403 Unauthorized Upon Clicking "Auth History" or "Manage Users"

NetOps · 30 August 2023 20:35

I’m getting a “403 | THIS ACTION IS UNAUTHORIZED.” when I click Auth History or Manage Users under the settings cog. I’ve checked the access_log, librenms.log, and journalctl, however the only thing I see that may be helpful is this from the access_log:

[30/Aug/2023:14:47:34 -0500] "GET /authlog HTTP/2.0" 403 3081 "https://librenms.aaaaaaaaaa.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"

[30/Aug/2023:14:42:38 -0500] "GET /users HTTP/2.0" 403 3081 "https://librenms.aaaaaaaaaa.com/preferences" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"

Steps to reproduce an issue.

Click on settings cog
Click “Auth History” or “Manage Users”
Error 403 Appears

The output of ./validate.php

librenms@LibreNMS:~$ ./validate.php
===========================================
Component | Version
--------- | -------
LibreNMS  | 23.8.2-20-g298d217a8 (2023-08-30T14:11:04-05:00)
DB Schema | 2023_06_18_201914_migrate_level_to_roles (257)
PHP       | 8.1.12
Python    | 3.9.2
Database  | MariaDB 10.5.19-MariaDB-0+deb11u2
RRDTool   | 1.7.2
SNMP      | 5.9
===========================================

[OK]    Composer Version: 2.5.8
[OK]    Dependencies up-to-date.
[OK]    Database connection successful
[OK]    Database Schema is current
[OK]    SQL Server meets minimum requirements
[OK]    lower_case_table_names is enabled
[OK]    MySQL engine is optimal
[OK]    Database and column collations are correct
[OK]    Database schema correct
[OK]    MySQl and PHP time match
[OK]    Active pollers found
[OK]    Dispatcher Service not detected
[OK]    Locks are functional
[OK]    Python poller wrapper is polling
[OK]    Redis is unavailable
[OK]    rrd_dir is writable
[OK]    rrdtool version ok

If it’s an issue with the WebUI then please consider including a screenshot and the browser version you are using.

dbolton · 30 August 2023 23:20

Looks like the same issue after system updates. See murrant’s suggested fix here: Admin user roles

NetOps · 31 August 2023 12:56

Unfortunately, still the same issue What other logs would help in determining the issue?

Pull8271 · 31 August 2023 18:01

Same issue here. Murrant’s fix that was linked did not work for me either.

rocko · 31 August 2023 22:18

I am experiencing this issue as well.

The workaround from this post allowed me to successfully login and re-add the Admin role. Thanks!

bash-5.1$ /opt/librenms/validate.php 
===========================================
Component | Version
--------- | -------
LibreNMS  | 23.8.2-20-g298d217a8 (2023-08-30T14:11:04-05:00)
DB Schema | 2023_06_18_201914_migrate_level_to_roles (257)
PHP       | 8.1.14
Python    | 3.9.16
Database  | MariaDB 10.5.16-MariaDB
RRDTool   | 1.7.2
SNMP      | 5.9.1
===========================================

[OK]    Composer Version: 2.5.8
[OK]    Dependencies up-to-date.
[OK]    Database connection successful
[OK]    Database Schema is current
[OK]    SQL Server meets minimum requirements
[OK]    lower_case_table_names is enabled
[OK]    MySQL engine is optimal
[OK]    Database and column collations are correct
[OK]    Database schema correct
[OK]    MySQl and PHP time match
[OK]    Active pollers found
[OK]    Dispatcher Service not detected
[OK]    Locks are functional
[OK]    Python poller wrapper is polling
[OK]    Redis is unavailable
[OK]    rrd_dir is writable
[OK]    rrdtool version ok

[root@LibreNMS ~]# cat /etc/os-release 
NAME="Rocky Linux"
VERSION="9.2 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.2"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.2 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2032-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.2"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.2"

libredm · 1 September 2023 15:53

I am noticing this problem as well. Went to check on one of the other users yesterday and found the error screen.

Is this something that will get fixed in the course of time via a new update, or am I now in a situation where I need to actively take control (e.g. by trying the fix provided by Murrant in the other topic)? ? ?

Thanks!

murrant · 1 September 2023 17:00

if you are seeing 403 unauthorized, but still see all your devices etc, then you need to run this part of the fix:

lnms db:seed --class='Database\Seeders\RolesSeeder'
lnms tinker --execute='Bouncer::refresh()'

Pull8271 · 1 September 2023 19:18

These commands fixed my issue. Thanks Murrant.

libredm · 1 September 2023 19:29

Excellent. Worked for me.
Thanks again.

NetOps · 1 September 2023 19:35

That worked for me as well! Thank you so much!

Ihor_Romanyshyn · 5 September 2023 08:03

Thank you! It resolved my issue too.

caseyccup · 6 September 2023 22:24

When attempting to run the tinker command I get the following:

lnms tinker --execute='Bouncer::refresh()'

In Configuration.php line 632:

  Unable to create PsySH runtime directory. Make sure PHP is able to write to /run/user/1000 in order to continue.

I used the user add work around method. to correct the issue. Hopefully this PhySH issue doesn’t represent a bigger issue. I’m not familiar enough to know.

system · 13 September 2023 22:24

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.