Hi Guys,
I am really new to Codesys and Wago and i come to a point where i am setting up user management in my project. I am using 762-5204/8000-0001 TP600 HMI panel with upgraded latest firmware. When i try to set up users and Groups i get message that Ëditing this user is not supported by this device". Nomatter if i want to add/delete or edit goup or user i just cant do this.
Can someone help me with this. I think that for most of u it is really simple.
Hi @Tomast ,
At the moment Wago Devices only support the Legacy Mode of the Codesys User Managment.
The Runtime Based Usermanagement is at the moment as far i know not supported.
You can have a look at a video how it can be configured in e!Cockpit.
e!COCKPIT - User Management (youtube.com)
The Only Difference to Native Codesys is, you need to switch to the Legacy User Management
It ws really helpfull. Thank u very much. Are there any plans to switch to runtime version in WAGO?
Maybe can you explain me a little bit more about advantages or diadvanteges of legacy and runtime mode ?
HI @Tomast
we requested this feature at our R&D to implement in further FW Versions.
as Far as i know, the Runtime Mode will connect the Codesys Runtime with the Linux OS Usermanagement PAM. (Maybe in the Future with LDAP interesting)
The Legacy Mode is like a “parallel” very simple Usermanagement which cannot be shared with the Linux Usermanagement. You need to define Users and Accessrights with an Administrator Access via Codesys Internal Mechanismns. ( It is only a CSV File )
Hi @Alexander_Landfried
Thank you for this info. What I did in my project is indeed legacy mode with my own users and groups. It works but it could be better.
PS. I NTGent past I used in my other project (TIA Portal), rfid-reader to login. Is it possible also with WAGO and codesys? I used for it Siemens RF1000 connected via usb to Siemens hmi. It worked really goed.
Hi @Tomast ,
If i have Updates regarding The Runtime-Based UserManagement i will inform you.
I dont’t think the RFID Reader from Siemens will work with USB Connection…
As far as i remember a few collegaues use PHG Rfid Reader in their Projects which use Modbus RTU or RS232 Communication. that will maybe work.
I would also like to see the Linux user incorporated with the devices ‘Users and Groups’ tab.
I am setting up a Symbol Set with Communication Manager, and need to restrict access to one Symbol Set to a specific user. Any ideas how to to this?
I’m not sure where these users come from when I connect to a device? When I click “Add” I see that I cannot add new users. I can add new linux users and add them to the codesys3 group in etc/group thorough the cli… but something isn’t lining up.
Hi @MikePsaltis,
it’s not implemented at the moment. lets see if FW30 will change this.
the PAM Modules will be implemented and useable for Codesys, thats what i’ve heard.
This should work then for the Runtime Based User Management for the Visualisation.
I don’t know if the Communication Manager Access Rights will be included, we will see.
Crowd Tests starting soon.
Regards, Alex
Hi All, any idea if this ended up being implemented in FW30? I upgraded to FW30 and at first glance, it doesnt seem like runtime mode is supported (still getting the “adding new users is not supported by the device” message) but maybe I missed something?
Yes it should work now, but you need to change the configuration if the runtime in /etc/codesys3.d/RtsCore.cfg, and uncomment the lines in CmpUserMgr section :
[CmpUserMgr]
SecureLogin=1
SECURITY.UserMgmtAllowAnonymous=YES
#UserDBBackend=0x0000007A
#UserDBConfigBackend=0
#UserGroupsDBBackend=0x0000007A
#UserGroupsDBConfigBackend=0
Restart the runtime and it should work.
@MikePsaltis has made a great video about it :
Thanks for sharing the video, this was hugely helpful. I thought I had this working late last week but now after trying to carry out more extensive testing and building out UM, I realized that it is not working as intended. I managed to get the runtime user management to work more or less except that I was unable to add users in the visualization runtime and now cannot Synchronize the Users and Groups on the device. To try to resolve this, I commented out the 4 lines in the CmpUserMgr section again and rebooted - this change allowed me to synchronize the Users and Groups again but user management on the visualization wont work anymore. If I comment the lines out again, I get an error Message: Value cannot be null. Parameter name: user.
I tried deleting the complete user management because I thought maybe the legacy user management was conflicting with the runtime based one but the error still persists even after recreating the user management from runtime groups. Checking on the device, I see that the following usernames are (still) available:
I dont know if I broke something, doe anyone have any suggestions where to look or what to change to get this to work again?
Hello everyone,
I found that if you delete all created users with this shell command the error will clear, userdel -r
Now, on other note, I am trying to check that automatically added users work and can be added from the UserManagement visualization:
If I try to change the passwords from current users I am getting errors as well
And if I try through the shell it works half of the time (passwd: Authentication token manipulation error), and when it does I have to reboot the controller, it works right
My main reason to test this visualization is to add the auto-login, so if anyone has tested it please share if it works for them.
Thanks
@Julian , sorry I did not update my last post. I was in discussion with WAGO support a few weeks ago on the topic. They told me that this was a bit of a hacky solution that “works” but it is only going to work when adding (or making changes to) users via the terminal. User management support in the visualization will not work because that is handled through an alternate means - someone from WAGO can explain this a lot better than me. There is a push to move toward a new Linux version (Yocto based) for enhanced security reasons that presumably will come out in the form of a PFC400 controller which will natively support the full capabilities of runtime based user management and therefore also most likely LDAP support out of the box. This will allow for users to be managed via the visualization but also through the linux terminal since they will be synchronized in real time. For now, this means you will need to choose between user management solely from the linux terminal, or in the visualization. For my application, I opted for the visualization user management but fully intent to move towards the runti,e version with the next update that supports it.
