Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    TNSR CLI access denied for basic config-related commands

    Scheduled Pinned Locked Moved Problems Installing or Upgrading TNSR Software
    3 Posts 2 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gigabitguruG
      gigabitguru
      last edited by

      I just did a fresh install of TNSR 4.18.0-305 on KVM and cannot seem to run any configuration commands in the Clixon CLI. The required services are running via tnsrctl status (vpp, clixon-backend), but I keep getting the following error for almost any command run in the TNSR/Clixon CLI:

      Get configuration: application access-denied default deny

      Commands tried that should show something:

      show configuration
show interface

      It seems there's a permission that needs to be tweaked but I'm not finding anything in the docs, and other seemingly intuitive commands around acl seem to not be helpful. Any insight on what config needs to be tweaked to get out of this state would be greatly appreciated!

      DerelictD 1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate @gigabitguru
        last edited by

        @litmaj0r said in TNSR CLI access denied for basic config-related commands:

        TNSR 4.18.0-305

        First, what is TNSR 4.18.0-305? The current tnsr version is 21.07.1-1. (Ah you're talking about the underlying CentOS kernel version).

        Are you logging in as the tnsr user? If not, give that a shot. Else run clixon_cli under sudo.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        gigabitguruG 1 Reply Last reply Reply Quote 0
        • gigabitguruG
          gigabitguru @Derelict
          last edited by gigabitguru

          @derelict Derf, yep I mentioned the kernel version. The TNSR version is 21.07.0-1.

          Anyway, sudo clixon_cli worked to get the commands operational (and that's using my custom user, not tnsr)

          [Now I see the part of the docs that caused this issue, since I created a custom user during install:
          Default TNSR Permissions where only root and tnsr users are allowed into the CLI.

          For others' reference, here's how to fix that (once in the CLI via sudo):

          configure t
nacm group admin
member USERNAME
exit
configuration copy running startup
exit

          More info on NACM config here in the docs

          After that, just entering clixon_cli without sudo will work just fine...

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.