RESTCONF access denied when authentication set to none

dbeyzade · Jan 10, 2021, 5:43 PM

Error received from remote GET request

curl -X GET http://10.2.0.3/restconf/data/netgate-interface:interfaces-state

{
"ietf-restconf:errors" : {
  "error": {
    "error-type": "application",
    "error-tag": "access-denied",
    "error-severity": "error",
    "error-message": "default deny"
  }
}

}

TNSR Config:

<http-config xmlns="urn:ietf:params:xml:ns:yang:netgate-http">
   <restconf>
      <enable>true</enable>
   </restconf>
   <authentication>
      <auth-type>none</auth-type>
   </authentication>
</http-config>

kiokoman · Jan 10, 2021, 6:36 PM

@dbeyzade
you need to disable / configure nacm
https://docs.netgate.com/tnsr/en/latest/nacm/basics.html

[kiokoman@TNSR ~]$ curl -X GET http://192.168.10.2/restconf/data/netgate-interface:interfaces-state
{
"ietf-restconf:errors" : {
  "error": {
    "error-type": "application",
    "error-tag": "access-denied",
    "error-severity": "error",
    "error-message": "default deny"
  }
}

}

TNSR.localdomain tnsr(config)# nacm disable

[kiokoman@TNSR ~]$ curl -X GET http://192.168.10.2/restconf/data/netgate-interface:interfaces-state
{
    "netgate-interface:interfaces-state": {
      "interface": [
        {
          "name": "LAN",
          "description": "Local Network",
          "admin-status": "up",
          "link-status": "up",
          "link-speed": 1000000,
          "link-duplex": "full",
          "link-mtu": 9000,
          "if-index": 2,
          "mac-address": "00:0c:29:f1:63:59",
          "nat-side": "inside",
          "ipv4": {
            "route-table-name": "ipv4-VRF:0",
            "address": {
              "ip": "172.15.1.1/24"
...................................................

dbeyzade · Jan 11, 2021, 8:59 AM

@kiokoman This did the trick, thank you very much :)