No acces to GUI after disabling 2fa

B

basti2s

Member
Jul 27, 2021
35
0
6
32
Hello,

i have almost the same problem described in this topic: https://forum.proxmox.com/threads/lost-access-to-web-admin-after-disabling-2fa-totp.93581/
But the Solution of this topic dont work in my case.

So let us start from the beginning. I have used 2fa for my root@pam user. I wanted to test something, so i had to tourn off the 2fa. What i did is i disabled the 2fa for my root@pam user under "Access Control/Two Factor Authentication". The result of my brilliant idear is that, i am not able to login with my root@pam user. (Like in the topic linked below). The user there told that the whole user is disabled and you have to add user:root@pam:1:0:::censored@protonmail.com::: into the user.cfg. But it dont works. There is always an syntax error. Here my user.cfg:
Code: 
user: root@pam
        email xxxxx@web.de
        enable true
        expire 0
        firstname Bastian
        lastname xxxxx

user: bastian@pbs
        email xxxxxxx@web.de
        enable true
        expire 0
        firstname Bastian
        lastname xxxxxx

token: root@pam!backup
        enable true
        expire 0
I think the user.cfg isnt the problem? What can i do?
 
hi,

that thread is about PVE, not the backup server.

removing the user's 2fa authentication doesn't cause any issue here.

basti2s said:
he result of my brilliant idear is that, i am not able to login with my root@pam user
Click to expand...
are you choosing the correct linux pam realm when trying to log in?
 
i have tried both. And both dont work. With my other user bastian@pbs i can login. But the problem is, that it has no superuser rights. So it dont help a lot i guess
 
can you try changing the root password from ssh? run passwd and reset the password and try to login again...

you can also check in /etc/proxmox-backup/ to see if there's anything left in tfa.json file (in case the 2fa wasn't removed correctly, but i think this is unlikely.)

if that doesn't work please post the version info: proxmox-backup-manager versions --verbose
 
Thanks for your answer.
I changed the password via passwd and tried to login - didnt work
I checked the tfa.json there was a very long line with code left. I deleted it and tried to login again - didnt work
Then i tried some other things , now i am nomore able to connect to the GUI. I think at this point, a complete reinstall of the PBS is easier for me, than searching the problem, even if there was no important data stored on it at the moment.
 
open vi /etc/proxmox-backup/tfa.json
find "enable":false,"
change to "enable":true,"
Try login with pam , working.
 
  • Like
Reactions: elmo
You must log in or register to reply here.
Top Bottom