search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
3.68k stars 511 forks source link

My devices does not populate for some users (might be indirectly related to Issue 6065) #6066

Closed southeasterntech closed 2 months ago

southeasterntech commented 2 months ago

Problem: My devices does not populate for some users

-We have tried in incognito mode : FAIL -Tried granting user admin access : FAIL -Tried different browsers : FAIL -Tried reverting to 1.1.0, tried upgrading to 1.1.22 : FAIL

Expected behavior My devices should populate

Screenshots ![Uploading image.png…]()

Server Software (please complete the following information):

OS: Amazon EC-2 \Linux Virtualization: ? Network: WAN Version: 1.1.22 Node: 16.14.0 Client Device (please complete the following information):

Device: Desktops\Windows OS:Win10 Network: LAN device connecting to Mesh server at AWS Browser:Multiple Browsers MeshCentralRouter Version: [if applicable] Additional context Latest Log error:

-------- 5/1/2024, 3:13:52 PM ---- 1.1.0 --------

node:internal/modules/cjs/loader:936 throw err; ^

Error: Cannot find module './lib/types/urlencoded' Require stack:

/home/ec2-user/node_modules/meshcentral/node_modules/body-parser/index.js /home/ec2-user/node_modules/meshcentral/meshcentral.js at Function.Module._resolveFilename (node:internal/modules/cjs/loader:933:15) at Function.Module._load (node:internal/modules/cjs/loader:778:27) at Module.require (node:internal/modules/cjs/loader:1005:19) at require (node:internal/modules/cjs/helpers:102:18) at loadParser (/home/ec2-user/node_modules/meshcentral/node_modules/body-parser/index.js:150:16) at Function.get [as urlencoded] (/home/ec2-user/node_modules/meshcentral/node_modules/body-parser/index.js:122:12) at serverStart (/home/ec2-user/node_modules/meshcentral/webserver.js:6355:50) at /home/ec2-user/node_modules/meshcentral/webserver.js:307:17 at /home/ec2-user/node_modules/meshcentral/db.js:2259:115 at /home/ec2-user/node_modules/mongodb/lib/utils.js:371:9 at /home/ec2-user/node_modules/mongodb/lib/cursor/abstract_cursor.js:260:32 at /home/ec2-user/node_modules/mongodb/lib/cursor/abstract_cursor.js:510:55 at /home/ec2-user/node_modules/mongodb/lib/utils.js:371:9 at /home/ec2-user/node_modules/mongodb/lib/sessions.js:136:24 at maybePromise (/home/ec2-user/node_modules/mongodb/lib/utils.js:357:5) at ClientSession.endSession (/home/ec2-user/node_modules/mongodb/lib/sessions.js:133:41) { code: 'MODULE_NOT_FOUND', requireStack: [ '/home/ec2-user/node_modules/meshcentral/node_modules/body-parser/index.js', '/home/ec2-user/node_modules/meshcentral/meshcentral.js' ] Your config.json file

{
    "settings": {
        "MongoDb": "mongodb://127.0.0.1:27017/meshcentral",
        "selfupdate": true,
        "Cert": "mesh.south*********",
        "Port": 443,
        "WANonly": true,
        "IgnoreAgentHashCheck": false,
        "RedirPort": 80,
                "RelayPort": 44453,
        "browserPong": 30,
        "agentPong": 30,
        "agentPing": 30,
        "dbexpire": {
            "events": 1728000,
            "powerevents": 864000,
            "statsevents": 2592000
        },
        "DesktopMultiplex": true
    },
    "letsencrypt": {
        "email": "info@south******",
        "names": "mesh.south******",
        "rsaKeySize": 3072,
        "production": true
    },
    "domains": {
        "": {
            "agentCustomization": {
                "image": "setechnical-mesh.png",
                "installText": "Welcome to the Southeastern Technical Agent Installer. Please click install or update to continue.",
                "certurl": "https://mesh.south*****"
            },
            "altmessenging": [{
                    "name": "Knowledge Base",
                    "url": "http://docs.south******/"
                },
                {
                    "name": "Inventory",
                    "url": "https://inv.setech*****/"
                },
{
                    "name": "Compliance",
                    "url": "https://compliance.setech****/"
                },
                {
                    "name": "Jitsi Video Call",
                    "url": "https://meet.jit.si/setech***"
                }
            ],
            "title": "",
            "titlePicture": "title-southeastern.png",
            "newAccounts": 0,
            "UserSessionIdleTimeout": 60,
            "title2": "",
            "Minify": true,
            "SiteStyle": 2,
            "footer": "Level Up Your IT",
                        "LoginKey": "SeTech",
            "sessionRecording": {
                "onlySelectedDeviceGroups": true,
                "index": true,
                "_maxRecordings": 500,
                "maxRecordingSizeMegabytes": 250,
                "protocols": [1, 2, 200]
            }
        }
    },
    "smtp": {
        "host": "smtp-relay.sendinblue.com",
        "port": 465,
        "from": "mesh@south*****",
        "user": "mesh@south****",
        "pass": "*********",
        "tls": true
    }
}
southeasterntech commented 2 months ago

image

si458 commented 2 months ago

OK can u share what permissions the user has? Also permissions for the group you have given the user?

southeasterntech commented 2 months ago

Let's examine "wmarkel" user: (hoping pictures are worth 1000 words? (Thanks for the help) image image image image image

si458 commented 2 months ago

OK thanks pictures do indeed help! Quick one, u are mixing both groups and computer permissions! So it could be a permissions issue/conflict! From what I'm aware u should use either the group permissions or comp permissions not both! For example u have given the user group full permissions but u have also only given the user certain permissions for comps so I think the comp permissions have priority over what u set with group permissions! I will have to double check tomorrow for u as I could totally mistaken and chatting completely crap

southeasterntech commented 2 months ago

Haha that was pretty hilarious.... thanks for the response. The idea behind that was..... techs should have full access to support all groups, naturally, however.... on certain management computers they shouldn't have the ability to surveil what management is doing, for privacy and confidentiality reasons.

Confirm on your side, and I'll tinker with the security perms and see if I can get it to act right, meanwhile. Thanks Simon

southeasterntech commented 2 months ago

update: You were right,

Removed wmarkel from the tech group... and now his is working perfectly.... so, what could be the issue there?

southeasterntech commented 2 months ago

ok we might be on to something......
Last week, the limited access management computers in question above.... were within the "Southeastern" group, which the tech group had access to. The limited permissions were in place. Everything was working.

A couple of days ago, I moved the above mentioned management computers to a whole new device group called "Southeastern-Admin" which the tech group does NOT have access to.

So now we have a case where the tech group shows partial access to devices.... but they don't have access to the newly created Southeastern-Admin group at all..... So that does indeed seem like a conflict of the sort you're mentioning.

I'm going to remove the partial restrictions to the management computers in the tech group....... to see if this removes the conflicting condition.... will report back

southeasterntech commented 2 months ago

Yep.. Bingo. See below image image image

Thanks for the most awesome help.... you guys rock.

southeasterntech commented 2 months ago

please close!

si458 commented 2 months ago

Glad u sorted it! The is so many permissions in place, I lose track what does what haha!