Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Web login with admin user fails, but serial console login with admin works!?

    Scheduled Pinned Locked Moved webGUI
    4 Posts 2 Posters 470 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      greeners
      last edited by

      I have an SG1100, which has been in use for a long time. Recently I decided to change the admin password as Lastpass are incompatant. Since I changed the admin user password in the webGUI I had problems.

      1. Login to pfsense webGUI as admin with old-password

      2. Change user 'admin' password to new-password

      3. Sign out from webGUI.

      4. Cannot sign in to webGUI with new-password or old-password!?!?

      5. Connect to serial console and login as admin with old-password WORKED

      6. Reset webconfigurator password

      7. Sign out from serial console

      8. Login to pfsense webGUI as admin with default-password. Alert shown to change default password.

      9. Change admin user password to old-password

      10. Sign out from webGUI.

      11. Cannot sign in to webGUI with default-password, new-password or old-password!?!?

      I can reset the web-configurator password again and regain access, but this is not good.

      What can I do?

      I have considered using a spare SG1100 and reload the last config. How do I get the config?

      Maybe I can try something less drastic first?

      TIA.

      G 1 Reply Last reply Reply Quote 0
      • G
        greeners @greeners
        last edited by

        @greeners I figured it out - RMM tools were scanning the network, causing pfsense to believe it was under an SSH attack, and locked down the account. Interesting that the webGUI login was locked but serial console login was allowed (lucky for me). Since I disabled network scanning the problem has gone away.

        jimpJ 1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate @greeners
          last edited by

          @greeners said in Web login with admin user fails, but serial console login with admin works!?:

          @greeners I figured it out - RMM tools were scanning the network, causing pfsense to believe it was under an SSH attack, and locked down the account. Interesting that the webGUI login was locked but serial console login was allowed (lucky for me). Since I disabled network scanning the problem has gone away.

          The anti-brute force detection doesn't care about the account, it protects at a network level. So it blocks the source of the attack, but that means the attacker can't reach the GUI port or SSH port. It wouldn't affect logging into the account if you can reach the GUI.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          G 1 Reply Last reply Reply Quote 1
          • G
            greeners @jimp
            last edited by

            @jimp thank you. Your explanation of 'anti-brute force protection' explains it perfectly. The RMM tool used an agent on my desktop PC, which explains why I could not log in to the webGUI from my desktop PC but I could login from the serial console.

            I will look in the pfsense docs for more information on 'anti-brute force' and see what I can do to allow legit network discovery, but not trigger my pfsense firewall alerting.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.