No longer log into web gui with any user but admin

knotbeerdan

I have been running pfsense 2.0.1 for approximately 6 months. After shutting down to blow out the pc I can no longer login with any user besides the admin user. I can use openVPN and login to the shell, but when I attempt to login to the web GUI I get an error that there is no page assigned to this user. The user is an admin user, and I even created another user with admin privileges with no changes.

After creating the new user with no luck, I then went into the the user properties for the old existing user and selected all pages…

I have tried rebooting the router again, and have covered every area I can possibly think of to resolve this issue.

Only thing I can find in the logs is this...

php: /index.php: User logged out for user 'drogers' from: 10.0.0.139

(drogers is the user I have been using since day 1 to access the web GUI)

I realize I may be lacking some important info, if there is anything else I need to post please let me know and I will get the information or logs.

jfassad

I have the exact same problem.
Im using the default local database auth server.

Testing the login on Diagnostics > Authentication gives me the result:
User: jfassad authenticated successfully.
This user is a member of these groups:
all admins

Everything looks fine except I can't login with the user.

EDIT: Running 2.0.1-RELEASE

jfassad

I have managed to fix the problem.

I had to edit /etc/inc/priv.inc and comment lines 252 e 253

249 function getAllowedPages($username) {
250         global $config, $_SESSION;
251
252 //      if (!function_exists("ldap_connect"))
253 //              return;

Im not using ldap and after inspecting the code, not thoroughly, I must admit. I don't think it will break anything.

I looked but couldn't find the function ldap_connect declaration anywhere. I wonder how it was working before the reboot. Maybe something got deleted during the reboot somehow.

Can anybody please check where is the function ldap_connect declared and tell me ?

regards,

Joao

jfassad

Looks like the problem is that php ldap module was not loaded.

cat /var/run/php_modules_load_errors.txt

ldap did not load correctly.  Removing from php.ini…

And here is why:

On /tmp/PHP_errors.log:
[12-Jul-2012 21:40:50] PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20060613/ldap.so' - Shared object "libsasl2.so.2" not found, required by "libldap-2.4.so.8" in Unknown on line 0

I did not remove libsasl2.so.2 myself, but I have this feeling that I remember seeing libsasl being mentioned in some package I installed. I probably removed this package later and libsasl2.so.2 was removed by the script.

Are there any package install/remove logs that I can check ?

knotbeerdan

@jfassad:

I have managed to fix the problem.

I had to edit /etc/inc/priv.inc and comment lines 252 e 253

249 function getAllowedPages($username) {
250         global $config, $_SESSION;
251
252 //      if (!function_exists("ldap_connect"))
253 //              return;

I applied the fix above and it seemed to work for me as well. I also am not using LDAP and it would be nice if we could disable this completely or at least stop the module from loading.

jfassad

knotbeerdan,

It seems the problem is that some package that you and had had installed and subsequently removed , ended up deleting libsasl which is a core dependency. Without libsasl installed php wont load the ldap module and will break the getAllowedPages function.

There is even an old bug report describing a similar case - http://redmine.pfsense.org/issues/875

knotbeerdan

Thanks for the info!