WinBox not accepting username/password
Posted: Thu Aug 01, 2019 6:20 pm
Experiencing a sudden issue where two of my locations will not accept a login through WinBox. I am receiving the following error:
However, I can login to the system without any issue through the web console. I have verified that the WinBox service is enabled on the default port and the firewall rule is in place. I can also see the firewall rule fire upon the attempted connection. But the error still persists.
Configuration:
ERROR: wrong username or password
However, I can login to the system without any issue through the web console. I have verified that the WinBox service is enabled on the default port and the firewall rule is in place. I can also see the firewall rule fire upon the attempted connection. But the error still persists.
Configuration:
Code: Select all
[3978@MikroTik] > /export compact
# aug/01/2019 11:18:08 by RouterOS 6.44.5
# software id = HVQJ-MS9F
#
# model = RB750Gr3
# serial number = 8B000999979D
/interface bridge
add admin-mac=B8:69:F4:91:66:46 auto-mac=no comment="created from master port" name=bridge1 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
/interface l2tp-client
add allow=mschap1,mschap2 connect-to=**REMOVED FOR UPLOADED** disabled=no ipsec-secret=38636 max-mru=1500 max-mtu=1500 name=reichnetwork password=**REMOVED FOR UPLOAD** use-ipsec=yes user=3978
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=10.0.2.10-10.0.2.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=defconf
/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether2-master
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add comment=defconf interface=bridge1 list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=bridge1 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=reichnetwork list=discover
add interface=bridge1 list=mactel
add interface=bridge1 list=mac-winbox
/ip address
add address=10.0.2.1/24 comment=defconf interface=bridge1 network=10.0.2.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server lease
add address=10.0.2.11 client-id=1:44:94:fc:85:28:95 comment="WIRELESS AP BASE" mac-address=44:94:FC:85:28:95 server=defconf
add address=10.0.2.50 client-id=1:90:2b:34:d8:d6:92 comment=KR-PC mac-address=90:2B:34:D8:D6:92 server=defconf
add address=10.0.2.21 client-id=1:d0:50:99:1b:92:29 comment=CAMERA-PC mac-address=D0:50:99:1B:92:29 server=defconf
/ip dhcp-server network
add address=10.0.2.0/24 comment=defconf gateway=10.0.2.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=10.0.0.3
/ip dns static
add address=10.0.2.1 name=router.lan
add address=10.0.0.3 name=reichnetwork.com ttl=15s
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=input comment="RouterOS Access" dst-port=80 protocol=tcp
add action=accept chain=input comment=Winbox dst-port=8291 protocol=tcp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 dst-address=10.0.0.0/24 gateway=reichnetwork
add distance=1 dst-address=10.0.1.0/24 gateway=reichnetwork
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip traffic-flow
set enabled=yes
/ip traffic-flow target
add dst-address=10.0.0.33
/radius
add address=10.0.0.5 realm=reichnetwork secret=**REMOVED FOR UPLOAD** service=login src-address=170.0.0.242 timeout=7s500ms
/system clock
set time-zone-name=America/New_York
/system package update
set channel=long-term
/system resource irq rps
set ether1 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5 disabled=no
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox