The other day I needed to look at some settings I had in a backup of a UniFi network controller. The backup was made of a previous site configuration running on a UDMP. The best way to do this was spin up a temporary docker image and restore that backup to that container which should give me access to the backup.
Keyword: should
While I had both the UDMP and the Network controller’s backups, it wasn’t as easy as I thought. I initially tried restoring the UDMP back which failed telling me it wasn’t a valid controller backup. In hindsight, this made sense. Then I restored the controller backup. The process starts and finishes through the GUI as expected and then I’m presented with the UniFi controller login screen. I pulled the local UID and password from my password manager, paste it in, and bam, “login error”. I try my UI cloud credentials, “login error”. I try defaults like admin/root/ubnt, “login error”.
I searched around for a solution and find a post on the UI forums that outlines how to edit your MongoDB to reset access. This was the gold that I needed.
Copying here for posterity:
Linux
The command below will prompt you will the admin accounts on the controller.
1 |
<mark style="background-color:rgba(0, 0, 0, 0)" class="has-inline-color has-vivid-red-color">mongo --port 27117 ace --eval "db.admin.find().forEach(printjson);"</mark> |
Replace the <UserName> with the admin account that you want to reset in the command below.
1 |
<mark style="background-color:rgba(0, 0, 0, 0)" class="has-inline-color has-vivid-red-color">mongo --port 27117 ace --eval 'db.admin.update( { "name" : "<UserName>" }, { $set : { "x_shadow" : "$6$ybLXKYjTNj9vv$dgGRjoXYFkw33OFZtBsp1flbCpoFQR7ac8O0FrZixHG.sw2AQmA5PuUbQC/e5.Zu.f7pGuF7qBKAfT/JRZFk8/" } } )'</mark> |
Now you should be able to login with your admin account and password password
What I found interesting is that initially when trying this, the output of the password change command was
![](https://khaz.me/wp-content/uploads/2025/01/SCR-20250106-hjdk.png)
The issue turned out to be that I was not able to use my “normal” username or email associated with the account I had in the UDMP. When scrolling through the output of the first command, the name
value was listed as my full name as registered with my UI cloud account. Rerunning the password reset command using my full name as the name
value solved the problem.
My guess is that since the UDMP runs the UniFi OS, your login auth occurs there and the OS passes a token to the controller application. So if you export just the controller backup, it has some unknown credentials for your account (if any).
Be First to Comment