search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
4.19k stars 563 forks source link

meshctrl.js in Linux doesn't seem to honor --domain in MeshCentral v0.5.9 #1203

Open darryl-h opened 4 years ago

darryl-h commented 4 years ago

Problem Description

When I supply --domain to the meshctrl.js command, it doesn't seem to be honoring the --domain argument, or I'm doing it wrong :)

Environment:

Server: Ubuntu 18.04 LTS Version: MeshCentral v0.5.9 Config

{
  "settings": {
    "Port": 443,
    "RedirPort": 80,
    "AllowFraming": true,
    "AllowLoginToken": true,
    "WANonly": true,
    "MongoDb": "mongodb://USERNAME:PASSWORD@192.168.1.80:27017/meshcentral"
  },
  "domains": {
    "": {
      "Title": "MyServer",
      "Title2": "Servername",
      "UserQuota": 1048576,
      "MeshQuota": 248576,
      "NewAccounts": true,
      "Footer": "<a href='https://twitter.com/mytwitter'>Twitter</a>"
    },
    "domaintest": {
      "Title": "Test Company2",
      "UserQuota": 1048576,
      "MeshQuota": 248576
    }
  }
}

NOTE: This has been upgraded many times, not a fresh install FYI: No NGINX here, this is in my home lab :)

Testing

1) First, I create the subdomain domaintest in the config, and restart the server

2) I login to the webURI and create the admin user (https://SERVER_IP/domaintest/)

3) I login to the WebURI with the admin user to verify I can login Username: admin Password: admin123

4) I check to see if meshctrl.js knows about the new subdomain domaintest

# /usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshctrl config --listdomains
domaintest

5) I try to use meshctrl.js with the new subdomain (note, no device groups are created yet) using the username admin and the password admin123 (Note that I am able to use these credentials to login to the web portal as noted in step 3) however, when I try to use that with the subdomain domaintest it reports Invalid Login

# /usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshctrl.js --domain domaintest --loginuser admin --loginpass admin123 ListDeviceGroups
Invalid login.

6) If I supply meshctrl.js with the main admin account (the one used for https://SERVER_IP) it does work, but shows me the device groups from that domain (which is, no subdomain) and not the domaintest subdomain

# /usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshctrl.js --domain domaintest --loginuser admin --loginpass test ListDeviceGroups
id, name
---------------
"o63sypTcXQIxRg8mTnkfFGDiOizXx$NslGM7@J$k68FbHObJMSgTlRoXGiyxQ$5W", "test123"
"Gpy2Ur7$AnpCZJsndNd6Ayjot6G2WeOf2McfM3yPmQlNxVbQRa$c5XdvOQeu26F4", "test"

Goal

We would like to get the NodeID, and create the admin user for a subdomain using an automated method, so if the main domain works as the --loginuser and --loginpass, that is actually ideal for us.

Currently it seems that creating the admin user may only be accomplished through the GUI, which means it must be done manually. I will file a new feature request for the creating an admin user through meshctrl.js if this is not how --loginuser and --loginpass are supposed to work.

I cannot thank you enough for all your teams tireless and hard work, I've worked with a few development teams in my past life, you guys are consistently very responsive and helpful.

Ylianst commented 4 years ago

Thanks for you super detailed reports, it always grabs my attention. Working on it now.

Ylianst commented 4 years ago

Ok, I took a look at this and fixed a few things along the way. So --domain should only be used with --loginkey, I made some changes to make this clear. In your case, you should probably not use --domain.

The domain depends on the URL used to access the server, this is valid for both the browser and MeshCtrl and any other tools. If you access "https://mesh.server.com/" you may get the default domain, but if you access "https://mesh.server.com/domaintest" you will get the second domain. You can also setup a second domain with a different DNS name, so that "https://domaintest.server.com" would be used to hit the second domain. To do this, you need to have "domaintest.server.com" point to your server and add "dns": "domaintest.server.com" on the second domain of config.json.

Anyway, to access the second domain using MeshCtrl do this:

/usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshctrl.js --url wss://myserver.com/domaintest --loginuser admin --loginpass test ListDeviceGroups

You need to specify the URL as wss://myserver.com/domaintest and you should be ok. Note that "wss://" is secure web socket, that is the protocol MeshCtrl uses to connect, otherwise the rest of the URL should look just like the browser. No need to update MeshCtrl.

Hope that helps, Ylian

darryl-h commented 4 years ago

Thanks Ylian!! Will test and let you know!

darryl-h commented 4 years ago

Thanks Ylian, I may be fat fingering something. I upgraded to MeshCentral v0.5.10, but still getting invalid login.

Create new domain # /usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshctrl.js Config --adddomain domain3 Restart service service meshcentral restart List Domains

/usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshctrl config --listdomains
domaintest
Domain2
domain3

Manually create admin user in GUI Username: admin Password: admin123

ListDeviceGroups

# /usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshctrl.js --url wss://192.168.1.102/domain3 --loginuser admin --loginpassword admin123 ListDeviceGroups
Invalid login.
si458 commented 1 week ago

is this still an issue? if not please close it