Web interface malfunctioning after upgrade.
-
All,
I updated yesterday my 2.2.6 release to 2.3.1-p5.
After I did that I also added 2 new interfaces (via VSphere).When I rebooted the FW it all come up online as expected, with everything working and it was showing up an em4 and em5 interface (my 2 new ones).
But the problem started when I tried to add the interfaces to assigned interfaces, the interface showed up, but when i reloaded the page it was gone.|Then I added them via CLI and also assigned IP via CLI. They are up and connected now. I can ping the subnets. But when I try to add any rule (also on any other interface), it "saves" without any change. So my rules do not shown up.
Update 23-06 14:15: Just found out that the entire web interface is unresponsive. Every page loads but none of the options i change are saved.
Please help me how to debug this.Update 23-06 14:20: Just found out that the issue occurs only with the LDAP users. When I use a local user everything works fine.
The LDAP user group is also configured in the PFsense with all rights. (Worked before upgrade).Anyone got any idea?
Kind Regards,
Arjan
-
You have added the right "User - Config: Deny Config Write"
Please remove that right from the Group and you will be able to change the config -
Thanks for the information, this was driving me crazy. I find this option a little strange since I can still apply system patches, edit the config file manually, and grant/remove that privilege to any user.
-
Thanks for the information, this was driving me crazy. I find this option a little strange since I can still apply system patches, edit the config file manually, and grant/remove that privilege to any user.
There are multiple ways in to the system. Some of the Diagnostics menu options effectively give you all privilege - Edit File and Command Prompts come to mind. If someone has either of those then they can effectively do anything they like, editing config.xml to make a user with all privs, or execute any command they like.
Similarly with system patches, a user with access to that can make whatever patch they like to the code and apply it. So that is another option that is effectively "all privs".