I recently got locked out of my UniFi controller (locally installed) and I had remote access turned off. The controller is installed on a Windows 10 (20H2) VM. I can get into the VM just fine, but when I try to log into the localhost website, it doesn't like the password I thought I had set.
Anyone know a way to do this?
After hunting around and looking at various answers, I was able to put together a set of instructions that worked for me. I thought I would share those here. Please let me know if these don't work on Mac or Linux as I only tested on Windows.
Find out what version of mongodb the UniFi controller installed:
%UserProfile%/Ubiquiti UniFi/Logs
The 3rd line of the mongo.log file will show the DB version number, my case it was:
I CONTROL [initandlisten] db version v3.4.15
Visit https://www.mongodb.com/try/download/community
On the MongoDB Community Server area, change the version to the closest match to your controller, in my case it was 3.4.24
OS should default to your current OS Windows/Mac/Linux
Select Package type of zip as unless you want to install this version of mongo, you only want to run the executable.
Download and unzip
Navigate into the unziped mongo install folder's sub-folder 'bin' in CMD. Type:
mongo --port 27117
use ace
db.admin.find()
Copy the "_id" key and value
Copy the "x_shadow" key and value
Next you will need the whois package installed in order to access the mkpasswd utility
Use a WSL linux distro or you can alternately use Cygwin Utilities which has the required mkpasswd utility (NOTE: Cygwin's version of mkpasswd does NOT support the --method option)
The salt for UniFi's mongo install is 9Ter1EZ9$lSt6
Run:
mkpasswd --method=sha-512 --salt=9Ter1EZ9$lSt6 your-new-password
Copy the result to a text file
Add the following to the same text file and update the x_shadow with the data you just generated:
db.admin.update({ "_id" : ObjectId("your-ObjectId-value-string")},{$set: {"x_shadow" : "result-of-mkpasswd-here"}})
Copy and paste the above into the cmd
Login to the UniFi controller with your email and new password
Note: you can also update the email or username, but that shouldn't be required as you will get that information in the dump from running db.admin.find()
Note: The site mentioned in Rob's Blog at 'https://quickhash.com/crypt3-sha512-online' doesn't seem to be active anymore and the similarly named quickhash-gui.org doesn't offer a salt option that I could find.