Lobby Admin and TACACS

Similar Messages

• WCS Lobby Ambassador and Monitor User

  I'm running our WCS authentication through ACS with TACACS and it's working fine.  However, I currently have my Help Desk setup with a monitor user so they can login and view WCS, but this does not give them the Lobby Ambassador of course.  How can I get a user to have both WCS and Lobby access with having to login with seperate user identities?

  It's either admin either lobby account, you can not have both, the http pages are completly different and dont intermix.
  Your solution is to have 2 users on your TACACS where one is the admin and one the lobby.
  Here are the step by step config lines:
  http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0admin.html#wpmkr1064288

• Lobby Admin for guest account creation - Automation of account creation

  hello all,
  i'm sure the creation of guest accounts on the lobby admin page is a painful process for all involved - for us, it involves a process like this:
  visitor asks for wifi > receptionist phones IT > IT creates account> IT phones receptionist with login details.
  I would like to know whether it's possible to speed up this process either:
  1) receptionist is able to click a few buttons, type the name of a visitor (so we know who used particular the guest ID), then is able to generate an ID and password immediately, which can then be printed onto a ticket printer of some sort.
  2) visitor simply connects into the guest network, has to register (name and email) and automatically gets connected.
  are any of these possible? or any other option I could take?
  Thanks

  Why not just have the receptionist create the account via the Lobby Admin login?  The point of Lobby Admin is such that an elevated end-user (receptionist/security/etc) can log in to create a guest account without having to interact with an "admin".  There's no point in having your IT staff handle the Lobby Admin logins.
  Some of the other items you are asking for would be a better use-case with Cisco ISE solution.

• WLC Lobby Admin with ACS 5.1

  Hello,
  Just wondering if someone knew how to configure a LobbyAdmin account for WLC 7.0 on a 5.1 ACS?  I'm very new to ACS 5.1 and need to advise as to how to configure it.
  I've got the ACS policy working that allows me to login to the WLC using a user account with full rights but the Lobby admin account can login with full rights as well.  I've tried setting the custome attributes in the shell profiles with role0-mandatory-LobbyAmbassador, task0-Mandatory-Configure Guest User and task1-Mandatory-Lobby Ambassador User Preferences but it still doesn't work.

  The debug for the Lobby account shows a space in the role,
  *tplusTransportThread: Jan 24 14:40:10.751: arg[0] = [33][role1=                      LOBBY]
  If I use a working account there is no space,
  *tplusTransportThread: Jan 24 14:39:08.151: arg[0] = [9][role1=ALL]
  I've checked the shell profile and don't see any spaces.

• Filter the SSID for Lobby Admin

  Hi,
  I've created a sponsor portal on wlc 5508 by using LobbyAdmin account, but I noticed that the person who will have access to this portal is  able to assign any vlan to the visitor because there is a drop down list which displays all SSID which are configured on the wlc. Can we avoid this and limit the drop down list?

  No it's not. The lobby admin will see all the SSID's. nothing you can do here. Others have also asked this in the past and nothing has changed.
  Sent from Cisco Technical Support iPhone App

• Lobby Admin Guest Account with Two Controllers

  I have two 5508 WLCs.  Both have APs attached to them.  If I create a guest account with the lobby administrator on one, will that user account be able to log in to the network if the client is attached to the ohter WLC?  So far, I have found that I need to create the same user on both WLC's, in order to have the user login.

  No, if you create the Lobby Admin on the WLC it does not cross over to any other WLC>
  Now if you had WCS/NCS you coudl create the user there, and it would be able to push to both WLC.
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• WAAS and TACACS

  We are trying to get our WAAS environment to authenticate against TACACS and then fall over to local if TACACS is unavailable. For engineer logins everything is working as expected. However we are seeing several thousand failures against the TACACS server from a username of "CMS". This user is not configured in the CM or in TACACS. So we log the failed login and CMS logs into the WAE due to the failover to local mechanism. Looking at packet captures, and debugging aaa on the WAE's it is definitely a CMS user that logs in but shows 127.0.0.1 as its "from" host. I am fairly confident this is automation within the WAE syncing with the CM or vice versa. Does anyone know how to get WAAS and TACACS to work together without a mass amount of login failures? Is there a way this CMS user can be cloned/duplicated on the tacacs server? What is the password for this automation user?
  Thanks in advance.

  Hi Stan,
  WAE can authenticate against TACACS, RADIUS and Central Manager (Local) at any time depending on your configuration.
  There are couple of things to keep in mind while configuring TACACS on WAE, on both sides - TACACS adn WAE CM.
  On TACACS side:
  1. Please make sure to create right username.
  2. Please make sure to verify if you are using ASCII password authentication.
  3. Try to use less than 15 letters - Alphanumeric TACACS password.
  4. Please provide right user level / group level persmissions. This is somewhere under user account properties. Please also make sure to select right user password under user properties.
  5. Verify if this user needs level 15 (admin equivalent account).
  On WAE CM side:
  1. Please make sure to select right authentication method as primary and secondary.
  2. Please make sure to enable the check box for authentication methods.
  You can verify the failure / successful log events on TACACS server in order to find out if the user is atleast trying to authenticate against TACACS.
  I am sure you have looked at this link to find out all the required steps: Configuring TACACS+ Server Settings
  Hope this helps.
  Regards.
  PS: Please mark this as Answered, if this resolves your issue.

• Maximum Lobby Admin users on WiSM

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Tabla normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin:0cm;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  Hello,
  One of our customers is asking us about what's the maximum number of Lobby Admin users that could be created on a WiSM? They are a University that could need about 60 Lobby Admin users for their different faculties and administrative areas along the campus.
  Thanks.

  Hi,
  The maximum amount of guest accounts that can be created for the local user
  database is limited to a maximum of 2048 entries, default count is 512. This
  database is shared by local management users (including lobby ambassadors),
  net users (including guest users), MAC filter entries, and disabled clients.
  Together, as long as all of these types of users do not exceed the
  configured database size of 2048 you are ok.
  and
  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080a49cd7.shtml#backinfo
  Thanks
  Serge

• Lobby admin cannot create the guest User

  Impossible to create a guest user with the same name sa previously "the user already exist". Although the validity of the account has expired.
  Even if the user does not appaer on the list of the user who still access the wlan, but the same user still have access to the network.
  WLC2112, soft version: 7.0.98.
  in advance THX.
  cheers.

  Just to verify.. please do tha testing..
  1>> Create a new user Lobby Admin account..
  2>> Create a new local net user for life time 2 minutes.
  3>> Check on the WLC if the user exists.
  4>> Wait for 2 minutes till the user expires.
  5>> AT the time the user gets deleted, create the same usename from the Lobby admin account that you have created in the First step and see if we see any problem.
  I just recreated the same and its working fine for me..
  Lemme me know how this works out for you!!
  Regards
  Surendra

• Multiple Lobby Admin on one WLC

  Is it possible to have multiple lobby admin accounts on a wlc so each account can only create / delete guest users for a specific WLAN?  For example, I have 2 WLAN's.  Admin1 creates users for WLAN1 and Admin2 for WLAN2.  Is there any way of restricting the lobby admin screen so each admin can only create an account for his / her own WLAN?  I don't have WCS and was wondering if there is some command line option.
  Thanks.

  Hi, You can have multiple lobby admin accounts, but you cannot bind a lobby admin to a wlan.

• Lobby admin - how to restrict options?

  Is it possible to simplify web-interface for lobby admins? Now by default they have too much choices: "User name" form field, "Generate password" checkbox, "Password" and "Confirm password" fields, "Lifetime" and "WLAN SSID" and "Description" ... Too complicated.
  I would be happy to restrict Lobby admins to "User name" field, and restrict their ability to choose "WLAN SSID" (I have a couple of WLANS, of course, guest users will not get rights for the wrong WLAN, but Lobby admins are able to set WLAN wrong). I would require password generated by my WLC rather then allowing my lobby admins typing "Password1" etc. in this form.
  Any advice?

  You've generate password that generates random password.
  only webauth guest wlans are shown for lobby admin.

• Sharing Itunes library between an admin and user account on one imac G5

  Hello,
  Please forgive the repetitive question. i have set up an admin and a user account on my iMac. I set the itunes library to users/shared/music/itunes/itunes library on both accounts. The music shows up on the admin account but not the user account.
  Can anyone give a quick step by step including obscure settings that may need to be altered so that I can finally get this pesky stress monkey off my shoulder!
  Thanks!
  iMac G5   Mac OS X (10.4.3)   Ipod video 30Gb

  Hi,
  Someone recently poasted a similar problem as yours.
  Here's the discussion and solution:
  http://discussions.apple.com/message.jspa?messageID=1192454

• I'm trying to update my apps in my macbook , the apple id is not mine and it's disabled and cannot change it, I'm the admin and my apple id shows correctly in iTunes and iCloud etc. only app store shows a disabled apple id why?! the computer has3 accounts

  Problem - grayed out apple id in app store
  I have signed in to my account, I am the admin and my apple id is correct shown in itunes, and other apps except the appstore.
  In Appstore, it shows another email id and it is disabled.  
  Problem
  1. I do not know why another email id is visible in my account (we have separate accounts on this laptop , all admins)
  2. Why wouldn't it allow me to change the login name and let me get on with my updates!!
  Options already looked
  1. phone - asked me to go to support blah blah .apple.com
  2. internet - i'm here.
  3. Applet id - manage on line- all is well there. no need to change anything.
  4. other apps with apple id involved - checked and works fine.

  Do you recognize the ID?

• My computer won't let me run the setup.exe file. I am an admin I've run as admin and I've downloaded many times. I just reformatted my computer and now it won't work.

  My computer won't let me run the setup.exe file. I am an admin I've run as admin and I've downloaded many times. I just reformatted my computer and now it won't work.

  Try this  - Reset the iPad by holding down on the Sleep and Home buttons at the same time for about 10-15 seconds until the Apple Logo appears - ignore the red slider - let go of the buttons. (This is equivalent to rebooting your computer.) No data/files will be erased. http://support.apple.com/kb/ht1430http://support.apple.com/kb/ht1430
  If you can't update or restore your iOS device
  http://support.apple.com/kb/ht1808http://support.apple.com/kb/ht1808
   Cheers, Tom

• How to set security group as primary site collection admin and secondary site collection admin using powershell in sharepoint online site - office 365?

  How to set security group as primary site collection admin and secondary site collection admin using powershell in sharepoint online site - office 365?

  Hi,
  According to your description, my understanding is that you want to set security group as admin of primary and secondary site collection using PowerShell command in office 365.
  I suggest you can use the command below to set the group to site owner, then it will have the site collection admin permission.
  Set-SPOSite -Identity https://contoso.sharepoint.com/sites/site1 -Owner [email protected] -NoWait
  Here are some detailed articles for your reference:
  https://technet.microsoft.com/en-us/library/fp161394(v=office.15)
  http://blogs.realdolmen.com/experts/2013/08/16/managing-sharepoint-online-with-powershell/
  Thanks
  Best Regards
  Jerry Guo
  TechNet Community Support