Unable to unlock cmkadmin user

Hi,

I’m running CheckMK_2.0.0p1 on a Debian 10 server. I’ve locked the “cmkadmin” user and I’m not able to reactivate it and to log in into the console.

I use htpasswd -m htpasswd cmkadmin to define a new, password,
I check the password with htpasswd -v htpasswd cmkadmin and cat htpasswd to check the entry has been updated
I try to log-in on the interface, I get an “invalid credential” error
I check the htpasswd file with cat htpasswd then see the “!” in front oh the hash, and htpasswd -v htpasswd cmkadmin is no longer OK.

Did I missed sth ?

Regards

UP, any idea for this issue ?

Regards

I’ve discovered exactly the same problem. It probably started with a wrong login as admin user cmkadmin. Since that, we’re not able to recover this user.
I could imagine, that the encryption of the htpasswd is not what is expected. Otherwise, I see no reason, why the user should be blocked after one wrong login.

Hi Bastian,

I recently manage to solve this. This is definitely a bug with the lock system and not the encryption.

To disable the password lock feature, edit the global.mk file in /opt/omd/sites/YOURSITENAME/etc/check_mk/multisite.d/wato

lock_on_logon_failures = 5

Set the value to 0, reset your password with htpasswd -m htpasswd cmkadmin and you should be able to log in.
Once logged, you can set another password and maybe setup a rescue user, then set back the lock feature from the admin panel - Setup / General / Global settings - at the bottom of the page

Hope this help and that the devs will file a bug.

Your solution works! Seems a bit strange, the lock_on_logon_failures = was very high. Setting it to 0 worked and explains the strange behaviour. Have you opened a case at checkmk?

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.