WCS Lobby Ambassador Accounts

Similar Messages

• WCS - Lobby Ambassador users don't see each other's guest users

  Hi, we currently have the problem with WCS 5.2 that a user of the group "Lobby Ambassador" cannot see guest users that have been created by another user of that group. The user can only see his own created guest users. All are in the same virtual domain which is the root-domain.
  I believe this behaviour was not this way in previous versions, here all guest users were visible to all Lobby Ambassador users.
  I couldn't find any hint in the documentation about this.
  Is this simply a change in behaviour (works as designed) or is this maybe a bug?

  You will get this error:
  Error(s): You must correct the following error(s) before proceeding:
  Error:A Guest User account with the name ''lobby user'' has already been created by you or another WCS Lobby Ambassador user. Please choose a different User Name for this Guest account.

• Lobby Ambassador account

  I am running WCS 6.0.132. I have a Guest User account where I as the Administrator change the password. I setup a Lobby Ambassador account so I can have our helpdesk change  the password. However When I login as the Lobby Ambassador I can not see the guest user account.
  What am I missing in the configuration?

  There was a version of WCS where they changed how the accounts were visible.  I do believe there was a bug in it.  I'm just going off of memory of us having a similiar issue and that version is a few rev's old.  I would recommend upgrading to the newest version and see if it resolves the problem.

• WCS Lobby Ambassador and Monitor User

  I'm running our WCS authentication through ACS with TACACS and it's working fine.  However, I currently have my Help Desk setup with a monitor user so they can login and view WCS, but this does not give them the Lobby Ambassador of course.  How can I get a user to have both WCS and Lobby access with having to login with seperate user identities?

  It's either admin either lobby account, you can not have both, the http pages are completly different and dont intermix.
  Your solution is to have 2 users on your TACACS where one is the admin and one the lobby.
  Here are the step by step config lines:
  http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0admin.html#wpmkr1064288

• WCS Lobby Ambassador with AAA Authentication

  We are using WCS 7.0.164.0. I configured a user as local lobby ambassador with special defaults and also with a special guest login logo. If I use this user to create guest accounts everything is alright. Now I want to change the authentication to radius, so I export the cisco lobby ambassador attributes to the radius server and extend these network policies. Now I can login as user, authenticated from the radius server and I create guest accounts in the same way as before with local login, BUT !!! Our special guest login logo isn't shown and there is now way to upload or configure this special logo. Is there a way to configure these options for users authenticated with AAA ? Thanks for any Help  Bernhard

  Hi Bernhard,
  I used following doc-link: http://www.cisco.com/en/US/customer/tech/tk722/tk809/technologies_tech_note09186a0080851f7c.shtml
  The trick I used is to configure same username on tacacs+ and local, but different passwords.
  local-user: configure your special attributes like logo
  tacacs+: configure the authentication and group
  local-user password is not the same like tacacs+ password.
  I configured Authentication in WCS section: Administration > AAA > AAA Mode Settings
  Enable fallback to local == on auth failure or no server response
  Maybe if you deselect Enable fallback to local you can only authenticate to tacacs+. But now I can authenticate with local user/password and tacacs+ user/password.
  Attributes for tacacs+ or radius server can be exported in WCS section: Administration > AAA > All Groups; Export Task List
  Attributes for tacacs+ server:
  virtual-domain0=root
  role0=LobbyAmbassador
  task0=Configure Guest Users
  task1=Lobby Ambassador User Preferences
  Attributes for Radius (I never tried radius):
  Wireless-WCS:role0=LobbyAmbassador
  Wireless-WCS:task0=Configure Guest Users
  Wireless-WCS:task1=Lobby Ambassador User Preferences
  ==> I think also virtual-domain can be set.

• WCS Lobby Ambassador

  Hello all,
  In WCS by default the lobby ambassador has option to generate manual or auto (random) password for guest user account.
  Is there any way that we can restrict lobby ambassador to generate manual password for guest user ?
  Regards,
  Anis

  No not exactly ,
  We dont want lobby admin's to create manuall passwords for there guest. Loby admin should have option to generate the random passwords only.
  Regards,
  Anis

• WCS Lobby Ambassador audit report for a specific period of time

  Hi all,
  I know there is an WCS audit report for each lobby ambassador activities. But the problem is that I see only activities from Nov 9 to the present. I don't know what the reason is, whether somebody erased that information before Nov 9 or something else happened.
  Is there any option to manually configure a specific period of time, for example obtain all activities for last 3 months?
  Thanks for any hint.
  Jozef

  Hi Koti,
  What error did you meet when you used audit report from Oct 16 to Oct 31?
  Please check the log file to find more information about this issue. The path of the log file is: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\LOGS. You can check the log file whose modified date is from Oct 16 to Oct 31.
  In addition, please deactivate and reactivate Reporting feature at site collection level.
  A similar post for your reference:
  http://sharepointknowledgebase.blogspot.com/2012/07/unexpected-error-when-trying-to-view.html#.VG2cFouUeog
  About audit log report, please take a look at:
  https://support.office.com/en-us/article/Configure-audit-settings-for-a-site-collection-a9920c97-38c0-44f2-8bcb-4cf1e2ae22d2?ui=en-US&rs=en-US&ad=US
  Best Regards,
  Wendy
  Wendy Li
  TechNet Community Support

• Can't setup a Lobby Ambassador account??

  I've just installed a new WLC4402 (50AP) and am trying to set up guest WLAN access.
  So far I have a seperate VLAN and WLAN configured and have secured the VLAN to allow only access to the internet after web-auth.
  I go to the 'Management> Local Management Users> New Page'
  But the only types of account available are 'Read/Write' and 'Read Only', Should the 'lobby Ambassador' be listed here, or am I missing something?
  All the best to all the Forum users for the season.
  Dan

  Hi Dan,
  It should be there if you are running 4.0+ software. If you are running 4.0+ then you could try adding the user via CLI to see if it's an option:
  config mgmtuser lobby-admin
  If you are running 3.2 or earlier, then that's the problem.
  -Ben

• Lobby Ambassador Account creation in NCS/Prime

  When creating a lobby ambassodor account in Prime.
  I see a Profile of Default but don't see the WLAN Ids of the WLCs-
  Shouldn't the Wlans or SSIDs appear in the list of Profiles so said Lobby Ambassodor can create accounts for a particular SSID as does in the Controller creation of guest accounts?

  Rob,
  Take a look here... I created multiple Guest SSID's
  Thanks,
  Scott
  *****Help out other by using the rating system and marking answered questions as "Answered"*****

• Wireless Lobby Ambassador account errantly displays NCS home page

  Hi all,
  I'm running a supported NCS 1.0 virtual appliance installation which functions fine for most folks, but Lobby Ambassadors with Windows 7 and IE8 or IE9 end up seeing an odd version of the NCS home page with all the graphs, etc, rather than the normal very restrictive list of guest users.  Viewed with the same credentials with XP and IE7 or IE8, it's fine!  Does not matter whether or not Chrome Frame gets installed.  It's not as though the credentials are truly elevated, since the entire command bar is devoid of commands....it just doesn't show the list of guest users.
  Anyone else?
  Gary

  Noticed there is released a patch for 1.1.1 on the 14th of June, but havent been able to find any release notes for the patch.
  Tried to install it my self, it fails every time with "% Manifest file not found in the bundle"
  Getting the same error no matter if I use the main command /patch install or /application update
  application update ncs1_1_update_file.ubf FTPRepository
  patch install ncs1_1_update_file.ubf FTPRepository
  * Edit : the patch in question is only for the WAN release, which doesnt include wireless management, so I guess we are waiting for a seperate patch for the general packadge

• Profile for Lobby Ambassador Account

  How do you configure the Lobby Ambass. Profiles. This is so I can set the defaults for users that the Lobby Ambass configures.

  This is under the WLC not WCS. For WCS, look at this doc:
  http://www.cisco.com/en/US/docs/wireless/wcs/5.1/configuration/guide/wcsmanag.html#wp1077061

• Lobby Ambassador - WCS Logging of Guest Account Creation

  Hello all,
  If I am user "admin-ken" and I setup an guest user account "guestuser1" via the WCS controller templates > Guest User (which takes me into lobby ambassador), is there a log file that indicates that "admin-ken" had setup "guestuser1" guest account?
  Many thx indeed,
  Kind regards,
  Ken

  HiKen,
  Hope all is well :)
  Maybe this is what you are looking for;
  Logging the Lobby Ambassador Activities
  The following activities are logged for each lobby ambassador account:
  •Lobby ambassador login: WCS logs the authentication operation results for all users.
  •Guest user creation: When a lobby ambassador creates a guest user account, WCS logs the guest user name.
  •Guest user deletion: When a lobby ambassador deletes the guest user account, WCS logs the deleted guest user name.
  •Account updates: WCS logs the details of any updates made to the guest user account. For example, increasing the life time.
  Follow these steps to view the lobby ambassador activities.
  Note You must have superuser status to open this window.
  Step 1 Log into the Navigator or WCS user interface as an administrator.
  Step 2 Click Administration > AAA, then click Groups in the left sidebar menu to display the All Groups window.
  Step 3 On the All Groups windows, click the Audit Trail icon for the lobby ambassador account you want to view. The Audit Trail window for the lobby ambassador displays.
  This window enables you to view a list of lobby ambassador activities over time.
  •User: User login name
  •Operation: Type of operation audited
  •Time: Time operation was audited
  •Status: Success or failure
  Step 4 To clear the audit trail, choose Clear Audit Trail from the Select a command drop-down menu and click GO.
  http://www.cisco.com/en/US/docs/wireless/wcs/4.2/configuration/guide/wcsmanag.html#wp1076868
  http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html#wp1001609
  Hope this helps!
  Rob

• Lobby Ambassador - Automatic deletion from WCS after Expiry or Account

  Hi Guys,
  When I create a guest account and the account time expires, the account still remains on the WCS (but not on the controller).
  Is this a feature of the WCS or a bug?
  If so, can I ask the WCS to automatically remove all guest users accounts from the WCS lobby ambassador either directly after expiry, or say at 00:00 hours every day?
  Many thx
  Ken

  Hi there,
  Many thx.
  The way I understand it, is that yes the user expires, but you still have to clear down the username off the WCS periodically.
  Just thought the WCS may be able to do this as the timer expires but had a chat with a few guys at Cisco and is not possible currently.
  Cheers
  Ken

• Lobby Ambassador Profiles in ACS 5.3

  We've set our WCS up to do AAA through our ACS 5.3 which works great. So in order to log into the WCS for Administration or as a Lobby Ambassador (to create guest users etc) the AAA is all done by the ACS, GREAT!
  I have assigned a set of users the Lobby Ambassador role as passed that back through TACACS to the WCS, so those users have their role setup as Lobby Ambassador and are limited from doing anything else, as expected.
  What I want to know is: With normal local AAA on the WCS, when you created a Lobby Ambassador account, you could give the account a set of defaults for any guests accounts created by that Lobby Ambassador account, which was good, so Lobby Ambassadors couldn't set up unlimited time accounts and stuff like that.
  What I want to know now is that since I'm now doing all the AAA on the ACS, is there an attribute I can pass to the WCS in the Shell Profile, along with the roles etc telling the WCS what the guest user creation defaults for the Lobby Ambassador account is, so that we can continue to limit the defaults of any guest account that the Lobby Ambassador accounts create, as it used to be? We'd really like different lobby ambassadors to be able to do different things as well. i.e., Lobby Ambassador X can only create accounts for one region. Lobby Ambassador Y can create Unlimited time accounts where the others can not. We used to do this by assigning different guest user creation defaults to different lobby ambassador accounts on the WCS.
  Help appreciated        

  Hi,
  at the moment the only solution for your requirement is to create local NCS/WCS accounts with exactly the same username as existing in your ACS, no matter what password. Authentication will happen via TACACS+ while the defaults will be taken from the local user account. Please be aware that this mechanism is case sensitive.
  Regards
  Stefan

• Customize Lobby Ambassador View

  Hi all,
  I have a problem with the following situation:
  - Cisco Prime Infrastructure 2.0 (2.0.0.0.294)
  - Cisco ACS 5.4 (5.4.0.46.0a)
  - 2x Cisco WLAN Controller 5508 in SSO mode
  - x APs 2600 Series
  All devices are configured properly, I can see the WLC on Prime, etc.
  Prime and WLC are added to ACS for TACACS+ Authentication.
  Admin users are able to login to Prime with full feature set (root permission).
  Lobby Ambassadors can also login to Prime for Guest User creation.
  Therefore I have created two Shell Profiles on ACS.
  Now I want to create WLAN Guest User with Lobby Ambassador Account (TACACS-authenticated!).
  I want to customize the Default Guest User Creation page with a company logo and some default settings (WLAN Profile, Apply to Controller List, set "generate password" to fixed, etc.) to fixed values.
  Only thing what Lobby Ambassador can change should be setting the password period (with hours or using calender), guest user name and description.
  If I configure a local user on Prime, I can customize the page.
  However if I use TACACS user, I am not able to use the customized page.
  Can anybody help me with this issue?
  THANKS a lot!!!!
  edit: problem solved by workaround...
  https://supportforums.cisco.com/thread/2201703
  BR, Stefan

  You will not be able to unless you build a back-end that does it and sends the commands to the WLC. Other than that, you can't customize the lobby ambassador page.
  Sent from Cisco Technical Support iPhone App