New Installer / Sensitive Network Info

Kick back and hang out in the lounge and talk about almost anything.
User avatar
rkelly1
Experienced Member
 
Posts: 147
Joined: Wed Aug 20, 2014 10:06 pm
Location: Clermont, FL
Has thanked: 12 times
Been thanked: 27 times

New Installer / Sensitive Network Info

Thu Apr 09, 2015 9:02 pm

Posted this on UBNT forum and a minute later kind of felt like it's too consumer there now so I thought I'd post here... :idea:


Up till now all of our installations have been done by company owners. We're at a point that we need to hire a full time installer or two - just too much to do on the network growth side...

How do you guys manage sensitive network information like wireless passwords on CPE's, AP's and backhauls? They will be working for us but if one leaves, I don't want them to have too much information on passwords, etc. I imagine they will help with a lot of stuff in addition to installs, making it more challenging.

Any insight on what has worked is appreciated.
Rob

User avatar
sirhc
Employee
Employee
 
Posts: 7416
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1608 times
Been thanked: 1325 times

Re: New Installer / Sensitive Network Info

Thu Apr 09, 2015 9:05 pm

WOW - that is an issue we are dealing with now and with airCONTROL (v1.X) unable to do mass password changes - OUCH

Been tempted to try v2.X of airCONTROL

I think Josh has the right idea, Radius authentication which will be put into our switches next version.

Yea not too many consumers over here! Pirate4
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

User avatar
mhoppes
Associate
Associate
 
Posts: 664
Joined: Thu Apr 10, 2014 9:14 pm
Location: Pennsylvania
Has thanked: 10 times
Been thanked: 125 times

Re: New Installer / Sensitive Network Info

Fri Apr 10, 2015 8:03 pm

Yeah... radius is the way to go. I really wish Ubiquiti would implement three levels of security on their devices.

Operator
Installer
Read-Only

User avatar
rebelwireless
Experienced Member
 
Posts: 607
Joined: Mon Sep 01, 2014 1:46 pm
Has thanked: 31 times
Been thanked: 136 times

Re: New Installer / Sensitive Network Info

Sun Apr 12, 2015 9:46 pm

radius for wireless for sure, but for installer logins? not really possible. They need access before the device is online, so they need an on-device password.

As far as permissions go, yes, ubnt needs to solve that. But if you just want a login that you can change so when a tech leaves your radios are accessible, this isn't terribly hard.

for example,


On your airOS device, add an /etc/persistent/rc.poststart
in that file, do
echo "tech:md5password:0:0::Administrator:/etc/persistent:/bin/sh" >> /etc/passwd"
now you will have a file that creates a tech user that works in the UI.
you have to type 'save' and the cli to commit this.

next step, pull a file from a server you control with an updated password and use sed to replace the tech:\+: with your new user md5password. Now radios will update the tech password on startup. optionally, wrap that up in while 0;the command;sleep 600 so that the radio will update every 10 minutes.
remember to type save whenever you alter something in /etc/persistent.

User avatar
LRL
Experienced Member
 
Posts: 238
Joined: Sun Nov 23, 2014 4:00 am
Location: Rock Springs, WY
Has thanked: 18 times
Been thanked: 49 times

Re: New Installer / Sensitive Network Info

Mon Apr 20, 2015 12:44 am

We program all the radios with a default password that gets changed by NOC (me or my partner) before adding to Aircontrol. Then all installers have their own logins to Aircontrol for service calls.

If the radio is off line they must default it and set it back up using our defaults file. NOC once again must touch the radio.

We use radius for WPA auth.
-LRL

"My reading of history convinces me that most bad government results from too much government." - Thomas Jefferson

Return to The Lounge

Who is online

Users browsing this forum: No registered users and 3 guests