Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
[SOLVED] Can't su; but user is member of wheel and admin
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Can't su; but user is member of wheel and admin (Read 7161 times)
z0rk
Jr. Member
Posts: 51
Karma: 1
[SOLVED] Can't su; but user is member of wheel and admin
«
on:
November 03, 2018, 11:23:05 pm »
OPNsense 18.7.6-amd64
FreeBSD 11.1-RELEASE-p15
LibreSSL 2.7.4
ssh to opnsense; authenticate via key; then:
$ groups my.username
wheel admins
$ su
Password:
su: Sorry
$ su
Password:
su: Sorry
$
Just to be sure the password is correct, I've changed it for 'root' in the GUI. Still no go. What gives?
«
Last Edit: November 04, 2018, 10:11:36 pm by z0rk
»
Logged
OPNsense 24.7.2
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Can't su; but user is member of wheel and admin
«
Reply #1 on:
November 04, 2018, 07:50:51 am »
can you try sudo, su does not care about the groups - it asks you for the password of the target user.
Logged
z0rk
Jr. Member
Posts: 51
Karma: 1
Re: Can't su; but user is member of wheel and admin
«
Reply #2 on:
November 04, 2018, 06:07:28 pm »
Sorry, I am not sure what you're suggesting. I am not trying to use sudo, I am trying to switch user to 'root', so I can access the same options I get when logged in at the console:
0) Logout 7) Ping host
1) Assign interfaces
Shell
2) Set interface(s) IP address 9) pfTop
3) Reset the root password 10) Filter logs
4) Reset to factory defaults 11) Restart web interface
5) Reboot system 12) Upgrade from console
6) Halt system 13) Restore a configuration
Maybe I misunderstood you? Thanks Cheers
Logged
OPNsense 24.7.2
franco
Administrator
Hero Member
Posts: 17473
Karma: 1587
Re: Can't su; but user is member of wheel and admin
«
Reply #3 on:
November 04, 2018, 06:57:02 pm »
z0rk is correct, wheel is needed for su to work for root:
PAM is used to set the policy su(1) will use. In particular, by default
only users in the ``wheel'' group can switch to UID 0 (``root''). This
group requirement may be changed by modifying the ``pam_group'' section
of /etc/pam.d/su. See pam_group(8) for details on how to modify this
setting.
via
https://www.freebsd.org/cgi/man.cgi?su
Check your password for typos or special characters as keyboard layouts may differ.
When you have integrated authentication, the password for root follows the web GUI settings, so TOTP, LDAP, etc. works too. This is true for su, ssh et. al. when the "disable integrated authentication" setting is off, which is the default.
In a nutshell, it's the same password that you use to *log in* root on the web GUI, minus encoding issues / keyboard mapping differences mentioned earlier.
Cheers,
Franco
«
Last Edit: November 04, 2018, 07:00:43 pm by franco
»
Logged
z0rk
Jr. Member
Posts: 51
Karma: 1
Re: Can't su; but user is member of wheel and admin
«
Reply #4 on:
November 04, 2018, 07:42:31 pm »
Hey Franco
I did change the password for 'root' to only include upper / lower case characters and numbers.
I've got TOTP enabled for the user account that I use to connect via ssh, but not for 'root'. I don't use 'root' to log in to the web GUI only my user account. So effectively I can' 'su' because TOTP is not enabled for 'root'?
Logged
OPNsense 24.7.2
franco
Administrator
Hero Member
Posts: 17473
Karma: 1587
Re: Can't su; but user is member of wheel and admin
«
Reply #5 on:
November 04, 2018, 09:41:05 pm »
Yep, enable checkbox for "Disable integrated authentication" and it'll work as you would expect.
Cheers,
Franco
Logged
franco
Administrator
Hero Member
Posts: 17473
Karma: 1587
Re: Can't su; but user is member of wheel and admin
«
Reply #6 on:
November 04, 2018, 09:47:11 pm »
PS: Unless you use 2FA for SSH login of course. Then you're kinda stuck.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
[SOLVED] Can't su; but user is member of wheel and admin