Skip to content

Recover UniFi controller access of a UniFi Dream Machine Pro network backup

The other day I needed to look at some settings I had in a backup of a UniFi network controller. The backup was made of a previous site configuration running on a UDMP. The best way to do this was spin up a temporary docker image and restore that backup to that container which should give me access to the backup.

Keyword: should

While I had both the UDMP and the Network controller’s backups, it wasn’t as easy as I thought. I initially tried restoring the UDMP back which failed telling me it wasn’t a valid controller backup. In hindsight, this made sense. Then I restored the controller backup. The process starts and finishes through the GUI as expected and then I’m presented with the UniFi controller login screen. I pulled the local UID and password from my password manager, paste it in, and bam, “login error”. I try my UI cloud credentials, “login error”. I try defaults like admin/root/ubnt, “login error”.

I searched around for a solution and find a post on the UI forums that outlines how to edit your MongoDB to reset access. This was the gold that I needed.

Copying here for posterity:

Linux

The command below will prompt you will the admin accounts on the controller.

Replace the <UserName> with the admin account that you want to reset in the command below.

Now you should be able to login with your admin account and password password

What I found interesting is that initially when trying this, the output of the password change command was

WriteResult({ “nMatched” : 0, “nUpserted” : 0, “nModified” : 0 })

The issue turned out to be that I was not able to use my “normal” username or email associated with the account I had in the UDMP. When scrolling through the output of the first command, the name value was listed as my full name as registered with my UI cloud account. Rerunning the password reset command using my full name as the name value solved the problem.

My guess is that since the UDMP runs the UniFi OS, your login auth occurs there and the OS passes a token to the controller application. So if you export just the controller backup, it has some unknown credentials for your account (if any).

Published inNetworking

Be First to Comment

Leave a Reply

Discover more from D Khaz

Subscribe now to keep reading and get access to the full archive.

Continue reading