18.7: password not acepted any more after update

Started by Tubs, July 31, 2018, 10:05:20 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
August 01, 2018, 07:57:12 PM #15
Ah, same here. TOTP was activated for VPN users.
August 01, 2018, 08:31:29 PM #16
Password reset via installer solved my problem. SSH was not possible to use as it was switched of and console was not possible to use as password was set and not accepted.


Also HAproxy is running again. But I did not do any change and do not know why it was not running after update and now it is running again.
August 02, 2018, 07:43:02 AM #17
I am reading this and it has me scared to upgrade.  I normally do an upgrade from the web GUI and what I am reading here makes me worry that if I do that I may not be able to log back in afterwards.  I want to be able to login to both the web interface and via ssh.  This is basically just a home router, I am not using anything fancy like a LDAP server or a VPN or anything like that, I just need to be able to log in from another machine on my local network like I do now, and the previous posts in this thread aren't really making sense to me.

So my question is, if I upgrade will I lose the ability to log in via the web interface or via ssh?  If so, could someone please explain as clearly as possible how to prevent that from happening, or failing that, to recover from it, preferably without needing to directly connect to the router (which normally does NOT have a keyboard/mouse/display connected)?
I'm a home user of OPNsense, not a networking expert.  I'd much appreciate it if you'd keep that in mind if replying to something I posted.  Many thanks!
August 02, 2018, 01:58:34 PM #18
You only have to make sure your primary authentication method actually works.
August 03, 2018, 12:57:58 PM #19 Last Edit: August 03, 2018, 01:03:09 PM by comet
I don't know what you mean by "primary authentication method" - I currently use a username and password to login to the web interface, and for ssh I login using key authentication.  Both currently work.  My question is, will these continue to work if I upgrade?

This is a home router, not part of some corporate network or anything, so I am not doing anything like using a separate server for authentication.  It's just your use of the term "primary authentication method" that's confusing me here, since I don't know if that means something specific or special.

EDIT: Also, both my "Authentication Server" and "Authentication Server (fallback)" are set to "Local Database", if that is what you mean.
I'm a home user of OPNsense, not a networking expert.  I'd much appreciate it if you'd keep that in mind if replying to something I posted.  Many thanks!
August 03, 2018, 01:13:36 PM #20
Yes, that's what I meant. You won't run into this issue because your authentication server (not fallback) is properly configured.


Cheers,
Franco
August 03, 2018, 04:01:31 PM #21
Just to mention: After updating to 18.7 I had to do the following to get ssh working for my user:

- Adminstration: Allow group the user belongs to for ssh access
- User configuration: Set a shell

Currently not able to lookup the exact name or location of these settings..
August 03, 2018, 04:05:18 PM #22
System: Settings: Administration: "Login Group" and System: Access: Users: "your user": Login shell


Cheers,
Franco
August 03, 2018, 04:44:02 PM #23
Thanks franco :)

I think this should help if one gets confused about ssh access not working after updating
August 05, 2018, 06:06:03 AM #24
After upgrading to 18.7, I am now unable to login as root via WebUI or SSH/Console. How do I access option 3 when I am unable to login as root? I am running on APU2 from PCEngines.

Any ideas are most welcomed.

Patrick
August 05, 2018, 06:29:01 PM #25
The login seems to be broken after the upgrade to 18.7.  I have 2FA configured on the box and I am able to successfully login through the GUI without any issues.  But not able to login via console anymore as it seems for some reason console is also trying to take the 2FA settings but not successful.  When logging in via console it authenticates successfully if 2FA is provided, but then errors out stating that the account is not available (See screenshots).

Also the earlier implementation of the console bypassing the 2FA was the ideal situation as if there is any issue in the 2FA (like faulty RTC or lost token) then there is at least a way to login through the console.  Hope this gets fixed ASAP

August 05, 2018, 07:12:17 PM #26
Just a guess:
Did you set a login shell for the user admin?
August 05, 2018, 08:07:49 PM #27
The "Wizard" aka initial setup to input password prompt for the login is broken, you can change the password, however you have to do it within the Lobby>password field. I've replicated this on a VM 32bit and a physical 64bit machine on fresh installs

The remedy for me to fix was to goto the Lobby>Password and change it from there.  :) This issue seems to be isolated to just 18.7, as 18.1 didn't have that issue in my testing. The imputed values into the wizard initial setup aren't changing the default opnsense value for some reason.

I seem to be not the only user with this issue.
August 05, 2018, 09:27:35 PM #28
I can confirm that the password doesn't get updated.
I also get an "Invalid LAN IP address" error when choosing dhcp or leaving the field empty.

And saving an edited user only works if a password is entered (would expect to work and leaving the password at it's old value when leaving empty)
August 06, 2018, 10:48:05 AM #29
@bigops you don't get a login unless you set a shell for that user. That's a new feature in 18.7 to improve security because 18.1 had yielded shell access rights too easily. Added bonus is that you can pin a specific shell.

@sigrme2449 thanks, it was fixed now https://github.com/opnsense/core/commit/abf1e44d

@Evil_Sense LAN IP in wizard was always static only and mandatory input
Print
Go Up Pages 1 2 3
User actions