Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
649
Views
0
Helpful
4
Replies

REST API and NCT HTTP Error: 403

pegore
Cisco Employee
Cisco Employee

‎08-22-2017 02:09 PM - edited ‎03-01-2019 03:58 AM

I am installing a fresh cluster using NCT, the NSO is installed, but cannot get the NCT REST working for package install, keep getting a HTTP403: Forbidden error

nct packages -c install --package ncs-4.4-cisco-ios-5.1.5.tar.gz -h 10.29.254.241 --rest-user root --rest-pass <passw> -v

nct_lib(810): HTTP Request = "https://10.29.254.241:8888/api/running/software/packages/_operations/install"

nct_lib(821): HTTP(403) Reply = {"HTTP/1.1",403,"Forbidden"}

Install Package at 10.29.254.241:8888

  ERROR : operation-failed - access denied

this seems like it is working:

curl -k -u <user>:<passw> https://10.29.254.241:8888/api -X GET

<api xmlns="http://tail-f.com/ns/rest" xmlns:y="http://tail-f.com/ns/rest">

  <version>0.5</version>

  <config/>

  <running/>

  <operational/>

  <operations/>

  <rollbacks/>

</api>

Any ideas would be appreciated

Labels:
0 Helpful
4 Replies 4

Jan Lindblad
Cisco Employee
Cisco Employee

‎08-23-2017 02:07 AM

Could you verify that you have the correct credentials (and that the password is duly quoted from the CLI interpreter) by running some other REST operation towards the system, e.g. getting the config?

0 Helpful

pegore
Cisco Employee
Cisco Employee
In response to Jan Lindblad

‎08-23-2017 09:36 AM

Jan,

I am using root as credentials, I have also tried admin:admin, my own login, etc.

Depending on credentials I get not authorized, or forbidden – the last one is based on the root login.if I do an NCT Check, REST is OK.

I have created the admin group and added users to that for aaa login – I am thinking of using local auth to test that, but aaa allows me to ssh to the ncs cli.

Pete

0 Helpful

pegore
Cisco Employee
Cisco Employee
In response to Jan Lindblad

‎08-23-2017 09:43 AM

With only local authentication, here is what I get with a root login:

nct packages --hostsfile hostsfile list -vv --rest-user root --rest-pass

nct_lib(810): HTTP Request = "https://10.29.254.242:8888/api/running/software/packages/_operations/list"

nct_lib(810): HTTP Request = "https://10.29.254.243:8888/api/running/software/packages/_operations/list"

nct_lib(810): HTTP Request = "https://10.29.254.244:8888/api/running/software/packages/_operations/list"

Package Info at 10.29.254.241:8888

HTTP(401) - Unauthorized

0 Helpful

Jan Lindblad
Cisco Employee
Cisco Employee
In response to pegore

‎08-29-2017 03:01 AM

And do you have any NACM rules installed in NSO that allows access from root/admin/... ? If you have a "system install" NSO, you need to configure NACM to allow them yourself.

0 Helpful
Customers Also Viewed These Support Documents