USB Application Accounts messed up RT-AC86U

[Coyotearms]

ASUS RT-AC86U

Thank you @ColinTaylor - going from 384.18 to 384.19 introduced the problem for me - your instructions worked perfectly & allowed me to just re-add the user.

For any newbie like me - here is a reference to enable ssh on ASUS RT-AC86U: (taken from https://www.htpcguides.com/enable-ssh-asus-routers-without-ssh-keys/)

ASUS Router Simple Local SSH access
Log into the web interface of the Asus Router

Click Administration in the left pane

Click the System Tab

Under SSH Daemon section set Enable SSH to Yes

Set the SSH service port if you don't want to use the standard SSH port (22)

Set Allow SSH password login to Yes

Set Enable SSH Brute Force Protection to Yes

Scroll down and click Apply




After enabling ssh on the router, access the router from a command prompt on a pc with

ssh <your_router_admin_user>@<your.router.ip.address>

enter password, then you'll be at a command prompt where you can enter the instructions (nvram..) from @ColinTaylor

Thank you and ColinTaylor doing a great job on this. I am a newbie and this was my first experience getting under the hood of my RT-AC86 and fixing that stinkin' problem of someone other that the administrator of the router getting into that first slot and gumming up the works. This was my first time on SNB, and it will not be the last as I now know smart cookies like you folks are around for me to learn more about Raspberry's!

 

[kman]

Thank you! I noticed this issue after 386.1 upgrade. My additional user account was not authenticating. Upon logging into the UI, I noticed the users were swapped as the original poster noted.

Just want to highlight, the admin password was different when using, nvram get acc_list vs nvram get http_passwd

I initially executed the following, but this did not work:

nvram set acc_num="1"
nvram set acc_list="$(nvram get http_username)>$(nvram get http_passwd)"
nvram set acc_webdavproxy="$(nvram get http_username)>1"
nvram commit
reboot

Luckily, I still had my original session opened where I got the password from nvram get acc_list and use that in the post.

nvram set acc_num="1"
nvram set acc_list="admin>IT3****="
nvram set acc_webdavproxy="admin>1"
nvram commit
reboot

Note - I didn't try inputting the password as clear text. That might work as well.

 

[maxbraketorque]

Thank you very much @ColinTaylor for your advice.

I did this, and my USB Application(Samba) users finally got back into order. Massed-up has been fully restored.

    nvram set acc_num="3"
    nvram set acc_list="admin>r6pKvNcKzSyzqUqqEU3n7tFJIhs1AAU2Q9SpNPp9sDg=<user1>xvkpYKdS46lmIXr9S7SR7A=<nas>mb1FDmQFnzBe2JH9ioY9sYABiriu1HJZO0Qm0r5BvdE="
    nvram set acc_webdavproxy="admin>1<user1>0<nas>0"
    nvram commit
    reboot

This a post #16 make it pretty clear what to do when the passwords are encrypted.

 

[GC70]

THANK YOU SO MUCH! This worked for me too and I am also grateful!

 

[Ciccio]

Hi,
I have the same problem, but not worked for me because (i think) my admin username has special char (is in the form "abcd-efgh").
So, in /etc/samba/smbpasswd I have abcd▒gh and in the WebUI, sambauser is "abcdgh". I try to write clear text instead $(nvram get http_username) but not working. There is a way to escape special char?

Thanks in advance.

 

[ColinTaylor]

It would be better if you just rename your admin account to something that didn't contain special characters. The router shouldn't have allowed you to use special characters in the first place.

 

[Ciccio]

It would be better if you just rename your admin account to something that didn't contain special characters. The router shouldn't have allowed you to use special characters in the first place.

Ok, many thanks

 

[ColinTaylor]

Ok, many thanks

Just for information what special character were you using? A-Z, a-z, - and _ are acceptable but ▒, `, ¬, ¦, !, ", £, $, %, ^, &, *, (, ), etc. are not.

 

[nephilim]

A bit late to the party but I was just able to solve the very same issue on my AC86U (merlin 386.2_4). The admin username had a "-" in the middle and after applying the nvram changes and rebooting, the name was always truncated before the dash. A client connecting to an smb share triggered the message about the corrupt smbpasswd entry. I chose a new admin username and the issue is gone. The old username consisted of a-z and the dash only.

Thanks to all for providing the fix.

 

[bob49b]

Thanks @MissingTwins. I wonder whether the addition of the leading "<" is deliberate or part of the corruption (I suspect the latter).

Perhaps the commands to reset the values should be:

nvram set acc_num="1"
nvram set acc_list="$(nvram get http_username)>$(nvram get http_passwd)"
nvram set acc_webdavproxy="$(nvram get http_username)>1"
nvram commit
reboot

Tried the commands in post 16. Deleted all the accounts except admin. When I try to add back the accounts the router messages "This table only allows 1 items!" Any insight how to fix this without factory resetting the router? Regards

 

[ColinTaylor]

Tried the commands in post 16. Deleted all the accounts except admin. When I try to add back the accounts the router messages "This table only allows 1 items!" Any insight how to fix this without factory resetting the router? Regards

What router model and firmware version?
What page are you trying to add the account on, Samba, FTP, etc?

 

[bob49b]

What router model and firmware version?
What page are you trying to add the account on, Samba, FTP, etc?

RT-AC68U
3.0.0.4.386_43129
Samba Users account list
Same issue as the original post on this topic where the first account became un-editable after an Asus firmware upgrade.
Performed the following instructions per post #16
nvram set acc_num="1"
nvram set acc_list="$(nvram get http_username)>$(nvram get http_passwd)"
nvram set acc_webdavproxy="$(nvram get http_username)>1"
nvram commit
reboot

Found the SAMBA USB application had cleared all the users except admin.
Tried to reconstruct the user list by adding back the users within the Asus Settings(not via ssh) and received the following message after clicking the + sign.
"This table only allows 1 items!"

 

[ColinTaylor]

Sorry, no idea why you're getting that message. Try a different browser or a different PC. Try "incognito/private browsing" mode.

 

[HWDan]

Thanks @MissingTwins. I wonder whether the addition of the leading "<" is deliberate or part of the corruption (I suspect the latter).

Perhaps the commands to reset the values should be:

nvram set acc_num="1"
nvram set acc_list="$(nvram get http_username)>$(nvram get http_passwd)"
nvram set acc_webdavproxy="$(nvram get http_username)>1"
nvram commit
reboot

N.B. Your "admin" account name may only contain letters (upper or lower case) and numbers. If it contains any non-alphanumeric characters the fix above will not work.

A few years later, realized I had the same issue and this came handy today.

Thanks!

 

[Diamond67]

Although I use Merlin 386.7_2, I noticed the same problem as OP. System Log - General Log showed several lines like this (original username changed/edited to John Doe):

Sep  4 09:54:49 smbd[15932]:   build_sam_account: smbpasswd database is corrupt!  username John Doe with uid 570576 is not in unix passwd database!
Sep  4 09:54:49 smbd[15932]: [2022/09/04 09:54:49.597804,  0] passdb/pdb_smbpasswd.c:1252(build_sam_account)

And I couldn't remove the corrupt Account/User (= John Doe) from Merlin GUI (USB Application - Network Place (Samba) Share / Cloud), because the buttons "Delete this account" and "Modify this account" were greyed out when the Account/User John Doe was selected.

In addition to this, normally the "Admin" of the router has been on top of the Account/User list. But now this corrupted John Doe was the topmost on the list and could not be removed by me.

My Admin password was the same when using

nvram get acc_list

vs.

nvram get http_passwd

Performed the following instructions per post #16
nvram set acc_num="1"
nvram set acc_list="$(nvram get http_username)>$(nvram get http_passwd)"
nvram set acc_webdavproxy="$(nvram get http_username)>1"
nvram commit
reboot

Found the SAMBA USB application had cleared all the users except admin.
Tried to reconstruct the user list by adding back the users within the Asus Settings(not via ssh) and received the following message after clicking the + sign.
"This table only allows 1 items!"

I also run the code as mentioned above by bob49b and which was originally provided by ColinTaylor (post #16). And I also ended up with the result that only the Admin was left on the list. And all other users (6 of them with my setup) were gone.

From "USB Application - Network Place (Samba) Share / Cloud Disk" I have "Maximum number of concurrent connections" set to 6 (for my 6 User Accounts). And I could manually add (= restore) the vanished Accounts. Although it took some time because setting the R/W rights for several users and folders and applying/saving the settings doesn't happen very quickly.

P.S. My Admin username has no non-alphanumeric characters. Only lower and upper case letters.