• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

HELP! Authentication

E

EnigmaBurn

Guest
I am new to Plesk and dealing with a dedicated server, so I apologize in advance. But, I do have 12 years of administration experience - mostly Windows - so I am not a total greenhorn...

This problem is weird. I have created 1 client (me) so far and placed the 11 domains I own on domain accounts and set them up with the default template. I switched the DNS on 10 of them to the new server - all is well.

The final domain I am waiting on is the primary and most active domain. I must have statistics before I migrate it to the new server. I see Pleask has 'Plesk-stats' located at the /plesk-stat/ directory - neat, great!

Well, I have tried logging into this directory with every possible login username/password - from the server's root user/pass to the servers admin account, to the ftp accounts to the client account info - none let me in... I get either a 'Authorization required' or 'Requires Authentication' no matter what I do.

I have noticed that Plesk automatically creates the /plesk-stat/ protected directory and seemingly adds the default FTP account to the user list - even noticed that the Plesk documentation suggests changing this to a seperate password, and tried that too - still cannot log in...

So I went back to the books and figured I would read up on SSL under Plesk and the whole certificate thing (okay, I am a little green in this area), and tried creating some new certs and such. Nothing. Then documentation does not match the admin interface, so I hit a dead-end.... Either way, none of this got a better result.

In the meantime while I hit the books and lamented a solution I installed phpBB which my site uses and migrated the database over to the new server. All went fine. Then I tried logging in with the user/pass that I have been using for years on that board and it kept saying invalid - it was at this point that I began to wonder about authentication in general on the server...

What is going on? Please help me - of course my host is like "..aww, your a dedicated server, we don't support the software - only hardware. Can't help ya! Feck off!"

I swear to #&$% if someone helps me I will find a way to repay you!

Best regards,
 
sure, that's normal that you cannot login, because username
and password does not exist for this sub-directory. So, go to
Plesk https://www.yourdomainname.tld:8443/ and select the
domainname. Being there, go to "sub-directory"-protection and
create username/password.

If you have a look with your FTP into this domainname, you
already see the sub-directory

/plesk-stat/

So, there is not much to do for you, I think so.

BTW: Have you ever tried it just to use username/password of
the FTP-account of this one domainname to login to plesk-stat?

Keep me informed here what you could find out. tx
 
Ermmm... Nope...

Editor:

Sorry for not being clear on this, but I have tried that. First of all, Plesk automatically adds the FTP account's username/password to this 'protected directory' item. Using this information, log in fails. I have also tried creating a new users of the protected directory in that interface with a new password - log in still fails.

I have gone so far as to delete the protected directory (which Plesk manuals claim would then make it an 'unprotected' directory) and still no luck; still asks me to authhenticate and cannot log in.

Thanks for the effort, but it is something else... Any other ideas?

Cheers,
 
Re: Ermmm... Nope...

let me try it again.

http://www.mydomainname.tld/plesk-stat/

Forbidden
You don't have permission to access /plesk-stat/ on this server.
Apache/2.0.51 (Fedora) Server at www.mydomainname.tld Port 80

I had a look in the error.log. It says here, that it is missing
the "default"-file f.e. index.html within this folder /plesk-stat/
Now I try:

http://www.mydomainname.tld/plesk-stat/webstat/
http://www.mydomainname.tld/plesk-stat/webstat-ssl/
http://www.mydomainname.tld/plesk-stat/ftpstat/
http://www.mydomainname.tld/plesk-stat/anon_ftpstat/
http://www.mydomainname.tld/plesk-stat/logs/
http://www.mydomainname.tld/plesk-stat/logs/access_log
http://www.mydomainname.tld/plesk-stat/logs/access_log.processed
http://www.mydomainname.tld/plesk-stat/logs/error_log
http://www.mydomainname.tld/plesk-stat/logs/xferlog
http://www.mydomainname.tld/plesk-stat/logs/xferlog.processed
http://www.mydomainname.tld/plesk-stat/logs/xferlog_regular
http://www.mydomainname.tld/plesk-stat/logs/xferlog_regular.processed

I was not asked for username/password. I can surf to these
URLs without any problems. But this means also, that everybody
can surf onto this URL, because the /plesk-stat/ is not protected
with username/password.

And now, I will make the next step to protect this /plesk-stat/
which is internal linked to /statistic/ onto the Plesk-Server

/home/httpd/vhosts/mydomainname.tld/statistics/

one moment, brb
 
Hmmmm...

I think you are on to something... <<Waiting with bated breath>>

Many thanks!
 
Re: Hmmmm...

back now.

Before I will change anything, here is the basis again. It
is the situation which is before /plesk-stat/ protected with
username/password:

drwxr-x--- 5 psaserv 4096 May 6 15:16 anon_ftp
drwxr-xr-x 2 root 4096 Apr 21 05:29 bin
drwxr-x--- 2 psaserv 4096 Apr 13 09:01 cgi-bin
drwxr-x--- 2 psaserv 4096 May 7 10:31 conf
drwxr-xr-x 2 psaserv 4096 Apr 13 09:01 error_docs
drwxr-xr-x 2 root 4096 Apr 21 05:29 etc
drwxr-x--- 11 psaserv 4096 May 18 10:41 httpdocs
drwxr-x--- 3 psaserv 4096 Apr 13 09:01 httpsdocs
drwxr-xr-x 2 root 4096 Apr 21 05:29 lib
drwxr-x--- 2 psaserv 4096 May 2 12:20 pd
drwx------ 3 root 4096 Apr 20 12:38 private
dr-xr-x--- 7 psaserv 4096 Apr 13 09:01 statistics
drwxr-xr-x 3 psaserv 4096 May 7 10:31 subdomains
drwxrwxrwt 2 root 4096 Apr 21 05:29 tmp
drwxr-xr-x 5 root 4096 Apr 21 05:29 usr
drwxr-xr-x 3 root 4096 Apr 21 05:29 var
drwxr-xr-x 2 psaserv 4096 Apr 13 09:01 web_users

--> httpdocs

drwxr-xr-x 141 psacln 4096 Jul 4 2001 doc
drwxr-xr-x 5 psacln 4096 Mar 10 2004 download
drwxr-xr-x 2 psacln 4096 May 4 13:34 exampledir
drwxr-xr-x 4 psacln 4096 Oct 4 2002 images
-rw-r--r-- 1 psacln 11044 Nov 21 2004 index.shtml

Alike you can see, the folder /plesk-stat/ does not exist.

Now I login to https://www.mydomainname.tld:8443/ and select
the "mydomainname.tld". Under "hosting"-chapter, I click to
the icon "Setup"

mydomainname.tld >
Physical hosting setup page for domain mydomainname.tld

I scroll down to the "Services" where I can see the

webstatistic [X] (accessible via password protected directory '/plesk-stat/' [_])

The [_] is _not_ marked. This is the explanation, why
everybody can surf to the

http://www.mydomainname.tld/plesk-stat/webstat/
http://www.mydomainname.tld/plesk-stat/webstat-ssl/
http://www.mydomainname.tld/plesk-stat/ftpstat/
http://www.mydomainname.tld/plesk-stat/anon_ftpstat/
http://www.mydomainname.tld/plesk-stat/logs/
http://www.mydomainname.tld/plesk-stat/logs/access_log
http://www.mydomainname.tld/plesk-stat/logs/access_log.processed
http://www.mydomainname.tld/plesk-stat/logs/error_log
http://www.mydomainname.tld/plesk-stat/logs/xferlog
http://www.mydomainname.tld/plesk-stat/logs/xferlog.processed
http://www.mydomainname.tld/plesk-stat/logs/xferlog_regular
http://www.mydomainname.tld/plesk-stat/logs/xferlog_regular.processed

without any username/password. Now I will _mark_ this [_]
which shows me the following:

webstatistic [X] (accessible via password protected directory '/plesk-stat/' [X])

I click on [OK] now to save this. What exactly did happen?
With my FTP-Client, I look again to the httpdocs. And yes,
there is something new there, namely:

drwxr-xr-x 141 psacln 4096 Jul 4 2001 doc
drwxr-xr-x 5 psacln 4096 Mar 10 2004 download
drwxr-xr-x 2 psacln 4096 May 4 13:34 exampledir
drwxr-xr-x 4 psacln 4096 Oct 4 2002 images
drwxr-xr-x 2 psacln 4096 May 25 07:45 plesk-stat
-rw-r--r-- 1 psacln 11044 Nov 21 2004 index.shtml

More exact, what's new:

drwxr-xr-x 2 psacln 4096 May 25 07:45 plesk-stat

This is new. I try now again to surf to

http://www.mydomainname.tld/plesk-stat/webstat/
http://www.mydomainname.tld/plesk-stat/webstat-ssl/
http://www.mydomainname.tld/plesk-stat/ftpstat/
http://www.mydomainname.tld/plesk-stat/anon_ftpstat/
http://www.mydomainname.tld/plesk-stat/logs/
http://www.mydomainname.tld/plesk-stat/logs/access_log
http://www.mydomainname.tld/plesk-stat/logs/access_log.processed
http://www.mydomainname.tld/plesk-stat/logs/error_log
http://www.mydomainname.tld/plesk-stat/logs/xferlog
http://www.mydomainname.tld/plesk-stat/logs/xferlog.processed
http://www.mydomainname.tld/plesk-stat/logs/xferlog_regular
http://www.mydomainname.tld/plesk-stat/logs/xferlog_regular.processed

and I am not allowed to surf to these URLs. I am asked for
username/password. I input

FTP-username
FTP-password

into it. Now it works. I can surf to

http://www.mydomainname.tld/plesk-stat/webstat/
http://www.mydomainname.tld/plesk-stat/webstat-ssl/
http://www.mydomainname.tld/plesk-stat/ftpstat/
http://www.mydomainname.tld/plesk-stat/anon_ftpstat/
http://www.mydomainname.tld/plesk-stat/logs/
http://www.mydomainname.tld/plesk-stat/logs/access_log
http://www.mydomainname.tld/plesk-stat/logs/access_log.processed
http://www.mydomainname.tld/plesk-stat/logs/error_log
http://www.mydomainname.tld/plesk-stat/logs/xferlog
http://www.mydomainname.tld/plesk-stat/logs/xferlog.processed
http://www.mydomainname.tld/plesk-stat/logs/xferlog_regular
http://www.mydomainname.tld/plesk-stat/logs/xferlog_regular.processed

and all these URLs of /plesk-stat/ are password-protected.

I go back to https://www.mydomainname.tld:8443/

mydomainname.tld >
Protected directories for domain mydomainname.tld

I can see there

/plesk-stat

which I click on now. It shows me there the same, that I can
see also there the

FTP-username (which is also the username for this protected directory)
FTP-password (which is also the password for this protected directory)

mydomainname.tld >
Protected directories for domain mydomainname.tld

mydomainname.tld > Protected directories >
Protected directory /plesk-stat on domain mydomainname.tld

allows also to add some more username/passwords.

Now I am a programmer. What I miss there are the files the
.htaccess and .htpasswd within this directory /plesk-stat/.
This means for me to have a look into the MySQL-database to
the table "psa" of Plesk-System. Just to inform you, I use
phpmyadmin - http://www.phpmyadmin.net - with username
"admin" and the password of the Plesk-System. This makes it
possible to surf into the heart of the complete Plesk-System
and what's going on there in the SQL of the Plesk itself.

SELECT *
FROM `protected_dirs`
LIMIT 0 , 30

id non_ssl ssl realm path dom_id
20 true true Domain statistics plesk-stat 5

This is linked with

SELECT *
FROM `pd_users`
LIMIT 0 , 30

id login account_id pd_id
20 FTP-username 77 20

Or with other words:

The Plesk-System with its heart uses for the /plesk-stat/
the FTP-username and FTP-Password, which is not stored as a
.htaccess and .htpasswd, it is directly saved within the
PSA-SQL.

Now I look again to your forum-message to understand your
problem especially why you have a problem to login to
/plesk-stat/.

Greetings to Hong Kong
 
In the meanwhile, I also had a look into the different
php/scripts of the Plesk-System itself. I would suggest -
for the first - to do following:

(1) login to https://www.mydomainname.tld:8443/ and select
the "mydomainname.tld". Under "hosting"-chapter, click to
the icon "Setup"

You must then be there:

mydomainname.tld >
Physical hosting setup page for domain mydomainname.tld

(2) Input again your password for FTP.

(3) Scroll down and click OFF the /plesk-stat/. It should
look like this:

webstatistic [X] (accessible via password protected directory '/plesk-stat/' [_])

(4) Save it with OK

(5) Wait 5 minutes

(6) Then, try to surf to

http://www.mydomainname.tld/plesk-stat/webstat/
http://www.mydomainname.tld/plesk-stat/webstat-ssl/
http://www.mydomainname.tld/plesk-stat/ftpstat/
http://www.mydomainname.tld/plesk-stat/anon_ftpstat/
http://www.mydomainname.tld/plesk-stat/logs/
http://www.mydomainname.tld/plesk-stat/logs/access_log
http://www.mydomainname.tld/plesk-stat/logs/access_log.processed
http://www.mydomainname.tld/plesk-stat/logs/error_log
http://www.mydomainname.tld/plesk-stat/logs/xferlog
http://www.mydomainname.tld/plesk-stat/logs/xferlog.processed
http://www.mydomainname.tld/plesk-stat/logs/xferlog_regular
http://www.mydomainname.tld/plesk-stat/logs/xferlog_regular.processed

Just for your info, can you surf to there without getting
the popup to input username/password?

(7) Restart your complete Plesk-Server

(8) Try again to surf to

http://www.mydomainname.tld/plesk-stat/webstat/
http://www.mydomainname.tld/plesk-stat/webstat-ssl/
http://www.mydomainname.tld/plesk-stat/ftpstat/
http://www.mydomainname.tld/plesk-stat/anon_ftpstat/
http://www.mydomainname.tld/plesk-stat/logs/
http://www.mydomainname.tld/plesk-stat/logs/access_log
http://www.mydomainname.tld/plesk-stat/logs/access_log.processed
http://www.mydomainname.tld/plesk-stat/logs/error_log
http://www.mydomainname.tld/plesk-stat/logs/xferlog
http://www.mydomainname.tld/plesk-stat/logs/xferlog.processed
http://www.mydomainname.tld/plesk-stat/logs/xferlog_regular
http://www.mydomainname.tld/plesk-stat/logs/xferlog_regular.processed

Just for your info, can you surf to there without getting
the popup to input username/password?

(9) More later in this thread. For the first, I need the
infos by you if you are able to surf to this directory
_without_ inputing any username/password. This should work
normal.

It is a splitting way here with the step (9). IF you can
surf to /plesk-stat/ and you also get the complete
statistic, then... IF you are still not able to surf to
/plesk-stat/ - although the [_] is OFF (remember:
"webstatistic [X] (accessible via password protected
directory '/plesk-stat/' [_])", then...

Let me know what's your situation right now after step (9).
 
Hey there...

Editor:

Good morning from Hong Kong! Hope Cali is treating you well. I like you, you've already gone above and beyond the call of duty already. I am a programmer too, C/C++, done some consulting usually large data systems, databases, SQL Server, Oracle, MySQL, admin on MS and Solaris - again - not a greenhorn... But, enough of the nicities, let's get to it....

Labored *sigh*

Ummm, admitting no experience on Plesk, I still think I am a little worse off. Here's the deal - I got like 10 domains and I have all of them on the new server except the primary (may have mentioned this already), but it also may effect what we are talking about....

Now there is nothing, nothing in the /plesk-stat/ directory either in the /httpdocs/ or /httpsdocs/ so I get 404's whenever I try any of those links on mydomain.net/plesk-stat/webstat/ or on the dot com (the primary in 'preview mode' /plesk-stat/ nothing is there... Sure I gotta authenticate, which fails of course, but in FTP/File manager I can see there is nothing there...?

Is Plesk not building this correctly? Have I not done something?

As per your instruction I have checked on/off the /plesk-stat/ thingy in the domain admin>>setup interface while both leaving and excluding all of the options - such that it was:

webstatistic [_] (accessible via password protected directory '/plesk-stat/' [_])

webstatistic [X] (accessible via password protected directory '/plesk-stat/' [_])

and;

webstatistic [X] (accessible via password protected directory '/plesk-stat/' [X])

And rebooted as per you instruction. No change, no files in the directories - no files in the directories and mind you I have done this and tried it BOTH on domains that are already DNS set to the server (mydomain.net) and one that isn't (mydomain.com)... And yet the authentication problem, file not found, no files in the directires persists...?

I really don't know what to do... I mean did I miss the documentation part where it said 'to actually have /plesk-stats/ you need to download ABC.rpm and install to /plesk-stat/' or something????

Any help you can provide will be greatly appreicated and a method of comphensation can be arranged.

Best regards,
 
PS -

I was impressed with the info on the way Plesk treats log-ins via the MySQL database - informative and I look forward to tweaking it - AFTER this problem is solved... Very informative.

Lights out in Hong Kong....
 
Re: Hey there...

Originally posted by EnigmaBurn
Now there is nothing, nothing in the /plesk-stat/ directory either in the /httpdocs/ or /httpsdocs/ so I get 404's whenever I try any of those links on mydomain.net/plesk-stat/webstat/ or on the dot com (the primary in 'preview mode' /plesk-stat/ nothing is there... Sure I gotta authenticate, which fails of course, but in FTP/File manager I can see there is nothing there...?

Thank you for this info. I think, we come more and more
closer to the problem itself. Be strong. Do not give up. ;-)

The most interesting info was for me, that you get a
404-Not-Found-Error if you try

http://www.mydomainname.tld/plesk-stat/webstat/

while at the same time, you already had [X]'ed in the

webstatistic [X] (accessible via password protected directory '/plesk-stat/' [_])

I have the feeling, that Plesk ignores your [X]-in the
webstatistic. We should concentrate to this theme, namely to
get an answer of the question: Why does Plesk-system ignore
my webstatistic? That's SQL of PSA.

(Note: The problems around the authenticate is only a
logical consequence of the 404-Notfound-errors of the
webstatistic, I think so)

Well, login to https://www.mydomainname.tld:8443/ and go to

mydomainname.tld >
Physical hosting setup page for domain mydomainname.tld

If you see there the

webstatistic [X] (accessible via password protected directory '/plesk-stat/' [_])

then please click with the right-mouse onto this webpage and
open the HTML-source. It should be the URL

https://www.mydomainname.tld:8443/d...previous_page=dom_ctrl&previous_page=dom_ctrl

Line 170:
----------------cut----------------
<form action="/domains/hosting/phosting_setup.php" method="post" enctype="multipart/form-data">
----------------cut----------------

Line 372 + Line 373:
----------------cut----------------
<td class="name"><label for="fid-webstat">Web statistics</label></td>

<td><input type="checkbox" class="checkbox" name="webstat" id="fid-webstat" value="true" onClick="webstat_oC(document.forms[0])" CHECKED > (<label for="fid-plesk_stat_protect">accessible via password protected directory '/plesk-stat/'</label> <input type="checkbox" class="checkbox" name="plesk_stat_protect" id="fid-plesk_stat_protect" value="true" CHECKED>)<input type="hidden" name="plesk_stat_protect_hidden"/></td>
----------------cut----------------

# ls -l /usr/local/psa/admin/

There are the files for the CP of Plesk.

# ls -l /usr/local/psa/admin/htdocs/

There are the webpages.

https://www.mydomainname.tld:8443/d...previous_page=dom_ctrl&previous_page=dom_ctrl
means
# ls -l /usr/local/psa/admin/htdocs/domains/hosting/

-rw-r--r-- 1 root psaadm 5976 Jan 27 22:24 forwarding_setup.php
-rw-r--r-- 1 root psaadm 3312 Jan 27 22:24 hst_type_sel.php3
-rw-r--r-- 1 root psaadm 11072 Jan 27 22:24 phosting_setup.php
-rw-r--r-- 1 root psaadm 2296 Jan 27 22:24 removeSiteApps.php
-rw-r--r-- 1 root psaadm 3632 Jan 27 22:24 site_app_pkgs.php
-rw-r--r-- 1 root psaadm 4192 Jan 27 22:24 site_apps.php

What does your log-file especially the error.log say to you,
if you _check_ the webstatic although plesk ignores this?

# ls -l /usr/local/psa/admin/logs
# vi -R httpsd_error_log
# vi -R httpsd_access_log

Can you see there anything about

/domains/hosting/phosting_setup.php
or
/domains/hosting/phosting_setup.php?previous_page=dom_ctrl&previous_page=dom_ctrl

?

Then have also a look into the SQL of PSA.

SELECT *
FROM `hosting`
LIMIT 0 , 30

There are listed the different dom_id's. If you look a
little bit more to the right side, you can see the
"webstat"-cells. Here, each own dom_id has the
"webstat"-entry with "true", which means for Plesk the "YES"
(= [X]) to make webstatistic for the domainname:

--------cut-----hosting----------
dom_id sys_user_id ip_address_id real_traffic fp fp_ssl fp_enable fp_adm fp_pass ssi php cgi perl python coldfusion asp asp_dot_net ssl webstat at_domains
1 1 2 0 false true true true true true
2 2 2 0 false true true true true true true
3 3 2 0 false true true true true true
4 4 2 0 false true true true true true
5 5 2 0 false true true true true true
6 6 2 0 false true true true true true
7 7 2 0 false true true true true true
8 11 2 0 false true true true true true true
--------cut-----hosting----------

Can you also see the "true" for "webstat" (=webstatistic)
for the domainname itself? In your case, I have just now the
feeling, that you have a "false" there. (Of course, with
phpmyadmin you might be able to change this status manually
from "false" to "true", but I would not suggested this,
because just now, I do not know the reaction of Plesk what
then will happen. It would be better to find out, why the
heck Plesk does not change the status from "false" to "true"
if you make [X] to webstatistic.)


Originally posted by EnigmaBurn
As per your instruction I have checked on/off the /plesk-stat/ thingy in the domain admin>>setup interface while both leaving and excluding all of the options - such that it was:

webstatistic [_] (accessible via password protected directory '/plesk-stat/' [_])

webstatistic [X] (accessible via password protected directory '/plesk-stat/' [_])

and;

webstatistic [X] (accessible via password protected directory '/plesk-stat/' [X])

Yes, and your Plesk seems to ignore this "webstatistic [X]".
It always thinks "webstatistic [_]" and is not willed to
respect your wish of [X]. Or something like that.

Originally posted by EnigmaBurn
No change, no files in the directories - no files in the directories and mind you I have done this and tried it BOTH on domains that are already DNS set to the server (mydomain.net) and one that isn't (mydomain.com)... And yet the authentication problem, file not found, no files in the directires persists...?

You cannot authorize, because the webstatistic does not
exist, says Plesk. But at the same time, Plesk also ignores
your wish with your [X] (=YES, make webstatistic for this
domainname).
 
Editor...

Sorry for the delay in responding. I want to tell you that I think you're a legend, thanks for all of your help. Especially the insights into MySQL stuff, that has and will be useful.

I have essentially given up on this. With your help I understand 'why' Plesk was doing what its doing and -again with your help I can further dianose the problem by going to the source (i.e.- physical location on server and in the database). Which is all great, but the point is I still don't have any files there, they are not being created and I cannot see how to create them manually...

Gonna look for some type of alternative/work around. Many thanks for your help, I look forward to chatting with you again soon.

Cheers,
 
Ok, just had a look at a test server freshly done with 7.5.3 The folder /plesk-stat gets rewritten to /webstat (see below for other rewrites).

If you look in the /home/httpd/vhosts/domain.com/conf/httpd.include file, it looks like Plesk only put the rewrite and auth statements for the https:// section. So you would have to use https:// not http:// (many feel stats should be encrypted so I think that's why they did this)

Under <VirtualHost xx.yy.zz.aa:443> you should see 5 alias statements, one each for:
/plesk-stat
/webstat
/webstat-ssl
/ftpstat
/anon_ftpstat

Since there is no index.html file in the /plesk-stat folder, but there are in the others, you will not (by default) be able to browse directly to https://domain.com/plesk-stat

So try browsing to

https://domain.com/webstat
https://domain.com/webstat-ssl
https://domain.com/ftpstat
https://domain.com/anon_ftpstat

This is how it is working on my test servers. As always, the Plesk docs do have some errors and omissions...

Previous version it was /webstat as well, so I'm not sure why they changed it, but the 4 url's I listed above do work on this box. And the /plesk-stat folder has no index file, so without setting up an Options +Indexes you won't be able to pull that one up without creating an index file.

This also assumes that the /home/httpd/vhosts/domain.com/pd/d..plesk-stat auth file is present and has the appropriate user/pwd
 
Back
Top