check whether this is in the state that it shall be? (PAM == pluggable authentication module, I guess)

Mijzelf
Posts: 6251
Joined: Mon Jun 16, 2008 10:45 am

Re: Zyxel NAS542: Login via Web UI does not work, SSH-Login still works

Post by Mijzelf » Fri Jun 29, 2018 9:01 am

RokerHRO wrote:
Thu Jun 28, 2018 7:04 pm
Yes, the password hash(?) in the samba/smbpasswd file changes. interestingly the same password always creates in the same hash, so there is now salting. *sigh* Security level of the 80s, or so. :shock:
Actually, it's from the nineties. Read the story here.
I installed some "Tweaks" from the "MetaRepository", to have some handy Unix tools on the local shell (e.g. Midnight commander :-) ), but I don't remember which one at all.
That should be harmless, AFAIK.
What do you mean with webserver / PAM link? how can I check whether this is in the state that it shall be?
Don't know exactly. If you read the apache config files, (in /etc/package_server/ or something like that) you can see that a zy_auth module is loaded. Looking at that module with 'strings' you can see that it uses PAM.
So to affect that link, you should have a script which changes the apache config or the PAM config. On each boot, as the files are on a ramdrive, and regenerated on each boot. I guess you should have known if you had written such a script.

I don't know what is wrong with your box. You could try a factory reset.

User avatar
RokerHRO
Posts: 12
Joined: Fri Sep 29, 2017 10:38 am
Location: Hamburg, Germany
Contact:

Factory reset?

Post by RokerHRO » Wed Jul 18, 2018 9:37 pm

Which data are lost after such a factory reset? All the data on the disks? Or ''only'' the configuration (the users and their accounts and access rights – that could be restored easily, I think)

L.

Mijzelf
Posts: 6251
Joined: Mon Jun 16, 2008 10:45 am

Re: Zyxel NAS542: Login via Web UI does not work, SSH-Login still works

Post by Mijzelf » Thu Jul 19, 2018 7:13 pm

A factory reset does not touch the data.

All users are deleted, shares are disabled, passwords reset, network dhcp, all packages are disabled. AFAIK most (all) package settings will retained, as they are on disk, not in flashrom.

User avatar
RokerHRO
Posts: 12
Joined: Fri Sep 29, 2017 10:38 am
Location: Hamburg, Germany
Contact:

Re: Zyxel NAS542: Login via Web UI does not work, SSH-Login still works

Post by RokerHRO » Wed Jul 25, 2018 6:02 am

Hi all,

I did a normal password reset (3 second until 1 beep). The "admin/1234" combo still did not work, but … my old password (that I used for ssh) now works again for the Web UI! :shock: :D

So everything seems to run fine again, incl. a firmware update that came in yesterday, too.

Yay!
:o

Thanks for your answers, anyway. Happy nassing!

Lars R.

Post Reply