Upgrade 13->14: master key disabled #11212
Comments
|
GitMate.io thinks possibly related issues are #6636 (Automaitc Upgrade process - Disable backup), #7545 (TOTP and Spreed disabled after upgrading to 13 beta 3), #2964 (Master key replacement), #7201 (Disable external_user app when upgrading from 12 to 13), and #9911 (Nextcloud upgrade to 13.0.4 Failed). |
|
I was getting this message even though I've NEVER enabled encryption. I found that if I have the default encryption module app installed, I could run the command |
|
Thanks for the reply but i dont want to mess with the encryption. I have a couple of users and dont want to risk their files. |
|
I'm getting this error too. Any idea how to fix this? I have the default encryption module app enabled. |
|
For example, you can use the command like: |
|
thanks for pointing that out - that still leaves the bloody annoying message though. |
yes, if this isn't a bug then maybe the message text should be changed to something more helpful |
|
cc @nextcloud/encryption |
|
Hi,
thanks |
|
Below my steps to enalbe Master key root@cloud:~/web/cloud php occ encryption:status
root@cloud:~/web/cloud php occ encryption:enable root@cloud:~/web/cloud php occ encryption:list-modules
root@cloud:~/web/cloud php occ encryption:enable-master |
|
Thank you for posting but I have a slightly different problem. I do not have encryption enabled but I sill can not change the users passwords on NC14 after an upgrade (really a migration). Can you think of why this might be since you understand this better? |
Hello,
If yes is the problem when I say to enable and disable enalbe Master key |
Can you re-phrase this? It does not parse. |
When you try to change the users password what you get ? Message on notice or something else ? |
|
@linuxmangr EDIT: I was repying to the wrong GitHub post. I am sorry. |
|
Hello, |
|
@linuxmangr The admin user who will change the password is not someone who can use the command line. How can this be handled inside the GUI? |
|
Please tell me when you try to change the user password like admin user what you get ? |
|
This is a screenshot as logged in as Admin user and vieweing the Users page. You see how under "Password" there is no field the4 Admin can type into. But on our other NC installation you see "New Password" and the Admin can click in the field and change password for each user. Default Encryption App is not enabled. Thank you. |
|
@linuxmangr Maybe the solution is for me to understand exactly where I should |
|
Hi, |
|
@linuxmangr We don't want default encryption. |
|
@linuxmangr But are you saying that if we do all of these things then the Admin will be able to change the user's passwords all in the GUI interface? |
|
Good evening If you have this problem, do not try to enable the master key using this command.... Best Regards |
Hi, |
|
@linuxmangr I still do not understand why I see this message on a server that I do not have encryption on? Also I completely do not understand what NC is talking about with this encryption. I am an expert with RSA/PGP/SSH but the messages are not even in clear English. Can anyone explain this situation? |
Please look this page Encryption |
Of course I used the php command, I even used Nevertheless, I have the error message from admin User list whereas encryption is working since ages, and if I use it, all my data is not accessible anymore Best Regards |
But my server does not use Encryption. And the reason it does not use encryption is because I do not have the time to read that terribly written document. Are you saying I need to understand this document so I can not use encryption? |
Hi, |
@linuxmangr Please read what I am saying so many times: I DO NOT USE ENCRYPTION AND I DO NOT WANT TO USE ENCRYPTION. I only want to make this error go away. |
|
(But thank you for your offer to help.) |
Hi, |
|
@linuxmangr Okay thank you this is much more clear. I did this and it works! I still have another issue but I posted that in my own thread. (Had no intention to take this one over myself - sorry!). New issue: #13048 Thank you! (Also you understand I only was YELLING because I think we were not communicating for a moment. But I thank you very much for your work!) |
No prroblem. |
About other problem I read the problem but not now. |
|
@linuxmangr Well it sort of works. Another issue: #13054 |
|
I have the same message on admin user page (user list ), my encryption module is already running :
All my file are encrypted (local + S3) Is it a bug who display only this message without a good reason ? |
|
Please check this page Using the occ command |
|
disabling and enabling does nothing - message still there. |
|
Ok I think I found what is causing this. But I'm unsure how to proceed (@schiessle) https://github.com/nextcloud/server/blob/master/settings/Controller/UsersController.php#L174 Basicallyu it assumes you never alterd the master key settings. Even if you disabled all of encyrption. |
Can you tell me what this means. You and @linuxmangr are throwing words like "master key" and "encryption" around and I have used Nextcloud for about a year and I don't know what any of that means. |
|
You should never switch from per-user keys to the master key if you already have encrypted files. If you have encrypted files and use per-user keys the admin can't change your login password because this would make your private key inaccessible. Users still can change their password in the personal settings which will keep login password and private key password in sync. if you are sure that you don't have any encrypted files, e.g. because you just enabled the "default encryption module" app but never server side encryption in the admin settings you can disable the "default encryption module app" again which will allow you to change passwords again as a admin after #13172 was approved, merged and backported |
Upgraded from NC 13.0.6 to 14
I cannot change the passwords of my users any more.
Also a message pops up saying “Password change is disabled because the master key is disabled.”
What can i do without screwing up the file encryption?
The text was updated successfully, but these errors were encountered: