03-23-2012 12:05 PM - edited 07-03-2021 09:51 PM
Hello everyone,
I wish someone can share your opinion or advice on how I can interact with the user who logs into the wireless network.
This a story. Our customer has deployed around 20 WAP with WLC and now they want to limit a number for logins per user ID to just one.
There's a way to do it with WLC while doing Web-Auth but the problem is that once the user exceeds the number of logins from his mobile devices or laptop he is not able to see why he is denied. The authentication just silently drops his connection attempt and he has no idea why he is denied.
Any possible extention that could be avalaible in ISE. I need to send the user kind of popup message telling him something like "you exceeded the number of allowed logins"
Eugene
03-23-2012 12:42 PM
This sounds more like a training issue. If the policy says 3 devices, then the user should be able to manage that pretty easy. If they cant, the employee should question their skill set..
What security are you using ? You mentioned you are using WEB AUTH is that right ? So what is managing the user accounts; WLC, AD, or LDAP ?
Thanks
03-23-2012 12:54 PM
Hi George,
Thanks for coming back to me. The client has an AD as an identity store and yes, the Web Auth authenticates the user against the AD while having open authentication protocol. I mean no PSK or anything like that.
Didn't get your point about the training issue
I may not described it explicitely but this limitation is already set on the WLC. There's a way to do it under the Security section in WLC GUI and I set to to 1. Now I need to send the user the message saying why he is denied.
03-23-2012 02:07 PM
The WLC will return certain error codes when a user tries to logon with a web auth page. The WLC will return status code 3 when the username can't be used. Simply adjust the text to what message you want to display to the user.
Look at the webauth_bundle-1.0.2.zip on CCO underneath 5508 WLC for example. If you look at the login.html file of any of the bundles you'll see what I'm talking about.
Of course this is all up to the end browser interaction if this page is displayed. Some will use a popup, I prefer to have the login page itself have a place for the error message that your JavaScript would just update so that when the form is displayed again for the user they see this message.
04-26-2012 06:54 PM
I was only now able to get down to it. Downloaded the login.tar file from waa folder and tried to login again. No difference at all. Should I edit anything in the login.html file to have those codes active? I don't think those webauth_bundle become available in the controller just because I don't see the content of the Acceptable Use Policy page. How would I make it active in the Web Auth login page ? I see three options:
1) Internal (Default)
2) Customised (Downloaded)
3) External (Redirect to External server)
P.S. Actually, disregard whatever I said above. I should have selected second option "Customized (Downloaded)" and click "Apply" to enable web_auth forms. Thanks, Man !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide