Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2844
Views
0
Helpful
8
Replies

WCS Lobby Ambassador with AD credentials - editing guest defaults

joseph.demaio
Beginner
Beginner

‎01-26-2012 08:41 AM - edited ‎07-03-2021 09:27 PM

Hi,

A client of mine recently requested that device authentication for everything is through RADIUS/AD for auditing purposes. As a result a specific AD group has been set aside for users with Lobby Ambassador permissions and it works great using the task list. The problem we've run into is that now these accounts are able to edit the guest account defaults and create users with no restrictions. Previously the shared Lobby Admin had the "defaults editable" field unchecked. Does anyone know how to duplicate that functionality for RADIUS authenticated users?

The following are the only task permissions returned by RADIUS:

role0=LobbyAmbassador

task0=Configure Guest Users

task1=Lobby Ambassador User Preferences

I've tried removing task1 but that is just the display preferences of the page.

Thanks

Labels:
0 Helpful
8 Replies 8

algotsson
Beginner
Beginner

‎03-13-2012 12:24 AM

Hi Joseph,

Did you find a resolution for this? We're experiencing the same behavior.

Also, it would be nice to define what defaults to be editable to enable lobby admins to schedule guest users in the future.

Thanks

Chris

0 Helpful

joseph.demaio
Beginner
Beginner
In response to algotsson

‎03-13-2012 04:34 AM

Hi Chris,

Unfortunately we haven't any luck on our side. I'm trying to get a lab setup with NCS to see if the funtionality is there or maybe see if I can get my hands on ISE to confirm.

Joe

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to joseph.demaio

‎03-13-2012 04:43 AM

I know ISE you can set different lobby sponsor privileges depending on AD Group or internal ISE Groups. ISE though will host the splash page and the wlc only redirects to ISE.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful

algotsson
Beginner
Beginner

‎03-13-2012 06:32 AM

Hi and thanks for your input.

I sent a note to cisco requesting their feedback in this matter. This couldnt be that difficult to implement ...  I'll post their response to this thread.

Thanks

Chris

0 Helpful

thomas.torggler
Beginner
Beginner
In response to algotsson

‎03-22-2012 09:56 AM

Hi there,

any news on this? we would like to set defaults for Lobby Ambassdor accounts (authenticated via RADIUS) too.

Cheers!

tom

0 Helpful

dac_bschlueter
Beginner
Beginner
In response to algotsson

‎01-08-2013 06:14 AM

Hi there,

are there any news on this topic?

We also would like to set defaults for the Lobby Ambassador users who are logged in via RADIUS.

Thanks in advance!

Ben

0 Helpful

stefan.angerer
Beginner
Beginner
In response to dac_bschlueter

‎01-08-2013 06:24 AM

Hi,

please have a look at this thread:

https://supportforums.cisco.com/message/3818605

Maybe this is a workaround for you, it definitely depends on the number of lobby ambassadors you have.

regards

Stefan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents