NAS542 Web Login Safari&Firefox not possible sometimes
frameworker
Posts: 23 Freshman Member
Hi guys,
struggle with the strange problem that sometimes my NAS542 loses the correct admin/password combination in both Safari and Firefox. Incorrect username&password appears.
ssh - login with the admin-password is still possible via terminal so I think the reason is not that a) using a wrong password b) password is lost on the NAS in general.
It's hard to say, whether the reason is on NAS side or on client side. I don't have the possibility to test with another client except on my IMac (OS X 10.11)
For the client side I've tried to clear the web password within the key store application of OS X, but it doesn't help it seems.
struggle with the strange problem that sometimes my NAS542 loses the correct admin/password combination in both Safari and Firefox. Incorrect username&password appears.
ssh - login with the admin-password is still possible via terminal so I think the reason is not that a) using a wrong password b) password is lost on the NAS in general.
It's hard to say, whether the reason is on NAS side or on client side. I don't have the possibility to test with another client except on my IMac (OS X 10.11)
For the client side I've tried to clear the web password within the key store application of OS X, but it doesn't help it seems.
Because I can login to the NAS directly how can I investigate the login process eg. where can I look see what happens?
#NAS_June
0
All Replies
-
It's definitively the NAS itself which forget the user&password combination.
After login via ssh and tell "reboot", the login works normally.
The NAS works with firmware version V5.21(ABAG.0), so there's no update available.
Is there no one out there who has the same problem sometimes?0 -
Does the samba login still work when the webinterface fails? The NAS has 2 separate login systems, the Linux /etc/password login (only for root&admin, only for ssh and telnet) and the samba login (for all users, for webinterface, samba, ftp, ... )The password hashes are stored in some database, and are written to /etc/shadow and /etc/samba/smbpasswd at boot (/etc is on a ramdrive, so the files are not persistent.)If somehow /etc/samba/smbpasswd gets corrupt, both samba login and webinterface login should fail. Of *only* webinterface login is affected, somehow the PAM implementation fails.Having said that, in either case I don't know how to solve the problem. And no, I never had the same issue.
0 -
I am having the same problem with a (possible) slight variation on my 542 (V5.21 ABAG.6 C0) - I can log in through the webinterface using a User account; however, I cannot log in using any Admin account. The ssh connections work fine all the time though.
Logging in via ssh to the Root account and using the reboot command makes the webinterface work for Admin accounts again. However, this "solution" is rather impractical.
Have you solved your problem somehow?
Edit: when I "open" the smbpasswd in powershell, I can edit the password - the old password still works, but even then I cannot log in via webinterface.
Edit2: the amount of time when the reboot helps is very short - 10-15 minutes after the reboot the webinterface stops working again.
Edit3: a newly created User account does not allow to log in via webinterface any time like the first one does, just like the admin accounts. Therefore, only one User account can be used to access the webinterface, all the other (User and Admin) accounts need the NAS reboot beforehand. This issue persists on Chrome and Firefox (have not tried other browsers).0 -
There is a script /bin/rbm.sh which is called by cron each 2 hours. Among maintaining the recycle bin it checks if /etc/samba/secrets.tdb is still valid, and in comment it says:#if secrets.tdb corrupt, web and ftp cannot loginI wondered why it has to be checked, why would it get corrupt? But *if* it gets corrupt, it could explain your problem. You can try to run it manually (as root) to see if it solves your problem. First check if the file /tmp/rbm_running exists. If it does, the script won't run as it is supposed to be running already.0
-
Thanks for your reply.
The tmp/rbm_running returns permission denied, so I guess it means it exists. Then the bin/rbm.sh returned the following:+ RM=/bin/rm+ PS=/bin/ps+ GREP=/bin/grep+ PYTHON=/usr/bin/python+ NICE=/bin/nice+ [ -e /tmp/rbm_running ]+ exitHowever, I am still unable to access the NAS with the Admin credentials without a reboot.
EDIT: BUT! Now I can log in using the User account (the one that works all the time) and after a logout from the User account I can login with any account without a reboot.
Edit2: This "feature" (login to a User account unlocking the logins to admin accounts) seems to be independent of running the rbm.sh script though.0 -
The /bin/rbm.sh script didn't really 'run'. It basically detected the existence of /tmp/rbm_running and exited.#!/bin/sh -x
RM="/bin/rm"
PS="/bin/ps"
GREP="/bin/grep"
PYTHON="/usr/bin/python"
NICE="/bin/nice"
#Make sure only one program running at a time.
if [ -e /tmp/rbm_running ]; then
exit
else
touch /tmp/rbm_running
fi
#if secrets.tdb corrupt, web and ftp cannot login
corrupt=`strings /etc/samba/secrets.tdb|grep SID`
/bin/tdbbackup -v /etc/samba/secrets.tdb
Verify_result=$?
if [ "${corrupt}" == "" ] || [ "${Verify_result}" != "0" ]; then
echo "rm -f /etc/samba/secrets.tdb" > /dev/console
/etc/init.d/samba.sh stop
rm -f /etc/samba/secrets.tdb
rm -f /etc/samba/secrets.tdb.bak
#Since the nice value of crond is 17 and the nice valut in samba.sh is 20,
#we set nice value to invoke samba.sh as -20 here to keep the nice of smbd 17
NICE -n -20 /etc/init.d/samba.sh start
fi
${PYTHON} -c "from models import share_main_model; share_main_model.main_exec_rbm()" > /dev/console
rm /tmp/rbm_running
exit 255The script normally checks for the existence, if it exists, it exits, if it doesn't exist, it creates it, does it's payload (checking the samba secret and maintaining the recyclebin) deletes /tmp/rbm_running and exits. This way the script doesn't run 2 times simultaneously.That also means that apparently the script was already running, probably stalled, as I don't think it is supposed to run very long. So maybe the secrets file is that damaged that /bin/tdbbackup stalls? But I have no idea how the file would get corrupted.
0 -
Thanks for your insight.
Based on what you said, I was thinking that the rbm_running could have gotten stuck there some point in the past (e.g. the rbm.sh script didn't finish at some point - I had a power outage about 18 months ago (that I know of) and I'm not running a UPS) and left the rbm_running file undeleted, preventing the rbm.sh from running any time since. I have removed the rbm_running file manually and ran the rbm.sh script, this time with this result: (and now once it finished, there is no trace of the rbm_running file)RM=/bin/rm+ PS=/bin/ps+ GREP=/bin/grep+ PYTHON=/usr/bin/python+ NICE=/bin/nice+ [ -e /tmp/rbm_running ]+ touch /tmp/rbm_running+ strings /etc/samba/secrets.tdb+ grep SID+ corrupt=&SECRETS/SID/NAS542&SECRETS/SID/NAS540&SECRETS/SID/NAS540+ /bin/tdbbackup -v /etc/samba/secrets.tdb/etc/samba/secrets.tdb : 2 records+ Verify_result=0+ [ &SECRETS/SID/NAS542&SECRETS/SID/NAS540&SECRETS/SID/NAS540 == ]+ [ 0 != 0 ]+ /usr/bin/python -c from models import share_main_model; share_main_model.main_exec_rbm()+ rm /tmp/rbm_running+ exit 255
Reading this, I take it the secrets.tdb wasn't corrupt..? Although, if it countains the login credentials, then there should be more than 2 records (I have 2 Admin and 2 User account set up).
I'll come back later to tell you whether I'm still having problems logging into the webinterface.
Edit: So it has been 2 days and I can access the NAS via admin account from webinterface without any problems yet (this has happened from day to day already, so I'm not getting my hopes up yet, but I certainly am glad it's working for now).0 -
Reading this, I take it the secrets.tdb wasn't corrupt..?
Yes. Maybe secrets.tdb doesn't have anything to do with your problem. It was a long shot.
When it happens again, and you can only login as admin after having logged in as ordinary user, you could try to execute (as root)
find /etc/ -mmin -60
to see which files changed in the /etc/ directory tree in the last hour. Maybe that gives extra info.
0 -
Ok, so the problem is here again (after several days). When I fail to login, the command suggested returns:/etc/cups/certs/etc/cups/certs/0
After a reboot (when I can log in):/etc//etc/MyZone/etc/localtime/etc/mtab/etc/stunneld.conf/etc/zysyncd.conf/etc/group/etc/shadow/etc/passwd/etc/group-/etc/shadow-/etc/passwd-/etc/lvm/etc/lvm/backup/etc/lvm/backup/vg_81d1cbff/etc/lvm/archive/etc/lvm/archive/vg_81d1cbff_00000-1363796591.vg/etc/lvm/cache/etc/lvm/cache/.cache/etc/hosts/etc/init.d/etc/init.d/rc.shutdown/etc/zyxel/etc/zyxel/backupjob.db/etc/zyxel/upnp.db/etc/avahi/services/etc/avahi/services/web.service/etc/avahi/services/afp.service/etc/syslog-ng/syslog-ng.conf/etc/apcupsd/etc/apcupsd/apcupsd.conf/etc/service_conf/etc/service_conf/httpd_dav_auth.conf/etc/service_conf/httpd_special.conf/etc/service_conf/httpd_zld.conf/etc/service_conf/httpd_default.conf/etc/service_conf/httpd.conf/etc/service_conf/httpd_zld.conf.old/etc/service_conf/CA.cer/etc/pkg_service_conf/etc/pkg_service_conf/httpd_package2.conf/etc/pkg_service_conf/Tweaks.conf/etc/pkg_service_conf/MetaRepository.conf/etc/pkg_service_conf/httpd_zld2.conf/etc/pkg_service_conf/httpd_default2.conf/etc/pkg_service_conf/httpd2.conf/etc/resolv.conf/etc/netatalk/etc/netatalk/afp.conf/etc/samba/etc/samba/smb.conf/etc/samba/smbpasswd/etc/samba/secrets.tdb/etc/cups/certs/etc/cups/certs/0
Now, after a reboot, it has been several hours and I can still log in. I was trying to "catch" the NAS at a moment when then login stops working after a reboot, but unsuccessfully. It seems that clearing the rbm_running file indeed helped in some way (although not 100% as I encountered this issue now about a week later on this single occasion)0 -
Ok, so the problem is here again (after several days). When I fail to login, the command suggested returns:
I think you misunderstood me. The idea was to run the command when you restored admin login by logging in as ordinary user. If that changes something in the config, it would be nice to know what.
Having said that, cups is about printing, and on my NAS the cups/cert/0 file is also relatively new, while I don't have a printer connected.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight