Resetting TikiWiki’s admin Password and Email with MySQL

 web-tools  No Responses »
Nov 202008
 

Introduction

In TikiWiki’s setup, an admin account is created.  The default password is “admin”.  And, you are forced to change that password as soon as you login.  Unfortunately, you are not required to provide an email address for the “admin” account during setup.

This sets the stage for two moments of sheer panic:

  1. You log out of admin, forget the password, and try to reset the password:  Resetting passwords typically require an email address; therefore, you cannot reset the password.  Yikes!  8-|
  2. While in admin you enable, “Challenge-Response Authorization”.  Later, you log out of admin and try to log back in.  Unfortunately, “Challenge-Response Authorization”, although more secure and therefore desirable, depends on the user additionally entering his email address.  But, the admin account has no email address, and so you cannot log back in as admin, even if you know the password.  Double Yikes!!! 8-|

If you get bitten, here are a couple of anti-venom therapies.

Solution

If you have database access (MySQL, in this case), either via a shell, MySQL client, or phpMyAdmin, you can directly update the database.  Instructions here are for shell access:

To simply reset the admin password to “admin”:

$ mysql -u my_db_user_id i -p my_db_name
Enter password:

mysql> UPDATE `users_users` SET `password`='admin', `hash`= md5('adminadmin') WHERE
    -> `login`='admin';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> quit;
Bye

Once you log in, you should obviously change the password to a strong, non-default password.

If you are unable to login, and you cannot reset the password, because you forgot to assign an email address to the “admin” account, do the following:

$ mysql -u my_db_user_id i -p my_db_name
Enter password:

mysql> UPDATE `users_users` SET `email`='myemail@server.com' WHERE `login`='admin';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> quit;
Bye

By setting the email address for the admin account, you can now reset the password, assuming you did not disable that feature too, before you logged out. >8-|

If you are still stuck, be sure to check out phpMyAdmin, which provides you a graphical tool to explore and edit the underlying MySQL database without knowing the command-line syntax.

References

http://doc.tikiwiki.org/tiki-index.php?page=lost+admin+password&bl=y

http://doc.tikiwiki.org/tiki-view_faq.php?faqId=7

Share

Configure NetVanta 3120 for HP C7280 beyond VPN LAN

 Networking  No Responses »
Nov 122008
 

Problem Introduction

I frequently use a workstation that sits behind an Adtran NetVanta 3120.  The NV3120 is powerful little box.  It provides secure VPN access back to corporate headquarters, but it also provides a 4-port switch, a highly configurable firewall, and generally more bells and whistles than you could ever want.

Recently, I added a Hewlett-Packard Photosmart C7280 to the network.  However, it sits beyond the NV3120’s LAN, so other workstations on the greater LAN can use it, like my Gentoo laptop.

The default printer configuration went great!  I was printing in no time from my workstation behind the NV3120.  However, scanning was another issue.

Apparently, when used in scan mode, the HP C7280 originates traffic on a non-established port, so it becomes blocked or is otherwise lost.  I knew everything else was working fine, because I could bypass the NV3120 and scanning would work great!  But, that was not going to be acceptable for frequent use.

Network Topology

Here is an ASCII representation of the relevant network subsection:

                                            Incoming Line
                                                  |
                                         [ Wireless Router ]
                                            192.168.1.1
                      /                           |                        \
               192.168.1.100                192.168.1.101              192.168.1.102
            [ NetVanta 3120 ]    [ HP C7280 Printer-Scanner-Fax ]    [ Workstation #3 ]
                10.10.0.110                                               Laptop
             /             \
    10.10.0.99           10.10.0.100
[ Workstation #1 ]   [ Workstation #2 ]
  Windows XP Pro           Linux

The critical path is highlighted in red.

Solution

Eventually, I called the Adtran tech support.  I was pleasantly surprised to receive a call back from a support engineer in short order.  He understood my problem very quickly, and he knew immediately what to do!  What follows are my scribbled notes for the steps he proscribed:  (Of course, your policy names and IP numbers may vary.)

  1. Backup NV3120 configuration, in case something goes wrong.  😉
  2. Configure NV3120 to grab static IP, not DHCP-based IP from wireless router:

    Click on:  System -> Public Interface -> IP SettingsComplete as follows:IP:  192.168.1.100
    MASK:  255.255.255.0
    DEF GW:  192.168.1.1

  3. Add UDP relay for NetBios broadcast by HP C7280 printer (192.168.1.101) to be encapsulated and relayed through NV3120 (192.168.1.100) to its LAN (10.10.0.X) and vice-versa:Click on:  Data -> UDP Relay -> IP Helper AddressAdd following addresses:

    10.10.0.99 – Public (eth0)
    10.10.0.100 – Public (eth0)
    192.168.1.101 – vlan1
    UDP Forward Protocol:  netbios (port 137)  [Press “Add”]

  4. Allow traffic between 10.10.0.X subdomain and and 192.168.1.X subdomain:Click on:  Data -> Firewall -> Security Zones -> Edit Security Zones -> Public
    Add Policy to Zone “Public”
    Type:  Allow
    Description:  Allow 192.168.1.X to 10.10.0.X
    Stateless Processing:  OFF
    Destination Security Zone:  <Any Security Zone>
    Source – Specified:  192.168.1.0 / 255.255.255.0
    Destination – Specified:  10.10.0.96 / 255.255.255.240
    Protocol:  any

    Use “arrows” to move new policy right below “VPN Selector” and before everything else.

  5. Allow traffic between 192.168.1.X subdomain and 10.10.0.X subdomain:Click on:  Data -> Firewall -> Security Zones -> Edit Security Zones -> Private

    Add Policy to Zone “Private”
    Type:  Allow
    Description:  Allow 10.10.0.X to 192.168.1.X
    Stateless Processing:  OFF
    Destination Security Zone:  <Any Security Zone>
    Source – Specified:  10.10.0.96 / 255.255.255.240
    Destination – Specified:  192.168.1.0 / 255.255.255.0
    Protocol:  any

    Use “arrows” to move new policy right above “NAT list wizard-ics” and below everything else.

  6. Create policy for UDP Relay:Click on:  Data -> Firewall -> Security Zones -> Edit Security Zones -> Public
    Add Policy to Zone “Public”
    Type:  Advanced
    Description:  Relay netbios
    Policy Action:  Allow
    Destination Security Zone:  <Self Bound>
    Stateless Processing:  OFF

    – Add New Traffic Selector –
    Type:  Permit
    Protocol:  UDP
    Source:  Any, Any
    Destination:  Any host, Port:  “Well Known” : 137 – netbios-ns

    Use “arrows” to move second from top, below “VPN selector”, but above recent “Allow 192.168.1.X to 10.10.0.X” policy.

  7. Reassign VPN Crypto Map – It occasionally gets lost during the above changes:Click on:  Data -> VPN -> VPN Peers -> Advanced VPN Policies -> Assign Crypto Maps to Interfaces:

    Public    VPN
    vlan1     none

  8. Save configuration changes and reboot NV3120 unit.  Backup configuration again, in case something goes wrong in the future.  😉
  9. On wireless router, add a “static route”, so traffic intended for the VPN subdomain (10.10.0.X) that leaves the printer (192.168.1.X) can find its way back to VPN subdomain and not onto global internet:

    On wireless router’s configuration page (not NV3120), click on:  Advanced -> Static Routes -> Add (Or, similar depending on brand and model):

    Name:  NV3120-VPN
    Private:  Off
    Active:  On
    Destination IP:  10.10.0.96
    Gateway IP:  192.168.1.100
    Metric:  2Beyond the destination and gateway IP’s, the exact settings and menu navigation path will vary depending on router’s brand and model.

Explanation

Admittedly, the solution is a bit complex, but the problem is a bit complex too.  Part of the complication comes from the fact that the printer broadcast various netbios-ns UDP packets to find computers on its domain.  However, the computer used in this case does not exist on that domain.  It exists on a private, VPN domain.  So, we have to not only configure the firewall to allow traffic, but we must also relay UDP broadcasts between the two domains.

Many thanks to the Adtran support engineer, who guided me through the above steps, including configuring the 3rd party router!

Share

Replacing Newline Characters (^M) in Emacs

 Editors  No Responses »
Nov 102008
 

The Problem

Occasionally, I find a text file that was written on a Windows box that contains additional garbage text.  Most often the text displayed, looks like this:

/*^M
 * @(#)MyApplication.java  2.0  01 April 2005^M
 *^M
 * Copyright (c) 2003-2005 Werner Randelshofer^M
 * Staldenmattweg 2, Immensee, CH-6405, Switzerland.^M
 * This software is in the public domain.^M
 */^M^M

Or, even worse, as a single line, like this:

/*^M * @(#)MyApplication.java  2.0  01 April 2005^M *^M * Copyright (c) 2003-2005 Werner Randelshofer^M * Staldenmattweg 2, Immensee, CH-6405, Switzerland.^M * This software is in the public domain.^M */^M^M

Either way, this is annoying, if not unusable.

Brief Explanation

The primary cause of the problem is a difference of encoding ‘newline’ between the Unix and DOS (Windows) conventions.  The difference is long-standing, dating back to the days when printers were the primary ‘display’.

The Windows’ convention uses two ASCII characters, which signal ‘line-feed’ (which meant to roll the printer paper up one line) and ‘carriage-return’ (which meant to send the printer head back to the beginning of the line).  Unix selected one of those characters (‘carriage-return’) to do the same thing.

These symbols usually appear as:

^M^J

Or,

^M

Depending on the encoding, platform, and application.

The Solution Using Emacs

On most Unix platforms, commands such as unix2dos and dos2unix can be used to convert a text file from Windows to UNIX format or vice-versa.  However, sometimes a file can get so garbled that even these tools do not work.  Regardless, it is nice to know-how to fix this in Emacs.

The easiest way to fix the second case in Emacs is:

  1. Place the cursor on the first part of the strange character, the caret (^).
  2. Press C-‘ ‘ (Control + Space) to begin marking.
  3. Move to the right one character.  (You’ll notice that it jumps an extra character.  That is because ^M is really one ASCII character.)
  4. Press C-W to remove the text.
  5. Immediately, press C-Y to yank the text back.
  6. Jump to the top of the document (Esc-< or M-<).
  7. Replace all occurrences:
    1. M-x replace-string
    2. Press C-Y to paste in the text to be replaced.
    3. Press C-Q, C-J to replace with a ‘quoted’ ^J, which is the Unix newline (or, C-Q, C-M, C-Q, C-J for Windows).
    4. Press ‘Enter’ to replace all occurrences.

A little experimentation will be necessary to adapt to other cases.  You can read more here:

http://lists.freebsd.org/pipermail/freebsd-questions/2006-October/134422.html

Share