All configured authentication methods failed. Please check the system log or Icinga Web 2 log for more information

Hello,

I used to install icingaweb2 exactly like the instructions tell in Advanced Topics - Icinga Web sadly after setting all up, I cant log in to the Web GUI of icinga.
The error says “All configured authentication methods failed. Please check the system log or Icinga Web 2 log for more information.”

I used to read the logs located in /var/log/syslog but I dont get much information out of it.
Aug 3 14:39:17 f16weupicingamaster icingaweb2[407839]: Icinga\Exception\AuthenticationException in /usr/share/php/Icinga/Authentication/User/DbUserBackend.php:231 with message: Failed to authenticate user "Test" against backend "icingaweb2". An exception was thrown: <- Zend_Db_Adapter_Exception in /usr/share/icingaweb2/library/vendor/Zend/Db/Adapter/Pdo/Abstract.php:145 with message: SQLSTATE[HY000] [1045] Access denied for user 'icingaweb2'@'localhost' (using password: YES) <- PDOException in /usr/share/icingaweb2/library/vendor/Zend/Db/Adapter/Pdo/Abstract.php:124 with message: SQLSTATE[HY000] [1045] Access denied for user 'icingaweb2'@'localhost' (using password: YES)

I gave group icingaweb2 2770 permission to /etc/icingaweb2 like its says in the doc.

Weird but when I test the rights for icingaweb2@localhost it says:
mysql> SHOW GRANTS FOR ‘icingaweb2@localhost’;
ERROR 1141 (42000): There is no such grant defined for user ‘icingaweb2@localhost’ on host ‘%’

But I defined everything like in the doc?

• Icinga Web 2 version
  Icinga Web 2 2.11.4

• Web browser used
  Chrome

• Icinga 2 version used (icinga2 --version)
  icinga2 - The Icinga 2 network monitoring daemon (version: r2.14.0-1)

• PHP version used (php --version)
  PHP 7.4.3-4ubuntu2.19 (cli) (built: Jun 27 2023 15:49:59) ( NTS )
  Copyright (c) The PHP Group
  Zend Engine v3.4.0, Copyright (c) Zend Technologies
  with Zend OPcache v7.4.3-4ubuntu2.19, Copyright (c), by Zend Technologies

• Server operating system and version
  Ubuntu 20.04

You should check with

SHOW GRANTS FOR ‘icingaweb2’@‘localhost’;

instead of

Thanks for your reply.

Output:
Grants for icingaweb2@localhost

           |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `icingaweb2`@`localhost` WITH GRANT OPTION


           |
| GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ABORT_EXEMPT,AUDIT_ADMIN,AUTHENTICATION_POLICY_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,FIREWALL_EXEMPT,FLUSH_OPTIMIZER_COSTS,FLUSH_STATUS,FLUSH_TABLES,FLUSH_USER_RESOURCES,GROUP_REPLICATION_ADMIN,GROUP_REPLICATION_STREAM,INNODB_REDO_LOG_ARCHIVE,INNODB_REDO_LOG_ENABLE,PASSWORDLESS_USER_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SENSITIVE_VARIABLES_OBSERVER,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SHOW_ROUTINE,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,TELEMETRY_LOG_ADMIN,XA_RECOVER_ADMIN ON *.* TO `icingaweb2`@`localhost` WITH GRANT OPTION |
| GRANT SELECT, INSERT, UPDATE, DELETE, DROP, INDEX, EXECUTE, CREATE VIEW ON `icingaweb2`.* TO `icingaweb2`@`localhost`

It looks like the user icingaweb2 does not have sufficient grants. You might give it a try using GRANT ALL ON icingaweb2.* TO icingaweb2@localhost IDENTIFIED BY 'CHANGEME'; as described here.

Hey,

I gave the user the rights and additional did
GRANT ALL privileges on *.* to 'icingaweb2'@'localhost' with grant option;
to give the User * Permissions, but its still not working and saying "All configured authentication methods failed. Please check the system log or Icinga Web 2 log for more information]

mysql> SHOW GRANTS FOR 'icingaweb2'@'localhost';
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for icingaweb2@localhost





           |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `icingaweb2`@`localhost` WITH GRANT OPTION


           |
| GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ABORT_EXEMPT,AUDIT_ADMIN,AUTHENTICATION_POLICY_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,FIREWALL_EXEMPT,FLUSH_OPTIMIZER_COSTS,FLUSH_STATUS,FLUSH_TABLES,FLUSH_USER_RESOURCES,GROUP_REPLICATION_ADMIN,GROUP_REPLICATION_STREAM,INNODB_REDO_LOG_ARCHIVE,INNODB_REDO_LOG_ENABLE,PASSWORDLESS_USER_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SENSITIVE_VARIABLES_OBSERVER,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SHOW_ROUTINE,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,TELEMETRY_LOG_ADMIN,XA_RECOVER_ADMIN ON *.* TO `icingaweb2`@`localhost` WITH GRANT OPTION |
| GRANT ALL PRIVILEGES ON `icingaweb2`.* TO `icingaweb2`@`localhost`





           |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)

Error in Log says:
Icinga\Exception\AuthenticationException in /usr/share/php/Icinga/Authentication/User/DbUserBackend.php:231 with message: Failed to authenticate user "s" against backend "icingaweb2". An exception was thrown: <- Zend_Db_Adapter_Exception in /usr/share/icingaweb2/library/vendor/Zend/Db/Adapter/Pdo/Abstract.php:145 with message: SQLSTATE[HY000] [1045] Access denied for user 'icingaweb2'@'localhost' (using password: YES) <- PDOException in /usr/share/icingaweb2/library/vendor/Zend/Db/Adapter/Pdo/Abstract.php:124 with message: SQLSTATE[HY000] [1045] Access denied for user 'icingaweb2'@'localhost' (using password: YES)

Could you share your /etc/icingaweb2/resources.ini (with passwords redacted of course)?

It’s like in template:

[icingaweb2]
type                = "db"
db                  = "mysql"
host                = "localhost"
port                = "3306"
dbname              = "icingaweb2"
username            = "icingaweb2"
password            = "icingaweb2"


[icinga2]
type                = "db"
db                  = "mysql"
host                = "localhost"
port                = "3306"
dbname              = "icinga"
username            = "icinga"
password            = "icinga"

If icingaweb2is really the password, please try mysql -u icingaweb2 -picingaweb2 icingaweb2.

Access denied for user 'icingaweb2'@'localhost' (using password: YES)

But why?
I havent set any other passwords / configs yet.
So I only didexactly the steps from the doc here Advanced Topics - Icinga Web

Im not really good in DB/Authentication Methods, so Im not sure, what to do now.

Logon as root:

mysql -u root -p

and set new password for user icingaweb2:

ALTER USER ‘icingaweb2’@‘localhost’ IDENTIFIED BY ‘New-Password-Here’;

and finally update password in /etc/icingaweb2/resources.ini.

I changed the password for the User.

ALTER USER ‘icingaweb2’@‘localhost’ IDENTIFIED BY ‘XY’;
FLUSH PRIVELLEGES;

vi /etc/icingaweb2/resources.ini

systemctl restart mysql
systemctl restart icinga2

Now when I try to login, It says “Incorrect username or password”

Am I right, that I have to write the password in Plain text in resources.ini?
resources.ini looks like this:

[icingaweb2]
type                = "db"
db                  = "mysql"
host                = "localhost"
port                = "3306"
dbname              = "icingaweb2"
username            = "icingaweb2"
password            = "XY"


[icinga2]
type                = "db"
db                  = "mysql"
host                = "localhost"
port                = "3306"
dbname              = "icinga"
username            = "icinga"
password            = "icinga"

No more ideas, sorry.

Yes.

Try either of the following two ideas:

1. Remove the “port” specification from your resources.ini file so that it only
   contains “localhost” and the dbname, username and password.

2. Add a user to your database server:

add user ‘icingaweb2’@‘127.0.0.1’ identified by ‘XY’;
flush privileges;

I have a suspicion that when you specify both “localhost” and a port number,
Icigna will try to connect to 127.0.0.1:3306, and MySQL regards “127.0.0.1” as
different from “localhost” because the former connects on a network socket and
the latter connects on a Unix socket.

Antony.

Thanks for your reply.
Both variants didnt fixxed the problem.

I found somethig strange in the doc Advanced Topics - Icinga Web.
It says at the end, I should login as “icingaadmin” but, nowhere in the doc does the password gets defined.

Hello, this is not an Icinga Web 2 user, but a database user that is allowed to access the icingaweb2 database. If you followed the steps described in Advanced topics correctly, then you need to use the username and password that you have used in these steps.

Then generate a new password hash as described in the authentication docs and use it to insert a new user called icingaadmin into the database.

mysql -p icingaweb2

INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('icingaadmin', 1, '$1$EzxLOFDr$giVx3bGhVm4lDUAw6srGX1');
quit

Thanks! Worked!
thank you everybody for your help