How to access munin after succesfully enabling 2FA

Hi,

I’ve enabled 2FA successfully, e.g. I can login using username, password and TOTP code into admin panel. The issue is logging into munin. The munin login does not ask TOTP code, it just asks for username and password.

Munin is configured to use access authentication, which should be your admin panel user and password.

However, I have not enabled 2FA on my server, so it may have changed.

Yes I know, I have used munin before enabling 2FA, but I can’t use it after enabling 2FA.
I can login using username, password and TOTP to my admin panel, but the munin login does not have any way to input TOTP, so I can input only username and password, the same I’ve used logging into the admin panel.
I’ve inputted username and password, from a password manager, mind you, without successful login. Pressing cancel button in the nginx authentication box, I get this status message:

{
“status”: “error”,
“reason”: “missing-totp-token”
}

Thanks for reporting this issue! This indeed looks like a regression that was introduced with TOTP support. Munin and the admin panel use the same credential check. When TOTP is enabled, user and password are not enough to successfully log in so the munin login (correctly) fails.
I opened a GitHub issue here to track the bug.

4 Likes

Same issue here, after enabling TOTP, as not able to login into Munin.

Thanks for opening the PR.

1 Like

I’m not sure if this should be added information to the existing bug about Munin and 2FA but I’m actually seeing Munin probablems in 0.50 as well. While logged into the Admin panel when I click to go to Munin it brings me to the login screen for Munin and registers a failed attempt to login in /var/log/syslog without me doing anything at all. It then hangs on the login screen trying to load something. If I choose to enter my login information and hit enter, the Munin Overview page loads but it registers two failed login attempts in my logs. And then ever subsequent Munin page I load registers two more failed login attempts. After a couple more clicks fail2ban kicks in and I can no longer log into the MIAB admin console until fail2ban releases my IP. So, that might be something related or unrelated. Hopefully someone can chime in on it.

It’s not connected to the bug but I could reproduce it as well. There’s an open github issue that looks related: https://github.com/mail-in-a-box/mailinabox/issues/1772

Thanks @fspoettel for finding that open GitHub issue. I added my notes there about the issue. Very much appreciated. Thanks for taking the time on it.

Thanks @fspoettel for creating a fix.
I just checked this with MIAB v0.53 and I still cannot login into munin, because I have 2FA enabled.
Ping @JoshData, in the hope that this issue could be resolved.

1 Like

I also have this same issue. I am also unable to log in to the Munin interface using my account even if it has admin privileges.

Yep, I can’t log into Munin while 2FA is active. If I remove 2FA it works fine.

+1 - I’m having the same issue here.

Having the same issue with curl. I was gonna set up a DDNS script so automatedly keep my home file server’s sub-domain pointed to whatever IP my ISP assigns me in the future but I got “missing-totp-token” error.

FYI This has been fixed in v55, which was released on October 18, 2021.
In v55 you login as admin, username, password and one-time password.
After that you can access munin without any issues.

To fix access to the curl API, you need to add a TOTP header, something like:

TOTP="X-Auth-Token: $(oathtool --totp -b -d 6 $TOTP_KEY)"
curl -H "$TOTP" ... rest of curl command

I stole this from this topic. The TOTP_KEY can be found in the mailinabox database under $STORAGE_ROOT/mail/users.sqlite