0 votes
Hello all,

I've a big problem and I dont know how to solve it :

I've imported users from an AD and this works fine.

The users password are crypted using the SHA1 encryption.

this users have to connect to the Clearos ldap system using MAC computers. So i configured the macs to connect to it.

When looking and the encrpyted password, it's look like {sha}PDQ071SHICd2yHkZCZF9NxczmLQ=

With a passord like that, I can connect to my web console and change my password

The problem is, when connecting with a mac, the password is unknown. Now, if I change the password and simply change the {sha} to {SHA} (capital letters) , I can connect with my users using the MAC computers. With that, I still can connect to the clearos Webconsole but I can't change my password... I always habe the error : wrong password !

I'm a little bit lost here : how can I do to make MAC or Clearos accept crypted password using {sha} or {SHA} ...
Any idea is very welcomed :)
Wednesday, March 25 2020, 10:14 AM
Share this post:
Responses (3)
  • Accepted Answer

    Friday, March 27 2020, 08:29 AM - #Permalink
    0 votes
    Hello Nick,
    Yes, they're all the same except for the {sha}... which should be {SHA} for the controll the password.
    I can create a password like that but it will be refused by the other systems .. since 2017 i believe

    In fact, I've the choice to create a SHA encrpytion beginning with {SHA} or {sha}.
    With {sha}, Clearos is going to recognize my password when connecting to the webconsole and then changing it (when it ask for the current password) but Mac computers are not going to accept it.

    with {SHA}, I will be able to connect to mac computers and to log to the web console but I won't be able to change my password once logged into the clearos webconsole.

    i discovered now that I can change my password on the MAC once connected. time, the used algorithm is SSHA. With that change, I can connect to the clearos web console but I can't change my password :

    Finally the situation is :

    Login to the web console : SHA, SSHA and sha are accepted
    Changing password in the web console : only sha
    Open a session on Mac computers : SHA or SSHA
    The reply is currently minimized Show
  • Accepted Answer

    Friday, March 27 2020, 08:18 AM - #Permalink
    0 votes
    Did you manage to get all the LDAP password fields the same as how ClearOS would have created them? userPassword, clearSHAPassword, clearSHA1Password, clearMicrosoftNTPassword and sambaNTPassword?
    The reply is currently minimized Show
  • Accepted Answer

    Friday, March 27 2020, 08:15 AM - #Permalink
    0 votes
    ok, maybe I foud another way ...

    I really seems that they are several different modules in clearos to 'uncrypt' the received passwords. The module responsible for validating our password at login does not seem to be the same as the one that verifies our password when we want to change it.

    the first one can 'decode' correctly a given password but not the second one which seems to be obsolete.
    So, I found a project to install a self-service password web tool . It can connect to a OpenLDAP server to modifiy a requested change.

    So I'm going to try this solution to get around the Clearos problem.
    The reply is currently minimized Show
Your Reply