24.7.9 - Can't login WebGUI with 2FA

Started by chucksense, November 20, 2024, 12:19:53 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 20, 2024, 12:19:53 PM
Hi team,

Thanks for the update. After updating to 24.7.9 I get a user/password wrong error when trying to log into the WebGUI. I have 2FA enabled right after the password.

Rollback to 24.7.8 fixed the issue.

Thanks!
November 20, 2024, 01:08:27 PM #1
Sorry about that. 24.7.9_1 was issued reverting the change and the situation is now fixed on the development branch too:

https://github.com/opnsense/core/commit/ae97263e4


Cheers,
Franco
November 20, 2024, 01:12:51 PM #2
All fixed after the patch, thanks for the super quick response Franco!
November 20, 2024, 01:18:06 PM #3
Sure, really appreciate speedy feedback after a release. <3
November 20, 2024, 05:48:00 PM #4
I stumbled over that one, too. However, there is another problem:

Once you try to upgrade via ssh, you will be told:

  0) Logout                              7) Ping host
  1) Assign interfaces                   8 ) Shell
  2) Set interface IP address            9) pfTop
  3) Reset the root password            10) Firewall log
  4) Reset to factory defaults          11) Reload all services
  5) Power off system                   12) Update from console
  6) Reboot system                      13) Restore a backup

Enter an option: 12

Fetching change log information, please wait... done

This will automatically fetch all available updates and apply them.

This update requires a reboot.

Proceed with this action? [y/N]: y


Neither the original upgrade from 24.7.8 to 24.7.9 nor the second upgrade to 24.7.9_1 needed a reboot. I think that the notification on the CLI upgrade is wrong about needing that.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 770 up, Bufferbloat A
November 20, 2024, 06:09:34 PM #5
Did you perchance set the "always reboot" option in the UI?

System > Firmware > Settings > Advanced
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 20, 2024, 06:33:19 PM #6
November 21, 2024, 12:16:14 AM #7
No, I did not set the "always reboot". I only occured to me because with all of the other boxes, where 2FA was disabled, I could upgrade via web UI and was not told that an upgrade were imminent, whereas here, it was different.

I could not do a reboot at that time, so I delayed the update until later, only to find that there was no reboot at all.

So I assume that there is a difference in how the web UI detects if a reboot is neccessary vs. the CLI.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 770 up, Bufferbloat A
November 21, 2024, 02:21:13 AM #8
opnsense-update -p doesn't require a reboot and should be OK to use in this case.
November 21, 2024, 09:21:14 AM #9
> So I assume that there is a difference in how the web UI detects if a reboot is neccessary vs. the CLI.

None that I can think of. It's probably right, minus locks on base or kernel set. But the GUI behaves the same: locks are ignored for the check so it says it likes to reboot but if the kernel or base is locked then it will not reboot later on as per user request.


Cheers,
Franco
December 18, 2024, 12:52:18 PM #10
As luck would have it I stumbled over this bug testing a preliminary 25.1-BETA image:

https://github.com/opnsense/core/commit/3009ad964d

Since it's a small fix I also added it to 24.7.11_2.


Cheers,
Franco
Print
Go Up Pages1
User actions