password reset does not seem to work

andrew rivard

• February 04, 2021 21:35

When I try to use the forgot password link and fill out the form, it tells me that the user cannot be found, even though the form is filled out correctly.

0

• 

  Jeff Scott

  Product Support

  • February 04, 2021 21:43

  Hey Andrew,

   

  Can you verify if the user answered the security questions?  You cannot request a password reset unless you have chosen the 2 security questions and provided answers.

  0
• 

  andrew rivard

  • February 04, 2021 21:49

  Security questions have been confirmed for the account but reset is still failing.

  0
• 

  Jeff Scott

  Product Support

  • February 04, 2021 21:59

  Thanks, Andrew.  The Cerberus log will be able to provide you with much more valuable information.  When reviewing your log it would appear that the Client Domain Allow list needs to be set.  This error is related to a newer security feature in Cerberus FTP Server designed to prevent against a type of attack know as a host header attack.
  
  Check out this link for details on how to configure the domain allow list for you server:
  
  https://support.cerberusftp.com/hc/en-us/articles/360010400559-Why-are-my-users-getting-errors-when-resetting-passwords-or-creating-public-shares-after-I-upgraded-to-v11-0-or-v10-0-17
  
  Basically, you have to add your public domain to the Client Domain Allow List edit box.
  
  Example:  If the public URL to your Cerberus server is https://sftp.my-cerberus-server.com then you will need to add sftp.my-cerberus-server.com to the allow list.
  
  To add a domain to the "allow list":

  1. Open the Server Manager.
  2. Select the Protocols page.
  3. Select the HTTP and HTTPS tab.
  4. Add a domain, hostname, or IP address to the comma-separated list for Client Domain Allow List.
  5. Press the Save button on the Server Manager to save your settings.

  0

Please sign in to leave a comment.