[Couchbase-server]Adding user/Changing password? - authentication

I am a newbie getting started with couchbase-server.
I simply want to browse the data present in a couchbase server using UI at http://www.dataoncouchbase.com:8091/index.html.
The password for the account "Administrator" is unknown. But I need to login to see the data.
One technique for changing the administrator password on couchbase-server is the following command (I do have access to the machine via command line)
$$ /opt/couchbase/bin/couchbase-cli cluster-init -u Administrator -p old_password -c 127.0.0.1:8091 --cluster-init-username=Administrator --cluster-init-password=new_password
BUT...only works if you know the old password(which I don't have).
I also tried modifying the local.ini file present at : /opt/couchbase/etc/couchdb/ and restarting the server. I added a new line(username=password) under [admins] section in the file. However I am not able to log in with the new user as well.
It would be great if someone can give me a way to add a new user(with read/write permissions) or change password for Administrator OR point me to some resource to do the same.

cbreset_password - it'll reset Administrator password w/o need to know the prior.

Have you looked in "config.dat" according to this it may appear there in plain text. (granted, they are talking about web console).
It seems like you may have already seen this but I'll reference it just in case. The format they use for password stored in local.ini includes spaces -> "username = password" Also they recommend running the command 'ls -alR /opt/couchbase-server/etc' to help figure out where your problem might be. Perhaps you can post your output for that command here if the last two suggestions don't work out.

I had the same problem. Seems like there's no way to reset the password, but it is visible in the config.dat file. The other thing that caught me out is the username...it's case sensitive, so Admin != admin !!!

If you know the old password ( I know this is not your case, but I want to write the solution to help someone who knows old password), you should read:
I changed with this command ( although it has thrown error --> ERROR: option cluster-init-ramsize is not specified);
./couchbase-cli cluster-init -c 127.0.0.1:8091 --user=admin --password=OLDPASS --cluster-init-username=admin --cluster-init-password=NEWPASS
My configuration is;
CentOs Gnu/Linux &
Couchbase 2.5.0
I have run command under the directory: /opt/couchbase/bin

Ok man I figured it out :)
I use OSX but I guess the way will be simular.
I went into the CouchbaseServer.app in orde to view the content.
then you open the folder Content/Resources/couchbase-core/bin
and theres programm called cbreset_password :)
Then it asked you to change the admin password.....there you go.
I feel with you it took me 2 hours :)

Using couchsync with couchbase you can change all users password using the administrative REST API.
curl -vX PUT http://127.0.0.1:4985/yourdbname/_user/youruser --data "{"name":"youruser", "password":"newpassword", "admin_channels":["yourlistofchannels"], "admin_roles":["yourlistofroles"]}"

Using your command go to your Couchbase bin folder. For mac, this is
/Applications/Couchbase Server.app/Contents/Resources/couchbase-core/bin
In that folder, execute this:
./couchbase-cli reset-admin-password --new-password test123.
Your new password will be changed to test123.
Here is the detailed guide: https://docs.couchbase.com/server/4.6/cli/cbcli/reset-admin-password.html

Step1:
/opt/couchbase/bin/couchbase-cli reset-admin-password --new-password 'Pass#2020'
-------
SUCCESS
-------
You may be trying to login with username "Administrator" but you will see error sometimes. Because in some clusters "Administrator" may not be the default hard coded admin, to see the admin name see the below file (as follows):
$ ls -lrth /opt/couchbase/var/lib/couchbase/isasl.pw
$ cp /opt/couchbase/var/lib/couchbase/isasl.pw /tmp
$ cat /tmp/isasl.pw
{
"users": [
{
"n": "**Admin**",
------------------here "Admin" is the Administrator account. So use "Admin" as username to login with your new password changed in step1.

Related

SnowSQL login issue

I am trying to login into snowSQL for the first time and i am getting this below error. I want to know what is wrong with the below statement.
snowsql -a LTA43954.US-west-oregon.aws -u INDUMATHI
and the error is
250001 (n/a): Could not connect to Snowflake backend after 0 attempt(s).Aborting
If the error message is unclear, enable logging using -o log_level=DEBUG and see the log to find out the cause. Contact support for further help.
Please help me out
Is your snowflake instance up?
Also check your region, if you are using correct one. I checked on oregon, looks like its us-west-2. Please try using that and see if it works.
You can also try to put all this in your snowflake config file and just type snowsql (without any parameters) and it should log you in.
The default location for config file is your homedirectory/.snowsql/config
On windows - c:\users<username>.snowsql\config
accountname = LTA43954
region = US-west-oregon.aws
username = INDUMATHI
password =
Password you can provide in config file or you will be prompted for it.
I tested connectivity using same and it gave me password prompt, so it means its working. Please refer below for the test I did.
It appears your snowflake instance was not up or had some issue/outage, as now its connecting fine.
The account name has an incorrect region id appended to it. It should be as follows:
snowsql -a LTA43954.us-west-2 -u INDUMATHI
Try this and verify

Testing if user created in AD can be logged into on a VM

I am a QA automation engineer and in the web app I test there's a feature that creates Active Directory users.
My tools are - Selenium (Java), RemoteWebDriver, Selenium Grid (Docker)
I was trying to find ways to validate this process and came to a stop - this field (AD) is new
to me and I need to find a way to make sure the user was created and can be logged into in the
network.
I was trying to find a way to do this and came up with 2 options, where the first one is the least
preferred way:
Make a request (API? 3rd side tool?) to get the relevant user(s).
The issue:
A user created and registered in the AD doesn't necessarily mean that the client can log into it (at least by the way I understood how AD works), and so it loses the most important consequence of the feature.
Use a VM, get the AD user information (username + password: possible) and try to log into the VM using those details.
The issue:
I haven't came across a tool that does it, the closest thing is Robot class or WinAppDriver.
WinAppDriver seems like the best solution as of now although I don't know how to make the login process work since it's the process starts before the desktop is open and I don't know how to locate the username and password field, so I figured using Robot class seems like the simplest solution, if it works on a VM that is, which as of now doesn't seem like it does.
So, before advancing on learning how to use WinAppDriver with my current automation, I'd like and appreciate your opinions about the matter or if you have simpler solutions.
Thank you very much for reading!
• We can check whether a user is created successfully or not and if that user can log in to the AD domain or not by executing a script as below. It is a powershell script that auto logs in through remote desktop protocol in the other domain joined VM from an Azure domain joined VM that checks whether the recently created user can login or not.
Powershell script : -
cmdkey /list | ForEach-Object{if($_ -like "*target=TERMSRV/*"){cmdkey /del:($_ -replace " ","" -replace "Target:","")}}
echo "Connecting to 192.168.1.100"
$Server="192.168.1.100"
$User="Administrator"
$Password="AdminPassword"
cmdkey /generic:TERMSRV/$Server /user:$User /pass:$Password
mstsc /v:$Server
• In the above script, replace the ‘$user’ value by the user principal name of the newly created user, i.e., ‘$User=”testdemo#example.com”’ and the ‘$Password’ value by the password set for that user. Also, ensure that you replace and enter the correct IP address of the domain controller/AD server. Also, ensure that before executing the above powershell script, execute the below commands in an elevated (administrator privileges) powershell console.
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
Lastly, please ensure that while creating the user, the option ‘User must change password at next logon’, ‘Account is Disabled’, ‘Password never expires’ and ‘User cannot change password’ are unchecked and not selected.
• Also, you can use the below command line script for logging in to the domain joined Azure VM through RDP protocol. In the below command, replace the ‘username’ and ‘password’ with the username and password of the user created recently to log in to the Azure VM with this command line script. Also, replace the ‘TERMSRC’ with the hostname of the server system or the domain joined VM where the specified UNC path is located and replace the ‘some_unc_path’ with the actual path UNC path of the shared directory folder. Please execute the below command through elevated (administrator privileges) command prompt.
Command script: -
c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -nolog -command cmdkey /generic:TERMSRC/some_unc_path /user:username /pass:pa$$word; mstsc /v:some_unc_path

How to fix the issue: "The specified database user/password combination is rejected" using Intellij IDEA?

I'm using Spring application and stack is like: Java 11, Spring Boot 2.2.1.RELEASE.
(technology versions may vary here)
When I try to connect to the database via Data Source using Intellij IDEA, I get always the issue like:
The specified database user/password combination is rejected:
[28P01] FATAL: password authentication failded for user 'postgres'
How can I fix it?
To be noticed: this answer is similar, but not related to:
Unable to connect from Intellij to mySql running in docker container - "specified database user/password combination is rejected"
To fix it:
you need to check your application.properties file and change the value of user password on line:
spring.datasource.password=your_password
The cause of issue is:
your value of the property spring.datasource.password in application.properties
does not match the user password what was selected by default during installing your database system.
E.g. more specifically on the step "Enter the password for the database superuser (postgres)":
To clarify: provided example is for PostgreSQL, but it can be another database system.
Edit: this assumes you run Linux
if the other answer provided by invzbl3 doesn't work, check out this solution, it worked for me. Make sure to restart afterwards.
https://docs.fedoraproject.org/en-US/quick-docs/postgresql/#_initial_configuration
If you’re getting ident errors from your app you’ll probably need to perform the accepted solution described at https://serverfault.com/questions/406606/postgres-error-message-fatal-ident-authentication-failed-for-user?newreg=a4fdc3e21349449985cc65b82399c5b4
(if you don't have nano, just use any other text editor)
sudo nano /var/lib/pgsql/data/pg_hba.conf
and edit host all all 127.0.0.1/32 ident to host all all 127.0.0.1/32 md5.
This should allow most applications to connect with username/password.

How to solve My SQL ERROR 1045 (28000): Access denied for user 'root'#'localhost' (using password: YES)

I know there are already similar questions and I tried each of the solutions but somehow nothing seems to help. Maybe anyone has an idea what is going on. I am very new to the programming world and don't understand yet what's behind all the commands, but tried my best to solve it myself.
I installed MySQL via homebrew on a mac. As long as the password was not set up and I could just press enter when asked for password all was fine. Then I changed the password via this command
mysql> ALTER USER 'root'#'localhost' IDENTIFIED BY '';
After doing this, I could not log in any more and always get the ERROR 1045 (28000). I reinstalled SQL and also downloaded another version via Then I installed SQL via the MySQL community server, but this also did not change anything.
But by installing via MySQL community I could go to the system preferences and reset the password (which also did not work via the terminal) - but again no luck.
I would appreciate any ideas. Thanks.
The issue is likely due to socket authentication being enabled for the root user by default when no password is set, during the upgrade to ubuntu 16.04.
The solution is to revert back to native password authentication. You can do this by logging in to MySQL using socket authentication by doing:
sudo mysql -u root
Once logged in:
ALTER USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
which will revert back to the native (old default) password authentication.
Now use password as the password whenever required by MySQL.

smbclient NT_STATUS_ACCESS_DENIED

About once every 10 years I need to wrestle with SAMBA as I migrate to new hosts, and then I repress the traumatic memory until I have to relearn it all the next time :S Hence this newbyish question.
I have a Ubuntu VM with a couple of shares - one ("Public") is unsecured, the other ("Public2") is secured, with the intention that it should be accessed only by an authenticated user account defined on the Ubuntu box. Both shares appear in Windows Explorer on both XP and Win8.1. However, I can't for the life of me work out how to log into the secure Public2 share.
Leaving Windows clients out of it, I've tried simply looping back to the box using smbclient, which produces the following output, indicating it just can't authenticate:
michael#ubuntu:~$ smbclient //ubuntu/Public2 --user=michael%mypasswd
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
tree connect failed: NT_STATUS_ACCESS_DENIED
Meanwhile the unsecured share is accessible.
What (probably incredibly obvious) thing have I missed? Am I not specifying the username correctly?
/var/lib/samba/usershares/public (unsecure, works) contains:
#VERSION 2
path=/home/michael/Public
comment=
usershare_acl=S-1-1-0:F
guest_ok=y
sharename=Public
/var/lib/samba/usershares/public2 (which I can't access) contains:
#VERSION 2
path=/home/michael/Public2
comment=
usershare_acl=S-1-1-0:F
guest_ok=n
sharename=Public2
For users who are using for the command line option, use
$ sudo smbpasswd -a <user_name>
this will prompt you to assign the password.
WARNING: This refers to Samba 2. We are at Samba 4 now. Take care which version of Samba you are using. As stated in my comment, the GUI will break your configurations.
A work colleague has pointed me in the right direction:
The Linux user ID being used to access the Linux share needs to have a second "samba" password defined for it. The easiest way to do this is to install and run the GUI Samba Server Configuration app, which isn't installed by default.
The Samba documentation does explain this, but it's buried in the masses of documentation explaining all the various arcane aspects of samba.conf configuration etc.
The following article gets to the heart of the subject:
http://ubuntuhandbook.org/index.php/2014/05/ubuntu1404-file-sharing-samba/
You have to edit the '/etc/samba/smb.conf'
use sudo nano /etc/samba/smb.conf to edit the conf file.
Where Workgroup = [your Domain]
There is no 'second samba password'. There is linux password: /etc/passwd and then there is Samba password, which is either smbpasswd or passdb.tdb. Which one and where it is located depends on Samba version and setting in smb.conf. BOTH must be set. Both means Linux in /etc/passwd and in Samba (one of the above). This is in most cases the issue with this error message. Or try to restart Lanman service, or Windows.
But I want to comment on another, probably rarer case.
If you are using customized Samba and only in such case, there might be another (extended) reason for this error.
Samba might be compiled with additional permission checks, which will say "NO" (return false) after which Samba will announce error, the same as this Q is mentioning.
Check the log for errors. There might be a clue if it is such a case.
Again, this is specific for custom build Samba.
Specifically in my case, on QNAP NAS, Samba will call a binary /sbin/appriv -C -u 502 -S1
-C, --check Check user privilege.
-S, --samba [bit] The privilege of Samba
-u, --uid [uid] UID.
appriv is "appriv -> nasutil" which is QNAP own binary, not part of the linux or the GNU.
With so many options build in Samba, I can't find a reasoning for this additional check.
Especially when it could be satisfied with just a plain empty file returning "true".
Just a complication, possible source of issues, no safety advancement.
I've been updating old abandoned system from QNAP. Replaced Samba from another, newer NAS.
This is how I come about this issue and wasted a lot of time on it. Thanks QNAP.
Apparmor might also be the cause. You need to whitelist all share locations, otherwise you will always get the "permission denied" error.
Fix is adding to /etc/apparmor.d/local/usr.sbin.smbd:
"/path_to_share/" rk,
"/path_to_share/**" lrwk,
for each share. (The first line allows read-access to the base-directory, the second line allows read-write-access to everything within that base-directory recursively)
Source: https://wiki.archlinux.org/title/Samba#Permission_issues_on_AppArmor
Crosspost from: https://serverfault.com/a/1109267/592032