Subsonic Forum

[marketwatcher]

I just installed Subsonic and was following the start up guide. I tried to set up my admin name and password but there aren't clear instructions in the guide as to how that works. Subsequently, when I access http://localhost:4040/, I now get the log in screen and don't know what user name and password I should be entering. I'm unable to get the other configuration and set up screens -- all I get is the access screen.

Is there a way to reset the name and password?

Thanks.

Edit: I get the username/password screen, but I'm not sure what to enter. I'm using Ubuntu. I tried to set up an admin username and password when I was configuring, but I'm not sure that worked (and the log in screen isn't accepting what I thought I used as the admin/password).

[ytechie]

Try deleting the db folder. The db folder contains all of the setup information including the usernames and passwords.

Note: Deleting the db folder will also delete all the information about the music on your server. It won't actually delete the music, but it will delete the music info (last played, times played, ratings).

[GJ51]

Subsonic Password Reset

The Subsonic music streaming server currently has not built-in way to recover or reset a lost password. If you locked yourself out, don’t give up just yet. The password reset method described in this article has been tested successfully with Subsonic 4.1 and 4.2.


Solution
Subsonic stores user passwords in encrypted form in the program database, probably using salted BCrypt hashes, although the exact implementation has not been investigated in the context of this article. It is not technically feasible to decrypt these hashes and retrieve the original password strings.

However, current versions of Subsonic export the program settings to a text file each time the server is shut down, and they reimport this text file when it is started back up. This text file also includes the encrypted password hashes, and they can easily be replaced by substituting the corresponding line as follows:

Open the Subsonic control panel and stop the service
Open a Windows Explorer and navigate to C:\subsonic\db
(on Linux this may be under /var/subsonic/db or /usr/bin/subsonic/db)
Open the file subsonic.script in a text editor


http://blog.gerke-preussner.de/2010/12/ ... -streamer/
Near the top of the file, find the following line: INSERT INTO USER VALUES('admin','enc:xxxxxxxxxx',0,0,0,FALSE)
Note that the xxxxxxxxxx value is a hexadecimal string that represents the encrypted hash of the user’s current password.

Replace the line above with the following: INSERT INTO USER VALUES('admin','enc:61646d696e',0,0,0,FALSE)
Note that the value 61646d696e is the hash for the password "admin"

Save the file
Restart the service in the Subsonic control panel.
It is now possible to log on with user name and password admin, which are also the default administrator credentials. Don’t forget to change the password to something else on the Settings screen right after logging on. Obviously, this technique works with any other user account as well.

[ytechie]

The passwords are stored in the user table. They are actually very easy to recover because they aren't encrypted. They are the clear-text passwords converted into hexadecimal.

You are correct about changing the script after shutdown. However, if you would like to recover the passwords while subsonic is running, and you have admin privileges, you can do so by using the db.view page.

I won't go into it in detail, particularly for security reasons, but it is actually straightforward.
This presents an issue, however, because last.fm passwords are stored in the same format.

There is an ongoing topic on the Subsonic forums asking Sindre to implement a salted hash system, like you described.

viewtopic.php?f=3&t=5996

[gjbushman]

However, if you would like to recover the passwords while subsonic is running, and you have admin privileges, you can do so by using the db.view page.

Is this a solution if you are locked out as admin?

[BKKKPewsey]

No as only admin level accounts can access db.view.

[atwoodc13]

I am having the same issue as the first post. I recently installed the Standalone (4.6) version on a hosted platform but cannot get into it to finish the setup. I can see the login page but the default admin/admin gives me a "wrong username or password". I have tried deleting the db folder out and searching for the subsonic.script file but it does not exist in the db folder. I have even tried creating this file and then adding the line that specifies the user/password.

I am stuck and do not know where to go from here. Any help is much Appreciated.

Thanks

Chris

[ytechie]

Did you restart the subsonic service after you deleted the subsonic.script file? If I remember correctly, the subsonic service writes the subsonic.script file as it is shutting down. If you delete the file and then stop the service (or restart it) the file is recreated from memory. Try stopping the subsonic service, deleting the file, and then starting the subsonic service.

[atwoodc13]

I tried to kill all of the processes but it looks like a couple got hung up. I had the hosting tech try and kill them (all but one java seems to have stopped). At this point, I was able to modify the subsonic.script file and start subsonic again. It still did the same thing. I then decided, since it was the standalone version, to delete out the directory and start over with the 4.7beta2 instead of the 4.6. This worked.

I did see a difference in the login page and don't know if something else was going on. For the logo, my windows install (4.6) and the hosted Linux (new 4.7beta2) have the submarine but the 4.6 Standalone login page had a pair of headphones. I don't know if this will help in figuring out what went wrong.

Thank you for your help. Now to go test out the video streaming.