Adding 400 users to local user manager

Started by Wyrm, July 19, 2018, 03:52:45 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
July 19, 2018, 03:52:45 PM
Hi,
for one customer I need to add around 400 users to local user manager. These users will be used for captive portal. Is there some limit on it ? How much users could be in system ?

I have found that it is possible by XML configuration script which I restore, but only system part, where I manualy edit xml file and add user details...but it is not so comfortable...

Does anybody has some good advice how to add them by some script ? Or is there any option how to add them ?
I have them in Excel table with fields First Name, Surname, Mail and Password. Customers will accept mail as username and I put to all same password. Each user will then change their password by web gui.

Thanks for some reply..

July 20, 2018, 08:20:34 AM #1
Are these users in a directory somewhere? My first port of call would be Radius.

Bart...
July 20, 2018, 10:55:42 PM #2
Hi,
I have only excel table with names, mails and details.

They are in customers google education account - so they are all google accounts, but customer could not use two-factor authentication. So they are in google, but I have only exported table in excel...

Is there some way how to create them ?
July 20, 2018, 11:08:38 PM #3
convert it to a CSV, read it line by line and use a shell script with curl to add them to the freeradius plugin via the API. Then authenticate against the local freeradius.
July 21, 2018, 10:28:44 PM #4 Last Edit: July 21, 2018, 10:36:42 PM by fvanroie
If you have PowerShell installed on a workstation, you can easily import the users using my PS_OPNsense PowerShell Module. It's still in development but this should work:

Code Select
Import-Module PS_OPNsense
Connect-OPNsense -Url $url -Credential $apicredential -SkipCertificateCheck

# Import users from CSV file
$users = Import-Csv -Path U:\opnsense\passwords.csv

# Loop the users
foreach ($user in $users) {
    # Build the Freeradius user JSON string
    $json = '{{ "user": {{ "enabled": 1, "password": "{0}", "username": "{1}" }} }}' -f $user.password, $user.username

    # Invoke the API call to create the user
    Invoke-OPNsenseCommand -Module freeradius -Controller user -Command adduser -Json $json -Method POST
}

# List all the Freeradius users
Get-OPNsenseItem -Freeradius User

Disconnect-OPNsense

I'm biassed towards PowerShell and it is very suitable for jobs like this. The Invoke-Command is a bit of a hack because I haven't implemented the New-OPNsenseItem cmdlet yet. But once you get the hang of the API it's fairly straightforward to script against OPNsense.
August 31, 2018, 10:01:28 AM #5
Hi,
I have tried to use APi, but powershell shows errors when I want to connect to opnsense server:

Connect-OPNsense : Cannot process argument transformation on parameter 'Secret'. Cannot convert the "<secret code>" value of type "System.String" to type "System.Security.SecureString".
At line:2 char:149
+ ... 4Uq -Secret <secret code> ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Connect-OPNsense], ParameterBindingArgumentTransformationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Connect-OPNsense

When I try to use this function it also needs authentification and when i fill in login and password it is not accepting it...

What is needed to work with APi other than API key ?

September 01, 2018, 01:58:57 AM #6
Hi,
I have found problem itself - I have typed space " " in secret key, so the script showed errors. No I corrected this and connect works. I will prepare user import script and I hope it will do the work  ;)
September 01, 2018, 01:26:09 PM #7
So I tested your script and connection to server works but adding user do not work. It simply does not add users.
Is there some other command I could run to add users? Or is there some problem with syntax? I tried to send commands directly and response was "failed".

Thanks for answer
September 01, 2018, 03:00:36 PM #8
Did you realized that it's for FreeRADIUS plugin? It's not for real local users, so it also wont work with 2FA.
September 02, 2018, 12:42:36 PM #9
I know it. But customer do not want to use 2FA. So I need only users to put in. Is there any possibility to make script to add user to local user manager ? I mean not radius but normal users ?
I do not see in API reference any info about possibility to add user.
Is there some way ?
September 02, 2018, 02:00:16 PM #10
Local Users are not API enabled
September 03, 2018, 03:48:42 PM #11
Still, you could point a new Auth Server to the internal FreeRADIUS plugin and use it for system authentication.
September 03, 2018, 07:32:14 PM #12
How is 2FA implemented in the system? Perhaps it's possible to connect it with Radius Users?
September 03, 2018, 09:16:04 PM #13
Quote from: franco on September 03, 2018, 03:48:42 PM
Still, you could point a new Auth Server to the internal FreeRADIUS plugin and use it for system authentication.
I could do but there is still problem how to put all the users from csv file to system. It is the main problem...I have to put them all by hand now...or is another possibility ?
September 03, 2018, 09:22:10 PM #14 Last Edit: September 03, 2018, 09:23:44 PM by fabian
a simple shell script adding one per row?
cat file.csv | while read line; do
c1=$(echo $line | cut -d',' -f1)
...
curl ... -H "Content-Type: application/json" --data "{json data}"
done;
Print
Go Up Pages1 2
User actions