Problem of Policy user group of webfig vs normal interface

wifix · July 5, 2012, 5:45pm

Hi,

We experience a problem on policy group on user that need to access onli on webfig interface.
We are happy to leave the customers make some changes like firewall nat forward and other things alone with a custom webfig interface. very useful.

We have setted up a client interface on webfig creating a dedicated group (name=“cliente” policy=reboot,read,write,password,web,!local,!telnet,!ssh,!ftp,!policy,!test,!winbox,!sniff,!sensitive,!api skin=client) for the group and associating an user to this group just to access some parameter.

We give to client access to url (ex. http://192.168.0.1/webfig) and all is ok.

But, the problem that we have experience is this:
If the customer access to the standard url without “/webfig” (ex. http://192.168.0.1), and he insert the same passoword we have setted up on group “cliente”, he is able to login and make the change according to the policy of the group we have created, but he can also make some more change, because we are not able to customize standard interface tab like in webfig.

Is there any way to disable standard interface, for example introducing in the user group a new checkbox, named “webfig” that if if checked, but is uncheckd web, the user can only access to webfig configuration ?

Thanks in advance

jandafields · July 8, 2012, 4:41pm

It should not matter if they go to /webfig or not. When you login with 192.168.0.1, it takes you automatically to /webfig after they type their username and password.

OR… are you saying that they are logging in with winbox instead of webfig???

wifix · July 9, 2012, 10:43pm

Hi, thanks for the response.

Look at the image i post and let me know if i clarify your point of view.

Thanks

jandafields · July 9, 2012, 11:17pm

how can you be getting that page with 5.18??? that looks like the page from the OLD router versions.

Are you sure all of your packages are up to date?

This is what it is supposed to look like when you go to http://192.168.0.1

wifix · July 12, 2012, 10:43pm

Hi,
my routerboard was upfated from 4.17 version to 5.18.
Maybe i have that page because of a seller custom package ?

Thanks in advance

ditonet · July 12, 2012, 11:14pm

Use Netinstall (http://wiki.mikrotik.com/wiki/Netinstall) to reinstall RouterOS.
All unwanted branding (seller package) will be removed.

HTH,