Encryption options on a Lobby Ambassador implementation

Similar Messages

• WCS Lobby Ambassador audit report for a specific period of time

  Hi all,
  I know there is an WCS audit report for each lobby ambassador activities. But the problem is that I see only activities from Nov 9 to the present. I don't know what the reason is, whether somebody erased that information before Nov 9 or something else happened.
  Is there any option to manually configure a specific period of time, for example obtain all activities for last 3 months?
  Thanks for any hint.
  Jozef

  Hi Koti,
  What error did you meet when you used audit report from Oct 16 to Oct 31?
  Please check the log file to find more information about this issue. The path of the log file is: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\LOGS. You can check the log file whose modified date is from Oct 16 to Oct 31.
  In addition, please deactivate and reactivate Reporting feature at site collection level.
  A similar post for your reference:
  http://sharepointknowledgebase.blogspot.com/2012/07/unexpected-error-when-trying-to-view.html#.VG2cFouUeog
  About audit log report, please take a look at:
  https://support.office.com/en-us/article/Configure-audit-settings-for-a-site-collection-a9920c97-38c0-44f2-8bcb-4cf1e2ae22d2?ui=en-US&rs=en-US&ad=US
  Best Regards,
  Wendy
  Wendy Li
  TechNet Community Support

• WCS Lobby Ambassador with AAA Authentication

  We are using WCS 7.0.164.0. I configured a user as local lobby ambassador with special defaults and also with a special guest login logo. If I use this user to create guest accounts everything is alright. Now I want to change the authentication to radius, so I export the cisco lobby ambassador attributes to the radius server and extend these network policies. Now I can login as user, authenticated from the radius server and I create guest accounts in the same way as before with local login, BUT !!! Our special guest login logo isn't shown and there is now way to upload or configure this special logo. Is there a way to configure these options for users authenticated with AAA ? Thanks for any Help  Bernhard

  Hi Bernhard,
  I used following doc-link: http://www.cisco.com/en/US/customer/tech/tk722/tk809/technologies_tech_note09186a0080851f7c.shtml
  The trick I used is to configure same username on tacacs+ and local, but different passwords.
  local-user: configure your special attributes like logo
  tacacs+: configure the authentication and group
  local-user password is not the same like tacacs+ password.
  I configured Authentication in WCS section: Administration > AAA > AAA Mode Settings
  Enable fallback to local == on auth failure or no server response
  Maybe if you deselect Enable fallback to local you can only authenticate to tacacs+. But now I can authenticate with local user/password and tacacs+ user/password.
  Attributes for tacacs+ or radius server can be exported in WCS section: Administration > AAA > All Groups; Export Task List
  Attributes for tacacs+ server:
  virtual-domain0=root
  role0=LobbyAmbassador
  task0=Configure Guest Users
  task1=Lobby Ambassador User Preferences
  Attributes for Radius (I never tried radius):
  Wireless-WCS:role0=LobbyAmbassador
  Wireless-WCS:task0=Configure Guest Users
  Wireless-WCS:task1=Lobby Ambassador User Preferences
  ==> I think also virtual-domain can be set.

• Lobby Ambassador- Guest User Creation

  Hi all,
  I am currently implementing the use of the lobby ambassador for guest account creation, however I am looking to see if some features exist. I would like to be able to tie into AD to create lobby ambassador's to have further control of who can and cannot create guest accounts. I am also looking if there is a way to put restrictions on the time frame a guest account can remain active for when created by the lobby ambassador. An example of what I am trying to do is to not have a guest account created by an ambassador to go over a day for it's time frame.
  Thanks in advance,
  Chris

  Yes and yes. From WCS you can pull the role for lobby admin and use that to create the group with the proper attributes.
  Then on the WCS you build the template you want them to use. There you can create the restrictions of how long.
  Steve
  Sent from Cisco Technical Support iPhone App

• WCS Lobby Ambassador

  Hello all,
  In WCS by default the lobby ambassador has option to generate manual or auto (random) password for guest user account.
  Is there any way that we can restrict lobby ambassador to generate manual password for guest user ?
  Regards,
  Anis

  No not exactly ,
  We dont want lobby admin's to create manuall passwords for there guest. Loby admin should have option to generate the random passwords only.
  Regards,
  Anis

• Can't setup a Lobby Ambassador account??

  I've just installed a new WLC4402 (50AP) and am trying to set up guest WLAN access.
  So far I have a seperate VLAN and WLAN configured and have secured the VLAN to allow only access to the internet after web-auth.
  I go to the 'Management> Local Management Users> New Page'
  But the only types of account available are 'Read/Write' and 'Read Only', Should the 'lobby Ambassador' be listed here, or am I missing something?
  All the best to all the Forum users for the season.
  Dan

  Hi Dan,
  It should be there if you are running 4.0+ software. If you are running 4.0+ then you could try adding the user via CLI to see if it's an option:
  config mgmtuser lobby-admin
  If you are running 3.2 or earlier, then that's the problem.
  -Ben

• WCS Lobby Ambassador and Monitor User

  I'm running our WCS authentication through ACS with TACACS and it's working fine.  However, I currently have my Help Desk setup with a monitor user so they can login and view WCS, but this does not give them the Lobby Ambassador of course.  How can I get a user to have both WCS and Lobby access with having to login with seperate user identities?

  It's either admin either lobby account, you can not have both, the http pages are completly different and dont intermix.
  Your solution is to have 2 users on your TACACS where one is the admin and one the lobby.
  Here are the step by step config lines:
  http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0admin.html#wpmkr1064288

• New to Cisco Lobby Ambassador

  I want to be able to tie the registering users into the visitor registration section of a segregated guest network. I want to have a link that would appear in the front end after you register a visitor which would direct you to this program which is the lobby ambassador. Any non guest user could be able to register a guest and be provided a temp logon for the guest for a period of time.
  Anyone has an idea of how I can achieve this using a Cisco lobby ambassador

  You should be able to expand it to something bigger.  On the controller go to Security, AAA, General.  Increase this number, it will require a reboot.  I'm not sure the maximum you can increase it to (could be controller dependent).

• Lobby Ambassador can't email guest user accounts via WCS

  WCS is configured with SMTP server under Administration-Settings-Mail Server Configuration and test is successful and it sends e-mail alerts out no problem. However, when Lobby Ambassador creates a new guest account and clicks on the e-mail link to email it out, this message pops-up: 'Email Server is not configured.Contact Network Administrator'.
  Any ideas?

  by poking around I've found an answer. Even though we have a single email server, right after I've added the same server as a secondary email server, notifications started working. Seems to be a WCS bug.

• WCS - Lobby Ambassador users don't see each other's guest users

  Hi, we currently have the problem with WCS 5.2 that a user of the group "Lobby Ambassador" cannot see guest users that have been created by another user of that group. The user can only see his own created guest users. All are in the same virtual domain which is the root-domain.
  I believe this behaviour was not this way in previous versions, here all guest users were visible to all Lobby Ambassador users.
  I couldn't find any hint in the documentation about this.
  Is this simply a change in behaviour (works as designed) or is this maybe a bug?

  You will get this error:
  Error(s): You must correct the following error(s) before proceeding:
  Error:A Guest User account with the name ''lobby user'' has already been created by you or another WCS Lobby Ambassador user. Please choose a different User Name for this Guest account.

• Lobby Ambassador - WCS Logging of Guest Account Creation

  Hello all,
  If I am user "admin-ken" and I setup an guest user account "guestuser1" via the WCS controller templates > Guest User (which takes me into lobby ambassador), is there a log file that indicates that "admin-ken" had setup "guestuser1" guest account?
  Many thx indeed,
  Kind regards,
  Ken

  HiKen,
  Hope all is well :)
  Maybe this is what you are looking for;
  Logging the Lobby Ambassador Activities
  The following activities are logged for each lobby ambassador account:
  •Lobby ambassador login: WCS logs the authentication operation results for all users.
  •Guest user creation: When a lobby ambassador creates a guest user account, WCS logs the guest user name.
  •Guest user deletion: When a lobby ambassador deletes the guest user account, WCS logs the deleted guest user name.
  •Account updates: WCS logs the details of any updates made to the guest user account. For example, increasing the life time.
  Follow these steps to view the lobby ambassador activities.
  Note You must have superuser status to open this window.
  Step 1 Log into the Navigator or WCS user interface as an administrator.
  Step 2 Click Administration > AAA, then click Groups in the left sidebar menu to display the All Groups window.
  Step 3 On the All Groups windows, click the Audit Trail icon for the lobby ambassador account you want to view. The Audit Trail window for the lobby ambassador displays.
  This window enables you to view a list of lobby ambassador activities over time.
  •User: User login name
  •Operation: Type of operation audited
  •Time: Time operation was audited
  •Status: Success or failure
  Step 4 To clear the audit trail, choose Clear Audit Trail from the Select a command drop-down menu and click GO.
  http://www.cisco.com/en/US/docs/wireless/wcs/4.2/configuration/guide/wcsmanag.html#wp1076868
  http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html#wp1001609
  Hope this helps!
  Rob

• Logging the Lobby Ambassador Activities on WLC

  Dear all,
  we interested in "Logging the Lobby Ambassador Activities on WLC",
  we found resusurces that explain hot to do this using WCS, but we want to konw if it's
  possible without WCS.
  More in general, we give the possibilities to oue employee to create guest account, using
  the Radius to autenticate as Lobby Admin.
  We are intereset to identify who creates the particular guest account, in case of
  incident investigation.
  Thanks, for any suggestion on regard.
  bye

  This is not possible with just the WLC. You would want to look at ISE or NAC Guest Server.

• Prime Lobby Ambassador defaults

  I can't figure out if it's possible to standardize the configuration for Guest User creation for users who are authenticated using RADIUS and assigned to the Lobby Ambassador group.
  Any help?
  Thanks!

  I went through this nightmare before as well if memory serves.  Unfortunately, it doesn't appear it's possible.  
  If I'm incorrect, someone please pipe up as I don't believe I was ever able to find a way either.

• Prime Lobby Ambassador defaults scheduling guest users

  Hi.
  I'm actually testing Prime Infrastructure and one important thing there for me is the Lobby Ambassador feature.
  I want to give our colleagues from other sites the possibility to create guest accounts on their own, but with some defaults already set. They should only be able to create accounts with a lifetime of 14 days ( not editable ), but with the possibility to schedule the accounts.
  If I now set the defaults of the Lobby Ambassador to 14 days lifetime and make them not editable, the Lobby Ambassador can’t schedule the guest user. If they choose “Schedule Guest User” from dropdown, they get the message “The creation will be scheduled 5 minutes after the current server time.”
  Is there a way to get that working?
  Best would be to have the defaults partially not editable, so that you can make some things default ( e.g. lifetime, generate password, controller config group ) and some things editable ( e.g. description, disclaimer, scheduling ).
  Regards,
  Sven Lindeke

  I went through this nightmare before as well if memory serves.  Unfortunately, it doesn't appear it's possible.  
  If I'm incorrect, someone please pipe up as I don't believe I was ever able to find a way either.

• WCS setup RADIUS users Lobby Ambassador Defaults

  Hi
  I'm using RADIUS so my users can use their active directory credentials to login WCS and generate guest users accounts...
  But I would like to setup some Lobby Ambassador Defaults, I can easily do ths for local users on the WCS system, but how to setup defaults for RADIUS users?
  Best Regards,
  Steffen.

  Hi Scott
  Tanks for your reply.
  I've allready read the article, but I can't see that it says anything about setting up Defaults for the users, only which task the should be able to do...
  I would like to setup defaults for the radius users, so when they are authenticated as lobby abassadors the do not need to select which SSID the a generating a guest user account for and so on...
  This is possible for local WCS users, but i need to setup these defaults for my RADIUS authenticated users.
  Best Reards
  Steffen
  And btw.. this dicussion was started by me.. https://supportforums.cisco.com/thread/2115616