Local net users - usernames case sensitive

Similar Messages

• Problem audit mismatch WCS/WLC for local net user

  HI,
  I have a problem in my WCS the audit status is mismatch for my two controllers. When I see the details of the mismatch, it is said that all my 400 users are "not present in controller".
  However, I checked directly on my web interface of my controllers and my users are there (Security--> AAA--> Local Net Users). I've also checked on the WCS (ConfigureàControllersà controlerà Security à AAA -> local net user).
  In both My users are present and are identical.
  When i refresh config from controllers on the WCS it disappears but a week after the mismatch comes back.
  If anyone can help, Thanks
  Alex

  Anyone able to answer this one?
  We are having the same issue.  We had WLC code 7.0.116.0 with WCS giving us mismatches on certain thresholds, despite the fact that the controller and the WCS configs were a match and no one made changes.  We would refresh confgi from controller and a week later, the mismatch was back.  It's as if there was something wrong with the WCS database.  We upgraded to NCS 1.1 and are now on WLC code 7.0.230.0 and it worked for a while, but we are now randomly experiencing the same issues and then some with NCS. 
  We have a multi-tenant campus that has several of another organizations access points configured as friendly in NCS, but the controllers still had them as rogue and were containing them.  We are also experiencing a max client count threshold that is set to 20 on the controller, but NCS is now reverting back to the default 12 value and giving off a mismatch.  I don't know if there is a SQL issue with the database or not, but we service roughly 3000 users on a 5 million sq. ft. campus and some of these mismatches and failure to identify critical mismatches is starting to become a problem.  Going to open a TAC case, but if anyone has any insight in the mean time, that would be helpful.  Thanks!

• Import local net users to Cisco Prime 1.2

  Hi,
  We have 4400 WLC that has about 400 local users configured under local net users and we are deploying Cisco Prime 1.2 in our company. Does anyone know how to import these users to Cisco prime? I was told that it could only be done manually like re entering all 400 entries to Cisco Prime! if this is the case it 'll be tedious.
  Thanks for any help.

  Hello,
  Complete the following steps to migrate data from WCS:
  1. Place the WCS export ZIP file (for example, wcs.zip) in a repository or folder (for example, repositories).
  2. Log in as the admin user and stop the Cisco Prime Infrastructure server by entering the ncs stop  command. Configure the FTP repository on the Cisco Prime Infrastructure  appliance using the repository command as shown in configuration  snippet below:
  pi-appliance/admin# configure
  pi-appliance/admin(config)# repository pi-ftp-repo
  pi-appliance/admin(config-Repository)# url ftp://209.165.200.227/backup
  pi-appliance/admin(config-Repository)# user ftp-user password plain ftp-user
  Note: Make sure the archived file is available with the show repository command.
  3. Enter the ncs migrate command in order to restore the WCS database.
  pi-appliance/admin# ncs migrate wcs-data wcs.zip repository pi-ftp-repo
  4. By default, no WCS events are migrated. Enter the ncs start  command in order to start the Cisco Prime Infrastructure server after  the upgrade is completed. Log in to the Cisco Prime Infrastructure user  interface with the root login and the root password.
  For mmore information you can refer to the cisco prime infrastructure deployment guide:
  http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps12239/deployment_guide_c07-721232.html#wp9000654

• Internal Web Authentication + Local Net User

  Hi all,
  I'm trying to setup the WLC with internal web authentication + local net user account. I've setup a WLAN for this local net user configure the user profile map to this WLAN.
  When the laptop get associated with the designated WLAN, and user tried to browse to the internet, the internal web authentication page doesn't appear on the browser.
  I'm just curious is there any DNS server require in order to direct the user entered URL request to the virtual interface?
  regards.

  Well if you are using webauth for guest users, you really want to have an open ssid and wither have a username and password on the wlc or use a passthrough webauth where the guest users just have to click submit or accept. If you are using this for internal users, then you really shouldn't use webauth since this will not be single sign on. Again, you can if you want your internal users to sign on again. There is wpa/wpa2 PSK and then there is wpa/wpa2 8021.x in which this will require either using local EAP or a Radius Server. Ther radius server will either have the local user accounts or you can point this to AD. Depending on if you use EAP-PEAP (certificate on the radius server only) or EAP-TLS (certificate on both the radius and clinet) you will need a certificate.
  For webauth only, you do not need a certificate on the user or radius server, a certificate will be required on the wlc if you don't want users to be promted with a certifcate error message. 5.1 supports unchained certificates, but I always use RapiddSSL for a root ca cert just to make deployment mush simpler for the client. So webauth and EAP will require certifcates with webauth being optional.

• Cisco WLC Local Net user Authentication

  Hi,
  I have a Controller configured with local net users. Web policy with authentication has been configured for Layer 3 security. When the user tries to access the Wireless, they will be redirected to a web authentication screen, where they need to enter the pre-configured credentials to gain access.
  Now, the requirement is: users shall have to provide login credentials only upon initial access (one time) and shall not have to accept an Acceptable Use Agreement when their systems connect to the wireless network. The next time user tries, they should be provided access automatically.
  We have configured the following setting on Windows 7 client:
  1. Connect automatically when the network is in range is selected
  2. Please refer the attached screenshots for further configuration for Windows 7 Clients.
  On WLC: SSID --> Advanced Options --> We have disabled the “Enable Session Timeout” setting, but we still have "Client Exclusion" Enabled.
  When a computer is shutdown and brought back up within a few minutes the wireless credentials seem to stick, however, when the computer is shutdown for a period of overnight, the credentials are no longer cached and we have to re-authenticate to the wireless.
  Is this issue because of  "Client Exclusion" Enabled on the SSID/WLAN ?
  If not, can someone share the complete procedure to make sure that users local net user credentials will be cache.
  Thanks,
  Jagan

  Well you only can keep it connected for an x number of minutes. You will not be able to set it longer than a day. This means, I can't configure the WLC/Client to cache the credentials permanently? And everyday, they have to enter the credentials to access SSID?You can extend it up to 30 days, but you have to run v7.5.  After that, they will have to login again.Change the idle timer to about 2-4 hours and that should keep the client on the WLC DB. This will allow the client to go away for the number set and come back without having to login again. As you said, if I configure the WLC Idle Time for 2-4 hours, do the client have to provide credentials the next day when they access Wireless?Yes.  See my previous answerIs there any other way via which this can be achieved? (The limitation is : client should be authenticated only with the WLC.)If you are looking for clients to login once and then never again, the answer is no.  You have two choices, you can use the new v7.5 and use the sleeping client feature which gives you max of 720 hours (30 days), or you use th eidle timer and after the idle timer expires, the user will have to login.Thanks,Jagan
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• WLC 7 on 5508 - 802.1x and Local Net Users or LDAP

  Is it possible under the 7 version of the software to use LDAP or Local Net Users for authentication instead of RADIUS for doing 802.1x authentication, and if it is, is there any documentation around that has some configuration information?  I've been doing some poking around and haven't had much luck yet.

  Wireless users on 802.1x?  We're in the midst of testing this with 6.X and 7.X firmware.  So far, no complaints.  

• Generate a Local net user Report from WLC or through WCS

  Need advice regarding downloading the Local net user list from Anchor WLC or through WCS. In WCS I could not find any menu to generate a report on Local net users in other words Guest account list.
  Please advice Thanks
  Jacob

  I don't know aobut using WCS, but you can always run a command through the cli:
  show netuser summary

• CISCO WLC , connecting SSID with local net user

  Dears,
  Created Local Net User
  created SSID and Broadcasted, users can connect to SSID with PSK
  But not able to connect using Local net user created in WLC
  Edwin

  Hi,
  What kind of Layer 2 Security are you using on your SSID?
  You can't have both PSK and Local user database authentication on the same SSID.
  Best regards,
  Sebastian

• WLC- Local net user

  Hi,
  Normally in cisco WLC, we can create "local net user" , same user can able to access internet via captive portal authentication.
  Query is : can we use "password policy "  which was there on the same screen under security  tab :  as the Possword policy is only for "local management & AP User "
  did "AP user" is same like "local net user"
  Br'Subhojit

  Hi,
  I have exact the same issue to applying a password policy to local net users ? I am running version 7.6 on our 2504 ?
  Thanks

• Cisco WLC local net user - guest account

  Hello,
  We have a 2504 Cisco WLC.  I am creating Local Net Users for one of the WLANs that uses Web Auth and the Local Database.
  My one question is, what does a "guest account" do differently than a non guest account besides the ability to create the lifetime of the account?  I mean, it seems both give access to the WLAN so I am failing to see the difference between the two.
  Any help is greatly appreciated.

  A guest acct can only login to a webauth WLAN. A normal netuser can login to any WLAN that you allow or all. Including 802.1x if that WLAN is allowed to chek the local db
  Steve
  Sent from Cisco Technical Support iPhone App

• [Solved] Username case sensitivity when logging in via BASIC authentication

  Hi,
  Quick question... where the web.xml file defines BASIC authentication for an app, can a change be made somewhere to make the username case INsensitive ?
  .. such that passwords remain case sensitive but usernames can be upper/lower regardless of how they are stored (in the database in this case, via DBTableOraDataSourceLoginModule).
  I was thinking I could add an upper(supplied_username) function wrapper somewhere before the supplied username / stored username are compared.. what class/file would I need to edit to try that solution?
  If not possible.. would form authentication be a better option for case insensitivity, and if so would it be difficult to hookup a custom login form to the DBTableOraDataSourceLoginModule instead of the BASIC login window ?
  Thanks..

  Hi,
  by default all username and password is cases sensitive - no matter how the logon is performed. The DBTableOraDataSourceLoginModule provides an option to handle passwords case insensitive (as explained in the documentation !)
  http://download-uk.oracle.com/docs/cd/B32110_01/web.1013/b28957/loginmod.htm#BABHDJAH
  casing
  =====     
  The case-sensitivity when comparing login user names to names in the database. Use sensitive to require case-sensitive comparisons, toupper to convert the login user name to all-uppercase, or tolower to convert the login user name to all-lowercase. (If anything other than these three values is specified, the default value will be used.)
  Default: sensitive
  Example: toupper
  Frank

• Username - case sensitivity and embeded period

  I have been asked to investigate the impact of syncing our oracle user names with our AD names .. which would mean putting a period (dot) in the username. (example - john.doe). First attempt to create one returned an error which lead to the following testing:
  SQL> conn system/****
  Connected.
  SQL> --
  SQL> -- create a user with a dot in the name
  SQL> --
  SQL> create user ed.stevens identified by tiger;
  create user ed.stevens identified by tiger
  ERROR at line 1:
  ORA-01936: cannot specify owner when creating users or rolesOk, the '.' is seen as a delimiter, so must be quoted, probably leading to case sensitivity.
  SQL> create user "ed.stevens" identified by tiger;
  User created.
  SQL> grant create session to ed.stevens;
  grant create session to ed.stevens
  ERROR at line 1:
  ORA-00933: SQL command not properly ended
  SQL> grant create session to "ed.stevens";
  Grant succeeded.
  SQL> select username
    2    from dba_users
    3    where upper(username) like 'ED%'
    4    order by 1;
  USERNAME
  ed.stevens
  1 row selected.Now let's do it with an upper case name
  SQL> --
  SQL> create user ED.STEVENS identified by lion;
  create user ED.STEVENS identified by lion
  ERROR at line 1:
  ORA-01936: cannot specify owner when creating users or roles
  SQL> create user "ED.STEVENS" identified by lion;
  User created.
  SQL> grant create session to ED.STEVENS;
  grant create session to ED.STEVENS
  ERROR at line 1:
  ORA-00933: SQL command not properly ended
  SQL> grant create session to "ED.STEVENS";
  Grant succeeded.
  SQL> select username
    2    from dba_users
    3    where upper(username) like 'ED%'
    4    order by 1;
  USERNAME
  ED.STEVENS
  ed.stevens
  2 rows selected.Everything to here makes sense. Now lets' try to connect as these two nefarious characters!
  SQL> --
  SQL> conn ed.stevens/tiger
  ERROR:
  ORA-01017: invalid username/password; logon denied
  Warning: You are no longer connected to ORACLE.
  SQL> select user from dual;
  SP2-0640: Not connected
  SQL> conn "ed.stevens"/tiger
  Connected.
  SQL> select user from dual;
  USER
  ed.stevens
  1 row selected.
  SQL> --
  SQL> conn ED.STEVENS/lion
  Connected.Whaat?? Why wasn't the '.' seen as a delimiter here? This is the question that this example was leading to.
  SQL> select user from dual;
  USER
  ED.STEVENS
  1 row selected.
  SQL> conn "ED.STEVENS"/lion
  Connected.
  SQL> select user from dual;
  USER
  ED.STEVENS
  1 row selected.
  SQL> --
  SQL> spool off
  SQL> conn system/****
  Connected.
  SQL> drop user "ed.stevens";
  User dropped.
  SQL> drop user "ED.STEVENS";
  User dropped.

  Centinul wrote:
  Ed --
  I saw different behavior in my environment:
  SQL> CREATE USER "cen.tinul" IDENTIFIED BY mynx;
  User created.
  SQL> CREATE USER "CEN.TINUL" IDENTIFIED BY mynx;
  User created.
  SQL> GRANT CREATE SESSION TO "cen.tinul";
  Grant succeeded.
  SQL> GRANT CREATE SESSION TO "CEN.TINUL";
  Grant succeeded.
  SQL> SELECT * FROM V$VERSION;
  BANNER
  Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bi
  PL/SQL Release 10.2.0.4.0 - Production
  CORE    10.2.0.4.0      Production
  TNS for 64-bit Windows: Version 10.2.0.4.0 - Production
  NLSRTL Version 10.2.0.4.0 - Production
  SQL> CONNECT cen.tinul/mynx
  Connected.
  SQL> SHOW USER
  USER is "CEN.TINUL"
  SQL> CONNECT CEN.TINUL/mynx
  Connected.
  SQL> SHOW USER
  USER is "CEN.TINUL"
  "This just gets curioser and curioser."
  This is the system I used for the test posted above - running on 32-bit OEL under vmware on my laptop
  SQL> select * from v$version;
  BANNER
  Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Prod
  PL/SQL Release 10.2.0.4.0 - Production
  CORE10.2.0.4.0Production
  TNS for Linux: Version 10.2.0.4.0 - Production
  NLSRTL Version 10.2.0.4.0 - Production
  5 rows selected.So I ran the test against our prod datbase, running under 64-bit HP-UX Itanium
  SQL> select * from v$version;
  BANNER
  Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bi
  PL/SQL Release 10.2.0.4.0 - Production
  CORE    10.2.0.4.0      Production
  TNS for HPUX: Version 10.2.0.4.0 - Production
  NLSRTL Version 10.2.0.4.0 - Production
  5 rows selected.As for what about the two is not shown, the 32-bit Linux was built with the 10.2.0.1 base install, then the 10.2.0.4.0 patchset, then the Oct 2009 CPU - all before creating the database. The database was created from scripts using CREATE DATABASE, as generated originally by dbca (not the 'restore database' scripts from dbca when using one of their pre-defined templates.)
  The HP-UX system was built as a 10.2.0.1 database, upgraded to 10.2.0.4, and has all CPU's through Jan 2010.
  Both systems gave exactly the same results, which are obviously different from yours ....
  A mystery wrapped in an enigma ....

• User Password case sensitivity issue.

  Hi,
  I have been migrated users from EBS to OID, but having some issues like some existing users password in EBS are in Capital letters but when they connect with SSO the same password not accepted, but users can connect same password in small letters.
  How I can solve this issue????????
  Senario:
  1: Existing EBS User:(Before integration of OID+SSO), users are directly connecting with EBS.
  User Name: HINA.SARWAR-----------(Not case sensitive)
  Password: ABCDEF -----------( Case sensitive)
  2: Existing EBS User:(After integration of OID+SSO), user are connecting via SSO.
  Eexpected behavior is that users should logon with above pass "ABCDEF", but they cannot.
  eg:-
  Cannot connect as:
  User Name: HINA.SARWAR -----------(Not case sensitive)
  Password: ABCDEF -----------( Case sensitive)
  Can connect as:
  User Name: HINA.SARWAR -----------(Not case sensitive)
  Password: abcdef -----------( Case sensitive)
  thx

  Hi,
  The solution to your problem is here at metalink:
  Password Case Sensitivity Lost During Extract And Import From EBS to OID [ID 951170.1]
  regards

• Search User Page - Case Sensitivity Problem

  Hi,
  While searching users according to the criterias like user's firstname or lastname, the search is case sensitive.
  Is there a way to make incase sensitive search?
  Thanks.

  I would say a no for it because at the back-end the findUsers() API is getting called for which the value is a String Object. So its always case insensitive according to me.

• UTL_FILE & User Input: Case Sensitive File Names

  Hi.
  I'm trying to reduce problems due to the whether the user uses upper or lower case or combo of them in entering file names.
  Scenario is:
  Existing file to be read: Orig_File.Txt (file name changes daily)
  Output to be saved into file: RESULTS_FILE.TXT
  In response to PL/SQL commands (please see below), the user enters:
  ORIG_FILE.TXT and Results_FILE.txt
  as the Input & Output file names. The problem is that the input file has been saved using Upper and Lower case and I get back a file not found error.
  Is there a way to call a file with is a different case than the input?
  Thanks.
  Current commands are:
  In_File          UTL__File.file_type;
  Out_File          UTL__File.file_type;
  Curr_Line     VarChar2(2000);
  BEGIN
  In_File := UTL__File.fopen('UTIL_FILE_DIR', '&input_file', 'R', 2048);
  Out_File := UTL__File.fopen('UTIL_FILE_DIR', '&output_file', 'W', 2048);
  LOOP
  BEGIN
  UTL__File.get_line(In_File, Curr_Line, 2048);
  .......

  A shell script would typically issue something along the lines of
  newfile=$(ls -C1 | grep -i "\<${filename}\>")although of course it is possible for this to match multiple filenames, so it would have to check for that scenario and report it as an error. possibly you could call a shell script like this from PL/SQL via Java or DBMS_SCHEDULER. Good luck with that though.