I want to set a specific password for CPEs to connect to the server, I used cwmp.auth() and the value of AUTH(“username”,“password”) and I continuously get authentication failure. I keep getting random devices in the name of “DISCOVERYSERVICE” on my server. How can i solve this problem and how to make my system secure? My db is already NOT connected to NAT, so what can i do other than that??
Please don’t abuse the tagging feature. At least wait a day or two before tagging people.
sorry but it’s an urgent matter and I have been asking about this for weeks without answers
I have mine as the top entry in the Admin > Config area. The key is cwmp.auth and in Value I have AUTH(“username”, “password”) OR AUTH(“username2”, “password2”) etc.
I have no brackets in the key and I have a space between the comma and password. Not sure if the space makes a difference or not. There are still some random authentication errors in the logs but it works.
Thank you for your reply, but it didn’t work
Reading this I think the key has changed depending on your GenieACS version. Incorrect connection request credentials (v1.2) - #3 by zaidka
cwmp.connectionRequestAuth
Idk but i asked about this before and tried this and still got authentication failure so idk what else to do, but thanks so much for helping
Can i tag you now?
Sorry @Nirmeen I meant to reply the other day but completely forgot. When you say authentication failure, are you referring to the connection request (e.g. when you click summon)? If that’s the case then cwmp.auth config option is irrelevant.
It’s okay. Then what should i use to authenticate CPEs? i tried cwmp.auth and cwmp.connectionRequestAuth… after i use cwmp.auth all the devices disconnect and i get authentication failure on cpe.debug file… when i use this cwmp.connectionRequestAuth i still get random devices connected to my server
The option cwmp.connectionRequestAuth authenticates the ACS to the CPE when you trigger a connection request. While cwmp.auth authenticates the CPE’s inform messages. From what you’re describing, it sounds like you need cwmp.auth. You say all devices disconnect when you use that option so that tells me that your devices don’t have the correct credentials. Try settings the following parameters before you enable auth:
Device.ManagementServer.Username
Device.ManagementServer.Password
Thank you for your answer, i tried setting the correct credentials for the device and then enable cwmp.auth, i still get 401 status code
Assuming you have configured the credentials in the CPE correctly, then this does look like a CPE bug. You should reach out to the manufacturer. It’s also possible that it’s a bug in Genie, but that’s very unlikely unless you can reproduce the issue with different CPEs from different vendors. Let me know if that’s the case.
You can try enabling HTTPS. In HTTPS, Genie should use ‘basic’ auth instead of ‘digest’. Basic is simpler to implement so less likely to have bugs.
You mean i should assign an SSL certificate to cwmp using the genieacs.env file or use something else like nginx?
That is all going to depend on how you have things configured. If you are using nginx as a reverse proxy, then you will need to setup the cert there. If you have the CPEs connecting directly to the CWMP process, then you would need to configure the cert stuff in genieacs.env
-dan
thank you so much, it worked!