Thanks, Mason, I did understand the relationship between ASL and the users such as "asterisk". The problem I am having with the wireless connections is puzzling, as I have no failover function. All I have done until yesterday is adjust folder and file permissions, and that has nothing to do with nmcli. I have been attempting to figure out how to give asterisk the ability to execute certain scripts- in this case when the DTMF command *A6 should send an nmcli command to disconnect from the current network and then after that, another nmcli command to connect to a specific wireless network. The last thing I tried was to assign a group ID of "0" to asterisk, thinking that it would work since GID 0 would be giving root privileges to asterisk, or so I thought.
So, in rpt.conf, I added this to the [Functions] stanza:
A6=cmd,/etc/asterisk/local/wifi/Kodiak ;Connect to ship crew WiFi
I then created a script with two command lines located in /etc/asterisk/local/wifi with a filename of "Kodiak":
#!/bin/bash
sudo nmcli device disconnect wlan0
sudo nmcli connection up Kodiak
I have tried naming the script Kodiak.sh, that didn't work so for the heck of it I tried Kodiak, without a file extension. Regardless, I could make the script work when I entered Terminal and typed ./Kodiak, but there is nothing I could do to make *A6 on the radio execute the script.
You really haven't provided any details or logging output to allow anyone to help figure out what's going on with your node. Many people are successfully using a DMTF function command to do all sorts of stuff. You're welcome to return to HamVOIP however troubleshooting your issue is not difficult.
If you execute your script as the asterisk user, does it do want you want? From the terminal, provide the output of:
sudo -s
su - asterisk
ls -l /etc/asterisk/local/wifi/Kodiak
bash -x /etc/asterisk/local/wifi/Kodiak
That will become the asterisk user, run the script, and you can see what happens
However, as everyone keeps trying to tell you, what you're doing seems unnecessary and perhaps what you're actually trying to do doesn't itself work as you think it does.
I have been trying to create a script that disconnects from the ship's crew wlan network and reconnect to my phone's hotspot. When we are in port and cellular service is available, I unplug the Starlink router from the switch that connects multiple WAPs to the crew network. Therefore, the WAPs are still powered on but not connected to the Internet. I need to use DTMF to execute a script that will disconnect my node from the ship's WiFi network and then connect to my phone's hotspot.
su - asterisk results in "This account is currently not available."
I had to start from scratch, so this is a fresh install.
Will, do- thanks. I'm underway so I won't be within cellular range until Tuesday morning and I'll give it another try once I can activate my phone's hotspot again.
Sorry, I've been busy past two days with arrival and departure in Anchorage, AK.
Received my new callsign yesterday so it is now KN7B.
root@Node559562:/home/KN7B# su - asterisk
This account is currently not available.
root@Node559562:/home/KN7B# ls -l /etc/asterisk/local/wifi/Kodiak.sh
-rwxrwxr-x 1 root root 70 Apr 22 16:20 /etc/asterisk/local/wifi/Kodiak.sh
root@Node559562:/home/KN7B# bash -x /etc/asterisk/local/wifi/Kodiak.sh
Not sure why it says asterisk account is unavailable, maybe you broke something?
Well, there's your problem. asterisk will not be able to run a script that is owned by root. Looks like you're trying to do old outdated HamVoIP-ey things such as log in as and create scripts as the root user. There's a reason why Debian doesn't give you a login to root by default.
But, it does look like you have not yet changed the shell for the asterisk user from /usr/sbin/nologin to /bin/bash. This would explain the "This account is currently not available" message.
True about the HamVoIP-ey things.... I still can't execute the script from a DTMF command.
Perhaps I'm using the wrong syntax or something....
A6 = cmd,/etc/asterisk/local/wifi/Kodiak.sh
I made a couple mistakes trying to get this to work, so I ended up performing a fresh install of ASL3. The script is now Kodiak.sh, and although I can execute it from the command line, the DTMF sequence of *A6 doesn't. I did change user asterisk to /usr/bin/bash and verified it by viewing the /etc/passwd file.
The contents of my script:
#!/bin/bash
sudo nmcli device disconnect wlan0
sudo nmcli connection up preconfigured
"preconfigured" is the ship's WLAN that I entered into the Rasberry Pi Imager software.
I wanted to be able to disconnect from the current wireless connection regardless of which of the three possible networks it could be connected to (home, phone, ship), and the second line initiating the connection to the desired wireless network. As I mentioned earlier, this works from the command line; it simply will not work using the *A6 DTMF input from the radio.
I will, again, repeat that you need to run it as the asterisk user as I indicated above. That's what user the script will be called with via Asterisk. It's likely a permission issue because there is no generalized problem with calling scripts from DTMF. PLease do:
sudo -s
chsh asterisk <----- set the shell here to /usr/bin/bash
su - asterisk
ls -l /etc/asterisk/local/wifi/Kodiak
bash -x /etc/asterisk/local/wifi/Kodiak
I am just not getting it. I have set user asterisk shell to /usr/bin/bash.
The problem is the command syntax in rpt.conf, where I am settting DTMF entry *A6 to run the script:
[functions]
A6 = cmd,/etc/asterisk/local/wifi/Kodiak.sh
Either that command line is wrong, or the script located in /etc/asterisk/local/wifi is done wrong:
#!/bin/bash
sudo nmcli device disconnect wlan0
sudo nmcli connection up preconfigured
This is way above my head, and I have been building and using computers since 1988. I am very new to Linux-based systems, and this is beyond anything I have needed to do on PCs.
You keep saying that DTMF "doesn't work". Stop worrying about DTMF for right now. You still have not even verified that the asterisk user is able to run the script. The only executions of this script you have posted were by the root user, which is essentially worthless information in this context.
You need to be able to run this command, and see the script execute correctly. Until you can do this, you are simply wasting your time.
That output tends to indicate asterisk doesn't have / or no longer has / sudo privileges with no password, but you indicated you added that in this post:
Was there a reload at some point, and you forgot to re-add this?
This is not my favorite way of dealing with this, I'd rather give asterisk privileges to change the network -- but you'd have to add asterisk to the netdev group... and also likely have to deal with a polkit issue where NetworkManager won't have polkit permissions to allow a non-priv user to change the network...
I can't test it. I rip NetworkManager off of everything with a passion. LOL...
All doable... but more complex than this passwordless sudo hammy hack...
If I were doing the hammy hack I would limit which scripts asterisk could run as sudo... instead of a blanket ALL:ALL... but anyway... example at end of post...
sudo inside a script has to:
a) have permission explicitly to do something passwordless
or
b) be fed a password INSIDE the script (terrible idea)
It will NOT pause and ask for a password... it'll spit out the request and fly right by it, as designed... and as seen in your test.
Let us know if you have or don't have the old sudoers change you mentioned...
To go "the other way"...
The asterisk user by default doesn't have permission to make network changes via nmcli, as far as I can tell...
I can see asterisk is NOT part of the netdev group by default -- and for anyone reading along, the polkit issue is generated by NetworkManager TRYING to handle Wifi encryption keys "somewhat correctly" for an unprivileged user... along with having individual nm command permissions.
(NetworkManager is over-engineered to a STUPID level...)
Even Cockpit itself had a bug filed against it over two years ago that it doesn't handle polkit correctly which ended up closed because the Cockpit devs decided the current implementation of polkit wouldn't allow what they wanted:
You can also try THIS complete hack which I wouldn't recommend to tell NetworkManager t ignore polkit... a really bad idea... but linux will happily let you shoot yourself in the face if that's your goal...
It'll probably break things. LOL...
In the end, the reason the "ham sexy" recommendations to just use sudo (and worse, sudo in scripts) happens -- is because of all of that intertwined sillinesses that "desktop linux" does to allow non-priv user to mess with the network -- something Unix has always tried to keep everyone but the root user from doing! Haha...
Anyway... @KE7MT let us know if you still have or reverted the sudoers stuff. Those sudo lines won't work for the asterisk user without it...
Numerous people didn't read very well above and missed WHY you're doing this... he sometimes is in a place where the Access Points are on and broadcasting one of the SSIDs, but there is no Internet connected to those Access Points.
I think I'd STILL try to use the automatic AP switching in NetworkManager though than mess with DTMF and all of this permissions silliness...
Just make the WiFi Hotspot the FIRST thing it looks for by priority and the ship SSID the SECOND... then just reboot as needed to get back on the Hotspot if "stuck" to the non-working ship's WiFi.
As others have mentioned the switch takes a while when the primary goes down. Doing more than two starts to get to be an exercise in patience... MANY minutes for each one...