DescriptionCustom Guest Management Changes as of Network Sentry 7.3.2 and 8.0
SolutionNetwork Sentry Versions Affected: 7.3.2, 8.0 and above
In previous Network Sentry versions, through the use of a single user account and an embedded username and/or password within the Captive Portal, it was possible to allow a user to register their device as a guest with minimal credentials. This feature was configured through the Custom Login Portal configuration using hidden Field Types.
Issue: It has been discovered that if a guest enters a name in the Custom Login Portal that matches an existing user, it could cause the existing user record to have their settings overwritten or possibly deleted. For these reasons, the use of the embedded usernames and passwords within the Custom Login Portal feature has been deprecated and disabled by default as of Network Sentry versions 7.3.2 and 8.0.
Functionality Changes: Prior to Network Sentry version 8.0, a User Account would be created for each Host registered via the Custom Login portal using the first name and last name. As of version 7.3.2 and 8.0, all new registrations via the Custom Login portal are registered against the username defined in the "Username Field Value" field of the Custom Login Form. Any records created prior to the upgrade are unaffected.
Workaround:
Option 1
If registering hosts to the single User Account is acceptable, then the Allowed Host Value for that record should be increased to accommodate the number of Guest hosts that will be registered.
To increase the Allowed Host value:
1) Login to the Administrative UI and navigate to Users > User View
2) Search for the username defined in the "Username Field Value" field of the Custom Login Form.
3) Right-click to select User Properties.
4) Input a large number (ie 1000) in the Allowed Hosts field.
5) Click APPLY.
Option 2
Re-enable the original functionality after upgrade. If this is done, the issue of possibly altering or deleting existing user records would still exist. Note this feature will be completely removed in a later Network Sentry version.
To re-enable the original functionality (contact support for assistance):
1) Edit /bsc/campusMgr/master_loader/.masterProperty file on the Control Server.
Add the following lines:
FILE_NAME=./properties_plugin/devicemanager.properties
{
com.bsc.plugin.manager.DeviceManager.enableLegacyUserCreation=true
}
2) Restart Network Sentry to apply the changes. This change is persistent through upgrades.
Solution: In addition to the traditional guest/contractor account options, the Guest Management feature provides the following options:
- Portal Splash/Anonymous Authentication: The Portal Splash Page/Anonymous Authentication feature eliminates the need to configure Guest Templates, Sponsors for guests and Guest Accounts. The Captive Portal page may contain an Acceptable Use Policy and guests must indicate that they agree before being granted access to the Production network. Using this option, guests do not register using credentials. Hosts are registered as devices, are displayed in Host view and are not associated with any user.
- Guest Self- Registration: Guests create requests for access to the network from their own device via the Captive Portal (with the option to require approval from a sponsor). Requests are forwarded to a Sponsor or to a request pool to be approved or denied. When a request is approved, the guest receives their credentials in the browser on the login page, email or SMS message sent to their mobile telephone. All guest accounts are configured to expire after a user specified amount of time based on the template with which they are created.
