Upgrade from 3.5+ to 3.6.2+ - no one can log in

Upgrade from 3.5+ to 3.6.2+ - no one can log in

by James Griffiths -
Number of replies: 8

Hi


We have followed this https://docs.moodle.org/36/en/Upgrading to upgrade moodle from 3.5+ to 3.6.2+.


However, we find that once the upgrade is complete then no users (LDAP or local) are able to log in. 

I am able to request a reset password link for my local admin account, and then I can get in. I have attempted to run LDAP syncs but this does not fix the issue.

I have checked all permissions and chowned/chmoded the directories as appropriate. We have also performed upgrades from previous versions in the past successfully.

Also, we have tried resolving the issue by removing the moodle data localcache and cache folders, but the problem persists.


Any help grately appreciated.


Regards


James

Average of ratings: -
In reply to James Griffiths

Re: Upgrade from 3.5+ to 3.6.2+ - no one can log in

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

Is the upgraded site on the same server as before?

What error messages do users get when they cannot log in? Do local users get the same message as LDAP users?

Are you using the core LDAP Server plugin (auth_ldap) not a third party plugin like LDAP Server Sync Plus (auth_ldap_syncplus)?

When you are able to log in as a local admin can you run the test for the LDAP Server plugin under Site administrationPluginsAuthenticationManage authentication then click Test settings under LDAP server (assuming you are using auth_ldap).

Was there any change to PHP as part of this upgrade? The Environment report might reveal missing extensions.

Average of ratings: -
In reply to Leon Stringer

Re: Upgrade from 3.5+ to 3.6.2+ - no one can log in

by James Griffiths -

Hi 


Thanks for the reply.


What error messages do users get when they cannot log in? Do local users get the same message as LDAP users?

At the login screen both ldap and local users see "Invalid login, please try again"

In the logs for a user (both LDAP and local) you also see this message:

Login failed for user 'bloggsj'. Most likely the password did not match (error ID '3').


Are you using the core LDAP Server plugin (auth_ldap) not a third party plugin like LDAP Server Sync Plus (auth_ldap_syncplus)?

Yes we are using the auth_ldap plugin, not a third party one.


When you are able to log in as a local admin can you run the test for the LDAP Server plugin...

Yes this works, I get "Connecting to your LDAP server was successful


Was there any change to PHP as part of this upgrade? The Environment report might reveal missing extensions.

We havn't changed any php, still using the same version as 3.5 which was php 7.1.2 I ran the environment report and everything came back ok.


Average of ratings: -
In reply to James Griffiths

Re: Upgrade from 3.5+ to 3.6.2+ - no one can log in

by Altos Agency -

I am having a similar issue.

Fresh install of 3.6.2

running /install.php 


I get up and running with an admin account.  Set a password.

 If i log out and try to log back in the password does not work.


Is it something related to salt?  the generated config.php has no salt information where as the config-dist.php does.

Average of ratings: -
In reply to Altos Agency

Re: Upgrade from 3.5+ to 3.6.2+ - no one can log in

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

I did think about this being an issue but it seems unlikely. The documentation says:

If you are upgrading a site from 2.4 or below and you are already using a site-wide salt in your configuration file, you need to keep using it to ensure your existing users can still log in.

Each time a user logs in their password hash will be converted to the new scheme, but it may take a long time before all your users have logged in.

So salting in the configuration file should no longer be used for new sites and would only be an issue for users upgraded from Moodle 2.4.

James: can you confirm that there's no $CFG->passwordsaltmain entry in your config.php and that this didn't get changed as part of the upgrade?

Altos: I've just done a test install of 3.6.2 and the admin account password appears to be fine.

Average of ratings: -
In reply to Leon Stringer

Re: Upgrade from 3.5+ to 3.6.2+ - no one can log in

by chase mendoza -

Thank you! I ran into the same issue and this solved it.

Average of ratings: -
In reply to James Griffiths

Re: Upgrade from 3.5+ to 3.6.2+ - no one can log in

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

A colleague has just suggested trying adding the entry $CFG->disablelogintoken = true to config.php. Login tokens were added to recent Moodle releases to increase security but appear to have had some compatibility issues with some custom themes.

Average of ratings: Useful (1)
In reply to Leon Stringer

Re: Upgrade from 3.5+ to 3.6.2+ - no one can log in

by James Griffiths -

Hi Leon


Adding $CFG->disablelogintoken = true to the config.php fileappears to have resolved the issue.


Thanks to you and your colleague for your assistance.


James

Average of ratings: -
In reply to James Griffiths

Re: Upgrade from 3.5+ to 3.6.2+ - no one can log in

by Altos Agency -

Agreed,  Adding $CFG->disablelogintoken = true  works


However, I noticed that my custom theme didn't have 

<input type="hidden" name="logintoken" value="{{logintoken}}">


as an input field on the theme/mytheme/core/loginform.mustache   and that appears to be why it kept failing.

Update any forms in your theme to use the hidden input.


the newest boost has it built in if you need a reference.

Average of ratings: -