Community discussions

MikroTik App
 
User avatar
MichelePietravalle
Trainer
Trainer
Topic Author
Posts: 99
Joined: Sun Apr 19, 2009 9:03 pm

"Winbox" command and Dude users

Wed Sep 29, 2010 11:18 am

Hi, i have a question:
I need to create an unpriviliged user (read-only) in dudethat can use winbox to all network routeros but read-only also in routeros.

if i add a new user to Dude in read-only, works as read-only in The Dude but for winbox connection, it will uses the user/password saved on the object!
it can be overrided?

Thanks,

michele Pietravalle
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24605
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: "Winbox" command and Dude users

Wed Sep 29, 2010 11:25 am

it's not possible to store different usernames in Dude objects, based on who uses the dude. The map is universal to all users. The only option is to not specify any password in Dude devices, and let each user enter their own when they connect
No answer to your question? How to write posts
 
User avatar
MichelePietravalle
Trainer
Trainer
Topic Author
Posts: 99
Joined: Sun Apr 19, 2009 9:03 pm

Re: "Winbox" command and Dude users

Wed Sep 29, 2010 11:29 am

Thanks, Normis!
But it can be a good upgrade; for example the first level of assistance can only see the maps to get some simple information (up/down - link full of traffic, etc), second level can access to customers CPE, third level can access also to BTS& core routers, etc etc!
 
User avatar
AnRkey
Member Candidate
Member Candidate
Posts: 119
Joined: Tue Sep 15, 2009 6:01 pm

Re: "Winbox" command and Dude users

Wed Feb 09, 2011 9:30 am

Yeah, I agree. Keep this in mind for version 4
MTCNA
 
wildbill442
Forum Guru
Forum Guru
Posts: 1050
Joined: Wed Dec 08, 2004 7:29 am
Location: Sacramento, CA

Re: "Winbox" command and Dude users

Fri Feb 11, 2011 2:04 am

My work around for this was to use a read only user object for all mikrotik devices, and then login directly with privileged account if management was needed.

Or since I'm using a RADIUS backend, simply changing the user group in the mysql server for the RADIUS user will switch it to readonly rw full etc..


But I agree, if we could get the permissions of the dude user to mirror the permissions in ROS that'd be great. Definite +1 for a feature request.
William Burnett
Network Engineer
 
CyberT
Member Candidate
Member Candidate
Posts: 172
Joined: Tue Feb 01, 2011 1:39 pm
Location: Johannesburg, South Africa
Contact:

Re: "Winbox" command and Dude users

Mon Apr 18, 2011 8:29 pm

Ok i found a work around for you guys for now.

what you can do is under tools add a new tool called
winboxreadonly
winboxfull
winbox client
and so forth

under the commands for them do the following

for read only
I:\Users\admin\Desktop\winbox.exe [Device.FirstAddress] <<DeviceReadOnlyUser>> <<DEVICEREADONLYPASSWORD>>

For full
I:\Users\admin\Desktop\winbox.exe [Device.FirstAddress] <<DeviceFULLUser>> <<DEVICEFULLPASSWORD>>

These are simplified
Its obv WIBOXFULLPATH DEVICEIP DEVICEUSER DEVICEPASS

Now under users management Disable the Winbox u don't want them to use under the available tools you will find that under the group management.

I know this doesn't quite address the radius functionality but its a workaround

Regards

CyberT

Carma Me if this helped u
If this helped you then please slam that Karma button :-)
 
troy
Member
Member
Posts: 310
Joined: Thu Jun 30, 2005 6:47 pm

Re: "Winbox" command and Dude users

Wed Apr 20, 2011 8:54 pm

Not that it matters anyways... I can open up a port to The Dude, but Winbox can't connect. I could open a port for winbox, but that only gets me to one router. Stuck using terminal window only.

The Dude needs to proxy/relay the Winbox connection so we can get into the network from outside.
 
CyberT
Member Candidate
Member Candidate
Posts: 172
Joined: Tue Feb 01, 2011 1:39 pm
Location: Johannesburg, South Africa
Contact:

Re: "Winbox" command and Dude users

Sun Apr 24, 2011 10:20 am

remote connection does work provided that there is a TIK internal that is available external, another brutal option is to have Nat forwards on the tik that can see external and internal.
If this helped you then please slam that Karma button :-)
 
kakoj
just joined
Posts: 1
Joined: Tue Nov 22, 2011 9:33 am

Re: "Winbox" command and Dude users

Tue Nov 22, 2011 9:41 am

Ok i found a work around for you guys for now.

Now under users management Disable the Winbox u don't want them to use under the available tools you will find that under the group management.

I've created a new instance of winbox named winbox-ro as it has mentioned by cyberT. But can't find where I can disable the original winbox for a specified user. Could anybody help? would be urgent to solve this, cause I have to do other way if I can't! pleaseplease!!!

Thanks a lot!

Who is online

Users browsing this forum: No registered users and 8 guests