• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

TNSR CLI access denied for basic config-related commands

Scheduled Pinned Locked Moved Problems Installing or Upgrading TNSR Software
3 Posts 2 Posters 2.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    gigabitguru
    last edited by Jan 19, 2022, 1:32 AM

    I just did a fresh install of TNSR 4.18.0-305 on KVM and cannot seem to run any configuration commands in the Clixon CLI. The required services are running via tnsrctl status (vpp, clixon-backend), but I keep getting the following error for almost any command run in the TNSR/Clixon CLI:

    Get configuration: application access-denied default deny
    

    Commands tried that should show something:

    show configuration
    show interface
    

    It seems there's a permission that needs to be tweaked but I'm not finding anything in the docs, and other seemingly intuitive commands around acl seem to not be helpful. Any insight on what config needs to be tweaked to get out of this state would be greatly appreciated!

    D 1 Reply Last reply Jan 19, 2022, 8:54 PM Reply Quote 0
    • D
      Derelict LAYER 8 Netgate @gigabitguru
      last edited by Jan 19, 2022, 8:54 PM

      @litmaj0r said in TNSR CLI access denied for basic config-related commands:

      TNSR 4.18.0-305

      First, what is TNSR 4.18.0-305? The current tnsr version is 21.07.1-1. (Ah you're talking about the underlying CentOS kernel version).

      Are you logging in as the tnsr user? If not, give that a shot. Else run clixon_cli under sudo.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      G 1 Reply Last reply Jan 20, 2022, 3:27 AM Reply Quote 0
      • G
        gigabitguru @Derelict
        last edited by gigabitguru Jan 20, 2022, 3:29 AM Jan 20, 2022, 3:27 AM

        @derelict Derf, yep I mentioned the kernel version. The TNSR version is 21.07.0-1.

        Anyway, sudo clixon_cli worked to get the commands operational (and that's using my custom user, not tnsr)

        [Now I see the part of the docs that caused this issue, since I created a custom user during install:
        Default TNSR Permissions where only root and tnsr users are allowed into the CLI.

        For others' reference, here's how to fix that (once in the CLI via sudo):

        configure t
        nacm group admin
        member USERNAME
        exit
        configuration copy running startup
        exit
        

        More info on NACM config here in the docs

        After that, just entering clixon_cli without sudo will work just fine...

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received