valid OPNsense admin Password not accepted anymore

Started by atoll, October 29, 2023, 10:42:49 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 29, 2023, 10:42:49 PM
Hi everybody,

on my OPNsense installation, the login of the administrator is not accepted anymore.

That's true for the web interface and for ssh.

Now for the funny part: I can log into my "observer"-account (limited permissions, essentially only sees logs and stats) via TOTP.

Then, I go to System -> Access -> Tester and test my admin password against the local database. It's giving me: "authenticated successfully".

OPNsense 23.7.6, ZFS, network time matches

Any clue what's going on? And even more important: What's the simplest way to gain access again?

If possible, I'd like to avoid the serial console, as it's a hassle to get to the machine and get it running.

Thanks!

-e-
October 30, 2023, 06:26:23 AM #1
Can you ssh in with the observer account ? Try to su - from there and change the root password
October 30, 2023, 09:41:01 AM #2
Did you maybe run into this issue? https://forum.opnsense.org/index.php?topic=36528.0

The fix for that is included in 23.7.7, but it hinges on having integrated auth disabled in the first place to produce this issue.


Cheers,
Franco
October 30, 2023, 10:35:58 AM #3
Quote from: newsense on October 30, 2023, 06:26:23 AM
Can you ssh in with the observer account ? Try to su - from there and change the root password

Regrettably, the observer user does not have ssh enabled.

-e-
October 30, 2023, 10:38:27 AM #4
Quote from: franco on October 30, 2023, 09:41:01 AM
Did you maybe run into this issue? https://forum.opnsense.org/index.php?topic=36528.0

The fix for that is included in 23.7.7, but it hinges on having integrated auth disabled in the first place to produce this issue.


Cheers,
Franco

Hi and thanks for your reply,

it does not look to me that that's the exact issue:

I have my observer user authenticate against ,,internal database and TOTP".
My admin user authenticates against ,,internal database", and the password is being accepted in the tester.

Any other ideas?

Thanks!

-e-
October 30, 2023, 10:48:04 AM #5
keymap issue? Depending on which device you use to type the password for Login and for the tester... In 99.9% of cases incorrect passwords are just that.


Cheers,
Franco
October 30, 2023, 11:27:01 AM #6
Quote from: franco on October 30, 2023, 10:48:04 AM
keymap issue? Depending on which device you use to type the password for Login and for the tester... In 99.9% of cases incorrect passwords are just that.

Unlikely. I type the password from the same device I use in the tester, same browser as well. Works in the tester, does not work in the login. Also, it's a password where the EN end DE keymaps are the same.
October 30, 2023, 01:56:49 PM #7
Hi, same issue here.
Was running 23.7.6, upgraded to 23.7.7 and now I get "wrong username or password".

I have TOTP enabled (no local db), ssh and root account disabled. Forgot to enable them before upgrading...
October 30, 2023, 02:05:00 PM #8
The only advice I can give is to check the /etc/master.passwd file. The password for each user in /conf/config.xml is synced directly to that file if integrated authentication is disabled, otherwise it is set to "*" meaning it cannot be entered and the PAM authentication does the rest. There is no magic involved.


Cheers,
Franco
October 30, 2023, 03:47:49 PM #9
Console in and. reboot in as a single user and change the password immediately. :)
October 30, 2023, 07:06:43 PM #10
Yes, did that without issues, thanks guys.

Still wondering why this happened though, I use a password manager so no incorrect input and everything worked fine before upgrading. Have used this solution combined with TOTP for a long while and it's always been solid.

Oh well, still very happy with OPNsense and this forum  :)
Print
Go Up Pages1
User actions