Menu
▾
▴
Re: [leaf-user] leaf-user Digest, Vol 205, Issue 17
|
From: Sławek A. <sa...@wa...> - 2025-12-23 22:25:28
|
Merry Christmas to everyone, W dniu 22.12.2025 o 20:12, lea...@li... pisze: > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 22 Dec 2025 12:14:05 -0500 > From: jeanrocco jr<bla...@gm...> > To: Erich Titl<eri...@th...> > Cc:lea...@li... > Subject: Re: [leaf-user] leaf-user Digest, Vol 205, Issue 14 > Message-ID: > <CAC...@ma...> > Content-Type: text/plain; charset="UTF-8" > > Hello Eric, Slawek & all, > > On Sat, Dec 20, 2025 at 1:48?PM Erich Titl<eri...@th...> wrote: > >> Hi Jeanrocco >> >> Am 20.12.2025 um 19:07 schrieb jeanrocco jr: >>> Hello Erich, Slawek & all >>> >>> On Sat, Dec 20, 2025 at 11:06?AM Erich Titl <eri...@th... >>> <mailto:eri...@th...>> wrote: >>> >> ... >> >>> >>> Erich, right, this is exactly wrong access permission. Slawek, these >>> logs show you are not giving Webconf the right Username and Password . >>> >>> A normal Webconf connection would show: notice the "admin" here as I'm >>> using admin as my username ... >>> >>> 192.168.1.154 192.168.1.254 admin [20/Dec/2025:12:39:32 -0500] "GET / >>> pix/180px-LEAFProjectLogo-Landscape.png HTTP/1.1" 200 14458 >>> "*MailScanner warning: numerical links are often malicious:* >>> https://192.168.1.254/ <https://192.168.1.254/>" "Mozilla/5.0 (X11; >>> Linux x86_64; rv:142.0) Gecko/20100101 Firefox/142.0" >>> >>> When I voluntarily enter admin and a wrong password to connect to >>> Webconf, this is what I get: notice no admin here it is replaced by "-" >>> >>> 192.168.1.154 192.168.1.254 - [20/Dec/2025:12:43:46 -0500] "GET / >>> HTTP/1.1" 401 347 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:142.0) >>> Gecko/20100101 Firefox/142.0" >>> >>> Erich, he should be captive of the "Webconf password page" when he opens >>> up Webconf for the first time, and can get out of it only by giving a >>> username and password. >>> So Slawek you must have given Webconf an admin and password, but don't >>> remember it .... >>> >>> Erich, is there a way to reinitialize Webconf to ask for a new username/ >>> password, from the command lines ? >> I guess the easiest way is to overwrite .htpasswd in /var/webconf/www >> with an empty string like: >> >> > /var/webconf/www/.htpasswd >> >> Then a new login attempt from a terminal should trigger the part in >> .profile which wants to install new passwords. This is quite a chunk of >> shell code which I eliminated from my .profile because I hated it. >> >> Another way is to use pwcrypt to create a new user:password entry for >> .htpasswd >> >> gatekeeper# echo username:$(pwcrypt) > .htpasswd >> Enter the password to encrypt: foo >> >> gatekeeper# cat .htpasswd >> username:Cf6wAfwQPTnig >> > > Ok I did just that but " echo admin:$(pwcrypt) > .htpasswd " but nothing > happened from the browser ... on 7.5.1 > > I then remembered these mailings : > https://sourceforge.net/p/leaf/mailman/message/58837369/ , and this one: > https://sourceforge.net/p/leaf/mailman/message/58837391/ . > > I applied the same corrections and the page asking for user:password now > works fine. > > Having this issue corrected, I re-did " echo admin:$(pwcrypt) > .htpasswd > ", and it worked fine also, I could change the webconf password, and get a > new user:password page. > > As for Slawek, I will send him the > https://sourceforge.net/p/leaf/mailman/message/58837391/ mail, hoping he > can apply this, if not , in his current state his webconf page is always > open, and He can log into it from any browsers from his internal net. > > I think the misconfiguration in /etc/lighttpd/conf.d/auth.conf is largely > overdue for a correction ... > > I also asked KP to give a default initial range value to Dnsmasq DHCP > server ( in dnsmasq.conf ) : > ... > ... > # Uncomment this to enable the integrated DHCP server, you need > # to supply the range of addresses available for lease and optionally > # a lease time. If you have more than one network, you will need to > # repeat this for each network on which you want to supply DHCP > # service. > #dhcp-range=192.168.1.1,192.168.1.199,12h > dhcp-range=192.168.1.100,192.168.1.199,12h > ... > ... > > I don't see why not ... > > Ok bye > jeanrocco > > >> cheers >> >> ET >> -- >> ?Wer von seinem Tag nicht zwei Drittel f?r sich hat, ist ein Sklave.? >> ?Friedrich Nietzsche >> >> > > ------------------------------ > > Message: 2 > Date: Mon, 22 Dec 2025 12:32:35 -0500 > From: "Robert K Coffman Jr. -Info From Data Corp." > <bco...@in...> > To:lea...@li... > Subject: Re: [leaf-user] leaf-user Digest, Vol 205, Issue 14 > Message-ID:<c3c...@in...> > Content-Type: text/plain; charset="UTF-8" > > This would not affect me as my builds are from images or pre-existing > configurations, but I'd disagree with having DHCP start up by default > for a few reasons, not the least of which is that if someone is running > leaf, they should know what they want in terms of DHCP and how to > implement it, IMHO. > > - Bob Coffman > > On 12/22/2025 12:14:05 PM, jeanrocco jr wrote: > > I also asked KP to give a default initial range value to Dnsmasq DHCP > server ( in dnsmasq.conf ) : > > -- > Robert K Coffman Jr. > Info From Data Corp. > 3307249000 > [1]su...@in... > > References > > 1.mailto:su...@in... > > > ------------------------------ > > Message: 3 > Date: Mon, 22 Dec 2025 20:11:05 +0100 > From: Erich Titl<eri...@th...> > To: jeanrocco jr<bla...@gm...> > Cc:lea...@li... > Subject: Re: [leaf-user] leaf-user Digest, Vol 205, Issue 14 > Message-ID:<111...@th...> > Content-Type: text/plain; charset="utf-8"; Format="flowed" > > Hi Jeanrocco > > Am 22.12.2025 um 18:14 schrieb jeanrocco jr: >> Hello Eric, Slawek & all, >> >> On Sat, Dec 20, 2025 at 1:48?PM Erich Titl <eri...@th... >> <mailto:eri...@th...>> wrote: >> >> Hi Jeanrocco >> >> Am 20.12.2025 um 19:07 schrieb jeanrocco jr: >> > Hello Erich, Slawek & all >> > >> > On Sat, Dec 20, 2025 at 11:06?AM Erich Titl <eri...@th... >> <mailto:eri...@th...> >> > <mailto:eri...@th... <mailto:eri...@th...>>> wrote: >> > >> ... >> >> > >> > >> > Erich, right, this is exactly wrong access permission. Slawek, these >> > logs show you are not giving Webconf the right Username and >> Password . >> > >> > A normal Webconf connection would show: notice the "admin" here >> as I'm >> > using admin as my username ... >> > >> >? ?192.168.1.154 192.168.1.254 admin [20/Dec/2025:12:39:32 -0500] >> "GET / >> > pix/180px-LEAFProjectLogo-Landscape.png HTTP/1.1" 200 14458 >> > "*MailScanner warning: numerical links are often malicious:* >> > *MailScanner warning: numerical links are often malicious:* >> https://192.168.1.254/ <https://192.168.1.254/> <*MailScanner >> warning: numerical links are often malicious:* >> https://192.168.1.254/ <https://192.168.1.254/>>" "Mozilla/5.0 (X11; >> > Linux x86_64; rv:142.0) Gecko/20100101 Firefox/142.0" >> > >> > When I voluntarily enter admin and a wrong password to connect to >> > Webconf, this is what I get: notice no admin here it is replaced >> by "-" >> > >> >? ?192.168.1.154 192.168.1.254 - [20/Dec/2025:12:43:46 -0500] "GET / >> > HTTP/1.1" 401 347 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:142.0) >> > Gecko/20100101 Firefox/142.0" >> > >> > Erich, he should be captive of the "Webconf password page" when >> he opens >> > up Webconf for the first time, and can get out of it only by >> giving a >> > username and password. >> > So Slawek you must have given Webconf an admin and password, but >> don't >> > remember it .... >> > >> > Erich, is there a way to reinitialize Webconf to ask for a new >> username/ >> > password, from the command lines ? >> >> I guess the easiest way is to overwrite .htpasswd in /var/webconf/www >> with an empty string like: >> >> ?> /var/webconf/www/.htpasswd >> >> Then a new login attempt from a terminal should trigger the part in >> .profile which wants to install new passwords. This is quite a chunk of >> shell code which I eliminated from my .profile because I hated it. >> >> Another way is to use pwcrypt to create a new user:password entry for >> .htpasswd >> >> gatekeeper# echo username:$(pwcrypt) > .htpasswd >> Enter the password to encrypt: foo >> >> gatekeeper# cat .htpasswd >> username:Cf6wAfwQPTnig >> >> >> >> Ok I did just that but? " echo admin:$(pwcrypt) > .htpasswd " but >> nothing happened from the browser ... on 7.5.1 > There is a bug since 7.2.0. As I am running an old version of lighttpd I > just found out. Check the file /etc/lighttpd/conf.d/auth.conf. This > block is important, the auth.require needs to be as shown below. > > auth.require = ( "/" => > ( > "method" => "basic", > "realm" => "Login", > "require" => "valid-user" > ), > ) > > You may need to restart lighttpd I read https://sourceforge.net/p/leaf/mailman/message/58837391/ as Jeanrocco pointed out. In /etc/lighttpd/conf.d/auth.conf I had: ####################################################################### ## ## Authentication Module ## ----------------------- ## ## See http://redmine.lighttpd.net/projects/lighttpd/wiki/docs_modauth ## for more info. ## auth.backend = "htpasswd" auth.backend.htpasswd.userfile = "/var/webconf/www/.htpasswd" #auth.backend.plain.userfile = "/etc/lighttpd/lighttpd.user" #auth.backend.plain.groupfile = "/etc/lighttpd/lighttpd.group" #auth.backend.ldap.hostname = "localhost" #auth.backend.ldap.base-dn = "dc=my-domain,dc=com" #auth.backend.ldap.filter = "(uid=$)" auth.require = ( "/" => ( "method" => "basic", "realm" => "Webconf Login", "require" => "valid-user" ), ) ## ####################################################################### I changed it and I have: ####################################################################### ## ## Authentication Module ## ----------------------- ## ## See http://redmine.lighttpd.net/projects/lighttpd/wiki/docs_modauth ## for more info. ## auth.backend = "htpasswd" auth.backend.htpasswd.userfile = "/var/webconf/www/.htpasswd" #auth.backend.plain.userfile = "/etc/lighttpd/lighttpd.user" #auth.backend.plain.groupfile = "/etc/lighttpd/lighttpd.group" #auth.backend.ldap.hostname = "localhost" #auth.backend.ldap.base-dn = "dc=my-domain,dc=com" #auth.backend.ldap.filter = "(uid=$)" server.modules += ( "mod_auth" ) auth.require = ( "/" => ( "method" => "basic", "realm" => "Login", "require" => "valid-user" ), ) ## ####################################################################### I restarted leaf but this change doesn't help. But I have other news. It's good news for me. As I mentioned earlier, I have two flash drives. Both have Leaf on them. The first was made using Raspberry Pi Imager from image of version 7_0_0. I made upgrade to 7_5_1 and configured it. It's very possible that I set this password and don't remember it. Nine years break from making next leaf - a lot of new stuff. This leaf works. I just don't have webconf and there's no list of acceptable IPs. I don't know how to create this list. Something's not working. But I made a second flash drive. Syslinux for made it bootable. Unpack and copy Bering-uClibc_7.5.1_i686_syslinux_vga.tar.gz to pendrive. And configure in my way. The second leaf has working webconf. But he had no access to the Internet. Means the leaf had (ping 8.8.8.8) but connected to it local PC not. So, using PuTTy, I copied all configuration files from lrcfg to my Windows PC. All from first and all from second. For compare them. I will tell you right away that despite the same number (7_5_1) these are slightly different configurations. These are without my changes. Probably upgrade wasn't correct. But cofiguring the second leaf I made stupid mistake. I made a mistake when writing the IP number in the file /etc/shorewall/snat. And that's why I didn't have internet. But I would still like to have a list of accepted local IPs. What I did doesn't work and I don't know how to do it. > > cheers > > ET |
