Cisco PI v3.3 wireless guest user defaults question

dominic.drohan · ‎02-14-2019

Hello,

We are using Cisco PI v3.3 for managing wireless guest users. We have lobby ambassadors who are authenticated via AAA server using RADIUS. We have an issue with the lobby ambassadors, who aren't necessarily IT professionals, having permission to edit defaults for creating guest user accounts corrupting the guest user database, changing disclaimer defaults, making guest users have unlimited lifetimes, and otherwise doing undesirable things to guest user settings. My first question is how do lobby ambassadors that are AAA authenticated get their Lobby Ambassador defaults? These users get default guest user parameters from somewhere but I can't figure out where. The Lobby Ambassador user group does not appear to have those settings (since it cannot be edited, really?). The only way to set Lobby Ambassador Defaults is for a locally created PI user who is a member of the Lobby Ambassador user group, on a per id basis (which is probably the worst way to manage the permissions of the lobby ambassadors). So, back to the question. Our lobby ambassadors are AAA authenticated and assigned to the lobby ambassadors users group and they get defaults for creating guest user accounts, where do they get those defaults?

Haydn Andrews · ‎02-14-2019

What you need to do on the RADIUS Server is configure the task list for the lobby users:

Under section:

Export the Prime Infrastructure Virtual Domain Attributes for RADIUS and TACACS+

https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-2/admin/guide/bk_CiscoPrimeInfastructure_3_2_AdminGuide/bk_CiscoPrimeInfastructure_3_2_AdminGuide_chapter_0110.html#concept_0BBC6B2BDC4642C6B51CFF2C4AD64104

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***