Webgui login strangeness

David Dyer-Bennet · Feb 26, 2017

I can't seem to get into the WebGUI on a box that has been powered down a few months. (Um, after powering it up and seeing that it did boot, I mean!)

This system is running 9.3 (I said it had been powered down a while). Sure, I'll update it...fairly shortly after I get into the GUI :).

I'm trying to log into the GUI as user "root".

I'm accessing this box from outside NAT through portmapping. I'm very confident I have the right IP and port configured -- I get a FreeNAS GUI login screen. (There are two FreeNAS systems there, but they're running different software versions, and the logon screen shows what version it is. I get the logon screen for the right version, so I'm pointing at and mapping to the right system.)

I'm reasonably certain this isn't just a lost password problem; I can use the password my records show should work to log in via ssh.

Further more, if I enter a *wrong* password, I get a clear-cut error saying the username and password are incorrect.

If I enter the *right* password, I start to see the default web gui page come in -- and then immediately that gets blanked out and the login box comes up again. I do *not* get the red text saying the username and password do not match.

This suggests, to me, that something in the web GUI is crashing immediately after login. Since I do have SSH access remotely, I can check the log files. I don't find anything the slightest interesting most places. Nginx-access.log at least shows me the login. This isn't clearly right or wrong to me, can anybody read this to tell me what's up?

Code:

10.1.1.1 - - [26/Feb/2017:21:51:13 -0600] "POST /account/login/ HTTP/1.1" 302 5 "https://example.asuscomm.com:1234/account/login/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
10.1.1.1 - - [26/Feb/2017:21:51:13 -0600] "GET / HTTP/1.1" 200 11485 "https://example.asuscomm.com:1234/account/login/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
10.1.1.1 - - [26/Feb/2017:21:51:14 -0600] "GET /jsi18n/ HTTP/1.1" 200 2384 "https://example.asuscomm.com:1234/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
10.1.1.1 - - [26/Feb/2017:21:51:17 -0600] "GET /support/license/status/?request.preventCache=1488167476184 HTTP/1.1" 302 5 "https://example.asuscomm.com:1234/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
10.1.1.1 - - [26/Feb/2017:21:51:17 -0600] "GET /admin/alert/status/?1488167476211 HTTP/1.1" 302 5 "https://example.asuscomm.com:1234/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
10.1.1.1 - - [26/Feb/2017:21:51:17 -0600] "GET /system/varlogmessages/ HTTP/1.1" 302 5 "https://example.asuscomm.com:1234/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
10.1.1.1 - - [26/Feb/2017:21:51:18 -0600] "GET /admin/menu.json/ HTTP/1.1" 302 5 "https://example.asuscomm.com:1234/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
10.1.1.1 - - [26/Feb/2017:21:51:18 -0600] "GET /system/ HTTP/1.1" 302 5 "https://example.asuscomm.com:1234/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
10.1.1.1 - - [26/Feb/2017:21:51:18 -0600] "GET /account/login/?next=/admin/alert/status/%3F1488167476211 HTTP/1.1" 200 5968 "https://example.asuscomm.com:1234/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
10.1.1.1 - - [26/Feb/2017:21:51:18 -0600] "GET /account/login/?next=/system/varlogmessages/ HTTP/1.1" 200 5957 "https://example.asuscomm.com:1234/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
10.1.1.1 - - [26/Feb/2017:21:51:18 -0600] "GET /account/login/?next=/support/license/status/%3Frequest.preventCache%3D1488167476184 HTTP/1.1" 200 5993 "https://example.asuscomm.com:1234/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
10.1.1.1 - - [26/Feb/2017:21:51:18 -0600] "GET /account/login/?next=/admin/menu.json/ HTTP/1.1" 200 5951 "https://example.asuscomm.com:1234/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
10.1.1.1 - - [26/Feb/2017:21:51:18 -0600] "GET /account/login/?next=/system/ HTTP/1.1" 200 5942 "https://example.asuscomm.com:1234/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
10.1.1.1 - - [26/Feb/2017:21:51:18 -0600] "GET / HTTP/1.1" 302 5 "https://example.asuscomm.com:1234/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"
10.1.1.1 - - [26/Feb/2017:21:51:18 -0600] "GET /account/login/?next=/ HTTP/1.1" 200 5935 "https://example.asuscomm.com:1234/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0"

[IP, system name, and port number redacted]

There's nothing at vaguely the right times in nginx-error.log.

m0nkey_ · Feb 27, 2017

FreeNAS UI should never be accessible from the outside world. Should you wish access while away, consider setting up OpenVPN.

It's likely the boot medium is failing in some way, which would in some cases cause the UI to fail.

David Dyer-Bennet · Feb 27, 2017

m0nkey_ said:
It's likely the boot medium is failing in some way, which would in some cases cause the UI to fail.

I'd expect some record of this in the logs. But then I'd expect some record of whatever is wrong in the logs, and I've checked again this morning and I'm not finding anything. Where would disk (or flash drive) errors show up in the logs? I checked everything in /var/logs by date, and that seemed to have the usual set of log files present.

Is there a reasonably safe way to test this theory? And, if it looks true, how would one fix it? (Maybe the fix is, itself, a reasonably safe test?)

David Dyer-Bennet · Mar 14, 2017

The problem has survived a reinstallation of the FreeNAS software. But it only occurs when accessing externally via a mapped NAT port. That works on another server inside the same LAN, and we can't find any difference in the mapping.

I managed to replicate the data off of this old backup server to the new production server with command-line tools, so it was a good time to try the reinstallation. Now we're going to build a new backup pool, to be replicated to here and then moved off-site and maintained by remote replication, when the new drives arrive.

(Yes, I remember being told exposing the GUI port is unwise. Since it's HTTPS only and our password is a 20-character random string, I'm not convinced it's any more risky than a VPN or an SSH tunnel. I *am* also playing with using an SSH tunnel, playing with switching SOCKS proxies in Firefox to do it, which is kind of neat. Being able to access both local and remote servers from the same desktop is crucial for lots of maintenance activities and just for monitoring, so getting in only via VPN is a really expensive choice (in reduced productivity).)

David Dyer-Bennet · Mar 16, 2017

GUI weirdness persists in all situations.

A new install on new media gets me -- boot weirdness! I can select the media and boot from the Setup boot menu, but when I set that media as the default, an unattended boot does not find it. (This is clearly not a FreeNAS problem, it's my hardware or Setup settings; I mention it just for completeness in this messy story.)

Important Announcement for The TrueNAS Community.

Webgui login strangeness

David Dyer-Bennet

Patron

m0nkey_

MVP

David Dyer-Bennet

Patron

David Dyer-Bennet

Patron

David Dyer-Bennet

Patron

Similar threads