Adding Read Only Credentials To Ubiquiti AP's and CPE's

There are two cases where Preseem requires HTTP login credentials for Ubiquiti AP's / CPE's

  1. To properly map subscribers to the network topology (Tower / AP) when the CPE is running in bridge mode
  2. When the Preseem Plus tier functionality is enabled

In both of these cases, HTTP credentials are required because the information required is not accessible through SNMP. 

What type of HTTP credentials are required?

Preseem only requires a read only credential to login to the AP or CPE directly. 

Preseem can use an admin credential, however we recommend adding a read only credential.  By default there is no read only credential added to Ubiquiti AP's.

How do I add a read only credential to a Ubiquiti AP / CPE?

You can add credentials to your Ubiquiti AP in one of two ways:

  1. Manually by logging in to the AP and creating or enabling a read only admin account
  2. Using the "enable read only user" script that Preseem has created to assist with this task

How to I get and use the Enable Read Only User script?

The enable_ubnt_rouser script it provided on an as is where is basis.  Preseem makes no warranties and does not support this script beyond the following instructions.   It is suggested that you test this script before using it at scale to ensure that there it accomplishes the task that is intended in your environment.

Download the script

To make this easier for customer that do not already have a read-only user setup on their Ubiquiti radios, we have developed a script that they can use for this.

The script is linked here:

Input file

This script takes a space separated input file where each line contains the following information for each radio the read-only user should be created on.

management_ip admin_username admin_password

This is the information needed for the script to login to the radio

For example: admin my-admin-password admin my-admin-password ubnt @d31n!

Executing the script:

The script is invoked like this:

./enable_ro_user {inputfilename} {readonly_username} {readonly_password}


{inputfilename}:  the name of the input file that contains the IP Admin Account and Password for each of the radios (AP/CPE)

{readonly_username} & {readonly_password}:  the read only username and password that you wish to create on each of the APs/CPEs listed in the input file


For example:

./enable_ro_user /tmp/radios preseem 9r3533m!

The script will go through each radio, try to SSH into it with the administrative username and password, and create the read-only username and password.  This should be a hitless operation; no reboot will be done, and the change will be persistent.