Web GUI Access Denied even with password reset
-
I have a NetGate pfSense 1100 device. Went to log into the Web UI with the admin account and couldn't get in. After a failed login attempt both the web UI and SSH become unresponsive for several minutes. Thinking I had the incorrect password, I tried resetting via the serial console.
I've tried:
a) Choosing option #3 from the console menu to reset the admin password
b) Dropping to console and running the /etc/rc.initial.password script
c) Going to the phpshell and running "playback changepassword"Additionally, from the console menu I've tried options #11 and #16 to restart the Web UI and the PHP-FPM. I've tried pfctl -T flush -t sshguard in case that was blocked. Also rebooted the unit.
Nothing works.
From the phpshell I've tried printing the users and the account is there. After changing the password (e.g. vi playback changepassword) the password hash changes, so the password is being updated, but I still get an incorrect username or password message when trying to log in.
-
What pfSense version are you running?
What is logged when you try to login?
-
@stephenw10 Thanks for the follow-up. The devices is running Pfsense Plus v23.05.1
I don't see any log entries. There's a /var/log/auth.log file, but that doesn't include any entries for the failed Web UI login, only the fact that I accessed the serial as root.
SSH to the device times out, so I can't check the log for those entries.
-
I assume you can access the filesystem at the console though?
The main log (/var/log/system.log) shows failed login attempts when you try to login?
-
Thanks again for your time. I have access to that log. There are really old entries from previous months, e.g.
Sep 20 16:02:08 webproxy php-fpm[736]: /index.php: webConfigurator authentication error for user 'admin' from: 10.254.201.100 Sep 20 16:05:39 webproxy php-fpm[736]: /index.php: Successful login for user 'admin' from: 10.254.201.100 (Local Database)But there are no recent entries of either failed or successful logins (and there were many failed logins over the last day). It's not a case of storage, as it has other recent entries (e.g. the root login on tty0, or from running the "changepasswd" script).
We use about 50 Netgates for various services and have had to bring a few back in for a factory default because they've gone belly-up. I don't know if it's related, but this one is running more critical I'd really like to avoid the downtime and perhaps find a root cause.
-
Hmm, odd. Do you have logs from when it initially failed? That's the only way we're likely to know what happened.
