Hi there,
I am currently configuring a wireless bridge on RB911’s using RouterOS 6.5 for a customer and have been using design skin to lock down options for the customer as they have a habit of messing with the configurations.
The problem I am having is that I have left Policy unchecked in Group Policies so that the Design Skin button could be hidden, but this now means that the Reset Configuration no longer works cause there is no permissions, so customer cant reset if they mess something up. If I check Policy then Reset Configuration works but that means the Design Skin button is then displayed.
Does anyone know of a way that Design Skin can be hidden but Reset Configuration can still be used?
Create a basic default script that at minimum sets the IP address of the router so the customer can log back in using the skin. Upload this script to the router.
Create a script that resets the config, something like:
/system reset-configuration no-defaults=yes skip-backup=yes keep-users=yes run-after-reset=DefaultConfig.rsc3. Set the customer’s skin to allow them to run scripts but not edit or create new ones. Of course if they need the ability to edit or create scripts, this won’t work.
See the attached .json file for an example skin. test.json.txt (1.37 KB)
Another option would be to use the API to create a tailored bit of software for accessing only the features you want. This would be the most customizable but the most work.
Have made some small progress with the user skin but not with the reset configuration. Am not as familiar with scripting and am a bit GUI reliant unfortunately so am getting a crash course in scripting
Basically I have a default configuration script which I am loading onto RB911 with ROS 6.5 using Netinstall. Am then branding the unit afterwards with .dbk file which includes the user skin.
I am not able to assign the skin to the user in the basic config script as it doesn’t recognise the skin which has not yet been branded to the unit so I named the user skin default instead which has helped so at least after a reset config the skin is assigned to the user.
I am still not able to use reset config button within skin unless Policy is checked within Group policies (hence then showing Design Skin button which I am trying to keep hidden) so a reset config script seems to be the only way to do it.
One other issue within the skin relating to Bandwidth Test.
We only wanted the customer to access the unit via Webfig so the GroupPolicies I checked were Local, Reboot, Write, Test, Password, Read and Web. But if I want to run Bandwidth Test it wont let me unless I have winbox policy checked?? If don’t check winbox I just get Authentication Failure
You can upload the skin to the router first by using winbox (drag and drop .json file into the skins folder), or using ftp. Generally I only use netinstall for recovery, and winbox for general config / setup.
Yes.
If you don’t want them using winbox, you could always turn off winbox in IP > Services (hopefully that won’t break the Bandwidth Test). Or leave it on, but set Available From IP range to a range that is not theirs.
Before even getting to the skins, here’s the way I went about testing this out. Some of these steps may be relevant to what you’re trying to do, some may not, but this might give you an idea of the method I used.
Configure and set up a new router with the “default” config.
Log into the router with winbox/webfig an go to System > Scripts. And add a new script with the code mentioned earlier.
Open a Terminal window and export the router’s config to a file on the router:
/export file=DefaultConfig4. Make a change of some kind that’s not part of the default config (change System > Identity for example).
Run the new script from step 2. Router should reboot, reset the config, and then apply the DefaultConfig.rsc script.
Log back in and check…
As long as that worked, the basic functionality is working. Then you can work on tweaking skins, etc. Let me know if you have any questions.
Once again Skot thank you for your time and excellent reply. I will go try that now. I am self taught when it comes to RouterOS but was always told best way to install default script was with Netinstall so that is what I have always done.
I will try your method now and let you know the results. Once again thanks for your time and assistance, is greatly appreciated
Hi Skot,
I tried the reset config script you suggested but when unit rebooted had no IP address, ports were missing from the bridge and it didn’t keep the users either, all that remained was the wireless settings. Back to the drawing board
Now that you mention it, I had forgotten that during my testing I ran across a similar problem, which I’ll explain in a bit. What I would do is break things down step by step, making sure each step is working until you figure out where the problem is.
Connect to the router with winbox using the MAC address (click the […] button, and click the router’s MAC). Configure at minimum user/password and group. Then from the Terminal, reset the config with keep-users=yes to make sure this step is working:
/system reset-configuration skip-backup=yes keep-users=yes2. Log in and make sure user / group settings are kept.
Next, I would re-configure the router with the steps at the bottom of my last post). Go to System > Scripts and run the script. After the router reboots, log in with winbox using the MAC address.
Open the Files menu and drag+drop the DefaultConfig.rsc file to your desktop. Open this file with notepad or a text editor of your choice.
Back on the router, open Log
Compare the log to your DefaultConfig.rsc file. This is where I found the problem in my script. As you can see in the screenshot, the log shows a bunch of “device changed” entries that correspond to lines 4-18. Then log shows “wireless security profile” was changed, which corresponds to lines 19-20 of the script. Log then shows “hotspot user…” which corresponds to lines 21-23 of the script. The “port changed” line corresponds to lines 24-25. After that we see that ether9 and ether2-master are both running (because I have things plugged into them, not because of the next line(s) in the script). But after that, there no more logs that correspond to the script. Nothing about user-manager, or user groups, or ip address. As you can see based on the script on lines 41-42, I should have an IP address set on the router, but as you see in the winbox window, the Address List is empty. So, we probably have errors or problems that in the script that are causing it to stop.
The next block that should have run (after “port changed”) was /tool user-manager customer, so I’ll copy and paste (you have to right-click and select paste, ctrl+v won’t work) it into a terminal window. As you can see, it throws up an error. So, apparently this block is causing the script to stop.
So, I’ll try the next block, same thing:
The “/user group” block also fails because when I reset the config earlier with keep-users=yes, the group still exists.
So, basically I had to go block by block through the script to figure out which ones were causing errors. Depending on the error, I had to either 1) Removed the block of code (as in the examples above because the settings already existed) or 2) Figure out the problem and a solution
After fixing the script, save it. Then copy it back to the router to overwrite the old one (drag + drop the file into the winbox Files window, use FTP, etc).
Next, to test the newly edited file, manually run the reset line from a Terminal window:
/system reset-configuration no-defaults=yes skip-backup=yes keep-users=yes run-after-reset=DefaultConfig.rsc9. After a reboot, if you’re feeling lucky, try connecting to the router using the IP address, which would confirm that the script ran successfully (well… at least through the IP section).
From there, check to see if the entire script ran successfully (using logs again). And finally, go to System > Scripts and run the reset config script to make sure it is working.
