No auth with local domain

marinrukavina · February 10, 2022, 5:06pm

Server Version#: 1.25.4.5487
Player Version#: n/a

Hi everyone,

I’m running PMS on a Linux box and am facing a problem accessing the web UI locally in my private LAN.

The service is bound to the standard 0.0.0.0:32400 on my laptop.

In my network, the DHCP-provided DNS server can do local lookups based on hostname, so for example the address of my computer called “laptop” can be looked up by querying “laptop.lan”.

Unfortuately, despite excluding my entire home network (192.168.0.0/255.255.255.0) from requiring auth (“List of IP addresses and networks that are allowed without auth”), using http://laptop.lan:32400/web (which resolves to an address in that network) still causes a redirect to plex.tv and asks me (rather, requires me) to log in.

In contrast, using the IP address instead (http://192.168.0.100:32400/web) does not ask me for login.

This is rather inconvenient as typing the address is longer and there’s no real difference. I’m wondering if there’s any way around it (whitelisting a host as well), any reason for it or if it’s a bug and could be addressed in a future release.

Thanks for the input!

ChuckPa · February 10, 2022, 6:21pm

Plex/web is going to require you to prove you’re the admin user.
Your entire LAN being excluded from auth really only benefits the player devices.

marinrukavina · February 10, 2022, 10:19pm

Yes, but using the computer’s IP address to access Plex web works without proving you’re the admin user.

Using a domain that just resolves to the same permitted IP address should be the same thing, right?

marinrukavina · May 11, 2022, 6:58am

Just to sum things up this is my qualm: I have the IP range 192.168.0.0/255.255.255.0 whitelisted for no-login access.

The domain laptop.lan resolves locally to something like 192.168.0.100.

I can access Plex Web without logging in via 192.168.0.100:32400, but not laptop.lan:32400.

Therefore, it seems to me like Plex Web is rejecting no-login access based on the host header, and not the source IP address, making IP whitelisting misleading, if not downright broken.

Any comments on this?

ChuckPa · May 11, 2022, 7:13am

When it sees an unknown FQDN (host.LAN domain) it treats this the FQDN it is.
It will further complain if the FQDN is unknown (not added to Plex).

Certificates must contain the CA.
PMS will reject self-signed certs because there is no CA.

The solution here is to setup a ‘server cert’ with wildcard hostname (*.mydomain.tld), with a CA, and then add that cert to PMS.

Further, the PMS host must be a member of the domain (hostname returns the full FQDN) e.g. PMS.mydomain.tld as the hostname

If you have a DNS server, using only the hostname in the URL, PMS will not complain because this is converted to the IP as the URL is being expanded for resolution.

system · August 9, 2022, 7:13am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Access without auth locally only works when using IP Plex Media Server server-linux , plex-web	3	122	April 3, 2023
Plex requires login when using domain name Remote Access server-linux , networking	5	237	March 27, 2021
Auth bypass does not work LAN hostname, only IP address Plex Media Server networking	3	152	April 17, 2025
PleX asks for credentials when you browse to it via hostname. But won't ask if you visit via IP Français - French	8	357	January 8, 2020
[Reproducible, workaround for support article available] Authentication for local network access ineffective in presence of local DNS Plex Media Server server-linux	1	104	December 3, 2020

No auth with local domain

Related topics