Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
812
Views
2
Helpful
7
Replies

Lobby Admin not able to create a users account

Go to solution
patrickroberts
Level 1
Level 1

‎01-13-2025 01:39 AM

Hi All

Strange issue with our Guest Lobby admin account, when logged into the 9800-80 Lobby account i click to create a new users and filling in all details (see below)

But keep getting the error message "Invalid input detected at ^ marker 

anyone had this ?

current version 17.9.6

Screenshot 2025-01-13 093937.png

Screenshot 2025-01-13 093950.png

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
patrickroberts
Level 1
Level 1

‎01-31-2025 01:29 AM

Hi all this is now fixed and working 

I had to change the below to make it work correctly:

The AAA_LOGIN_LIST is used for both authentication and authorization:

aaa authentication login AAA_LOGIN_LIST local group TACACSGROUP

aaa authorization exec AAA_LOGIN_LIST group TACACSGROUP local

For authentication the first option is local, after that using a tacacs group. But in the case of the authorization, the group is first, local second.

Makes sense to see that the user is able to access (authentication) but then, unable to configure (authorization). 

It was necessary to change the aaa line and use this one:

aaa authorization exec AAA_LOGIN_LIST local group TACACSGROUP

 

View solution in original post

7 Replies 7

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎01-13-2025 03:06 AM

 

    - Could be a GUI-bug ; try the CLI equivalent of the command,

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
patrickroberts
Level 1
Level 1
In response to marce1000

‎01-13-2025 03:43 AM

Do you have the CLI commands i can see how to create a Lobby Admin account users but not a guest users ?

It seems a big issue not to be able to do it via the GUi as it is designed to for a lobby Admin staff to give Guest wifi out 

0 Helpful

Go to solution
marce1000
Hall of Fame
Hall of Fame
In response to patrickroberts

‎01-13-2025 04:41 AM

 

   >.....Do you have the CLI commands i can see how to create a Lobby Admin account users but not a guest users ?
 Ref : https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-2/config-guide/b_wl_17_2_cg/lobby_admin_accounts.html#info-about-lobby-ambassador-account
        >...A global administrator can create a lobby ambassador (lobby admin) user for creating guest users.
  The above being the sole purpose of the Lobby Admin account.

    >Do you have the CLI commands 
     FYI : https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-2/config-guide/b_wl_17_2_cg/lobby_admin_accounts.html#create-a-lobby-ambassador-account-commands

  Since 17.9.x is EOL , I would advice to go for 17.12.4 and try again ; you could for instance deploy that version as a VM for testing    (cloud controller can always be downloaded for free)

  M.

   



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
patrickroberts
Level 1
Level 1
In response to marce1000

‎01-13-2025 05:07 AM

yes have seen this on how to create a Lobby Admin but not users on CLi.

in my lab i have it working ok for 17.12.3 but 17.9.6 is MD and nothing in the notes about this bug .

There was about not able to access the Lobby account login in 17.9.3 etc but nothing for adding a Guest , i would have thought others would have had the same unless the lobby Guest feature isn't used much, its just needed for a temp fix.

Upgrading to 17.12.X is a last resort with over 900 + Aps on site its not a task we take likely. 

0 Helpful

Go to solution
marce1000
Hall of Fame
Hall of Fame
In response to patrickroberts

‎01-13-2025 06:46 AM

 

               >...Upgrading to 17.12.X is a last resort with over 900 + Aps on site its not a task we take likely. 
  I agree , plan carefully ; yet consider https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-xe-17/ios-xe-17-9-x-eol.html

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎01-13-2025 04:02 AM

I am also thinking it bug' unless you access the GUI with level not 15 (admin) that case you can not add this user

MHM

0 Helpful

Go to solution
patrickroberts
Level 1
Level 1

‎01-31-2025 01:29 AM

Hi all this is now fixed and working 

I had to change the below to make it work correctly:

The AAA_LOGIN_LIST is used for both authentication and authorization:

aaa authentication login AAA_LOGIN_LIST local group TACACSGROUP

aaa authorization exec AAA_LOGIN_LIST group TACACSGROUP local

For authentication the first option is local, after that using a tacacs group. But in the case of the authorization, the group is first, local second.

Makes sense to see that the user is able to access (authentication) but then, unable to configure (authorization). 

It was necessary to change the aaa line and use this one:

aaa authorization exec AAA_LOGIN_LIST local group TACACSGROUP

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card