Messages

Hi,

I'm trying to add a ports list to an alias by API

Code Select Expand

def add_client_dstport_alias(cn, cn_ports):
    payload = {
        "alias": {
            "type": "port",
            "enabled": "1",
            "name": cn + '_port',
            "description": cn,
            "content": "8,18",
            "proto": "",
            "updatefreq": "",
            "counters": "0",
            "categories": ""
        }
    }
    return api_post('/api/firewall/alias/addItem', payload)and I got en error:
Entry "8,18" is not a valid port number
I tried different ways to add ports, such like a port range: 8-18, and I got same error. But if I add just one port by API, it works. If I add the other ports on GUI by hand, evreything goes well.

Please help me

regards

Hi,
After reading API documentations, It seems that there's no way to manage CRL list by API ? is that correct ? is so, How can I do that by scripting something? I scripted a dirty python script to play with config.xml file for OTP usage. But I don't think that's very recommended.

Thanks for your helps

I don't know how radius server can help me to manage user's TOTP token. I discovered a magical option who can make user to manage thier own TOTP token at:

System: Settings: Administration: User OTP seed

I create a specific group and associate     System: User Password Manager privilege to it. I added user to this group but, user can not loggin, even the password is correct:


2024-09-24T18:29:40   Informational   configd.py   action allowed system.event.config_changed for user root   
2024-09-24T18:29:39   Notice   audit   /index.php: User logged out for user 'test' from: 172.21.22.15   
2024-09-24T18:29:39   Notice   audit   /index.php: Successful login for user 'test' from: 172.21.22.15

so, as you can see, I'm loggin, and... logged out immediatly, and root did something I don't know what to kick me out of the group.

When give to myself Password Manager privilege on my own profile page, I can loggin to change my password, which is not good since I'm imported from AD, but I don't have options to change or generate TOTP token......

If users can interacte with thier password managment page, that would be perfect, but it seems to bugging or I missed something.

I discoverd that users in /config/config.xml can be modified onlive. So.... I'm always to do it a better way.

Hi,
I've about 850 users to import from Active Directory to opnsense in order to play with openvpn + AD + TOTP authentcation.

Actually, I'm able to import just one single user which works fine. but it there a simple way to import 850 users ( Yeah, I can do it by clicking on cloud) AND generate TOTP token for each of them?

I plan to play with xml config file and restore it with a python script, but it's not very clean, and I've to reboot opnsense to import the new xml config file. Because I didn't find a way to do the job with API....

thanks for your helps.