netbird icon indicating copy to clipboard operation
netbird copied to clipboard
verified publisher icon netbirdio

Accientally setup with single user mode disabled, any way to pull users over and go back?

Open Slickspacestech opened this issue 1 year ago • 5 comments

I accidentally setup selfhosted with the disable single user mode. I've realized I misunderstood what that was doing. Any way I can have users join my network?

I've tried having them delete their netbird account and re-sign in but it's still on their own "network".

I'm using Azure AD for my idp.

Thanks,

Slickspacestech avatar Sep 25 '24 03:09 Slickspacestech

Just to chime in because I had to do this on my part to have to organisations with multiple users on each, if you are confident in your capabilities, you can go and edit the database records yourself, if you want to do so and need some guidance I'd be happy to help.

VignRaph avatar Sep 26 '24 20:09 VignRaph

Hi @VignRaph ,

yes I would also want to study and take a look in netbird and zitadel about multiple users in different orgranizations setting. since I don't have much idea on both products so your guidance would be helpful.

if possible please share it

thanks very much

Lawes

laweschan avatar Sep 27 '24 03:09 laweschan

I'll start with the basics of how Netbird stores users Netbird was also kind enough to provide us the full schema of the DB at NetBird SQLite Schema In short:

  • users are linked to the emails
  • accounts are the groupments of users / peers

Now, here's my little step by step to have multiple accounts with multiple users in each account (or just to change/correct users association with accounts) Firstly, the users we want to edit must have already created their accounts/logged in.

Tips:

  • To help you identify which user is which from the DB files, add each user you want to edit an access token (aka an api key) with their name as the api key name
  • Delete from the UI all the peers, routes, policies of accounts you that will no longer exist if you move their users to another account

Now, we want to export the user/accounts database, so from a terminal in the folder of your docker compose, whilst the netbird server is running, run these commands :

docker compose cp -a management:/var/lib/netbird/ backup/
docker compose down

This will put a copy of your database into an accessible folder backup alongside your docker-compose.yaml We'll make a copy of this folder and name it restore. This folder should contain another folder, named netbird which in turn contains 4 files. Now we'll use any tool to browse and edit the .\restore\netbird\store.db file to our liking. (I use DB Browser for SQLite) To find users :

  • Open the personal_access_tokens table and find the token you created for the user, in the user_id column you'll find the user id

To find accounts :

  • Find the user that is the owner and from the users table find the account_id it is associated to

Now we can change the account_id of a user to move it to another already existing account. If we removed the owner of an account, remember to:

  1. make sure you do not put two users as owners of an account
  2. don't leave an account with no users at all

To delete an account, you'll have to delete all references to its account_id which means going into the groups table and deleting the All group of this account and then deleting the account. (If you have not deleted everything you could from the web UI, you might have to check all tables that are linked to the account_ids)

And now to put our modified db files back into our netbird volume and restart our service we'll run:

docker run -d --rm --name dummy -v netbird_netbird_management:/var/lib/netbird alpine tail -f /dev/null
docker exec -ti dummy rm -rf /var/lib/netbird
docker cp -a restore/netbird/ dummy:/var/lib/
docker stop dummy
docker compose up -d

VignRaph avatar Sep 30 '24 03:09 VignRaph

I'll try this out later. My biggest annoyance is that even new users are still getting their own account_id so I'll have to constantly do this :(. I'll dig through the db schema maybe there's a setting in there..

Slickspacestech avatar Oct 03 '24 09:10 Slickspacestech

Did you want all your users to be in the same account actually? Because maybe you can just move them all and edit your docker to be in single account mode before booting it back up

VignRaph avatar Oct 03 '24 12:10 VignRaph

Hello @Slickspacestech,

We're currently reviewing our open issues and would like to verify if this problem still exists in the latest NetBird version.

Could you please confirm if the issue is still there?

We may close this issue temporarily if we don't hear back from you within 2 weeks, but feel free to reopen it with updated information.

Thanks for your contribution to improving the project!

nazarewk avatar Apr 28 '25 15:04 nazarewk

closing issue due to no recent feedback. Feel free to open a new one if the issue persist or reopen if this was a feature request.

mlsmaycon avatar Jun 01 '25 20:06 mlsmaycon

I'd have to check if it exists in the latest, it probably does.

I just edit the DB and manually assign people when necessary. I don't really use users too much and generally opt for setup-keys for devices instead.

Slickspacestech avatar Jun 02 '25 01:06 Slickspacestech

we have added support for changing the domain which can help in this case

mlsmaycon avatar Jun 02 '25 08:06 mlsmaycon