SOLVED Can't logon as root to my TrueNAS box

Matt_G

Matt_G

Explorer
Joined
Jan 24, 2016
Messages
65
I have no idea what has happened here but it has my VERY nervous.

This morning I tried to logon to my TrueNAS box as root via the GUI. (TrueNAS-12.0-U8.1)
It keeps telling me that my password or 2FA code is incorrect.

I have been using this password for a year or so.
I checked it at least a half a dozen times and even typed it into notepad to make sure my keyboard was working correctly.
I AM entering the correct password.

2FA is turned on and it is setup on a YubiKey.
I am using the code Yubico Authenticator is giving me.
This too has been working for over a year.
No change was made here.
Note that I do have a different YubiKey setup as a backup and I kept the secret in an accessible place.

This server is personal and no one else other than my wife has access to it.
She is not computer savvy and wouldn't even know how to access the box to change anything.
So I KNOW that she has not changed the password.
I DID NOT change the password.

Note that I have not rebooted the box yet.
When I get home from work, that will be step one.
I noticed this before going to work and I only had 10 minutes or so to look at the problem.

Does anyone have any ideas as to WTH could be going on here?
Is there any known issue with 2FA going wonky?
 
C

c77dk

Patron
Joined
Nov 27, 2019
Messages
468
Matt_G said:
I have no idea what has happened here but it has my VERY nervous.

This morning I tried to logon to my TrueNAS box as root via the GUI. (TrueNAS-12.0-U8.1)
It keeps telling me that my password or 2FA code is incorrect.

I have been using this password for a year or so.
I checked it at least a half a dozen times and even typed it into notepad to make sure my keyboard was working correctly.
I AM entering the correct password.

2FA is turned on and it is setup on a YubiKey.
I am using the code Yubico Authenticator is giving me.
This too has been working for over a year.
No change was made here.
Note that I do have a different YubiKey setup as a backup and I kept the secret in an accessible place.

This server is personal and no one else other than my wife has access to it.
She is not computer savvy and wouldn't even know how to access the box to change anything.
So I KNOW that she has not changed the password.
I DID NOT change the password.

Note that I have not rebooted the box yet.
When I get home from work, that will be step one.
I noticed this before going to work and I only had 10 minutes or so to look at the problem.

Does anyone have any ideas as to WTH could be going on here?
Is there any known issue with 2FA going wonky?
Click to expand...
Before rebooting put a screen on and check the console. My first guess would be the time has drifted.
 
Matt_G

Matt_G

Explorer
Joined
Jan 24, 2016
Messages
65
Damn good Idea.
I had not thought of that.
That will be step 1.
Wish I could do it right now but I still have a little more than 5 hours to go here at work. :eek:
 
Matt_G

Matt_G

Explorer
Joined
Jan 24, 2016
Messages
65
c77dk said:
Before rebooting put a screen on and check the console. My first guess would be the time has drifted.
Click to expand...
You nailed it c77dk.
That was the issue.
The clock on TrueNAS and the clock on my workstation (which has Yubico on it) was close to 2 minutes off.

They are both set to use the same domain controller as the NTP server, so I'm not sure how they got that far out of sync.
My Winbloz box and the DC are within a second of each other.
It's the TrueNAS box that drifted.
I guess I'll try checking the "prefer" box in the NTP settings and see if that helps.
Either that or figure out which server I have that DC pointed to on the Net and just point TrueNAS to the same server...
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
Matt_G said:
Either that or figure out which server I have that DC pointed to on the Net and just point TrueNAS to the same server...
Click to expand...
Or run your own, and set up a firewall rule to send all NTP traffic to it.
 
Matt_G

Matt_G

Explorer
Joined
Jan 24, 2016
Messages
65
danb35 said:
Or run your own, and set up a firewall rule to send all NTP traffic to it.
Click to expand...
True, I could put a rule in pfSense to force all port 123 traffic to that domain controller.
I thought pointing TrueNAS to that domain controller meant I wouldn't have to mess with the firewall.
I'll play around with it this weekend.
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
Matt_G said:
I thought pointing TrueNAS to that domain controller meant I wouldn't have to mess with the firewall.
Click to expand...
It would, and TrueNAS can be configured for that. Some devices aren't as configurable, though. I have a Centerclick NTP device on my LAN:

CenterClick NTP200 and NTP250 GPS Based NTP Server Appliance

CenterClick NTP200 and NTP250 GPS Based NTP Server Appliance
centerclick.com

and ended up doing this to get my Windows and Mac clients to use that. Certainly overkill for a home LAN, but a neat little device.
 
You must log in or register to reply here.

Similar threads

B
SSH into TrueNAS as non-root with 2FA enabled (TrueNAS-12.0-U3.1)
Replies
0
Views
1K
blikoy
B
O
Can't login with root user
Replies
1
Views
2K
Ofloo
O
S
SOLVED Unable to login after upgrading Truenas (2FA is invalid)
Replies
10
Views
8K
sdealmeida
S
I
TrueNAS not accepting username/password/2FA
Replies
5
Views
3K
victort
victort
F
How to disable 2FA
Replies
3
Views
6K
nasusr
N
Top