No longer log into web gui with any user but admin



  • I have been running pfsense 2.0.1 for approximately 6 months. After shutting down to blow out the pc I can no longer login with any user besides the admin user. I can use openVPN and login to the shell, but when I attempt to login to the web GUI I get an error that there is no page assigned to this user. The user is an admin user, and I even created another user with admin privileges with no changes.

    After creating the new user with no luck, I then went into the the user properties for the old existing user and selected all pages…

    I have tried rebooting the router again, and have covered every area I can possibly think of to resolve this issue.

    Only thing I can find in the logs is this...

    php: /index.php: User logged out for user 'drogers' from: 10.0.0.139
    

    (drogers is the user I have been using since day 1 to access the web GUI)

    I realize I may be lacking some important info, if there is anything else I need to post please let me know and I will get the information or logs.



  • I have the exact same problem.
    Im using the default local database auth server.

    Testing the login on Diagnostics > Authentication gives me the result:
    User: jfassad authenticated successfully.
    This user is a member of these groups:
    all admins

    Everything looks fine except I can't login with the user.

    EDIT: Running 2.0.1-RELEASE



  • I have managed to fix the problem.

    I had to edit /etc/inc/priv.inc and comment lines 252 e 253

    249 function getAllowedPages($username) {
    250         global $config, $_SESSION;
    251
    252 //      if (!function_exists("ldap_connect"))
    253 //              return;
    

    Im not using ldap and after inspecting the code, not thoroughly, I must admit. I don't think it will break anything.

    I looked but couldn't find the function ldap_connect declaration anywhere. I wonder how it was working before the reboot. Maybe something got deleted during the reboot somehow.

    Can anybody please check where is the function ldap_connect declared and tell me ?

    regards,

    Joao



  • Looks like the problem is that php ldap module was not loaded.

    cat /var/run/php_modules_load_errors.txt

    ldap did not load correctly.  Removing from php.ini…

    And here is why:

    On /tmp/PHP_errors.log:
    [12-Jul-2012 21:40:50] PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20060613/ldap.so' - Shared object "libsasl2.so.2" not found, required by "libldap-2.4.so.8" in Unknown on line 0

    I did not remove libsasl2.so.2 myself, but I have this feeling that I remember seeing libsasl being mentioned in some package I installed. I probably removed this package later and libsasl2.so.2 was removed by the script.

    Are there any package install/remove logs that I can check ?



  • @jfassad:

    I have managed to fix the problem.

    I had to edit /etc/inc/priv.inc and comment lines 252 e 253

    249 function getAllowedPages($username) {
    250         global $config, $_SESSION;
    251
    252 //      if (!function_exists("ldap_connect"))
    253 //              return;
    

    I applied the fix above and it seemed to work for me as well. I also am not using LDAP and it would be nice if we could disable this completely or at least stop the module from loading.



  • knotbeerdan,

    It seems the problem is that some package that you and had had installed and subsequently removed , ended up deleting libsasl which is a core dependency. Without libsasl installed php wont load the ldap module and will break the getAllowedPages function.

    There is even an old bug report describing a similar case - http://redmine.pfsense.org/issues/875



  • Thanks for the info!


Log in to reply