Webmin Login Suddenly Fails

SYSTEM INFORMATION
OS type and version Ubuntu Linux 22.04.4
Usermin version 2.102
Virtualmin version 7.20.2 Pro
Theme version 21.20.7
Apache version 2.4.62
Package updates All installed packages are up to date

Strange issue that hit me out of the blue: On Thursday, the Webmin login did work fine with my credentials and 2FA enabled. From Friday, after submitting my credentials, I receive a "Warning - Login Failed. Please try again.".

After two more failed attempts the message reads "403 - Access denied. The user has been blocked because of too many authentication failures." I then connected to my server via SSH and restarted Webmin to unblock my IP and tried again. Same result as above. I did these steps several times over the past days w/o any success.

The hosted websites and services do work fine. No issues occurred.

I did some research but couldn’t find something useful. There’s a thread here and another one there that suggests changing the theme (which didn’t work).

There are no errors in /var/webmin/miniserv.error – additionally, I unbanned all IPs from Fail2Ban and cross-checked for remainders:

fail2ban-client unban --all
iptables -n -L

In /etc/webmin/miniserv.users I can see the entry for my root user. Because the file was touched last end of August (and I definitely logged in successfully after), I decided not to mess with it.

I also deleted the entries in /var/webmin/blocked and stopped/started services individually, i. e. Webmin, Usermin, and rebooted the server itself. As the last straw I stopped the firewall and Fail2Ban.

None of the above actions turned out to be a success.

Neither did I change my login credentials nor run any critical upgrades or installed something new.

Any ideas what else I could try to log into Webmin again?

Have you tried turning of 2FA? Not sure how to do that from the command line but I’d suspect something is out of sync there.

To disable 2FA in Webmin:

  1. in /etc/webmin/miniserv.conf, remove twofactor_provider=totp
  2. in /etc/webmin/miniserv.users, replace something like root:x:0:::::::0:0:totp:HBL7W4RTGXT6FG8W: with something like root:x:0:::::::0:0::HBL7W4RTGXT6FG8W:
  3. restart Webmin with service webmin restart

See if you can login now with your old login and password, @Steini

Thank you both but that also didn’t help. Same outcome as above: "Warning - Login Failed. Please try again."

Do you want to reset the root password?

sudo /usr/share/webmin/changepass.pl /etc/webmin root NEWPASSWORDHERE

1 Like

Oh my effin word!!! That did the trick!!! But why?! I didn’t change the password at all.

That was defo the last thing to consider. Thanks so much, you made my day!

That is resetting only the Webmin root password, and splits it off from the regular Linux password. If that’s what you want to do, that’s fine, but I recommend just setting the root (or your sudo user) password to one you know using the passwd command, rather than having multiple password databases.

I changed the root password via passwd several times after the incident occurred but still couldn’t log in. With the above hint it worked. Any idea why?

I updated the password handling underneath Webmin > Webmin Users > root > Webmin user access rights and set it back to “Unix authentication”. Works now but had to update the password once more via passwd. So far, all back in operation.

I’m assuming you had previously set the Webmin root password, and got yourself into the situation that I was recommending you avoid by only using one password source (the system shadow password file). :wink:

I swear I didn’t do that. I was in control of my mind at all times and I certainly didn’t do it subconsciously, did I?

:man_shrugging:

The default on installation is to use the system password. There are several ways to make that not true, both in the UI and via the command line. Using the changepass.pl script is one such way, but there are others.

I’m aware of many ways to eff up a server (have a vast array of experience in this field) but I defo didn’t change the password - neither through the UI nor the terminal. I’m glad it works again but am slightly worried about the how.

Thank you all for your helpful input!

Valid concern. You could check the Webmin actions log to see if it was changed via the UI. I don’t believe any of the CLI methods would lead to action log entries, though. Of course, if someone had root-level access needed to change this, they also had root-level access needed to edit or delete the actions log.

The new and better way of doing it is:

webmin passwd root
1 Like

Did you save Webmin Users → Edit User page?

I did because of the language translations where I switched back and forth between the default language and the translations. But I didn’t change the password setting during these procedures.

That’s so nice. I’ll use it henceforth.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.