Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - knibo

Pages1
#1
25.1, 25.4 Production Series / Re: missing menu entrie
April 02, 2025, 05:51:09 PM
Hi Cedrik,

Thank you for solving my problem. The patch worked perfectly.
Is the change included in the next update?

Did you see the list of other menu items in my post that are still missing?
These are not important for me, but I noticed them while searching.

Have a nice day
Michael
#2
25.1, 25.4 Production Series / Re: missing menu entrie
April 02, 2025, 12:54:25 PM
Hello Eric,

thank you for your reply.

Quote from: EricPerl on April 01, 2025, 09:09:07 PMEverything that can be updated via GUI/API will eventually be overwritten with data coming from the config.xml file.

In this case, there is a privilege for Kea.
The privileges dropdown has an entry called "Services: DHCP: Kea(v4)" that sounds promising.

In my post i mean exactly this entry in the dropdown, but the acl behind it is not correct.
I have changed the ACL on the cli via ssh as above.

The original file looks like this:

<acl>
    <page-dhcp-kea-v4>
        <name>Services: DHCP: Kea(v4)</name>
        <description>Allow access to the KEA dhcp4 server</description>
        <patterns>
            <pattern>ui/kea/dhcp/v4</pattern>
            <pattern>api/kea/dhcpv4/*</pattern>
            <pattern>api/kea/leases4/*</pattern>
            <pattern>api/kea/service/*</pattern>
        </patterns>
    </page-dhcp-kea-v4>
</acl>

cu Michael
#3
25.1, 25.4 Production Series / missing menu entrie
April 01, 2025, 08:18:17 PM
Hello everyone,

I have created an admin user on OPNsense without "All pages" but with rights for Kea. Unfortunately, I was missing some menu entries for Kea DHCP. After some searching, I came across the topic ACL and customised the ACL for Kea.

root@fw05:~ # cat /usr/local/opnsense/mvc/app/models/OPNsense/Kea/ACL/ACL.xml
<acl>
    <page-dhcp-kea-v4>
        <name>Services: DHCP: Kea(v4)</name>
        <description>Allow access to the KEA dhcp4 server</description>
        <patterns>
            <pattern>ui/kea/dhcp/v4</pattern>
            <pattern>ui/kea/dhcp/ctrl_agent</pattern>
            <pattern>ui/kea/dhcp/leases4</pattern>
            <pattern>ui/diagnostics/log/core/kea</pattern>
            <pattern>api/kea/dhcpv4/*</pattern>
            <pattern>api/kea/ctrl_agent/*</pattern>
            <pattern>api/kea/leases4/*</pattern>
            <pattern>api/kea/service/*</pattern>
        </patterns>
    </page-dhcp-kea-v4>
</acl>

This works for me so far. Unfortunately, the ACL is overwritten during the update.
Can I make the change persistent? Or can you apply the changes?

For testing purposes, I created a user with all privileges except "All pages" and compared it with the root user. If I have understood this correctly, the two users should be identical. Except for Kea, other menu entries are missing, too.

System - Log Files - Audit
System - Log Files - Boot
System - Diagnostics - Statistics
VPN - IPsec - Pre-Shared Keys
VPN - IPsec - Advanced Settings
VPN - IPsec - Lease Status
VPN - WireGuard - Log File
Services - DHCRelay - Log File
Services - Monit - Log File
Services - Network Time - GPS
Services - Network Time - PPS

Thanks in advance

Greetings Michael
Pages1