Hi, I am trying this script to report each lease of my DHCP server (RB4011) but there is some problem in the “ether4” part as I don’t get the AP information.
:if ($leaseBound = 1) do={
:do {
/ip dhcp-server lease
:local Comment [get value-name=comment number=[find address=$leaseActIP]]
/interface/bridge/host
:local interFace [get [find mac-address=$leaseActMAC] on-interface]
:if ($interFace~"ether2") do={:set interFace "NAS"}
:if ($interFace~"^5G") do={:set interFace "5G Home"}
:if ($interFace~"^2G") do={:set interFace "2G Home"}
:if ($interFace~"^ether4") do={
:local iFaceAP ([/system ssh-exec 192.168.88.2 ":put [/interface/wifiwave2/registration-table get [find mac-address=$leaseActMAC] interface]" as-value]->"output")
:set interFace ("AP Salon"." ".$iFaceAP)
}
:log warning "DHCP Info: $"lease-hostname" $leaseActMAC $leaseActIP $interFace"
} on-error={:log error "Notification failure"}
}
If I try just this line in CLI, it does work.
:put ([/system ssh-exec 192.168.88.2 ":put [/interface/wifiwave2/registration-table get [find mac-address=54:13:79:0E:2F:22] interface]" as-value]->"output")
Do you see any failure?
Thanks.
avoid on script…
Apparently nothing wrong…
Probably dhcp script have less right than “normal script”…
:if ($leaseBound = 1) do={
:local interFace “”
/interface bridge host
:set interFace [get [find where mac-address=$leaseActMAC] on-interface]
:if ($interFace~“ether2”) do={:set interFace “NAS”}
:if ($interFace~“^5G”) do={:set interFace “5G Home”}
:if ($interFace~“^2G”) do={:set interFace “2G Home”}
:if ($interFace~“ether4”) do={
:local iFaceAP ([/system ssh-exec 192.168.88.2 “:put [/interface/wifiwave2/registration-table get [find where mac-address=$leaseActMAC] interface]” as-value]->“output”)
:set interFace “AP Salon $iFaceAP”
}
:log info “DHCP Info: $“lease-hostname” $leaseActMAC $leaseActIP $interFace”
}
Maybe you are right Rex, that it is a problem of execution permissions when it involves executing a command on another mikrotik (via SSH with RSA keys).
Thanks.
Hi,
I have found a solution to the problem of using the ssh-exec command from the lease script tab of the dhcp-server since it seems that from this part it does not use the RSA keys assigned to the administrator user (possible bug?).
- Create a Scheduler task with the following content:
(runs with all permissions assigned to admin every 2 seconds, but is configured to be disabled).
/system scheduler
add disabled=yes interval=2s name=dhcplease on-event="/system script run dhcplease" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2023-09-06 start-time=17:00:00 \
owner=admin
- Define a script to be executed from the Scheduler task with the rights of the admin user.
:global leaseCom
:global leaseIP
:global leaseMAC
:global leaseName
:local interFace ""
:local iFaceAP ""
/system scheduler set disabled=yes dhcplease
/interface bridge host
:set interFace [get [find where mac-address=$leaseMAC] on-interface]
:if ($interFace~"ether2") do={:set interFace "NAS"}
:if ($interFace~"^5G") do={:set interFace "5G Home"}
:if ($interFace~"^2G") do={:set interFace "2G Home"}
:if ($interFace~"ether4") do={
:local iFaceAP ([/system ssh-exec 192.168.88.2 ":put [/interface/wifiwave2/registration-table get [find where mac-address=$leaseMAC] interface]" as-value]->"output")
:set interFace "AP Salon $iFaceAP"
}
:log info "DHCP Info: $leaseName $leaseMAC $leaseIP $interFace"
- Contents of the Lease script (DHCP-Server)
Converts internal variables to global variables for use in external script
:if ($leaseBound = 1) do={
/ip dhcp-server lease
:global leaseCom [get value-name=comment number=[find where address=$leaseActIP]]
:global leaseName $"lease-hostname"
:global leaseIP $leaseActIP
:global leaseMAC $leaseActMAC
/system scheduler set disabled=no dhcplease
}
I haven’t seen any other way to do it but it works
Mikrotik support should take into account that you can use the RSA keys of “admin” from Lease script.
Under DHCP Server scripts is used the user *sys, not the user admin
Is the same user and rigths that ppp profile scripts have:
[RexTended@MATRIX] /system script job> pri detail
0 owner=“*sys” policy=*0,local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp,
*13,*14,*15,*16,*17,*18,*19,*1A,*1B,*1C,*1D,*1E,*1F
started=sep/07/2023 13:26:07 type=command
Is the same user that NetWatch use, but netwatch have limited rights:
[RexTended@MATRIX] /system script job> pri detail
0 owner=“*sys” policy=reboot,read,write,test started=sep/07/2023 13:34:29 type=command
Oh…
Just for that:
https://forum.mikrotik.com/viewtopic.php?t=199378
Thanks Rex, for your escalation of this issue.
BR.
Rex, In the tests you have performed and from what you have opened the other thread in the General forum, how did you create the user *sys ? it would be like the linux “root” user, right ?
You tell me that the DHCP-Server script uses this *sys user, so if you have the highest rights, why don’t you connect to another Mikrotik (on the same LAN) and run a remote command with /system-exec, you shouldn’t have any problems.
As you say, ideally they should implement the option to choose the user type to run the dhcp-server script. Any user with the group=full should be able to run any script anywhere on RouterOS.
PS. I would like to know also with the opinion of Mikrotik staff.
(sorry for my bad English, I use translator)
Is a predefined user in RouterOS, I do not create the user.
The system ssh keys generated at the RouterOS install are different, and I do not test to export from one and apply the same on the other.
Exactly.
I hope someone official reply
Really… 