Hi,
I’ve noticed some conflicting information in the documentation regarding credentials discovered during device discovery and their use in future operations.
In one section, it states:
> “Whichever credentials work on the device first will be used for any future operations (backup, mass config push) with this device.”
However, another section mentions:
> “Unimus performs a discovery before each scheduled backup.”
Given this, how can we configure Unimus to consistently use the credential pair that was previously discovered to work for the device during scheduled backups?
The issue we’re seeing is that we have a large number of credentials configured in Unimus. As a result, it appears to try credentials randomly during scheduled backups, leading to a high number of failed login attempts on devices.
Why doesn’t Unimus reuse the known working credentials during scheduled backups? Is there a way to enforce this behavior?
I came across this thread:
<viewtopic.php?t=842>
However, I don’t see the referenced setting under Advanced Settings, so I’m assuming it may not have been implemented.
I’ve also noticed that binding credentials directly to devices resolves the issue, but we manage a large number of devices, and manually binding credentials to each one is not practical.
Thanks!
Scheduled backups should use the discovered credentials
If you have automatic credential discovery enabled for a device Unimus will recheck the credentials before scheduled backups.
https://wiki.unimus.net/display/UNPUB/D ... yperformed?
"pinning" the last known working credentials only works for actions taken that are not automated. So, manual backups, Device CLI, Mass Config Push (Manually run or scheduled) will not have a discovery performed beforehand.
Since backups are a core portion of Unimus's operation and utility, we want to always collect them safely, so we have chosen to always perform a full Discovery before attempting a backup. There are some enhancements we have in our backlog, but we have not implemented them over other features.
For our larger deployments, we always recommend binding credentials for added devices since it's a slow system and does have some negatives when you start scaling. For situations where a large number of devices are using Credential Discovery, my system is one of two paths.
Create a single "unimus" user credentials that is universal across all devices. This is preferred in my book, but isn't always possible. MCP is really handy here.
If a single Unimus credential isn't possible, then what I do is go to the Devices menu and select all devices. I then bind the first credential for all devices. That causes a discovery to occur. I then sort all the devices by Last Job status. I then unselect (you can do this by click dragging over the selection boxes) all the successfully discovered devices and then rebind the next credential. I then rinse and repeat for all devices until I have manually bound all devices with a set of credentials. (This process is helped a lot if you have good descriptions for credentials)
I am bugging the devs on the feature timeline, it might not be too big of an ask to fit in the next couple dev cycles.
https://wiki.unimus.net/display/UNPUB/D ... yperformed?
"pinning" the last known working credentials only works for actions taken that are not automated. So, manual backups, Device CLI, Mass Config Push (Manually run or scheduled) will not have a discovery performed beforehand.
Since backups are a core portion of Unimus's operation and utility, we want to always collect them safely, so we have chosen to always perform a full Discovery before attempting a backup. There are some enhancements we have in our backlog, but we have not implemented them over other features.
For our larger deployments, we always recommend binding credentials for added devices since it's a slow system and does have some negatives when you start scaling. For situations where a large number of devices are using Credential Discovery, my system is one of two paths.
Create a single "unimus" user credentials that is universal across all devices. This is preferred in my book, but isn't always possible. MCP is really handy here.
If a single Unimus credential isn't possible, then what I do is go to the Devices menu and select all devices. I then bind the first credential for all devices. That causes a discovery to occur. I then sort all the devices by Last Job status. I then unselect (you can do this by click dragging over the selection boxes) all the successfully discovered devices and then rebind the next credential. I then rinse and repeat for all devices until I have manually bound all devices with a set of credentials. (This process is helped a lot if you have good descriptions for credentials)
I am bugging the devs on the feature timeline, it might not be too big of an ask to fit in the next couple dev cycles.
I appriciate the reply and tips! Yes having a single UN/PW on each device that unimus can use is ideal and its a WIP on our part. I did find a workaround until it is implemented in Unimus. I can modify the DB directly and update this column (bound_device_credential_id) on the device model to the correct device_credential id which is already stored in the DB, this allows me to easily mass update bind credentials.Tommy.c wrote: ↑Fri May 22, 2026 2:16 pmIf you have automatic credential discovery enabled for a device Unimus will recheck the credentials before scheduled backups.
https://wiki.unimus.net/display/UNPUB/D ... yperformed?
"pinning" the last known working credentials only works for actions taken that are not automated. So, manual backups, Device CLI, Mass Config Push (Manually run or scheduled) will not have a discovery performed beforehand.
Since backups are a core portion of Unimus's operation and utility, we want to always collect them safely, so we have chosen to always perform a full Discovery before attempting a backup. There are some enhancements we have in our backlog, but we have not implemented them over other features.
For our larger deployments, we always recommend binding credentials for added devices since it's a slow system and does have some negatives when you start scaling. For situations where a large number of devices are using Credential Discovery, my system is one of two paths.
Create a single "unimus" user credentials that is universal across all devices. This is preferred in my book, but isn't always possible. MCP is really handy here.
If a single Unimus credential isn't possible, then what I do is go to the Devices menu and select all devices. I then bind the first credential for all devices. That causes a discovery to occur. I then sort all the devices by Last Job status. I then unselect (you can do this by click dragging over the selection boxes) all the successfully discovered devices and then rebind the next credential. I then rinse and repeat for all devices until I have manually bound all devices with a set of credentials. (This process is helped a lot if you have good descriptions for credentials)
I am bugging the devs on the feature timeline, it might not be too big of an ask to fit in the next couple dev cycles.
Looking forward to future updates!