Solved: Fresh install webui login failed and access denied on load merge

logans1597 · ‎06-24-2022

Hello,

It's my first time installing nso on my mac m1 laptop. I did it via local install and ncs_cli -u admin works fine. I can do "?" and see many commands that I have access to. After searching for hours on how to solve this, it seemed like I need to get access to aaa authentication. However, when I do either one of the code below, I get syntax error: element does not exit.

show configuration aaa authentication users user
show running-config aaa authentication users user

Can someone tell me what Im doing wrong? I can't access webui using default admin/admin credentials or do load merge load.xml because I get access denied error.

Nabsch · ‎06-28-2022

You should have a default config for aaa and nacm .

Here the config that you should add

You have to use ncs_cli

Here the step:

I create a user admin that using a password admin . You can change it if you want.

ncs_cli -u admin -C --noaaa
config
load merge terminal
Copy paste the configuration below ( aaa & nacm)
commit

aaa authentication users user admin
 uid        65534
 gid        65534
 password   admin
 ssh_keydir /var/ncs/homes/admin/.ssh
 homedir    /var/ncs/homes/admin
!

nacm write-default permit
nacm groups group admin
 user-name [ admin ]
!
nacm rule-list admin
 group [ admin ]
 rule any-access
  action permit
 !
 cmdrule any-command
  action permit
 !
!

It should solve your problem

View solution in original post

Nabsch · ‎06-24-2022

Hello,

Can you try to use this command since you have an issue related to AAA.

 ncs_cli -u admin -noaaa

Then execute the commands the show command aaa and give us the output that you got

logans1597 · ‎06-24-2022

I was little confused on the commands you wrote but here is the result

18:24@test-rundir:~$ ncs_cli -u admin -noaaa

User admin last logged in 2022-06-24T21:52:31.394918+00:00, to Jungs-MacBook-Pro, from 127.0.0.1 using cli-console
admin connected from 127.0.0.1 using console on Jungs-MacBook-Pro.local
admin@ncs> show command aaa
----------------^
syntax error: missing display group
[error][2022-06-24 18:32:01]
admin@ncs> aaa
-----------^
syntax error: expecting
  clear          - Clear parameter
  compare        - Compare running configuration to another configuration or a file
  configure      - Manipulate software configuration information
  describe       - Display transparent command  information
  exit           - Exit the management session
  file           - Perform file operations
  help           - Provide help information
  id             - Show user id information
  leaf-prompting - Automatically query for leaf values
  monitor        - Real-time debugging
  ping           - Ping a host
  ping6          - Ping an ipv6 host
  quit           - Exit the management session
  request        - Make system-level requests
  script         - Script actions
  set            - Set CLI properties
  set-path       - Set relative show path
  show           - Show information about the system
  source         - File to source
  switch         - Change CLI style
  templatize     - Find patterns in subtree.
  top            - Exit to top level and optionally run command
  traceroute     - Trace the route to a remote host
  up             - Exit one level of configuration
[error][2022-06-24 18:32:22]
admin@ncs>

Nabsch · ‎06-24-2022

Sorry for that i was talking about the command that were in your inital question .

Can you execute the command

show configuration aaa authentication users user
show configuration nacm

logans1597 · ‎06-25-2022

Here is the result of the commands

19:02@test-rundir:~$ ncs_cli -u admin -noaaa

User admin last logged in 2022-06-24T21:52:31.394918+00:00, to Jungs-MacBook-Pro, from 127.0.0.1 using cli-console
admin connected from 127.0.0.1 using console on Jungs-MacBook-Pro.local
admin@ncs> config
Entering configuration mode private
[ok][2022-06-25 11:48:14]

[edit]
admin@ncs% show configuration aaa authentication users user
----------------^
syntax error: element does not exist
[error][2022-06-25 11:48:17]

[edit]
admin@ncs% show configuration nacm
----------------^
syntax error: element does not exist
[error][2022-06-25 11:48:22]

[edit]
admin@ncs% exit

Nabsch · ‎06-25-2022

You don’t need to be in the config mode . Can you try the command again without the command config .

logans1597 · ‎06-27-2022

Hey Nabsch, hope you had a great weekend. Here is the output without the config mode.

9:09@test-rundir:~$ ncs_cli -u admin -noaaa

User admin last logged in 2022-06-24T21:52:31.394918+00:00, to Jungs-MacBook-Pro, from 127.0.0.1 using cli-console
admin connected from 127.0.0.1 using console on Jungs-MacBook-Pro.local
admin@ncs> show configuration aaa authentication users user
No entries found.
[ok][2022-06-27 09:53:20]
admin@ncs> show configuration nacm
No entries found.
[ok][2022-06-27 09:53:26]
admin@ncs>

Nabsch · ‎06-28-2022