OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • [SOLVED] Can't su; but user is member of wheel and admin
« previous next »
  • Print
Pages: [1]

Author Topic: [SOLVED] Can't su; but user is member of wheel and admin  (Read 4018 times)

z0rk

  • Newbie
  • *
  • Posts: 44
  • Karma: 1
    • View Profile
[SOLVED] Can't su; but user is member of wheel and admin
« on: November 03, 2018, 11:23:05 pm »
OPNsense 18.7.6-amd64
FreeBSD 11.1-RELEASE-p15
LibreSSL 2.7.4

ssh to opnsense; authenticate via key; then:

$ groups my.username
wheel admins
$ su
Password:
su: Sorry
$ su
Password:
su: Sorry
$

Just to be sure the password is correct, I've changed it for 'root' in the GUI. Still no go. What gives?  :'(
« Last Edit: November 04, 2018, 10:11:36 pm by z0rk »
Logged
OPNsense 22.7.9

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: Can't su; but user is member of wheel and admin
« Reply #1 on: November 04, 2018, 07:50:51 am »
can you try sudo, su does not care about the groups - it asks you for the password of the target user.
Logged

z0rk

  • Newbie
  • *
  • Posts: 44
  • Karma: 1
    • View Profile
Re: Can't su; but user is member of wheel and admin
« Reply #2 on: November 04, 2018, 06:07:28 pm »
Sorry, I am not sure what you're suggesting. I am not trying to use sudo, I am trying to switch user to 'root', so I can access the same options I get when logged in at the console:

0)     Logout                              7)      Ping host
1)     Assign interfaces                   8)      Shell
2)     Set interface(s) IP address         9)      pfTop
3)     Reset the root password             10)     Filter logs
4)     Reset to factory defaults           11)     Restart web interface
5)     Reboot system                       12)     Upgrade from console
6)     Halt system                         13)     Restore a configuration

Maybe I misunderstood you? Thanks Cheers
Logged
OPNsense 22.7.9

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13624
  • Karma: 1173
    • View Profile
Re: Can't su; but user is member of wheel and admin
« Reply #3 on: November 04, 2018, 06:57:02 pm »
z0rk is correct, wheel is needed for su to work for root:

     PAM is used to set   the policy su(1) will use.  In particular, by default
     only users   in the ``wheel'' group can switch to UID 0 (``root'').   This
     group requirement may be changed by modifying the ``pam_group'' section
     of   /etc/pam.d/su.   See pam_group(8) for details on   how to modify this
     setting.

via https://www.freebsd.org/cgi/man.cgi?su

Check your password for typos or special characters as keyboard layouts may differ.

When you have integrated authentication, the password for root follows the web GUI settings, so TOTP, LDAP, etc. works too. This is true for su, ssh et. al. when the "disable integrated authentication" setting is off, which is the default.

In a nutshell, it's the same password that you use to *log in* root on the web GUI, minus encoding issues / keyboard mapping differences mentioned earlier.


Cheers,
Franco
« Last Edit: November 04, 2018, 07:00:43 pm by franco »
Logged

z0rk

  • Newbie
  • *
  • Posts: 44
  • Karma: 1
    • View Profile
Re: Can't su; but user is member of wheel and admin
« Reply #4 on: November 04, 2018, 07:42:31 pm »
Hey Franco
I did change the password for 'root' to only include upper / lower case characters and numbers.
I've got TOTP enabled for the user account that I use to connect via ssh, but not for 'root'. I don't use 'root' to log in to the web GUI only my user account. So effectively I can' 'su' because TOTP is not enabled for 'root'?
Logged
OPNsense 22.7.9

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13624
  • Karma: 1173
    • View Profile
Re: Can't su; but user is member of wheel and admin
« Reply #5 on: November 04, 2018, 09:41:05 pm »
Yep, enable checkbox for "Disable integrated authentication" and it'll work as you would expect. :)


Cheers,
Franco
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13624
  • Karma: 1173
    • View Profile
Re: Can't su; but user is member of wheel and admin
« Reply #6 on: November 04, 2018, 09:47:11 pm »
PS: Unless you use 2FA for SSH login of course. Then you're kinda stuck.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • [SOLVED] Can't su; but user is member of wheel and admin
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2