Mass Configuration of Users and User Preferences on Network Management Card 2 (NMC2) v6.X.X

FA176542

21/12/2019

Mass Configuration of Users and User Preferences on Network Management Card 2 and 3
Published date: 

Issue
How do I mass configure/bulk upload user configuration information on Network Management Card 2 and 3? NOTE: This is no longer done via the config.ini file.

Product Line
  • Network Management Card 2 - AP9630/30CH, AP9631/31CH, AP9635/35CH
Devices with an embedded Network Management Card 2 include (but are not limited to): 2G Metered/Switched Rack PDUs (AP84XX, AP86XX, AP88XX, AP89XX), Certain Audio/Video Network Management Enabled products. 
  • Network Management Card 3 – AP9640, AP9641

Environment
  • Network Management Card 2 v6.X.X firmware
  • Users wishing to add Network Management Card 2/3 (NMC2/NMC3) local users in bulk and/or via a configuration file via FTP/SCP.
  • Users wishing to add users via script using local serial console, Telnet or SSH

Cause

In NMC2 firmware v6.0.6, user configuration/modification is no longer supported or available via the config.ini file. This functionality can now be accomplished via a .csf file which can be uploaded to the NMC2 via FTP or SCP. INIUtil-v3, available in Knowledge Base article FA156117 for uploading/download config.ini files in bulk, will now support uploading .csf files (since they cannot be downloaded).  Alternatively, a user can write a script to create users via the CLI (which is accessible via the local serial console, Telnet, or SSH).

Resolution

The user can use a .csf configuration file to be uploaded to the NMC2/NMC3 via FTP or SCP. Alternatively, these instructions can be used by the user to create a script which can be used with the NMC2/NMC3 via local serial console, telnet, or SSH.

https://www.se.comhttps://www.se.com//library/SCHNEIDER_ELECTRIC/ITB/NAM/ITB_US/Tiger_NE/note_exclamation.jpgNOTE: Secure Copy (SCP) users - please review Knowledge Base article FA235654 for important information prior to proceeding.

The NMC2/NMC3 offers a "default settings" configuration (which is available in the config.ini file as well as all of the other NMC2/NMC3 interfaces - review Knowledge Base article FA175982 for a known issue) which can serve as a template for adding users. If many of your users will have the same preferences (which are now configurable on a per-user basis), you can modify these settings first so that your .csf file requires less data. You can also still configure preferences individually via the .csf file.

To configure the Default User Settings that will apply to most, if not all, of your local users follow the Configuration > Security > Local Users > Default Settings navigation path in the Web UI. See below.




You can also configure this via the CLI using the userdflt command.


Usage: userdflt --  Configuration Options
    userdflt [-e   <enable | disable>] (Enable)
             [-pe  <Administrator | Device | Read-Only | Network-Only>]
                    (user permission)
             [-d   <user description>]
             [-st  <session timout>] minute(s)
             [-bl  <bad login attempts>]
             [-el  <enable | disable>] (Event Log Color Coding)
             [-lf  <tab | csv>] (Export Log Format)
             [-ts  <us | metric>] (Temperature Scale)
             [-df  <mm/dd/yyyy | dd.mm.yyyy | mmm-dd-yy |
                    dd-mmm-yy | yyyy-mm-dd>] (Date Format)
             [-lg  <language code (enUs, etc)>] (User Language)
             [-sp  <enable | disable>] (Strong Passwords)
             [-pp  <interval in days>] (Required Password Change Interval)
 
Once these settings have been modified or if you've chosen to skip this, you'll need to create your .csf file if you're not scripting this. This must be a plain text file which has been modified to a .csf file extension. (Ensure that your system is set to show file extensions to avoid a filename such as userupload.csf.txt.)

Use the syntax of the user command to create your .csf user configuration file, shown below. This would be the syntax you follow if you're creating your own script.

https://www.se.comhttps://www.se.com//library/SCHNEIDER_ELECTRIC/ITB/NAM/ITB_US/Tiger_NE/note_exclamation.jpgNOTE: The .csf file must only contain one command per line.

Usage: user --  Configuration Options
    user -n <user>
                   [-cp  <current password>] 
https://www.se.comhttps://www.se.com//library/SCHNEIDER_ELECTRIC/ITB/NAM/ITB_US/Tiger_NE/note_exclamation.jpg(Only required for remote access or .csf upload methods while modifying Super User account.Serial access to CLI does not require -cp to modify Super User account)
                   [-pw  <user password>]
                   [-pe  <Administrator | Device | Read-Only | Network-Only>]
                          (user permission)
                   [-d   <user description>]
                   [-e   <enable | disable>] (Access Enable)
                   [-st  <session timout>] minute(s)
                   [-sr  <enable | disable>] (Serial Remote Auth. Override)
                   [-el  <enable | disable>] (Event Log Color Coding)
                   [-lf  <tab | csv>] (Export Log Format)
                   [-ts  <us | metric>] (Temperature Scale)
                   [-df  <mm/dd/yyyy | dd.mm.yyyy | mmm-dd-yy |
                          dd-mmm-yy | yyyy-mm-dd>] (Date Format)
                   [-lg  <language code (enUs, etc)>] (User Language)
                   [-del <user name>]
                   [-l   (shows current user list)]
 

 Example (assuming creating via .csf for upload via FTP or SCP):

user -n newadmin -pw apc -pe administrator -e enable
user -n newdevice -pw apc -pe device -lg enUs -e enable
user -n newdev1 -pw dv1 -pe device -e enable
user -n apc -cp apc -pw 123secretpassword -el enable -ts us
 


https://www.se.comhttps://www.se.com//library/SCHNEIDER_ELECTRIC/ITB/NAM/ITB_US/Tiger_NE/note_exclamation.jpgNOTE: There is a known issue in AOS 6.0.6 in which the Read-Only or Device user type cannot use the user command as expected. This type of user must be added via the Web UI for v6.0.6. This is corrected in v6.1.3 AOS or higher. (Each Network Management Card 2 has an AOS and application file and they cannot be updated independently. Please check https://www.apc.com/tools/download/index.cfm to verify the latest versions available for your device.)

Once your file is complete, save it as <anyname>.csf and upload it to your NMC2/NMC3 via one of the specified methods. To confirm your changes were applied, display the current user list in the CLI by issuing the user -l command, or check the Web UI under Configuration > Security > Local Users > Management to view your system's local users. NOTE: There is no way to export this list to a file unless you do it manually or script it.

Still not working or you have questions?

If you need further assistance or your .csf file is not working, please contact APC Technical Support and be prepared to provide the following information:
  • Your .csf file with any personal information removed, if required
  • Firmware version
  • Event.txt (and config.ini file if pertaining to default user settings) - instructions to retrieve these are in Knowledge Base article FA156131.