[Bug] SSH permission denied after DB updated from wal v24.0beta1 #2300
Comments
|
the only thing connected by OIDC to node yesterday . maybe changed name here from in ACL have : |
|
seems i found the issue was i deleted : |
|
even changed in config: and made migration again from 23.0 old db to 24.0beta1 it still broke ssh. Users: ID | Name | Username | Email | Created |
|
Just to understand, you have not been able to make it work? or you made it work after the migration found the email correctly? |
No it still not working. |
This looks like it has migrated correctly to me, so it might be something that is not able to resolve the SSH configuration back to a machine. Do you have an ACL to share too? I will have to investigate. |
|
I will post it now but you can see login changed to email : It was "masterwishx" in 23.0 so same name for admin in acl |
|
So Although the name of user is |
|
Dont look at the Can you, Share your ACLs and try to put your email in place of your username in the ACL? |
|
i rolled back to 23.0 ,but i think this will work i can check it later but wanted username as login ... |
|
We will likely transition to using email over username in ACL, but, it should not have broken in this release, so I will investigate in a bit. It will be useful to know if email does work tho. |
do you mean it change login to email and this is by design ? |
OK i will test it later today and will post here .. |
|
i understood that if i have in config: it should migrate with username not email |
Everything is being migrated to email for OIDC, username will also be filled if it is sent to us from the OIDC (Authentik in your case). |
|
So when I will try again migration should I USE with? |
|
Migrate true, strip_email_domain should be the same as you had it before migration, it should not be changed |
|
I've confirmed that a setup I have using Google OIDC works with the email (Google does not populate the username). |
|
@masterwishx could you include the full output of
So each side of the SSH essentially. |
i wantred to test migration again but somehow cant update container : got timeout and : on tailscale status : tailscale update : tailscale update |
|
if you mean this? we can select in Authentik :
As i have now issue : seems related to tailscale/tailscale#13863 , will try to fix then will check migration again ... |
Can you please send the two full ones, one from each side, not a truncated one |
I'm now on 23.0, what I sended it was one I saved when was on 24.0. |
|
No I am looking for two debug outputs, So tailscale debug netmap, from two different machines . |
Fixes juanfont#2300 Fixes juanfont#2307 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
|
I think this should be resolved in #2309, If the tests pass, I'll get that in and do another beta. |
Yes i got it , but its ok from 23.0 version that im it now ? |
Ohh seems you founded the problem ( missing tags for names ...) , sorry i want able to help because of bug in kernel i got yesterday that wrote above ... so my headscale/tailscale not working well , so cant migrate now until the fix :( |
Is this a support request?
Is there an existing issue for this?
Current Behavior
After updated yesterday to v24.0beta1 ssh worked fine .
But today after db file changed from wal , got Permission denied (tailscale).
no changes was made for acl file . also cant see changes in db file
Expected Behavior
ssh working
Steps To Reproduce
update to v24.0beta1
Environment
Runtime environment
Anything else?
by
tailscale debug netmap:The text was updated successfully, but these errors were encountered: