Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    TNSR CLI access denied for basic config-related commands

    Installation and Upgrades
    2
    3
    1819
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gigabitguru
      gigabitguru last edited by

      I just did a fresh install of TNSR 4.18.0-305 on KVM and cannot seem to run any configuration commands in the Clixon CLI. The required services are running via tnsrctl status (vpp, clixon-backend), but I keep getting the following error for almost any command run in the TNSR/Clixon CLI:

      Get configuration: application access-denied default deny
      

      Commands tried that should show something:

      show configuration
      show interface
      

      It seems there's a permission that needs to be tweaked but I'm not finding anything in the docs, and other seemingly intuitive commands around acl seem to not be helpful. Any insight on what config needs to be tweaked to get out of this state would be greatly appreciated!

      Derelict 1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate @gigabitguru last edited by

        @litmaj0r said in TNSR CLI access denied for basic config-related commands:

        TNSR 4.18.0-305

        First, what is TNSR 4.18.0-305? The current tnsr version is 21.07.1-1. (Ah you're talking about the underlying CentOS kernel version).

        Are you logging in as the tnsr user? If not, give that a shot. Else run clixon_cli under sudo.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        gigabitguru 1 Reply Last reply Reply Quote 0
        • gigabitguru
          gigabitguru @Derelict last edited by gigabitguru

          @derelict Derf, yep I mentioned the kernel version. The TNSR version is 21.07.0-1.

          Anyway, sudo clixon_cli worked to get the commands operational (and that's using my custom user, not tnsr)

          [Now I see the part of the docs that caused this issue, since I created a custom user during install:
          Default TNSR Permissions where only root and tnsr users are allowed into the CLI.

          For others' reference, here's how to fix that (once in the CLI via sudo):

          configure t
          nacm group admin
          member USERNAME
          exit
          configuration copy running startup
          exit
          

          More info on NACM config here in the docs

          After that, just entering clixon_cli without sudo will work just fine...

          1 Reply Last reply Reply Quote 0
          • First post
            Last post