Synology DSM (7.2.1) and Authelia (4.38.2) throws a "not privilege" (sic) error #6902
Replies: 7 comments 34 replies
-
Please note this response was created using generative AI leveraging previously available information from the repository. This information may be helpful however it is our strong recommendation that you carefully consider the information before blindly applying it. It sounds like the issue you're encountering with DSM following the Authelia update might be related to changes in the Authelia configuration or how Authelia interacts with DSM, especially considering that everything else is working as expected. Given that DSM hasn't had a recent release, the focus should indeed be on the changes introduced by the Authelia update. First, ensure that your Authelia configuration aligns with the requirements for DSM integration, particularly regarding OpenID Connect and LDAP settings. Since DSM does not support automatically creating users via OpenID Connect, it's crucial that Authelia and DSM share the same LDAP server for user authentication, as mentioned in the provided context. Here are a few steps and checks you can perform:
If after these checks and tests the issue persists, providing detailed logs from Authelia during a DSM login attempt could help further diagnose the problem. This comment was generated by Glime. |
Beta Was this translation helpful? Give feedback.
-
There are no reported breaking changes in the latest release, all reported issues so far have been fixed as they were bugs. As far as the errors we'd need (debug) log messages from both sides to diagnose it more. |
Beta Was this translation helpful? Give feedback.
-
@james-d-elliott I was about to edit how I described this as I knew it would be picked up. What I had last night was a failure due to the webauthn bug which was promptly fixed, however I also tacked all the config changes at the same time, so indeed there were technically no breaking changes, just a bug which took my system down. I've just spotted the following in the Authelia logs when I attempt login;
|
Beta Was this translation helpful? Give feedback.
-
Can't recall if I asked you to try this adjustment to the server config. If you're not using caddy/traefik please let me know and give this a shot if you are. server:
endpoints:
authz:
forward-auth:
implementation: 'ForwardAuth'
authn_strategies:
- name: 'HeaderProxyAuthorization'
schemes:
- 'Basic'
- name: 'CookieSession' |
Beta Was this translation helpful? Give feedback.
-
I'm interested if you find a solution, because I have the same issue. It may have stopped working after a specific 4.38 beta update of Authelia, but as I recently did several changes to my environment (Authelia beta updates then 4.38 official update, DSM update, some DNS changes) it's nearly impossible for me to track when it stopped working. As DSM "remembered" me I didn't see the issue immediately. Fact is, I completed Authelia 4.38 migration (I started from a fresh DB, all warnings in the config file corrected, adjusted the config file for authz / session multi domain, etc.) |
Beta Was this translation helpful? Give feedback.
-
So I didn't have the endpoints in my Authelia configuration. I've added them as per the docs and, aside from getting a "dangerous site" alert from Chrome, the result is the same, the "not privilege" error. Proxmox and Portainer (both using OIDC) work still. |
Beta Was this translation helpful? Give feedback.
-
I have same issue with Azure |
Beta Was this translation helpful? Give feedback.
-
I noticed by chance yesterday that my Authelia instance was down and on closer inspection this was due to a bug with the recent release. After I'd sorted out my config to fix the warnings and got Authelia back up and running, I tried out some apps and all worked with the exception of DSM which throws a rather ambiguous "not privilege" (sic) error after confirming the SSO login on the Authelia page.
I appreciate this is probably something on the DSM side but given it was working fine until the new Authelia release, and there hasn't been a DSM release recently, I wondered if anybody else had the same issue.
There are no logs in DSM to even show a login was attempted and I can log in via LDAP using the same credentials.
Beta Was this translation helpful? Give feedback.
All reactions