Change password and disable accounts via SNMP

giuseppe4 · May 20, 2016, 9:20pm

Hello,

for security reason I would like to change all my Subscriber Modules' passwords using an automatic script I want to run each month.

Unfortunately I can't find a way to programmatically change the password of a SM via SNMP or json config import.

I would also like to disable accounts (home/read-only etc) programmatically. At this time I can only do this via GUI.

Can you help me?
I really need this feature!

Thank you

Fedor · May 22, 2016, 7:18am

Hi Giuseppe,

Cambium Networks is aware of that issue and is working on solution.

Meanwhile you can use template saved to .bin file.

Configuration saved in .bin file contains users accounts management options and passwords.

Thank you.

giuseppe4 · May 22, 2016, 11:03am

Thank you Fedor!
Is it possible to create a .bin file not from a Cambium device?

Fedor · May 23, 2016, 9:26am

Hi Giuseppe,

It is not possible to create it not from Cambium Device.

Accounts credentials are saved to .bin file and are not saved in JSON and it is not possible to set them via SNMP because of security reasons.

Thank you.

Jesus_Zamora · April 5, 2023, 4:37pm

Too late? Just use a python script using paramiko to connect each device via ssh.

Douglas_Generous · April 6, 2023, 5:04pm

just use a shell script to push the JSON changes and use variables so that you can use pseudo random strings and also send an email to the network team so they can still access the radios.

Better yet, just use freeradius, mysql and daloradius and set up radius based authentication, then set the admin username to something long and complicated using cnmaestro to set it for the entire network. Once set, this will allow an offline access if needed but as soon as it connects to the network a VSA can be set to kick out any logged in users and then they must have valid credentials on the network or just disable local access once installed.

ninedd · April 7, 2023, 6:35pm

We did this via cnMaestro prior to upgrading to 4.7 a few months ago, but on many devices, it also changed device names somehow.

On the infrastructure devices (point to point and APs) it was easy enough to figure out which ones had been renamed by cnMaestro, but on the SMs it was (and it’s) a nightmare and we have no real idea of we’ve found and corrected every one or not.