Not sure what happened. I have been on 25.04.2.6 after an upgrade from 24 for some time ago. I was trying to get connected to our cloud subscription, and it was just hanging over the weekend. Now this morning I am not able to log in to the GUI. I can log in using SSH without a problem and see this after the log in:
Traceback (most recent call last):
File "/usr/local/sbin/hactl", line 180, in <module>
main(args.command, args.q)
File "/usr/local/sbin/hactl", line 155, in main
is_ha, failover_config = get_failover_info(client)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/sbin/hactl", line 36, in get_failover_info
is_ha = client.call('failover.licensed')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/truenas_api_client/__init__.py", line 740 , in call
return self.wait(c, callback=callback, job=job, timeout=timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/truenas_api_client/__init__.py", line 778 , in wait
raise c.error
truenas_api_client.exc.ClientException: [ENOTAUTHENTICATED] Not authenticated
I have tried rebooting the server. What else can I do to resolve?
I am seeing these alerts:
2 API login failures in the last 24 hours: (username=admin,session_id=070a6460-60cc-4297-a681-9ba2e914904b,address=my.ip.address),(username=admin,session_id=070a6460-60cc-4297-a681-9ba2e914904b,address=my.ip.address)
TrueCommand API Key has been disabled by iX Portal: Invalid Client Key
That may indicate that the API key was revoked due to being used over insecure transport (no SSL). ENOTAUTHENTICATED may mean that the user you used to authenticate via SSH does not have privileges to the middleware backend. What account did you SSH in as? Are you able to sudo su to root and run commands such as midclt call api_key.query?
I’m logged in SSH as admin. Yes, I can run and get a JSON response, it seems. Shows 2 records one TrueCommand and one TrueCommandDashboard, with username and identifier. Should I post that info? I do see “user_identifier”: “LEGACY_API_KEY” for TrueCommand with number for the Dashboard identifier. Or let me know what I should look for. Thank you.
I also have console access.
So, I have another server working fine. It was also upgraded around the same time, but I’ve never had any issue with it connecting to TrueCommand. Checking TrueCommand, I see now there is a v25.04 API, and the other server is using Legacy. What is the best way to migrate? Should I deregister and connect again after changing the settings in TC?
I’ve had this same issue before with the same server, but never a GUI login problem. It will churn back and forth in the GUI as it did over the weekend and never connect. I see in TC that SSL is not required, but the working system is configured to connect on port 443. How can I get GUI access again and try to correct whatever settings appear not to be working?
I resolved this after discovering the admin users was no longer in the builtin_administrators group. This was caused by me editing the groups of the admin user and seeing the message that builtin groups cannot be altered. This seems new to me in Fangtooth. The only way I was able to save the user was by removing and other groups that were builtin. I was able to add back using the command below and see this message, but it worked and the user is now in the group again…
root@nas3[/home/admin]# usermod -a -G builtin_administrators admin
[sss_cache] [confdb_init] (0x0010): Unable to open config database [/var/run/sssd-cache/db/config.ldb]
Could not open available domains
[sss_cache] [confdb_init] (0x0010): Unable to open config database [/var/run/sssd-cache/db/config.ldb]
Could not open available domains
1 Like
