Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Adding Credentials To Ubiquiti APs, CPEs and OLT devices.

There are three situations where Preseem requires HTTP (web UI) login credentials for Ubiquiti devices. These credentials allow us to retrieve topology and subscriber association information that cannot be accessed via SNMP alone.

Preseem requires HTTP credentials when:

  1. AP/CPE is operating in bridge mode

    • SNMP cannot report the subscriber’s MAC or association information.

    • Preseem must log in to the CPE/AP to retrieve the client table and map the subscriber to the correct Tower → AP → Sector.

  2. Preseem Plus (AP Health / Airtime / RF metrics) is enabled

    • Preseem requires additional metrics that Ubiquiti exposes only through the web interface.

    • These metrics are not present in standard SNMP MIBs.

  3. Ubiquiti Fiber Integration

    • For Ubiquiti UFiber devices we require HTTP access so we can log into the device via the web UI.

    • This allows us to provide metrics such as subscriber/ONU association data, optical signal metrics, and accurate topology mapping.


In all three of these cases, HTTP credentials are required because the information required is not accessible through SNMP. 

What type of HTTP credentials are required?

Preseem only requires a read-only credential to log in to the AP or CPE directly. 

Preseem can use an admin credential, however, we recommend adding a read-only credential.  By default, there is no read-only credential added to Ubiquiti APs.

How do I add a read-only credential to a Ubiquiti AP / CPE / OLT?

You can add credentials to your Ubiquiti AP/CPE/OLT in one of two ways:

  1. Manually by logging in to the device and creating or enabling a read-only admin account
  2. Using the "enable read-only user" script that Preseem has created to assist with this task

How do I get and use the Enable Read Only User script?

The enable_ubnt_rouser script is provided on an as-is-where-is basis.  Preseem makes no warranties and does not support this script beyond the following instructions.  We suggest you test this script before using it at scale to ensure that it accomplishes the task intended in your environment.

Download the script

To make this easier for networks that do not already have a read-only user setup on its Ubiquiti radios, we have developed a script to automate the process.

The script is linked here: https://static.preseem.com/tools/enable_ubnt_rouser

Input file

This script takes a space separated input file where each line contains the following information for each radio the read-only user should be created on.

management_ip admin_username admin_password

This is the information needed for the script to login to the radio

For example:

192.168.1.200 admin my-admin-password
192.168.1.201 admin my-admin-password
192.168.1.254 ubnt @d31n!

Executing the script:


The script is invoked like this:

./enable_ro_user {inputfilename} {readonly_username} {readonly_password}

Where

{inputfilename}:  the name of the input file that contains the IP Admin Account and Password for each of the radios (AP/CPE)

{readonly_username} & {readonly_password}:  the read-only username and password that you wish to create on each of the APs/CPEs listed in the input file

 

For example:

./enable_ro_user /tmp/radios preseem 9r3533m!

The script will go through each radio, try to SSH into it with the administrative username and password and create the read-only username and password.  This should be a hitless operation; no reboot will be done, and the change will be persistent.