#New 42.13.2 Whitelist config?

How?

New 42.13.2 Whitelist config?

Must set server to "open" in order to let ppl including admin to get in

Im guessing that the developer did an oopsie when they tried the new system

It just tweaks the /adduser command and adds the /addsteamid

Adduser no longer requires a password

But

I as an admin got stuck outside of my server bc i set open=false

Public servers should always be set to Open as far as I know

The setting that controls the whitelist creation is AutoCreateUserInWhiteList

But i set my server to not public

Have you used the /addsteamid command in your server's console to add your own SteamId?

I'm fairly certain, since you said your server is "not public" you mean Open=false. The comments related to the "Open" setting within your server config states: Clients may join without already having an account in the whitelist. If set to false, administrators must manually create username/password combos. So you'll need to ensure all players have username/password combos.

This means the administrator will have to create those username/password combos yourself. If the admin goes into your server's console and types: /adduser <username> <password> with the specific username and password for your players, it should add it. (Though based on what Beard says, you may need to use /addsteamid <username> <password> now instead.

If you want players to be able to create their own username/password combos, you'll have to set Open=true, allows players to create their own user/pass and connect, then when that's all done you can set Open=false again.

OHhhh 😢 I was under the impression it was gonna be a config file where I can mass dump my steamID file.

I'm gonna have to write a script then I guess

No, I don't think so. I'm fairly certain the whitelist info is stored in an SQLite db file. You could potentially edit that file if you have an SQLite database editor.

But a script using the command would likely be far easier.

the game could just read from a whitelist.txt if it wanted.... Was really hoping it was gonna get that

Do you have a lot of players you're trying to account for?

little under 100 that I have no interest in typing one by one

Perhaps, though a script to edit the SQL database using info from a whitelist.txt file is certainly possible.

well if it's just the adduser command, I'll just powershell it into rcon

An alternative is temporarily setting Open=true and letting your players join with their existing username/password stuff.

I was just hoping to scrape my user.txt file for steamIDs and do it that way

I'm currently doing Open true with add to whitelist and passworded

I would need more info about your setup and what you are trying to achieve with it

Public is false
Open is false (before 42.13.2)

I only want people with whitelisted username and password to join. Since I dont want any uninvited guest to get in and causing troubles

Do you need more info regarding my server settings? I can get up if you needed more.

Set it to Public true, open false, then add any users you want through the commands I mentioned above

Either their Steam IDs or usernames

Okay thanks alot.

Will do

I've tried this, and it won't work unfortunately. Seems to be a bug with the whitelist? AddUser and AddSteamId both don't want to work with this approach

Both addsteamid <steamID> and adduser <user> <pass> work according to the server repl, but the user still receives the "An account password is required" auth failure.

Neither seem to be updating the password in the whitelist

So far the only way I've been able to let people in is to kill the whitelist with Open=false in the server .ini

I did /addsteamid idnumber

The I was able to log into my character.

But I dont have admin access in game even though i've given it to myself via the console.

Do you have Open=false in the .ini @haughty phoenix?

yeah its a closed server.

Weird

That gives me hope though

weirdly I cant view the server options.

but i know because the file.

Trying to figure out why I dont have admin access anymore. More werid my character is still invisible to the zombies.

is there a documentation page for these changes? I have a whitelisted server where admins manually created usernames/passwords, but no one, not even admin, can log in. the steamid column in the server's db/servertest.db whitelist table shows everyone's steam ids already

That's where I am as well @hexed pelican

I've even tried adding totally new characters for steam accounts that have been whitelisted via "addsteamid", and it repeatedly tells them that they need a password despite giving them a password

I'm going to temporarily roll back until the whitelist is confirmed to work

probably a good call.

def seems they sent out a broken version of the new whitelist system

I got players into my server but I have no in game admin controls.

rolling back sadly not an option for gportal

im not rolling back because i dont want to have to readd steamIDs.

I can do stuff from the console and thats fine enough.

it would be great if there was an option to disable steamid whitelisting without giving up the username/password whitelisting...this seems very broken

Or just use a text file or .csv for the whitelist

Maybe make it importable into the db

if you are comfortable with editing the server's database, this sqlite query should copy all of your previously whitelisted users to the new steamid whitelist

SELECT DISTINCT steamid FROM whitelist WHERE whitelist.steamid IS NOT NULL AND whitelist.steamid NOT IN (
    SELECT allowedsteamid.steamid FROM 
        allowedsteamid
        INNER JOIN whitelist ON allowedsteamid.steamid=whitelist.steamid
        WHERE whitelist.steamid IS NOT NULL
);```

That's actually a great way to do it

Or at least the idea is there

So outside of manually adding the steam id's, you guys can get the whitelist to work?

I can't seem to get the whitelist to work at all, even with the steamid's added

I've only tested my admin account so far, haven't reopened to the masses yet

but I am logging in as admin with the whitelist enabled

(though the "admin" account is logging in with zero admin powers )

I can rcon setaccesslevel admin admin while logged in, but it only lasts until I relog

it should silently ignore "old" whitelist entries that lack a steamid, and avoid creating duplicates in the "new" steamid whitelist. open to feedback if you see an edge case that I missed

my sql is rusty

Hah I know better than to rip any code straight into prod 😛

"prod" 😂

But like I said the idea looks right

confirming the whitelist does work for non-admin if the database has

• the user's steamid in the database allowedsteamid table, AND
• a username/password in the whitelist table

I haven't tested whether the console commands actually do what they're supposed to. have only worked with manual database edits to preserve our user list so far

Alright I'll upgrade again here in a bit and double check with dbeaver

Really appreciate the sanity check

has anyone tested if Open=true and AutoCreateUserInWhiteList=false would restore the old behavior? no steamid whitelist, but admins must still create user accounts?

it doesn't seem like the tooltips are consistent with current behavior, or they're at least referring to ambiguously different meanings for "whitelist"

answering my own question -- with Open=true and AutoCreateUserInWhiteList=false, the behavior is that

• anyone can create a character at will
• that character is not added to the whitelist
• but it doesn't matter because the whitelist has no effect
  so...no way around the new bugs and headaches, and no way that I can see to get the old behavior back

the whitelisting process for new users seems to be two steps now. addsteamid accepts only one argument (a numeric steamID64), despite its help text

~~and while it's true that adduser does function with only one argument, its single-argument behavior is to create an account whose password is not checked at all. I cannot imagine the use-case for this...I tested manually corrupting the stored steamid for a user account, and the server doesn't seem to block other steamids from logging into accounts that aren't theirs...it just associates with the most recent login. so...don't make accounts without passwords ~~ (see below, no account passwords are ever checked)

example over rcon for a completely-fresh test server...I think just put slashes in front of the adduser and addsteamid commands if you have console access

User buckma22 created with password
$ rcon -a 192.168.1.3:27015 -p rconpassword "addsteamid 12345"
SteamID 12345 added to allowed SteamIDs

and I can log in then

so it seems like there are effectively two whitelists--you must be on both, and they don't seem to communicate with each other at all

if you have existing users, I think /addsteamid numericsteamid for each person already that already has an account should be enough (or edit your database #1462809642374664255 message )

ok it seems to be worse than this. from my testing, I don't think the user/password whitelist is being checked at all, ever. it seems like any whitelisted steamid can log in as whoever they want--admin account, new character, other people, anything. this is a disaster

<@&756556556488933526> sorry for the ping, but this seems urgent. is this known internally, or should it be a bug report? (tho I hesitate to make it more visible given how abusable this is)

or @tawdry shadow? really sorry for pinging but this seems like a very abusable big deal and I'm not sure if I should publicize it with a bug report post

I can forward it to the devs, is it just this report?

Could you also write the expected behavior?

I assume the tldr is that the whitelist isnt blocking new accounts correctly?

I would say tldr is:

• whitelisting is only providing a yes/no for access to the server by steamid, but
• any whitelisted steamid can create as many accounts as they want, and can log in as any character on the server--account passwords are not being checked

can confirm seeing the same issue, only on a whitelisted none public server, but an open server without a whitelist does not have this issue

almost a saving grace is that admin doesn't persist after relog but anyone can log in as any user currently

Will forward this info

thanks so much

yeah, thank goodness admin is also bugged to require console access

this needs to be escelsated ASAP because as it stands, I can log in as any character on the server and nuke their run and Idk if there is much worse than that

i would suggest using a temp server password and removing the whitelist requirement, this will stop that from happening

we've just switched Ducks server over and it's at least secure now until it's updated, it's been a long week today

I can also confirm that account passwords are not checked for any users on the allowedsteamid table unless Open=true.

PS fantastic idea for adding all of your existing users to the allowedsteamid table @hexed pelican 🙏
Your SQL works. I was pretty impressed with the foresight to ensure you're not throwing duplicates in there.

awesome, glad it worked out

any idea if the devs consider this urgent? open=false is incredibly broken in .2

Dont know, but it is reported, so it will be fixed eventually

@hexed pelican was it you that commented on a different thread about some zombies randomly being unhittable until you relog?

I think I've seen people talk about it, but no sorry, wasn't me

Me too same problem on .2