Local admin password invalid after using web admin

it_mbeya · December 3, 2019, 7:20am

Hi,
This is pretty strange, but it keeps happening, so I’m posting it.

Seeing this on both a MAX-BR1-LTE-E and a MAX-BR1-ENT-LTEA.

I mostly use the remote web admin from Incontrol to manage these units, but there are times, when I also need to access the admin functions locally, e.g. when our ISP is down. (Outages here can be frequent and occasionally long.)

What seems to happen is that if I set the admin password from Incontrol and log out, the new password works locally only until I log back into Incontrol.

After resetting the password from Incontrol, I can log in and out locally multiple times using the new password. But from the moment I log back into InControl, attempts to access it locally receive “invalid username or password.” Fine, I get that. You shouldn’t use both at once and there has to be some kind of traffic police. But it seems that after logging out of Incontrol, that local admin password continues to fail until I go back into Incontrol and reset it again.

I haven’t tested this exhaustively, but that seems to be the pattern. How is local and remote access supposed to play together?

Thanks in advance.

Steve Pence
SIL
Mbeya, Tanzania

Ricardas · December 10, 2019, 7:15am

Dear Steve @it_mbeya,

we have provided you the answer via ticketing system.

Also, I would like quickly explain what users can do with admin password management using InControl2 (IC2 ref version 2.8.2)
IC2 offers “Device Web Admin Management” section at group level (Settings->Device System Management), which includes password control.

There are main options:

Device managed - password is controlled from device UI. IC2 doesn’t push/overwrite the password.
Assign a random password for each device - password is controlled/pushed from IC2. Every device in a group gets unique random password. If the password is set via device UI (locally or RWA), it will be overwritten by IC2 with the next heartbeat usually within 2 minutes. This option also has a checkbox “Reassign a new one”, which pushes new random password.
Assign a shared password for all devices - defined password is controlled/pushed from IC2. Every device in a group gets the same password. If the password is set via device UI (locally or RWA), it will be overwritten by IC2 with the next heartbeat.

Kind Regards

it_mbeya · December 7, 2019, 1:17pm

Dear Ricardas,

This is a very helpful response. Exactly what I needed to know. It might also be worth mentioning that the DEFAULT, which gets turned on as one activates remote access, seems to be to assign a random password, and keep on overwriting each change made at the device level.

That is EXACTLY what was happening to me. I was going nuts. I kept changing the admin password and it kept becoming invalid. Somehow I thought it had to do with logging back into InControl. But it was the two minute heartbeat. This is not obvious.

What would be really, really helpful is if the change password functionality was greyed out at the device level for settings other than “Device Managed” Then we would a have a clue that InControl was “in control” of that piece of functionality.

Thanks for considering it.

Steve

Ricardas · December 9, 2019, 10:33am

Dear Steve @it_mbeya ,

glad to hear that provided info is useful
Please note the following is an expected behaviour when new device is added to InControl2:

When device is registered on IC2, “Device Web Admin Management” is NOT enabled/selected by default.
When user enables first time “Device Web Admin Management”, default admin password control option is “Device managed”.

So the password pushing from IC2 should not happen by default. If you experienced something different, that could be some issue or misunderstanding. If you can replicate, please update that in ticket.

And you are right regarding device UI - there is no indication that password is managed by IC2. This
place might be improved in the future.

Thanks

it_mbeya · December 10, 2019, 7:20am

Hi Richardas,

My mistake on the default. Sorry. If I go into a group and turn on Device Web Admin Management, Device Managed is the option that is on by default. This is a good default. Somehow the group I am responsible for got tweaked and changed to Assign a Random Password. This can be a real hair puller if you are not aware of the existence of this option.

Thanks again for your help, and do consider changing the Web UI as suggested.

Steve

bracurrie · April 28, 2020, 8:16pm

The new password requirements in a new AP One AC mini exceeded the password I had configured in Device Web Admin Management. Could that have made it impossible to access the AP? It kept rejecting my login password that I configured at device level when it was first activated.