Problem audit mismatch WCS/WLC for local net user

Similar Messages

• Generate a Local net user Report from WLC or through WCS

  Need advice regarding downloading the Local net user list from Anchor WLC or through WCS. In WCS I could not find any menu to generate a report on Local net users in other words Guest account list.
  Please advice Thanks
  Jacob

  I don't know aobut using WCS, but you can always run a command through the cli:
  show netuser summary

• Cisco WLC Local Net user Authentication

  Hi,
  I have a Controller configured with local net users. Web policy with authentication has been configured for Layer 3 security. When the user tries to access the Wireless, they will be redirected to a web authentication screen, where they need to enter the pre-configured credentials to gain access.
  Now, the requirement is: users shall have to provide login credentials only upon initial access (one time) and shall not have to accept an Acceptable Use Agreement when their systems connect to the wireless network. The next time user tries, they should be provided access automatically.
  We have configured the following setting on Windows 7 client:
  1. Connect automatically when the network is in range is selected
  2. Please refer the attached screenshots for further configuration for Windows 7 Clients.
  On WLC: SSID --> Advanced Options --> We have disabled the “Enable Session Timeout” setting, but we still have "Client Exclusion" Enabled.
  When a computer is shutdown and brought back up within a few minutes the wireless credentials seem to stick, however, when the computer is shutdown for a period of overnight, the credentials are no longer cached and we have to re-authenticate to the wireless.
  Is this issue because of  "Client Exclusion" Enabled on the SSID/WLAN ?
  If not, can someone share the complete procedure to make sure that users local net user credentials will be cache.
  Thanks,
  Jagan

  Well you only can keep it connected for an x number of minutes. You will not be able to set it longer than a day. This means, I can't configure the WLC/Client to cache the credentials permanently? And everyday, they have to enter the credentials to access SSID?You can extend it up to 30 days, but you have to run v7.5.  After that, they will have to login again.Change the idle timer to about 2-4 hours and that should keep the client on the WLC DB. This will allow the client to go away for the number set and come back without having to login again. As you said, if I configure the WLC Idle Time for 2-4 hours, do the client have to provide credentials the next day when they access Wireless?Yes.  See my previous answerIs there any other way via which this can be achieved? (The limitation is : client should be authenticated only with the WLC.)If you are looking for clients to login once and then never again, the answer is no.  You have two choices, you can use the new v7.5 and use the sleeping client feature which gives you max of 720 hours (30 days), or you use th eidle timer and after the idle timer expires, the user will have to login.Thanks,Jagan
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• WLC- Local net user

  Hi,
  Normally in cisco WLC, we can create "local net user" , same user can able to access internet via captive portal authentication.
  Query is : can we use "password policy "  which was there on the same screen under security  tab :  as the Possword policy is only for "local management & AP User "
  did "AP user" is same like "local net user"
  Br'Subhojit

  Hi,
  I have exact the same issue to applying a password policy to local net users ? I am running version 7.6 on our 2504 ?
  Thanks

• Cisco WLC local net user - guest account

  Hello,
  We have a 2504 Cisco WLC.  I am creating Local Net Users for one of the WLANs that uses Web Auth and the Local Database.
  My one question is, what does a "guest account" do differently than a non guest account besides the ability to create the lifetime of the account?  I mean, it seems both give access to the WLAN so I am failing to see the difference between the two.
  Any help is greatly appreciated.

  A guest acct can only login to a webauth WLAN. A normal netuser can login to any WLAN that you allow or all. Including 802.1x if that WLAN is allowed to chek the local db
  Steve
  Sent from Cisco Technical Support iPhone App

• WLC 7 on 5508 - 802.1x and Local Net Users or LDAP

  Is it possible under the 7 version of the software to use LDAP or Local Net Users for authentication instead of RADIUS for doing 802.1x authentication, and if it is, is there any documentation around that has some configuration information?  I've been doing some poking around and haven't had much luck yet.

  Wireless users on 802.1x?  We're in the midst of testing this with 6.X and 7.X firmware.  So far, no complaints.  

• CISCO WLC , connecting SSID with local net user

  Dears,
  Created Local Net User
  created SSID and Broadcasted, users can connect to SSID with PSK
  But not able to connect using Local net user created in WLC
  Edwin

  Hi,
  What kind of Layer 2 Security are you using on your SSID?
  You can't have both PSK and Local user database authentication on the same SSID.
  Best regards,
  Sebastian

• Import local net users to Cisco Prime 1.2

  Hi,
  We have 4400 WLC that has about 400 local users configured under local net users and we are deploying Cisco Prime 1.2 in our company. Does anyone know how to import these users to Cisco prime? I was told that it could only be done manually like re entering all 400 entries to Cisco Prime! if this is the case it 'll be tedious.
  Thanks for any help.

  Hello,
  Complete the following steps to migrate data from WCS:
  1. Place the WCS export ZIP file (for example, wcs.zip) in a repository or folder (for example, repositories).
  2. Log in as the admin user and stop the Cisco Prime Infrastructure server by entering the ncs stop  command. Configure the FTP repository on the Cisco Prime Infrastructure  appliance using the repository command as shown in configuration  snippet below:
  pi-appliance/admin# configure
  pi-appliance/admin(config)# repository pi-ftp-repo
  pi-appliance/admin(config-Repository)# url ftp://209.165.200.227/backup
  pi-appliance/admin(config-Repository)# user ftp-user password plain ftp-user
  Note: Make sure the archived file is available with the show repository command.
  3. Enter the ncs migrate command in order to restore the WCS database.
  pi-appliance/admin# ncs migrate wcs-data wcs.zip repository pi-ftp-repo
  4. By default, no WCS events are migrated. Enter the ncs start  command in order to start the Cisco Prime Infrastructure server after  the upgrade is completed. Log in to the Cisco Prime Infrastructure user  interface with the root login and the root password.
  For mmore information you can refer to the cisco prime infrastructure deployment guide:
  http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps12239/deployment_guide_c07-721232.html#wp9000654

• Local net users - usernames case sensitive

  I am facing an annoying issue with our WLC's 5508.We have configured some local accounts - local net users and we found out that usernames are case sensitive.For example when i setup an account with username:TEST and the then try to login with username:test  i get authentication failure..
  I thought that only the admin accounts were case sensitive.
  Has anyone else faced this problem?Is there any solution for this as i have already configured 60 local accounts.
  Thank you in advance.

  #Management Usernames are case sensitive.
  #Local net user seem to be case sensitive per below bug, however it is a old one on 4.0.
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsg72444
  *for local netuser, Does WLC allows to create same usernames like this - Apple, APPLE, AppLe. If allowed then at this point its considered that wlc allows to create case insensitive users for local netusers. Else if only Apple is allowed then it is case sensitive for user creation.
  *Now try to login like - apple, aPPLE and also like Apple, APPLE, AppLe.
  *Share the result along with the tested wlc code for conclusion. Let see what works and doesn't.

• Internal Web Authentication + Local Net User

  Hi all,
  I'm trying to setup the WLC with internal web authentication + local net user account. I've setup a WLAN for this local net user configure the user profile map to this WLAN.
  When the laptop get associated with the designated WLAN, and user tried to browse to the internet, the internal web authentication page doesn't appear on the browser.
  I'm just curious is there any DNS server require in order to direct the user entered URL request to the virtual interface?
  regards.

  Well if you are using webauth for guest users, you really want to have an open ssid and wither have a username and password on the wlc or use a passthrough webauth where the guest users just have to click submit or accept. If you are using this for internal users, then you really shouldn't use webauth since this will not be single sign on. Again, you can if you want your internal users to sign on again. There is wpa/wpa2 PSK and then there is wpa/wpa2 8021.x in which this will require either using local EAP or a Radius Server. Ther radius server will either have the local user accounts or you can point this to AD. Depending on if you use EAP-PEAP (certificate on the radius server only) or EAP-TLS (certificate on both the radius and clinet) you will need a certificate.
  For webauth only, you do not need a certificate on the user or radius server, a certificate will be required on the wlc if you don't want users to be promted with a certifcate error message. 5.1 supports unchained certificates, but I always use RapiddSSL for a root ca cert just to make deployment mush simpler for the client. So webauth and EAP will require certifcates with webauth being optional.

• Kerberos for local (only) user

  Hi,
  I've got a Mac Mini running under MacOS X 10.9.3 for quite a while now. Just recently I've decided to add kerberos support to my local ecosystem, and so I obtained OS X Server 3.1.2.
  First thing was setting up the OpenDirectory -- just like a charm!
  ..but now I'm struggling with kerberos though.
  Apparently I only can get a kerberos ticket for a local network user, not for a local (machine; the very same sporting the OS X Server) one.
  Do I have to migrate all my local (machine) users to become local network users? How would I accomplish this without loosing any data?
  Or is there a way of creating kerberos tickets for the local (machine) users as well?
  -- MMHein

  Hi,
  Local Kerberos would be good to implement but maybe later on.
  This is a reference which I was considering to try out: https://jpolok.web.cern.ch/jpolok/kerberos-macosx.html
  Cheers

• Having Problems Sycn'ing your iPhone for Win 7 Users? - Solution

  Here's something that absolutely worked for me for my iPhone 4S:
  Start iTunes with iPhone or device not plugged in.
  Go to Settings on iPhone
  Turn off Wi-Fi
  Turn on Airplane Mode
  Exit Settings
  Plug iPhone into computer
  Wait a couple moments for iTunes to see iPhone
  Proceed to Sync iTunes to iPhone.
  Looks like most if not all the posts were removed about people complaining about their iPhones not syncing after the most recent update to iTunes 10.7.x with iOS6 on iPhone 4's and 4S's and maybe even a few on 5's. I own a 4S so that's the only one I was having issues with. I did rant a little and I appologize Apple for that, frustration set in heavily. Especially since I needed my iBooks for some college credits I'm taking.
  The Backup scared me, but it went straight through, then step 8 of 8 also scared me because this is were the songs would force iTunes to TimeOut. During my ordeal over the past week the Backup process would take longer than I could spare it to, I even left it going overnight one night. But if by chance it got past the Backup process then it would freeze up on step 8 of 8. What's weird though is that it worked after the upgrade from iOS 5.1.1 to iOS 6.0 without any issues, and it even sync'd a couple times also without issues, then it started acting up.
  During my thumbing through other people's issues, I believe the issue stemmed from the wi-fi section of the program. Though I'm not 100% sure, however the above steps from 1-8 did work, not only once, but I've resync'd it three times now, with including removing iPhone from program.
  So hopefully someone will see this.
  And I hope Apple leaves it in place for a short while anyway.
  Thanks for everything and Happy Mac'n to All.

  Hi
  I have a HP laserjet 1160 and i'm running windows vista, i'm currently unable to print on both sides even if i tick in the box for this option.
  Please help as i'm at my wits end trying to resolve this issue!
  Regards

• WLC 5508 Local Authentication- need guidance

  Hi formers'
  i have the combo of WLC 5508 (ver 7.0) and AP1041n, just want to ask how i can do local authentication.
  The environment don't have ACS, no directory services ( AD or LDAP).
  Requirement:
  say, i have one WLAN name "admin". Where-ever if user want to connect to this SSID, they need to prompt username/password,
  user's entry is store at WLC.
  i create the user at local net user, and map it to appropirate WLAN.
  at the WLAN, i enable local EAP and select the profile that i create.
  PROBLEM STATEMENT:
  The moment i test, it always prompt to input  EAP-TTLS domain\usename. password (token)
  Question
  a. any goes wrong with my setting? how really local authentication work with no ACS and directory services running at the back?
  b. can please post any useful document URL or any supportive info, it will be very helpful
  Thanks
  Noel

  Surendra's document may refer to local authentication with ldap database but you could follow it without doing the LDAP part and the users will be stored in the local net users of the WLC.
  You could also follow the WLC config guide in the "Local eap" chapter.
  The concerning part in your description is that your laptop prompts for EAP-TTLS. That means that you configured your laptop for that method. The WLC is only with peap/eap-fast

• "Sharepoint 2013" is giving error that prevents local domain users authentication for "Team Foundation Server"

  I am getting 2 errors through the event viewer that prevents TFS 2013 authentication for local domain users, also this error started appearing after having TFS upgraded to [ 12.0.30723.0 (Tfs2013.Update3) ].
  1st Error (from administrative events):
  The Execute method of job definition Microsoft.SharePoint.Administration.SPUsageImportJobDefinition (ID a51a0244-765d-433b-8502-0bb0540ad1fd) threw an exception. More information is included below.
  Access to the path 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS' is denied.
  Tried so far:-
  - changed the path to another folder from "Diagnostic Logging" in another drive, but still getting the same error.
  2nd Error (from application server):
  DistributedCOM error
  The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
  {000C101C-0000-0000-C000-000000000046}
   and APPID 
  {000C101C-0000-0000-C000-000000000046}
   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
  Which I already got fixed using the following steps on a thread I opened before (but still getting the same error).
  https://social.technet.microsoft.com/Forums/windows/en-US/3896e35c-b99a-4d30-b662-f92d337c8d6f/windows-servers-components-services-and-regedit-permissions-are-grayed-out-for-my-admin-account?forum=winservergen
  Other Fixes I tried
  - Found on another topic that it is not sharepoint that is causing the problem, but it is the generated ASP.NET web pages used for testing is causing the memory to fill up due to cashing on RAM, the fix suggested to change IIS cashing from RAM to HD to prevent
  loading up using w3wp.exe from processes. 
  Concern
  - by checking other topics for people having the same problem, it was mentioned that this error appeared after the lastest TFS update, is there is a fix for it ?

  Hi Kpdn, 
  Thanks for your post.
  All your participation and support are very important to build such harmonious/ pleasant / learning environment for MSDN community.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Block business partner (vendor) for local purc. org

  Hi,
  I have a problem regarding, block business partner for local purchase organization.
  Process:
  R/3: Transaction MK05, block vendor for ONE purc. org.
  SRM: Transaction BBPUPDVD.
  If I activate transaction BP, and look into the purchasing data, the bp is only blockt for my SAP purc. org.
  If I activate transaction BBP_UPDATA_PORG, tape in the local purc. org. and the SAP purc. org, run the transaction, nothing happens. It is NOT possible to mark the block indicator for the local purc. org.
  BR. Kim

  Hi
  <b>Please go through the following SAP OSS Notes -></b>
  Note 805467 - BBPUPDVD/BBP_VENDOR_SYNC: purch. org. view deletion indicato
  Note 613182 - BBP-GP: New field: Purchasing block
  Note 805468 - BBPUPDVD/BBP_VENDOR_SYNC: Deletion indicator in POrg view
  Note 563677 - Purchasing documents: No message when partner blocked
  Note 859615 - Error 06 025 Partner is not created for Purchasing Organizat
  Note 900620 - E WY017 Partner not created for Purch.Org.(BAPI_PO_CREATE1)
  Note 1053064 - MEB1: Invoicing party partner cannot be used in agreements
  Note 654416 - BBP_PARTNER_VALIDATE: Long runtime
  Note 840215 - PO is created with wrong terms of payment in ECS
  Note 702888 - ECS: Terms of payment in ECS
  Do let me know.
  Regards
  - Atul