Unable to login to HiPath Wireless Controller - Error "User is not in valid user groups"

  • 0
  • 1
  • Question
  • Updated 6 months ago
  • Answered
The HiPath wireless controller (C2400 Enterprise running v7.3.1) was configured for Local and RADIUS authentication for the Management Interface (under the "Login Management" menu). I was only able to login with my RADIUS credentials, and wanted to reset the local Admin user password. To do this, the GUI requires you to disable RADIUS authentication. Thinking I knew the local Admin password, I disabled RADIUS. This logs me out. When I attempt to login as admin (all lowercase), it fails and I receive error "User is not in valid user groups. Please contact your administrator for more instructions."
I have SSH'd to the controller and reset the password via the command line, but this makes no difference. Likewise I've changed passwords for other users, and created new users of varying privilege levels, but these all fail in the same way.
So now I seem to be effectively logged out of the web GUI for this device, despite being able to reset the password via CLI.
I'm not sure if we have a recent backup, and I'm not local to the controller, and can't easily access it.
Please help!!
Thanks in advance,
Photo of Martin Shadbolt

Martin Shadbolt

  • 292 Points 250 badge 2x thumb

Posted 6 months ago

  • 0
  • 1
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,596 Points 20k badge 2x thumb
You would have to be local, reboot the controller and log into the rescue mode to recover. Please take a look at the Maintenance Guide for password recovery.
Photo of Jason

Jason, Employee

  • 3,608 Points 3k badge 2x thumb
That is odd that it lets you SSH to the controller but not log into the GUI.  Are you SSH'ing as "admin" ? 

What do you show for login settings when you type "show login" at the command prompt?   Is it showing just local access? 

I found one reference a long time ago to someone who reported a similar issue and they were able to login with a different PC.  I am wondering if you have tried the following:
- logging in with another browser
- clearing browser cache
- tried another pc

Photo of Martin Shadbolt

Martin Shadbolt

  • 292 Points 250 badge 2x thumb
Thanks for your input Jason.
Yes, I am SSH'ing with the admin creds, but also with other admin privilege users that I have created via the CLI. Agreed that it's very odd that the admin password is accepted at the CLI but not the GUI. I am copying/pasting the password from the same location to each of the CLI and GUI password fields, so it's not a typo issue.

"show login" isn't specifically an option, but see the alternate below:
NWRHWMRT01.net.health.local# users
NWRHWMRT01.net.health.local:users# show
ID                      Privilege
admin                   admin
hwc_sync                admin
martin                  admin
thomas                  guestportal
user                    readonly
NWRHWMRT01.net.health.local:users# exit
NWRHWMRT01.net.health.local# login
NWRHWMRT01.net.health.local:login# show
1 authentication method: local
I've been using Chrome, but have now just tried IE (which has never been used to access the GUI) and it also fails in the same manner.

I feel there must be something in the error message provided at the GUI - "User is not in valid user groups." however I'm not familiar with any 'group' concept relative to users on this platform. It could be some glitch associated with disabling RADIUS.
My next step (unless I hear better here) is to reboot the controller.

Thanks again,
Photo of Martin Shadbolt

Martin Shadbolt

  • 292 Points 250 badge 2x thumb
Perhaps there is a log/debug that could be enabled at the CLI which might shed some light??
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 49,932 Points 20k badge 2x thumb
What version is running on the controller ?

I'd try a reboot and if that doesn't work to enable RADIUS again via CLI = to have the same config as before.
Photo of Martin Shadbolt

Martin Shadbolt

  • 292 Points 250 badge 2x thumb
Hi Ronald,
We're running v7.31.
Is it correct to say that the v7.31 CLI Reference Guide is the document that will explain how to re-enable RADIUS via the command line??
Thanks in advance,
Photo of Martin Shadbolt

Martin Shadbolt

  • 292 Points 250 badge 2x thumb
OK, I have progress. By re-enabling RADIUS via the CLI, I can now login to the Web GUI with RADIUS credentials. However!....
I still can't login with local admin credentials to the Web GUI, which is an issue.