Login Attempts fail on new CE install
After a basic install of the CE edition, I am unable to log into the system. I added a user via CLI and can see that user as valid within the database. When I enable debug, I can see that the system is attempting the login but when it tries to pull the userlevel from the database, it does not appear to be passing the username into the query, so it is attempting to get the userlevel of username = '' and failing. The authentication failure is correctly populating into the auth_log insertion query. See below for the output of the debug info on the login page. Is this a bug in the system or is something configured incorrectly? I can see the user with level 10 in the database.
SELECT * FROM `observium_attribs` SELECT @@SESSION.sql_mode; SET SESSION `sql_mode` = 'NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' SELECT TIMEDIFF(NOW(), UTC_TIMESTAMP); SELECT * FROM `config` SELECT `username`, `password` FROM `users` WHERE `username` = 'lima3' AND `type` = 'mysql' SELECT `level` FROM `users` WHERE `username` = '' AND `type` = 'mysql' INSERT INTO `authlog` (`user`,`address`,`user_agent`,`result`) VALUES ('lima3','10.0.0.190','Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0','Authentication Failure')
Did you use any unquoted special characters on the CLI when creating the user? This would cause the CLI to pass a mangled password to the user creation script.
There’s not going to be anything wrong with the login system, logically, since it’s used by thousands of people without issues.
Thanks, Adam.
On 4 Aug 2025, at 03:57, zack--- via observium observium@lists.observium.org wrote:
After a basic install of the CE edition, I am unable to log into the system. I added a user via CLI and can see that user as valid within the database. When I enable debug, I can see that the system is attempting the login but when it tries to pull the userlevel from the database, it does not appear to be passing the username into the query, so it is attempting to get the userlevel of username = '' and failing. The authentication failure is correctly populating into the auth_log insertion query. See below for the output of the debug info on the login page. Is this a bug in the system or is something configured incorrectly? I can see the user with level 10 in the database.
SELECT * FROM `observium_attribs` SELECT @@SESSION.sql_mode; SET SESSION `sql_mode` = 'NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' SELECT TIMEDIFF(NOW(), UTC_TIMESTAMP); SELECT * FROM `config` SELECT `username`, `password` FROM `users` WHERE `username` = 'lima3' AND `type` = 'mysql' SELECT `level` FROM `users` WHERE `username` = '' AND `type` = 'mysql' INSERT INTO `authlog` (`user`,`address`,`user_agent`,`result`) VALUES ('lima3','10.0.0.190','Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0','Authentication Failure') _______________________________________________ observium mailing list -- observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.org
I wanted to say no, but after thinking about it yes. I set the initial password to Abc123$ and it was unquoted. Removed the user from the database and recreated with a simpler password and it worked just fine. I'm not sure if this is due to the software or if it is part of the docker image that I used to deploy the software, but it did not come with a default user like the documentation I found said it should
Could the adduser.php functions be changed to migitate the issue of an unquoted special character? This could save others from having the same frustrations in the future.
From what I can see, the software is not open source, otherwise I would attempt to create a pull request for the changes if I could.
Thanks for the help! Zack
Hi Zack,
We can't "mitigate" special characters because they're intercepted by the shell (basically, bash removed your $) before the adduser program is even started... Basic command line stuff :-)
Kind regards, Tom
On 04/08/2025 04:22, zack--- via observium wrote:
I wanted to say no, but after thinking about it yes. I set the initial password to Abc123$ and it was unquoted. Removed the user from the database and recreated with a simpler password and it worked just fine. I'm not sure if this is due to the software or if it is part of the docker image that I used to deploy the software, but it did not come with a default user like the documentation I found said it should
Could the adduser.php functions be changed to migitate the issue of an unquoted special character? This could save others from having the same frustrations in the future.
From what I can see, the software is not open source, otherwise I would attempt to create a pull request for the changes if I could.
Thanks for the help! Zack _______________________________________________ observium mailing list -- observium@lists.observium.org To unsubscribe send an email to observium-leave@lists.observium.org
participants (3)
-
Adam Armstrong -
Tom Laermans -
zack@lima3.me