DocumentationDiscussions
DocumentationDiscussions

Recovering from Broken Authentication Settings

When configuring authentication it's possible to end up locked out, either because of Seq configuration problems, external provider issues, or loss of network connectivity.

To recover a Seq instance in this state, the command line can be used to switch back to username/password authentication, and set a password for an administrative account.

Determining which user account to unlock

The recovery process requires the username of an active Seq user account. This will generally be the username of the user set as administrator when authentication was configured.

  • If the server is already using username/password authentication, this is most likely to be a plain username of the form user
  • If the server is using Active Directory authentication, the username will be in DOMAIN\user format
  • If the server is using Azure Active Directory or OpenID Connect, the username will be an email address [email protected]

If you're unsure what user accounts are configured, you'll need to temporarily stop Seq, and run the auth command to list active users.

On Windows

seq service stop
seq auth
seq service start

The output of seq auth will include configured usernames.

Using Docker with host shell access

Assuming your Docker container name is seq, and your Seq storage folder is mounted from <path> on the host machine:

docker stop seq
docker run --rm -it -v <path>:/data datalust/seq auth
docker start seq

The output of the docker run will include configured usernames.

Using Docker without host shell access

To run shell commands in the Seq container without host shell access, you'll need to be able to write to Seq's mounted storage volume, and will also need to be able to collect container logs.

First, add an init scripts to Seq's mounted storage volume, under Init/. The script can be named list-users.sh:

#!/bin/bash
seqsvr auth

Then, using the facilities of you container orchestrator, restart the Seq container.

The container's startup logs will include configured usernames in the output from the init script.

📘

Each time you create an init script, it will need a different name from any previously-run init scripts (after successfully executing an init script, Seq won't run any further scripts with identical names).

Resetting the authentication provider and unlocking the user account

With the name of the user account handy:

On Windows

seq service stop
seq auth --basic -u <username> -p <new password>
seq service start

You should then be able to refresh the Seq web UI and log in with <username>/<new password>.

Using Docker with host shell access

Assuming your Docker container name is seq, and your Seq storage folder is mounted from <path> on the host machine:

docker stop seq
docker run --rm -it -v <path>:/data datalust/seq auth --basic -u <username> -p <new password>
docker start seq

You should then be able to refresh the Seq web UI and log in with <username>/<new password>.

Using Docker without host shell access

To run shell commands in the Seq container without host shell access, you'll need to be able to write to Seq's mounted storage volume, and will also need to be able to collect container logs.

First, add an init scripts to Seq's mounted storage volume, under Init/. The script can be named reset-authentication.sh:

#!/bin/bash
seqsvr auth --basic -u <username> -p <new password>

Then, using the facilities of you container orchestrator, restart the Seq container. Seq will run the init script on startup.

You should then be able to refresh the Seq web UI and log in with <username>/<new password>.

👍

Still having trouble?

If the steps above haven't helped, please contact us via [email protected]lust.co before making further configuration changes.


Did this page help you?