How to access munin after succesfully enabling 2FA

Hi,

I’ve enabled 2FA successfully, e.g. I can login using username, password and TOTP code into admin panel. The issue is logging into munin. The munin login does not ask TOTP code, it just asks for username and password.

Munin is configured to use access authentication, which should be your admin panel user and password.

However, I have not enabled 2FA on my server, so it may have changed.

Yes I know, I have used munin before enabling 2FA, but I can’t use it after enabling 2FA.
I can login using username, password and TOTP to my admin panel, but the munin login does not have any way to input TOTP, so I can input only username and password, the same I’ve used logging into the admin panel.
I’ve inputted username and password, from a password manager, mind you, without successful login. Pressing cancel button in the nginx authentication box, I get this status message:

{
“status”: “error”,
“reason”: “missing-totp-token”
}

Thanks for reporting this issue! This indeed looks like a regression that was introduced with TOTP support. Munin and the admin panel use the same credential check. When TOTP is enabled, user and password are not enough to successfully log in so the munin login (correctly) fails.
I opened a GitHub issue here to track the bug.

3 Likes

Same issue here, after enabling TOTP, as not able to login into Munin.

Thanks for opening the PR.

I’m not sure if this should be added information to the existing bug about Munin and 2FA but I’m actually seeing Munin probablems in 0.50 as well. While logged into the Admin panel when I click to go to Munin it brings me to the login screen for Munin and registers a failed attempt to login in /var/log/syslog without me doing anything at all. It then hangs on the login screen trying to load something. If I choose to enter my login information and hit enter, the Munin Overview page loads but it registers two failed login attempts in my logs. And then ever subsequent Munin page I load registers two more failed login attempts. After a couple more clicks fail2ban kicks in and I can no longer log into the MIAB admin console until fail2ban releases my IP. So, that might be something related or unrelated. Hopefully someone can chime in on it.

It’s not connected to the bug but I could reproduce it as well. There’s an open github issue that looks related: https://github.com/mail-in-a-box/mailinabox/issues/1772

Thanks @fspoettel for finding that open GitHub issue. I added my notes there about the issue. Very much appreciated. Thanks for taking the time on it.