RESTCONF access denied when authentication set to none


  • Error received from remote GET request

    curl -X GET http://10.2.0.3/restconf/data/netgate-interface:interfaces-state

    {
    "ietf-restconf:errors" : {
      "error": {
        "error-type": "application",
        "error-tag": "access-denied",
        "error-severity": "error",
        "error-message": "default deny"
      }
    }
    
    }
    

    TNSR Config:

    <http-config xmlns="urn:ietf:params:xml:ns:yang:netgate-http">
       <restconf>
          <enable>true</enable>
       </restconf>
       <authentication>
          <auth-type>none</auth-type>
       </authentication>
    </http-config>
    
    
  • LAYER 8

    @dbeyzade
    you need to disable / configure nacm
    https://docs.netgate.com/tnsr/en/latest/nacm/basics.html

    [kiokoman@TNSR ~]$ curl -X GET http://192.168.10.2/restconf/data/netgate-interface:interfaces-state
    {
    "ietf-restconf:errors" : {
      "error": {
        "error-type": "application",
        "error-tag": "access-denied",
        "error-severity": "error",
        "error-message": "default deny"
      }
    }
    
    }
    
    TNSR.localdomain tnsr(config)# nacm disable
    
    [kiokoman@TNSR ~]$ curl -X GET http://192.168.10.2/restconf/data/netgate-interface:interfaces-state
    {
        "netgate-interface:interfaces-state": {
          "interface": [
            {
              "name": "LAN",
              "description": "Local Network",
              "admin-status": "up",
              "link-status": "up",
              "link-speed": 1000000,
              "link-duplex": "full",
              "link-mtu": 9000,
              "if-index": 2,
              "mac-address": "00:0c:29:f1:63:59",
              "nat-side": "inside",
              "ipv4": {
                "route-table-name": "ipv4-VRF:0",
                "address": {
                  "ip": "172.15.1.1/24"
    ...................................................
    

  • @kiokoman This did the trick, thank you very much :)