Web interface malfunctioning after upgrade.



  • All,

    I updated yesterday my 2.2.6 release to 2.3.1-p5.
    After I did that I also added 2 new interfaces (via VSphere).

    When I rebooted the FW it all come up online as expected, with everything working and it was showing up an em4 and em5 interface (my 2 new ones).
    But the problem started when I tried to add the interfaces to assigned interfaces, the interface showed up, but when i reloaded the page it was gone.|

    Then I added them via CLI and also assigned IP via CLI. They are up and connected now. I can ping the subnets. But when I try to add any rule (also on any other interface), it "saves" without any change. So my rules do not shown up.

    Update 23-06 14:15: Just found out that the entire web interface is unresponsive. Every page loads but none of the options i change are saved.
    Please help me how to debug this.

    Update 23-06 14:20: Just found out that the issue occurs only with the LDAP users. When I use a local user everything works fine.
    The LDAP user group is also configured in the PFsense with all rights. (Worked before upgrade).

    Anyone got any idea?

    Kind Regards,

    Arjan



  • You have added the right "User - Config: Deny Config Write"
    Please remove that right from the Group and you will be able to change the config



  • Thanks for the information, this was driving me crazy. I find this option a little strange since I can still apply system patches, edit the config file manually, and grant/remove that privilege to any user.



  • @naex:

    Thanks for the information, this was driving me crazy. I find this option a little strange since I can still apply system patches, edit the config file manually, and grant/remove that privilege to any user.

    There are multiple ways in to the system. Some of the Diagnostics menu options effectively give you all privilege - Edit File and Command Prompts come to mind. If someone has either of those then they can effectively do anything they like, editing config.xml to make a user with all privs, or execute any command they like.
    Similarly with system patches, a user with access to that can make whatever patch they like to the code and apply it. So that is another option that is effectively "all privs".


Log in to reply