Force300: Updating system passwords via configuration file

Hi, I would like to distribute a config file to be uploaded in new Force300 Subscriber Modules, so that it also includes new system passwords (admin, installer).

Unfortunately, loading a config file does not seem to update the system passwords, i.e., the default admin/admin still applies.

Any clue?
Thanks!
– Davide

Please show this config (hide passwords)

That should work. I have a txt (.json) template I upload to all new radios with new passwords (well different from the factory default passwords) for the admin / installer / readonly accounts. On the very old firmware the passwords were not save in txt (.json) config files , just the binary but that changed somewhere back in the early v3’s I think.

The relevent part of the config looks like this (it’s encrypted, and not it’s not my actual passwords)

[
		  {
			"cambiumSysAccountsName":	"admin",
			"cambiumSysAccountsHash":	"$1$H2uT4zZo^RqJB9kzLMNPVHk&5C4ZCK1",
			"cambiumSysAccountsUID":	"1000",
			"cambiumSysAccountsGID":	"4",
			"cambiumSysAccountsDir":	"\/tmp",
			"cambiumSysAccountsShell":	"\/usr\/bin\/clish"
		  },
		  {
			"cambiumSysAccountsName":	"installer",
			"cambiumSysAccountsHash":	"!$1$H2uT4zZo^RqJB9kzLQNPVHk&5C4ZCW1",
			"cambiumSysAccountsUID":	"2000",
			"cambiumSysAccountsGID":	"100",
			"cambiumSysAccountsDir":	"\/tmp",
			"cambiumSysAccountsShell":	"\/bin\/false "
		  },
1 Like

That’s probably my issue:
I don’t have those entries in my config file.

[Copying my file here, as I am not authorised to upload attachments]

{
	"template_props": {
		"templateName":	"",
		"templateDescription":	"",
		"device_type":	"",
		"version":	"4.5.6"
	},
	"device_props": {
		"acsEnable":	"0",
		"bcPriority":	"1",
		"cambiumIPAliasesEnable":	"0",
		"cambiumLicenseServerEnable":	"0",
		"cambiumAccelerationEngine":	"1",
		"centerFrequency":	"4920",
		"dataVLANEnable":	"0",
		"mcastVLANEnable":	"0",
		"networkRelaydEnable":	"0",
		"dhcpLanEnable":	"0",
		"dhcpLanLimit":	"10",
		"dhcpLanStart":	"1",
		"dhcpLanLeasetime":	"24",
		"dhcpOption82":	"0",
		"dhcpOption82CircuitIDType":	"0",
		"dhcpOption82CircuitValue":	"",
		"dhcpOption82RemoteIDType":	"0",
		"dhcpOption82RemoteValue":	"",
		"dhcpOption66":	"1",
		"cambiumSSHServerEnable":	"1",
		"cambiumSSHServerPort":	"22",
		"cambiumTelnetServerEnable":	"0",
		"cambiumTelnetServerPort":	"23",
		"dmzEnable":	"0",
		"dmzAllowICMP":	"1",
		"httpPort":	"80",
		"httpsPort":	"443",
		"uhttpdMainInactLogout":	"0",
		"l2FirewallEnable":	"0",
		"l2WanRemoteAccess":	"0",
		"l2LanRemoteAccess":	"0",
		"l2SnmpLanRemoteAccess":	"1",
		"l2DHCPServersBelowSTA":	"0",
		"l3FirewallEnable":	"0",
		"mcPriority":	"1",
		"mgmtVLANEnable":	"0",
		"networkBridgeDNSIPAddrPrimary":	"8.8.8.8",
		"networkBridgeDNSIPAddrSecondary":	"8.8.4.4",
		"networkBridgeGatewayIP":	"192.168.1.10",
		"networkBridgeIPAddr":	"192.168.1.205",
		"networkBridgeIPv6Addr":	"",
		"networkBridgeIPAddressMode":	"1",
		"networkBridgeIPv6AddressMode":	"2",
		"networkBridgeMTU":	"1538",
		"networkBridgeNetmask":	"255.255.255.0",
		"networkLanAutoNegotiation":	"1",
		"networkLanSpeed":	"1000",
		"networkLanDuplex":	"1",
		"networkLanEnabled":	"1",
		"networkLan2Enabled":	"1",
		"networkLan2AutoNegotiation":	"1",
		"networkLan2Speed":	"1000",
		"networkLan2Duplex":	"1",
		"networkLan2PoEEnabled":	"0",
		"networkLan2MTU":	"1538",
		"networkLanIPAddr":	"10.1.1.254",
		"networkLanIPv6Addr":	"",
		"networkLanIPAddressMode":	"1",
		"networkLanIPv6AddressMode":	"1",
		"networkLanMTU":	"1538",
		"networkLanNetmask":	"255.255.255.0",
		"networkLanSmartSpeedMode":	"1",
		"networkBroadcastStormEnabled":	"0",
		"networkBroadcastStormRate":	"1000",
		"networkLanDefaultIP":	"169.254.1.1",
		"mgmtIFEnable":	"0",
		"mgmtIFVLAN":	"0",
		"mgmtIFIPAddressMode":	"2",
		"mgmtIFIPv6AddressMode":	"2",
		"mgmtIFNetmask":	"255.255.255.0",
		"networkMode":	"2",
		"networkSTP":	"0",
		"networkPortSecurity":	"0",
		"networkPortSecurityMax":	"5",
		"networkPortSecurityAgingTime":	"300",
		"networkWanIPAddr":	"192.168.0.2",
		"networkWanIPv6Addr":	"",
		"networkWanIPAddressMode":	"2",
		"networkWanIPv6AddressMode":	"2",
		"networkWanNetmask":	"255.255.255.0",
		"networkWanPPPoE":	"0",
		"networkWanPPPoEAC":	"Cambium",
		"networkWanPPPoEService":	"temp",
		"networkWanPPPoEAuth":	"0",
		"networkWanPPPoEMTU":	"1492",
		"networkWanPPPoEKeepAlive":	"10",
		"networkWanPPPoEAttempts":	"5",
		"networkWanPPPoEMSSClamping":	"0",
		"networkPPPoEIAEnable":	"0",
		"networkUPNP":	"0",
		"networkNATPMP":	"0",
		"networkLLDP":	"1",
		"networkLLDPMode":	"1",
		"networkMACTELNET":	"1",
		"networkMACTELNETProto":	"1",
		"mcastGroupLimit":	"0",
		"portForwardingEntryEnable":	"0",
		"portForwardingSepMangIPEntryEnable":	"0",
		"qosEnable":	"1",
		"snmpDomainAccessEnable":	"0",
		"snmpDomainAccessIP":	"",
		"snmpDomainAccessIPMask":	"",
		"snmpReadOnlyCommunity":	"[REDACTED]",
		"snmpReadWriteCommunity":	"[REDACTED]",
		"snmpSystemName":	"CambiumNetworks",
		"snmpTrapCommunity":	"[REDACTED]",
		"snmpTrapEnable":	"0",
		"systemConfigDeviceName":	"F300-16_205",
		"cambiumDeviceNameLoginDisplay":	"1",
		"systemConfigOperationalLicense":	"",
		"systemConfigTimezone":	"CEST-2",
		"systemConfigLanguage":	"en",
		"powerSequenceFactoryDefault":	"1",
		"systemConfigStartDHT":	"13",
		"systemConfigStopDHT":	"17",
		"systemConfigPreheatStopTemp":	"10",
		"systemConfigPreheatStopTimeout":	"20",
		"dlkmNATSIPHelpers":	"1",
		"syslogServerIPFirst":	"",
		"syslogServerIPSecond":	"",
		"syslogServerIPThird":	"",
		"syslogServerIPFourth":	"",
		"syslogServerLogMask":	"15",
		"syslogServerLogToWeb":	"0",
		"syslogServerLogDA":	"1",
		"systemNtpServerIPMode":	"1",
		"systemNtpServerPrimaryIP":	"192.168.1.10",
		"systemNtpServerSecondaryIP":	"192.168.1.1",
		"systemConfigFactoryResetKeepPwd":	"0",
		"voipEnable":	"0",
		"webService":	"1",
		"wirelessAcceptableAPRSSIThreshold":	"-90",
		"wirelessAcceptableAPSNRThreshold":	"0",
		"wirelessSmartAntennaEnabled":	"1",
		"wirelessCellSizeUnit":	"2",
		"wirelessDeviceCountryCode":	"FA",
		"wirelessDefaultCountryCode":	"OT",
		"wirelessInterfaceEncryption":	"2",
		"wirelessInterfaceEncryptionKey":	"[REDACTED]",
		"wirelessInterfaceiFreqReuseMode":	"0",
		"wirelessInterfaceGuardInterval":	"2",
		"wirelessInterfaceHTMode":	"1",
		"wirelessInterface2HTMode":	"1",
		"wirelessInterfaceMode":	"2",
		"wirelessInterfaceProtocolMode":	"1",
		"wirelessInterfacePTPMode":	"1",
		"wirelessInterfaceScanFrequencyBandwidth":	"1",
		"wirelessInterface2ScanFrequencyBandwidth":	"3",
		"wirelessInterfaceScanFrequencyListTwenty":	"5365 5710 5865 5910",
		"wirelessInterface2ScanFrequencyListTwenty":	"",
		"wirelessInterfaceScanFrequencyListForty":	"",
		"wirelessInterface2ScanFrequencyListForty":	"",
		"wirelessInterfaceScanFrequencyListTen":	"",
		"wirelessInterface2ScanFrequencyListTen":	"",
		"wirelessInterfaceScanFrequencyListFive":	"",
		"wirelessInterface2ScanFrequencyListFive":	"",
		"wirelessInterfaceScanFrequencyListEighty":	"",
		"wirelessInterface2ScanFrequencyListEighty":	"",
		"wirelessInterfaceSSID":	"Cambium-F300-16-AP",
		"wirelessInterfaceSyncSource":	"3",
		"wirelessInterfaceSyncHoldTime":	"1000",
		"wirelessInterfaceTXPower":	"30",
		"wirelessInterface2TXPower":	"15",
		"wirelessInterfaceTDDAntennaGain":	"16",
		"wirelessInterfaceTDDRatio":	"2",
		"wirelessInterfaceTPCTRL":	"-45",
		"wirelessInterfaceTPCMode":	"2",
		"wirelessInterfaceRateMinMCS":	"21",
		"wirelessInterfaceRateMaxMCS":	"39",
		"wirelessFBCompatibility":	"1",
		"wirelessMaximumCellSize":	"3",
		"wirelessMaximumSTA":	"1",
		"wirelessMIREnable":	"0",
		"wirelessInterfaceMgmtRadioBoarddata":	"0",
		"wirelessRadiusTimeout":	"5",
		"wirelessRadiusRetry":	"5",
		"wirelessRadiusGUIUserAuth":	"0",
		"wirelessRadiusIdentityStr":	"anonymous",
		"wirelessRadiusIdentityRealm":	"cambiumnetworks.com",
		"wirelessRadiusUsername":	"[REDACTED]",
		"wirelessRadiusPassword":	"[REDACTED]",
		"useMACAddressAsWirelessRadiusUsername":	"0",
		"wirelessRadiusUseDefaultCertificate":	"1",
		"wirelessRadiusUsePMP450Certificate":	"1",
		"wirelessSecurityMethod":	"1",
		"wirelessClientBridgeMode":	"0",
		"wirelessRateMaxMCS":	"39",
		"wirelessInterfaceColocState":	"0",
		"wirelessInterfaceColocSystemSyncSrc":	"5",
		"wirelessInterface1KeepAliveEnable":	"0",
		"wirelessInterface1KeepAliveEPTPEnable":	"1",
		"wirelessAPForcedSector":	"1",
		"wirelessSTAForcedSector":	"0",
		"wirelessMUMIMOEnable":	"2",
		"wirelessMUMIMOSoundingInterval":	"1",
		"wirelessMUMIMOSoundingAzimuthCycle":	"60",
		"wirelessMUMIMOCBFRateAdapt":	"1",
		"wirelessMUMIMOCBFRateAdaptIndex":	"7",
		"systemConfigSWLockBit":	"1",
		"systemConfigHWLockBit":	"0",
		"systemConfigSMLimit":	"120",
		"systemConfigLockedCC":	"",
		"systemConfigBIB":	"ff",
		"systemConfigMinAntGain":	"16",
		"systemConfigIPv6Support":	"0",
		"wirelessTXPowerManualLimit":	"0",
		"wirelessTXPowerManualLimit2":	"0",
		"staticRoutesEnableMain":	"0",
		"cambiumDeviceAgentEnable":	"1",
		"cambiumDeviceAgentCNSURL":	"https:\/\/cloud.cambiumnetworks.com\/",
		"cambiumCNSDeviceAgentID":	"",
		"cambiumCNSDeviceAgentPassword":	"",
		"cambiumDeviceAgentZeroTouchEnable":	"1",
		"wirelessMACFilter":	"0",
		"wirelessMACFilterPolicy":	"1",
		"spectralEnable":	"0",
		"watchdogEnable":	"0",
		"watchdogMode":	"1",
		"watchdogTargetIPAddress":	"",
		"watchdogPingInterval":	"10",
		"watchdogPingRetries":	"4",
		"cambiumGPSConfigResetTimeout":	"300",
		"wirelessPMPWDSUnknownMACFlood":	"0",
		"dcsEnable":	"0",
		"dcsLogFile":	"\/tmp\/log\/dcsd.log",
		"dcsFrequencyListTwenty":	"",
		"dcsFrequencyListForty":	"",
		"dcsFrequencyListEighty":	"",
		"dcsSwitchThreshold":	"4",
		"dcsSwitchMinHoldTime":	"180",
		"dcsThroughputDropThreshold":	"20",
		"dcsBandwidthMask":	"1",
		"wirelessMACFilterTable": [
		],
		"classificationListTable": [
		],
		"dhcpLanHostTable": [
		],
		"l2FirewallTable": [
		],
		"l3FirewallTable": [
		],
		"membershipVLANTable": [
		],
		"mappingVLANTable": [
		],
		"portForwardingTable": [
		],
		"portForwardingSepMangIPTable": [
		],
		"prefferedAPTable": [
		  {
			"prefferedListTableEntrySSID":	"Cambium-E3K-AP-251",
			"prefferedListTableEntryKEY":	"*hidden*",
			"prefferedListTableSecurityMethod":	"5"
		  },
		  {
			"prefferedListTableEntrySSID":	"Cambium-E3K-AP-252",
			"prefferedListTableEntryKEY":	"*hidden*",
			"prefferedListTableSecurityMethod":	"5"
		  },
		  {
			"prefferedListTableEntrySSID":	"Cambium-E3K-AP-253",
			"prefferedListTableEntryKEY":	"*hidden*",
			"prefferedListTableSecurityMethod":	"5"
		  },
		  {
			"prefferedListTableEntrySSID":	"Cambium-E3K-AP-2",
			"prefferedListTableEntryKEY":	"*hidden*",
			"prefferedListTableSecurityMethod":	"5"
		  },
		  {
			"prefferedListTableEntrySSID":	"Cambium-E3K-AP",
			"prefferedListTableEntryKEY":	"*hidden*",
			"prefferedListTableSecurityMethod":	"5"
		  }
		],
		"snmpTrapTable": [
		],
		"wirelessMIRProfileTable": [
		  {
			"wirelessMIRProfileNumber":	"0",
			"wirelessMIRProfileDescription":	"default",
			"wirelessDLMIR":	"1000000",
			"wirelessULMIR":	"1000000"
		  }
		],
		"wirelessRadiusServerTable": [
		],
		"cambiumIPAliasCnfTable": [
		],
		"cambiumStaticRoutesCnfTable": [
		],
		"networkPPPoEIATable": [
		],
		"wirelessRadiusUser1Certificate":	"",
		"wirelessRadiusUser2Certificate":	"",
		"uhttpdMainPem":	""
	}
}

I’ve edited this config file to redact some sensitive entries. I don’t know if this is your real production config, but I’m erring on the side of caution.

I changed these values:

  • snmpReadOnlyCommunity
  • snmpReadWriteCommunity
  • snmpTrapCommunity
  • wirelessInterfaceEncryptionKey
  • wirelessRadiusUsername
  • wirelessRadiusPassword

There may be other values that are sensitive that I don’t know about, so please be careful when posting config files.

Other than really old firmware I can’t come up with any reason those settings would not be in the config. It seems like maybe at some point after they started including/encrypting the passwords in the .json there was an option to disable that option but if that option is still there I’m not seeing it in 4.6.1 or .2

In fact I just saved the config from a factory default radio (firmware 4.6.2 but it has never had a config loaded/changed) and the accounts stuff is in the config.

I can confirm that cnMaestro json files do change the passwords if the correct commands are added. We onboard each radio with a simple config file, saves a ton of mucking around and installers just need the basic password to get alignment done.