Hi, i have a question:
I need to create an unpriviliged user (read-only) in dudethat can use winbox to all network routeros but read-only also in routeros.

if i add a new user to Dude in read-only, works as read-only in The Dude but for winbox connection, it will uses the user/password saved on the object!
it can be overrided?

Thanks,

michele Pietravalle

it's not possible to store different usernames in Dude objects, based on who uses the dude. The map is universal to all users. The only option is to not specify any password in Dude devices, and let each user enter their own when they connect

Thanks, Normis!
But it can be a good upgrade; for example the first level of assistance can only see the maps to get some simple information (up/down - link full of traffic, etc), second level can access to customers CPE, third level can access also to BTS& core routers, etc etc!

Yeah, I agree. Keep this in mind for version 4

My work around for this was to use a read only user object for all mikrotik devices, and then login directly with privileged account if management was needed.

Or since I'm using a RADIUS backend, simply changing the user group in the mysql server for the RADIUS user will switch it to readonly rw full etc..


But I agree, if we could get the permissions of the dude user to mirror the permissions in ROS that'd be great. Definite +1 for a feature request.

Ok i found a work around for you guys for now.

what you can do is under tools add a new tool called
winboxreadonly
winboxfull
winbox client
and so forth

under the commands for them do the following

for read only
I:\Users\admin\Desktop\winbox.exe [Device.FirstAddress] <<DeviceReadOnlyUser>> <<DEVICEREADONLYPASSWORD>>

For full
I:\Users\admin\Desktop\winbox.exe [Device.FirstAddress] <<DeviceFULLUser>> <<DEVICEFULLPASSWORD>>

These are simplified
Its obv WIBOXFULLPATH DEVICEIP DEVICEUSER DEVICEPASS

Now under users management Disable the Winbox u don't want them to use under the available tools you will find that under the group management.

I know this doesn't quite address the radius functionality but its a workaround

Regards

CyberT

Carma Me if this helped u

Not that it matters anyways... I can open up a port to The Dude, but Winbox can't connect. I could open a port for winbox, but that only gets me to one router. Stuck using terminal window only.

The Dude needs to proxy/relay the Winbox connection so we can get into the network from outside.

remote connection does work provided that there is a TIK internal that is available external, another brutal option is to have Nat forwards on the tik that can see external and internal.

Ok i found a work around for you guys for now.

Now under users management Disable the Winbox u don't want them to use under the available tools you will find that under the group management.

I've created a new instance of winbox named winbox-ro as it has mentioned by cyberT. But can't find where I can disable the original winbox for a specified user. Could anybody help? would be urgent to solve this, cause I have to do other way if I can't! pleaseplease!!!

Thanks a lot!