Unable to login to GUI with non admin/root user

[mpsanten]

I've been reading the manual, looking in the logs and searching on this forum but I can't find why any non admin/root user is not able to login to the GUI. I would expect this to be possible as I see no other way a normal user can change his/her password. When a normal users tries to logon to the GUI they get:
"Please enter a correct Username and password. Note that both fields may be case-sensitive."
Altough I'm 100% certain the credentials are correct.
Also when I use the same credentials for an SSH session, the user can login.

Martijn

 

[ser_rhaegar]

Only root may login via the GUI.

 

[mpsanten]

Thanks, but how do users then change their password ? I know this was possible in older version of Freenas. Has that option been removed ?

 

[cyberjock]

They call an IT admin that changes their password.. just like it's ALWAYS been. They log into the WebGUI and change it(or to their domain).

User's shouldn't be able to change passwords.. otherwise they could easily change other user's passwords. So when I read your question I have to scratch my head and wonder how(and why) the heck did users EVER have the opportunity to change their password. Either your sentence structure is confusing me or your network is probably already pwned because of bad security practices.

I've never heard of users ever changing passwords, and if they can whoever came up with that idea should be unemployed. That's IT irresponsibility to the max. ;)

 

[ser_rhaegar]

I've never heard of users ever changing passwords, and if they can whoever came up with that idea should be unemployed. That's IT irresponsibility to the max. ;)

In FreeNAS, sure. In AD, anyone can change their own password. Log into any Windows machine on the domain, press CTRL-ALT-DEL and click "Change Password".

 

[cyberjock]

Ok.. ok. You got me. I was thinking in terms of changing user password because they got locked out.

But, if you are authenticating from a domain, CTRL-ALT-DEL works just fine because your FreeNAS server should be authenticating from the domain, right?

So I'm a little confused.

BUT... If you do local users on the FreeNAS box and the user wants to change their password, then I guess they'd have to find a FreeNAS admin to change the password. But, if you are doing local users, you're probably so small this isn't really an inconvenience anyway. Very small organizations might not have a domain, while anything above the smallest would be smart to use a domain... So I think the problem is either "not a big deal" or "shouldn't be a big deal" for the applicable circumstances.

 

[mpsanten]

Yes, we do have a domain but since it's a domain which I don't administer, I'm not allowed to make the FreeNAS part of it. On domain level we are obliged to change our password monthly. Our FreeNAS users used to change their FreeNAS password to the same as their domain password in order for them to connect seamlessly with the FreeNAS share. Now the odd thing is,, untill last week users were able to change their OWN passwords themselves. I can't find what happened why they no longer can. Also,,, I've got an very old instance ( FreeNAS 0.7.1 Shere) running somewhere where it's actually an option in the "Access|Users|Edit" pane. In this version the option was called: "user portal: grant access to the user portal".

 

[cyberjock]

How were users changing their own passwords before last week when it broke. This intrigues me. I'll take you at your word that this happens, but I'm really struggling to understand the mechanism behind it if FreeNAS isn't part of the domain. I'm wondering if Windows itself was requesting the password change and FreeNAS was allowing it. If that's the case, then I wonder if something changed in FreeNAS, Windows, or something in the Domain. Hmm...

 

[mpsanten]

The users knew that if they changed their password they also need to change it on the FreeNAS. They way they did that was to simply put the FreeNAS adress in their browser and login using their old uid/password. I know it doesn't make sense, but it worked and for some reason now they are getting "Your username and password didn't match. Please try again." even if their credentials are correct.

 

[gpsguy]

FreeNAS v8 and 9 is a completely different product than 0.7. iX Systems bought the name and developed the product that supported here.

FreeNAS 0.7 became NAS4free. It's supported at: http://www.nas4free.org/

Did you upgrade a 0.7 box to v8/9? If so, that's what caused the problem. v8/9 only allow an admin/root user to login to the webGUI.

I've got an very old instance ( FreeNAS 0.7.1 Shere) running somewhere where it's actually an option in the "Access|Users|Edit" pane. In this version the option was called: "user portal: grant access to the user portal".

 

[mpsanten]

It wasn't an upgrade,, but I understand that it was never supposed to work like it did untill last week. At least I now know I can stop looking for the error as it is working as designed. Thanks all for replying,, I will figer out a way around it.

 

[KrisSpringer]

I'm using FreeNAS for remote users to store shared files using FTP. The fact that users can't change their own passwords is frustrating for users and seems incredibly archaic in today's remote access world. It should be an admin option to enable/disable.

 

[pirateghost]

I'm using FreeNAS for remote users to store shared files using FTP. The fact that users can't change their own passwords is frustrating for users and seems incredibly archaic in today's remote access world. It should be an admin option to enable/disable.

FTP is archaic in today's world....