More info. There indeed must be something wrong with the setting up of the couple user/password used by primary to update secondary config. At least the following log message found on the secondary is suspect:
/xmlrpc.php: webConfigurator authentication error for 'admin' from 172.16.0.2 during sync settings. The user setup on the primary firewall is not 'admin'. So if the secondary attempts to validate the password against 'admin', that could be the issue. I will try by re-opening access for the admin user (on both for good measure), but would love not to have to do that in the future. Or... what exact minimalist access rights are needed for the default 'admin' user to be able to receive configuration updates through XMLRPC? I could restrict that 'admin' user to only that, as a temporary workaround. Though, it looks like there is another issue. To test get sure you have a second user with full admin rights for backup in case it works this works for you, while it fails on me. Edit the 'admin' user, remove all pages access and membership in the admins groups. Logoff, logon using admin. You have full access to any part of the configuration. No restrictions apply. This is 2.3-REL, I think I did not write that. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om > Le 24 avr. 2016 à 23:40, Olivier Mascia <[email protected]> a écrit : > > Hello, > > Are there limitations (password length for instance, case sensitivity issues > on the username) on the user/password used on system_hasync.php page to reach > the peer? > > I started setting this up while the peer (secondary) still had admin as > username (fresh after setup), and a long complex password. The configuration > synchronized, but with a warning about authentication. I first thought: OK > this is expected because the primary I'm copying has 'admin' disabled (not > allowed to login) and another user name is used as the real admin. I could > understand as soon as users had been synced there might be an authentication > error, afterwards. > > So I updated on system_hasync.php, but now I keep getting "An authentication > failure occurred while trying to access https://....";. And the newer settings > just don't sync. > > Checked username and password 3 times, looks good while entering it in > system_hasync.php and is fine for logging interactively or at the console. > > The alternate username has caps in the name. And the password is longer than > usual, but reasonable (>20 chars and <25 chars). > > I'm aware of this: "XMLRPC sync is currently only supported over connections > using the same protocol and port as this system - make sure the remote > system's port and protocol are set accordingly!" and took care that both are > identical. > > A bit puzzled. > -- > Meilleures salutations, Met vriendelijke groeten, Best Regards, > Olivier Mascia, integral.be/om > > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
