Enable Authentication Example Script
OLH v10
[Header]
DebugStrings=on
AbortOnError=off
ConcurrentSectionLimit=100
GlobalReportFile=|$scriptpath||$scriptfilename|-Report Log |$date| |$time|.log
GlobalReportFileIncludeAll=on
//-----------------------------------------------------------------------------
[AddressList:Processors]
auto AV3-BOARDROOM
// auto 192.168.1.100
// ssh PRO3-OFFICE
// Add IPs or Hostnames as needed - Use SSH or Auto (not CTP)
[Variables]
AdminAccountUsername=AdminUN123
AdminAccountPassword=AdminPW123
UserAccountUsername=UserUN123
UserAccountPassword=UserPW123
// Note minimum password length is 6 characters
//-----------------------------------------------------------------------------
[Enable Authentication On Processors]
Connect=AddressList:Processors
LogComment "Connected to |$scriptconnect|. "
CommunicationsSendAndWait "AUTH\r",5,true,>
TestResults 0,has,"OFF"
IfSuccess
LogComment "Authentication is off. "
CommunicationsSendAndWait "AUTH ON\r",5,true,Username:
TestResults 0,has,"create"
IfSuccess
LogComment "First time enabling Authentication. "
LogComment "Creating new Administrator account. "
CommunicationsSendAndWait "|AdminAccountUsername|\r",5,true,Password:
CommunicationsSendAndWait "|AdminAccountPassword|\r",5,true,password:
CommunicationsSendAndWait "|AdminAccountPassword|\r",5,true,ON
LogComment "Creating User account. "
CommunicationsSendAndWait "ADDUSER -N:|UserAccountUsername| -P:|UserAccountPassword|",5,true,created.
CommunicationsSendAndWait "ADDUSERTOGROUP -N:|UserAccountUsername| -G:USERS",5,true,'USERS'.
Else
LogComment "Authentication enabled prior. "
CommunicationsSendAndWait "|AdminAccountUsername|\r",5,true,Password:
CommunicationsSendAndWait "|AdminAccountPassword|\r",5,true,>
TestResults 0,has,"Invalid"
IfSuccess
LogComment "Login with Admin credentials failed. Restoring processor to clear out old Admin account. "
CommunicationsSendAndWait "RESTORE\r",5,true,(Y or N)?
CommunicationsSend "Y\r"
Else
LogComment "Login with Admin credentials successful. Authentication re-enabled. "
LogComment "Creating User account. "
CommunicationsSendAndWait "ADDUSER -N:|UserAccountUsername| -P:|UserAccountPassword|",5,true,created.
CommunicationsSendAndWait "ADDUSERTOGROUP -N:|UserAccountUsername| -G:USERS",5,true,'USERS'.
EndIf
EndIf
Else
LogComment "Authentication has already been enabled on this processor. "
Endif
//--------------------------- AUTH ON FOR FIRST TIME --------------------------
// CP3N>auth on
// Please create a local administrator account.
// Username: UserName123!
// Password: ************
// Verify password: ************
//
// An administrator account was successfully created.
// Authentication is now ON.
// SSL is currently off, turning it on using a self-signed certificate...
// Reboot to complete change.
// Reboot to take effect....
//--------------------------- AUTH ENABLED PREVIOUSLY ------------------------
// CP3N>auth on
// Please enter your administrator's credentials.
// Username: UserName123!
// Password: ************
//
// Authentication is now ON.
// SSL is currently off, turning it on using a self-signed certificate...
// Reboot to complete change.
// Reboot to take effect....
//--------------------------- ADDITIONAL INFO --------------------------------
// * Additional Info *
// Note enabling Authentication enables Self-Signed SSL by default
// To harden further, disable fallback & only allow strong cyphers
// CommunicationsSendAndWait "SSL SELF TLSONLY\r",5,true,>
// CommunicationsSendAndWait "CIPHER STRONG\r",5,true,>
// To harden even further, instead enable CA issued certificates & extended secure gateway
// CommunicationsSendAndWait "SSL CA -P:PrivateKeyFilePassword123!\r",5,true,>
// CommunicationsSendAndWait "SECUREGATEWAYMODE secureext\r",5,true,>
// SSL can otherwise be disabled if desired
// CommunicationsSendAndWait "SSL OFF\r",5,true,>
// Please review Secure Deployment Guide & Security Audit Tool OLH
// https://support.crestron.com/app/answers/answer_view/a_id/5571
//-----------------------------------------------------------------------------