Guest access for vendors/clients

Similar Messages

• No guest access for Windows clients

  Since installing the 10.4.11 OS X Server update, Windows clients can no longer browse the list of shares. Guest access is allowed in the Windows service, and one of the shares does have Guest access enabled. I went so far as to allow R+W for the unknown and unprivileged groups.
  The logs show the windows user account failing authentication, which shouldn't even be necessary since Guest access should give them explicit access anyway. The Windows client gets prompted for a user name and password, which does authenticate properly if an actual account is entered. For some reason, this client's IT department is adamant about allowing guest access. Any clues?

  Hi,
  I know it is a common issue, but the answer you link to is very old and for Windows NT4 and Windows 2000.
  I should be possible to enable NAT on the VPN server as described here:
  http://technet.microsoft.com/en-us/library/dd458971.aspx
  But I cannot get it to Work.
  Thomas Forsmark Soerensen

• PIN-based guest access for airport express

  how do I setup PIN-based guest access for airport express?
  I have a 2010 iMac OS X 10.6.8 and an Airport Express of the same era.
  Thanx in advanced...
  Siegfried

  Hello Bob,
  Thank you for your time on this.  I apologize for not giving you a more complete picture of what was going on. 
  I should have included that I had already performed the steps that you shared and had gotten to the place where I would enter the PIN. 
  The problem was that, after entering a PIN that I had come up with, the "continue" button never became active.  I called Apple Care and ended up talking to 3 different people before I found someone that knew the answer.  The answer is that the guest computer (client) MUST be present inorder for me to complete the setup.  So, problem is now solved.  Thanx...
  Siegfried

• Guest access for Cisco WAP's...

  Can someone recommend a solid 3rd party solution to offer granular guest access using Cisco 1241's and a WLAN controller? Something that is similiar to what is used in hotels.
  I have a client considering BlueSocket/Aruba solutions and apparently both offer hotel-style guest access that is very granular. I realize Cisco's NAC management piece does this but it's outside of my client's budget.
  Thanks in advance-

  Yes we have. So I have been really digging on this and when you go to a external webauth it still looks to send the username password back to the WLC. I have an internal doc from Cisco that say
  "Login request is sent back to the action URL of the controller web server."
  By default when setting up the WLC i used the 1.1.1.1 ip for the virtual interface. Currently 1.1.1.1 is not advertised in my network so how the heck would the NAC send the request back to it?? (Sorry thinking outloud). According to my understanding the switch_url is what its looking to send the credentials back too...Sooo should I modify my virtual IP to be something that is routable on my network?
  If your lookin in the below URL which is what id get redirected too and after filling out my self service.
  https://nac.guestwifi.com/sites/Guest/selfservice.html?switch_url=https://1.1.1.1/login.html&ap_mac=00:22:90:93:25:80&wlan=MAS&redirect=www.google.com/
  The switch_url part is what send the post to would need to be reached via the nac. Right now 1.1.1.1 is not..
  Thoughts?

• ISE 1.2 Guest Access for EAP(Dot1x) Authentication

  Hi.
  I want to use encryption for guest access. 
  In order to use the "RADIUS-NAC" in the WLC, you can not use or "Open + MAC" only "WPA + dot1". 
  (Specification of the WLC) 
  When the "Open + MAC", return from the ISE at the time of the "Web Authentication" in the "Session-Timeout Attribute", I was able to forcibly disconnect the radio. 
  (Attribute is the same value as the (ISE TimeProfile) time the guest user can use) 
  If you connect to a wireless terminal to forced disconnect after screen of Web authentication is displayed, you can not login. 
  (Because the account has been revoked) 
  I want to make even dot1x this environment. 
  However, because it becomes the "re-authentication time" If dot1x, as long as the terminal is connected to the radio, it is not cut. 
  In addition, even in the setting of "Attribute Termination-Action = Default", does not return until the Web authentication. 
  (Status of the WLC remains "Auth Yes") 
  (Session of the ISE remains "Started") 
  Use the (EAP) Dot1x, Can I "is allowed to forcibly disconnected," "to match the time of TimeProfile" in the same way as "Open + MAC" thing? 
  Thank you.

  Note：
  Cisco ISE:Version1.2.0.899-8
  Cisco WLC(5508):Version 7.6.120

• Informing cost center or profit center for vendor/client items

  Hello all,
  We need to post vendor or client items with a profit center, we tried modifying the field status group for Vendors/Customers account, but we can not enable the cost center or profit center field, is there anyway to enable these fields?, and if not, to assign a profit center to the vendor/customer line item in a different way?
  Thank you very muchs Gurus

  Hi for the reconciliation GL Account use G067 field status group.
  There is no much sense to post the amount on vendor items with cost center. Normally amounts posted on customer or vendor will not go to cost center. However, this can be flown to PCA, provided if you run 1KEK at a periodic time intervals. Please not that F.5D would be pre-requisite for running any transferable from FI to PCA

• Restrict access for Vendor Master Data

  Hi all.
  Our company structure is like below:
  Single instance, just one mandant.
  Company codes like 1001, 3001, 6002, 6006, etc... over the world.
  At some companies just the central administration can create vendor for the companies using the transaction XK01.
  Now we need to give access to users from one of our company from other country but we can´t give access to transaction XK01 because just the central administration can create the master data for the vendors.
  I already read about the object F_LFA1_AEN that is possible to create some field groups and give access just for the rigth groups. I also read that this authorization groups don´t have effect on the vendor master data like address.
  How can I restrict access for the vendor master data? I´m thinking to give access to transaction FK01 and MK01 and restrict access for create a new vendor, I only want that the users can create the data for a new company or new purchase organization.
  Thank you
  Darlei Friedel

  among many other authorization objects, you find following three:
  F_LFA1_GEN general data
  F_LFA1_BUK company code data
  M_LFM1_EKO purchasing org data.
  If the user does not have authorization for F_LFA1_GEN , then he cannot maintain general data.

• Guest Access for Windows Services

  Hi,
  I need to access my shared files through a "Guest" access, without a password. I understand it is not a safe way to work, but I do not have a choice : I am using a device named mediagate, which is supposed to be able to read the shared files on my computer, and this device can only connect to my computer using a "Guest" access.
  I understand OS X server could do that (refering to http://docs.info.apple.com/article.html?path=ServerAdmin/10.4/en/c4wn14.html), but I am using OS X tiger 10.4.4 workstation. Is there anyway for me to do that ? Otherwise, the mediagate I bough is totally useless...
  Thanks for your help !
  iMac G5   Mac OS X (10.4.4)  

  Hi Marco,
  This behavior is a limitation that we are looking into providing a solution in a future update.
  Thanks,
  Robert
  Robert Bruckner   http://blogs.msdn.com/robertbruckner
  This posting is provided "AS IS" with no warranties, and confers no rights.

• Voucher based guest access for vWLC (time restricted pre created user auth codes)

  Hi all,
  Is it possible to create voucher based user auth tickets for guest wireless on the Cisco WLC?
  We are running the vWLC latest version
  Cheers, Simon

  No you can not create voucher using vWLC But you can create guest access using vWLC.
  For the Guest access deployment ,plesae refer to the document below.
  http://www.cisco.com/c/en/us/td/docs/wireless/technology/guest_access/technical/reference/4-1/GAccess_41.html#wp1000477

• Enable anonymous access for Javascript Client Object Model

  In SharePoint 2010 it was possible to use the Javascript Client Object Model with anonymous access enabled by removing "GetItems" from the ClientCallableSettings.AnonymousRestrictedTypes.
  In SharePoint 2013 however, it seems that an extra security barrier has been implemented. Trying to use the Javascript Client Object Model results in the following message: "Access denied. You do not have permission to perform this action or access this
  resource."
  After this I went on to do a little research, and it appears that Javascript Client Object Model actually relies on the REST API (please correct me if I'm mistaken), and the REST API also doesn't seem to work as an anonymous user.
  So I'm in the dark here. I can't imagine that SharePoint 2013 (so heavily relying on the client object model) can't be used with anonymous access. I've also found very little documentation on anonymous access in combination with SharePoint 2013.
  So, how do I enable the Javascript Client Object Model to be used with anonymous access enabled?
  P.S. Needless to say, my web application is enabled for anonymous access and so is my site collection.

  There are really 4 things you need to do to enable anonymous access:
  1. In web application level, enable anonymous.
  2. In site collection level, make sure anonymous access Entire Website.
  3. In Web level, set Full Permission Masks, till here, you're able to anonymously access REST APIs.
  # Enable Anonymous access
  $web = Get-SPWeb $url
  if($web -ne $null)
      Write-Host
      Write-Host -ForegroundColor Yellow "Enabling Anonymous access on:" $web.Url
      Write-Host
      $web.AnonymousState = "On"
      Write-Host -ForegroundColor Yellow "AnonymousState set to:" $web.AnonymousState
      $web.AnonymousPermMask64 = "FullMask"
      Write-Host -ForegroundColor Yellow "AnonymousPermMask64 set to:" $web.AnonymousPermMask64
      $web.Update()
      Write-Host
  Below are the things to enable anonymous client object model APIs:
  4. In web application level, Require Use Remote Interfaces Permission - uncheck it.
  5. In web application level, Anonymous Restricted Types, remove all of them:
  $app.ClientCallableSettings.AnonymousRestrictedTypes.RemoveAll()

• Can VI server automatically close access for clients' VIs, if one of clients is already connected?

  Can VI server automatically close access for clients' VIs, if one of clients is already connected? and when first client closed reference, open access for other clients' VIs? I mean like when you use web publishing tools. If one user already uses front panel.. other just can wait until first one will finish.

  Please stick to one thread.  Here is the original.

• SRP526W to forward or provide VPN access for clients

  Hi,
  we are having a SRP526W here which replaced a cheap, simple router. Now we would like to set up the VPN-access for outside clients again. So far this was done by forwarding PPTP (TCP 1723 and GRE) to the Windows 2000 Routing and RAS-server inside the network.
  According to this post the SRP521W, and therefore I suppose as well the SRP526W, are not able to forward GRE: https://supportforums.cisco.com/thread/2093204
  Is there a way to provide VPN access for outside clients with this router? Maybe with L2TP (but then we would need to forward ESP) or IPSec (ESP and AH as far as I know)?
  If there is no solution we would need to replace this device again with a cheap, simple router which is able to forward GRE - as you can imagine, we would like to save Cisco from this shame.
  Kind regards
  Dominik

  Hi Dominik,
  It is not possible to use L2TP or PPTP from the SRP526 (This is only possible from the Ethernet WAN interface).  It is possible to set up an IPSec VPN or GRE tunnel from the SRP to a peer in the network.
  This might offer some guidance here.
  Regards,
  Andy

• Wired guest access with 5508

  Hi
  I have setup wireless guest access for a customer with a single 5508 and web authentication no problem at all. He then wanted to test wired guest access. The 5508 is currently connected to a single 3560 switch. The wired clients get a DHCP address OK but cannot reslove DNS and thus don't get redirected to teh guest login portal. I have even tried turning of all L3 security to no avail. The setup is as follows
  VLAN 101 access points and 5508 management interface
  VLAN 102 wired guest access dynamic ingress (L2 config only no SVI on 3560)
  VLAN 103 wireless guest dynamic egress nterface L3 network with SVI on switch
  VLAN 104 wired guest dynamic egress interface L3 network with SVI on switch
  There are two DHCP pools setup on the WLC one for the VLAN 103 and one for the VLAN 104 subnets.
  The internet router is also connected to the 3560 on a sepearte VLAN with an SVI. the 3560 has a default route to teh internet router and teh DHCP pools give the DHCP clients a default gateway of the IP address of dynamic interface 103 or 104. The Internet routre can ping the WLC on both these addresses.
  LAG is enabled on teh WLC and VLANs 101-104 are trunked to it from the 3560.
  I even tried making the wired guest egress interface the same one as for wireless. The wired clientys now got an IP address on the wireless range but still couldnt pass any traffic. It's like the intrenal bridging on teh WLC between VALN 102 and 104 (or 103) is broken. Tried both the lates 6.x and 7.x software on the WLC. Any ideas ? All the problems I can find with this seem to relate to not gettingas far as a DHCP address but that works fine.
  Thanks
  Pat

  Hi
  Yes got it resolved. It turns out that the connection from the wired guest access port to the WLC must be L2. That is the switch that the wired guest acces sport is connected and WLC are connected to must be L2 only. We were using a single switch to do the testing and it was also doing the routing for the test LAN. Even though there was no L3 VLAN interface configured for the VLAN that the guest access port was on for some reason this breaks it. Absolu Didnt have chance to work out the exact limitations of this as we simply made the switch L2 only and configured an 802.1Q trunk to the Internet router and made subinterfaces on the router for the wired and wireless egress ports and it worked then. No config change was needed on the WLC at all.
  The only thing I can think of is that it's something about the way the WLC joins the wired guest access ingress VLAn and egress VLAN. The WLC isn't a reall router it says so in the documentation. I think the packet coming from the wired access port is being bridged to the egress VLAn not routed and this is what screws it up (remeber with a router the source and destination MAC addresses would be changed with a bridge they aren't). Got to be something along those lines. If you have a bigger newtork with a guest anchor WLC handling this function you dont run into this as the traffic is coming over an EOIP tunnle from the remote WLC so the switch with the guest anchor WLC doesnt see the MAC address of the wired guest PC.

• Guest Access Query

  Hi All,
  Suppose we have 50 x WAN sites and we have 5 APs per  site.
  If we to enable Guest Access for all sites, does  that mean we need  license of 250 for the anchor controller?
  What is the best recommendation for provisioning licenses for guest anchor?
  I have gone through the 7.0 config guide but apart from wired guest info not much help there.
  Any help is very much appreciated.
  Thanks,
  Janesh

  No. For guest anchoring you just need either a 4402-12 or 5508-12. Anything more is a waste. You see, the anchor doesn't manage any AP's just clients. The license are for ap count.
  http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00809ba482.shtml
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch10GuAc.html
  Sent from Cisco Technical Support iPhone App

• WIRED GUEST ACCESS WLC 5508

  Hi Guys, 
  I've just set up a wired guest access for my HQ but I'm wondering if it is possible to do the same in a branch office because We do not have another controller in this site, could this be accomplished using the wlc of the hq?
  Any ideas please.
  Regards
  Oscar

  If you have L2 communication between HQ &  BR, this is possible (then you can extend your wired user vlan to your WLC).
  Otherwise you have to have a WLC at your branch as well.
  http://mrncciew.com/2013/03/26/wired-guest-access/
  HTH
  Rasika
  **** Pls rate all useful responses ****