Discussion stats
  • 16 replies
  • 4688 views
  • 1 kudo
  • 8 in conversation
Announcements

Top Contributors
Reply
Highlighted

Admin account locked out - constantly

Hello, I have recently upgraded to 6.10 on my Readynas 212 and have been constantly hampered by not being able to log into the admin account from Chrome. This occurs 90% of the time stating that too many failed attempts have occurred and retry in 5 minutes. This has not occurred in the past before the firmware upgrade. I have setup a recovery password but I am weary and tired on doing this all the time.

I can shh into the Nas which I have done and rebooted and once up attempted to log into the units but with the same failed attemp notice.

Can something be done to keep this from constantly happening.

 

Thanks for any help.

 

PS. Even using the recovery password produces the same result of failed attempts!!

Model: RND2120|ReadyNAS Duo 2TB (2 X 1TB)
Message 1 of 17

Accepted Solutions
Highlighted
Guru

Re: Admin account locked out - constantly


@Sandshark wrote:

It sounds like something on your network is trying to connect with the wrong password.  Do you have a device you configured to auto login with the admin password that is now sending the wrong one periodically?


I was wondering that too.  It fits the symptoms.

View solution in original post

Message 9 of 17

All Replies
Highlighted
Virtuoso

Re: Admin account locked out - constantly

I have experienced many a time with configuration settings not holding and updating in my Netgear Equipment. I have had times with Edge doesn't work right and only Chrome does and other times when neither one of those works, but my Cell Phone Chrome browser does...

You may not like it, but the first place to start is by clearing your browsers cache. I know you said it worked before the update, but the update may use cookies differently.... So, I'd try that first.

If you want, you can try "DownGrading" to your previous version and see if things return back to "Normal"....

Go to the support page for downloads and select the "Previous" firmware link and download your previous firmware and reinstall it.

Consider making a valid configuration backup in case other problems arrise.

For downgrades, I recomment using the reset button on the back of the router first, then do a downgrade.

It's not necessary to reset first, it's just a bit of insurance....

Message 2 of 17
Highlighted
Guru

Re: Admin account locked out - constantly


@harryrichardfoe wrote:

Hello, I have recently upgraded to 6.10 on my Readynas 212 and have been constantly hampered by not being able to log into the admin account from Chrome. This occurs 90% of the time stating that too many failed attempts have occurred and retry in 5 minutes.


Is this happening because you are entering the wrong password, or is something else going on?

 

6.10.0 did add a lockout feature - this was requested in the idea exchange, with the goal of slowing down an attacker who is trying to guess the admin password of the NAS.

 

https://kb.netgear.com/000060716/ReadyNAS-OS-6-Software-Version-6-10-0 wrote:
  • Multiple failed admin logins will lock the account for 5 minutes.

 

Message 3 of 17
Highlighted

Re: Admin account locked out - constantly

I have gone through the recovery password procedure also with the same outcome notice of being locked out. I have also waited past the 5 minutes to attempt to login. I can only assume something else is going on. I am able to shh into the Nas with the recovery password sent.

Message 4 of 17
Highlighted

Re: Admin account locked out - constantly

I am also able to access and run apps that are loaded onto the Nas. Somehow admin login doesn't bring up the frontview interface.

PS. So I shutdown the NAS and waited the appropriate time to turn it back on. At the first opportunity I entered the recovery password and presto the admin page showed up.

How can this be avoided? Is there a configuration for the security to turn off the failed login attempt check or change it to after so many attempts then lock the admin account?

Message 5 of 17
Highlighted
Guru

Re: Admin account locked out - constantly

I haven't seen any configuration settings for the lockout and It is only supposed to last for 5 minutes.

 

FWIW, I haven't been locked out either with Chrome or Firefox, and I have been accessing the NAS admin page pretty frequently.  HTTP admin is disabled, so my log ons are all using HTTPS.

Message 6 of 17
Highlighted

Re: Admin account locked out - constantly

After gaining access, I did what I wanted, changed the password and then logged out. After an hour I tried to gain access the Nas. Same problem, admin account is locked out.

Message 7 of 17
Highlighted
Master

Re: Admin account locked out - constantly

It sounds like something on your network is trying to connect with the wrong password.  Do you have a device you configured to auto login with the admin password that is now sending the wrong one periodically?

Message 8 of 17
Highlighted
Guru

Re: Admin account locked out - constantly


@Sandshark wrote:

It sounds like something on your network is trying to connect with the wrong password.  Do you have a device you configured to auto login with the admin password that is now sending the wrong one periodically?


I was wondering that too.  It fits the symptoms.

View solution in original post

Message 9 of 17
Highlighted

Re: Admin account locked out - constantly

Yes, I will check some of my ultilities for the Nas.

I also have a legacy Readynas Ultra 2 plus running 6.10 that wasn't showing the same symptoms. I thought it a bit strange.

 

Thanks for the tips.

Message 10 of 17
Highlighted

Re: Admin account locked out - constantly

I am having this problem as well. The ReadyNAS is re-synching (one of the drives was showing errors), and the session timed out. When I attempted to login in again, I got the "Too many attempts" error. I reset the password through the web interface, but still not able to login. I am able to ssh with the new password. This sucks.

 

FYI, I just upgraded to the latest release.

Model: RN31441D|ReadyNAS 300 Series 4- Bay (4x 1TB Desktop)
Message 11 of 17
Highlighted

Re: Admin account locked out - constantly

UPDATE

OS 6.10.0 Hotfix 2

I waited six minutes, then logged in with the password that the system emailed me after too many failed attempts. The ReadyNAS allowed me to login, and I was able to reset the password.

This was a bit scary, to say the least.

Model: RN31421D|ReadyNAS 300 Series 4- Bay (2x 1TB Desktop)
Message 12 of 17
Highlighted

Re: Admin account locked out - constantly

Hello
I'm asking me who invented a feature to block a admin access, without having a possibility to disable such.
Anybody now can scan the net and search for Netgear NAS version 6.10 and block Admin access again and again.
It would be smart if there were at least a whitelist, but seems there is none.

With this feature active it becomes a nogo to update the firmaware before there is no better solution.

Karl

 

Message 13 of 17
Highlighted
Guru

Re: Admin account locked out - constantly


@Karl-Heinz wrote:


Anybody now can scan the net and search for Netgear NAS version 6.10 and block Admin access again and again.


It would be smart if there were at least a whitelist, but seems there is none.

 


I see the potential for a denial of service attack, but it seems to me that the main threat here is over the internet from remote clients.  I'm not seeing how a whitelist would help that, since your own remote clients won't have a consistent IP address.

 

Personally I think the best approach is to not allow administrative access over the internet at all, and instead to use VPN.  Then if you see attack like that, you'd trace it to the source (which you need to do anyway to fix the problem).

Message 14 of 17
Highlighted
Luminary

Re: Admin account locked out - constantly

This 'feature' [sic] should  be OPTIONAL! And, it should be defaulted to OFF! When you implement an intrusive feature, you don't shove it down our throats and cause problems.

Causes FAR more problems for users than it solves. PLUS it seems to have broken password change system as well as password recovery/reset. NEITHER are working properly.

Netgear... The monumental  incompentance I've come to expect. Great equipment... But, wait! We WILL break it for you.

***If I wanted to be ridiculed, I would have logged in to StackOverflow***
Message 15 of 17
Highlighted
Guru

Re: Admin account locked out - constantly


@Steedvlx600 wrote:

This 'feature' [sic] should  be OPTIONAL! And, it should be defaulted to OFF! When you implement an intrusive feature, you don't shove it down our throats and cause problems.


The problem is that this feature implementation completely s***s. The locking should only happen for IP addresses which were found intrusive, not generically lock the acount affected.

 

One point worth mentioning: The admin account should (and must) not be used for data accesss (shared folders by SAMBA/FTP/...).

Message 16 of 17
Highlighted
Luminary

Re: Admin account locked out - constantly

Agreed.

As in most of NG's 'feature' implementations, they use us to beta test for them and, then preen themselves by saying that "We listened" to community feedback... "and, fixed some egregious bugs that should never have been released to our customers."

No admin access for general use is always a good rule...although not always practical with the quirks found in ReadyNAS OS.
Network on M$ and Finder on MacOS consitently are denied (this or that operation) Admin access is often the only way to get around it.

 

***If I wanted to be ridiculed, I would have logged in to StackOverflow***
Message 17 of 17