Adding 400 users to local user manager

[Wyrm]

Hi,
for one customer I need to add around 400 users to local user manager. These users will be used for captive portal. Is there some limit on it ? How much users could be in system ?

I have found that it is possible by XML configuration script which I restore, but only system part, where I manualy edit xml file and add user details...but it is not so comfortable...

Does anybody has some good advice how to add them by some script ? Or is there any option how to add them ?
I have them in Excel table with fields First Name, Surname, Mail and Password. Customers will accept mail as username and I put to all same password. Each user will then change their password by web gui.

Thanks for some reply..

 

[bartjsmit]

Are these users in a directory somewhere? My first port of call would be Radius.

Bart...

[Wyrm]

Hi,
I have only excel table with names, mails and details.

They are in customers google education account - so they are all google accounts, but customer could not use two-factor authentication. So they are in google, but I have only exported table in excel...

Is there some way how to create them ?

[fabian]

convert it to a CSV, read it line by line and use a shell script with curl to add them to the freeradius plugin via the API. Then authenticate against the local freeradius.

[fvanroie]

If you have PowerShell installed on a workstation, you can easily import the users using my PS_OPNsense PowerShell Module. It's still in development but this should work:

Code: [Select]

Import-Module PS_OPNsense
Connect-OPNsense -Url $url -Credential $apicredential -SkipCertificateCheck

# Import users from CSV file
$users = Import-Csv -Path U:\opnsense\passwords.csv

# Loop the users
foreach ($user in $users) {
    # Build the Freeradius user JSON string
    $json = '{{ "user": {{ "enabled": 1, "password": "{0}", "username": "{1}" }} }}' -f $user.password, $user.username

    # Invoke the API call to create the user
    Invoke-OPNsenseCommand -Module freeradius -Controller user -Command adduser -Json $json -Method POST
}

# List all the Freeradius users
Get-OPNsenseItem -Freeradius User

Disconnect-OPNsense
I'm biassed towards PowerShell and it is very suitable for jobs like this. The Invoke-Command is a bit of a hack because I haven't implemented the New-OPNsenseItem cmdlet yet. But once you get the hang of the API it's fairly straightforward to script against OPNsense.

[Wyrm]

Hi,
I have tried to use APi, but powershell shows errors when I want to connect to opnsense server:

Connect-OPNsense : Cannot process argument transformation on parameter 'Secret'. Cannot convert the "<secret code>" value of type "System.String" to type "System.Security.SecureString".
At line:2 char:149
+ ... 4Uq -Secret <secret code> ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: ( [Connect-OPNsense], ParameterBindingArgumentTransformationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Connect-OPNsense

When I try to use this function it also needs authentification and when i fill in login and password it is not accepting it...

What is needed to work with APi other than API key ?

[Wyrm]

Hi,
I have found problem itself - I have typed space " " in secret key, so the script showed errors. No I corrected this and connect works. I will prepare user import script and I hope it will do the work 

[Wyrm]

So I tested your script and connection to server works but adding user do not work. It simply does not add users.
Is there some other command I could run to add users? Or is there some problem with syntax? I tried to send commands directly and response was "failed".

Thanks for answer

[mimugmail]

Did you realized that it's for FreeRADIUS plugin? It's not for real local users, so it also wont work with 2FA.

[Wyrm]

I know it. But customer do not want to use 2FA. So I need only users to put in. Is there any possibility to make script to add user to local user manager ? I mean not radius but normal users ?
I do not see in API reference any info about possibility to add user.
Is there some way ?

[mimugmail]

Local Users are not API enabled

[franco]

Still, you could point a new Auth Server to the internal FreeRADIUS plugin and use it for system authentication.

[mimugmail]

How is 2FA implemented in the system? Perhaps it's possible to connect it with Radius Users?

[Wyrm]

Still, you could point a new Auth Server to the internal FreeRADIUS plugin and use it for system authentication.

I could do but there is still problem how to put all the users from csv file to system. It is the main problem...I have to put them all by hand now...or is another possibility ?

[fabian]

a simple shell script adding one per row?
cat file.csv | while read line; do
c1=$(echo $line | cut -d',' -f1)
...
curl ... -H "Content-Type: application/json" --data "{json data}"
done;