Hello Robert,

You can enable cleartext password display with the following command:

config passwd-cleartext enable

Then, when you issue a "show running-config" you should see the passwords along with the usernames. I believe this command is present in 4.2.61.0, I tested in 4.2.207.0 in my lab.

-Patrick Croak

Wireless TAC

Thanks Patrick for your reply.

I just tested the command "config passwd-cleartext enable" and this command only allows me to view the password for the snmp community and tacas+ server. For those guest users, I still couldn't see the password.

For example, I just created user of testuser, after type in config passwd-cleartext enable, I can only see the following from show running-config.

netuser lifetime testuser 86400

netuser wlan-id testuser 6

Robert

Hi Robert,

I just tested this command on a 4400 running 4.2.61.0 and it worked for me.

Are you sure you don't see lines such as:

netuser add tactest tac123 wlan 0 userType....

Normally, "tac123" would be *****, but with "config passwd-cleartext enable" I am able to see it.

-Pat

Hi Patrick,

I'm pretty sure I can only see "netuser lifetime xx" and "netuser wlan-id xx". I can't see "netuser add xx".  I've checked both lab WLC4402 and production WLC4402. They give me the same results. The following is my WLC's info.

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.

Product Name..................................... Cisco Controller

Product Version.................................. 4.2.61.0

RTOS Version..................................... 4.2.61.0

Bootloader Version............................... 4.1.171.0

Build Type....................................... DATA + WPS

System Name...................................... c1lab-wlc4402-1

System Location..................................

System Contact...................................

System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3

IP Address....................................... 42.116.24.172

System Up Time................................... 270 days 23 hrs 49 mins 51 secs

Configured Country............................... US  - United States

Operating Environment............................ Commercial (0 to 40 C)

Internal Temp Alarm Limits....................... 0 to 65 C

Internal Temperature............................. +45 C

State of 802.11b Network......................... Enabled

State of 802.11a Network......................... Enabled

--More-- or (q)uit

Number of WLANs.................................. 10

3rd Party Access Point Support................... Disabled

Number of Active Clients......................... 13

Burned-in MAC Address............................ 00:19:AA:72:3C:A0

Crypto Accelerator 1............................. Absent

Crypto Accelerator 2............................. Absent

Power Supply 1................................... Absent

Power Supply 2................................... Present, OK

(Cisco Controller) >

Hi Robert,

Just a quick update on this -- I'm seeing the problem in my lab on 4.2.61.0, it displays permanent netusers but not guest users.

However, it is working fine in 4.2.207.0, so somewhere between here we fixed this problem...performing further testing now and will let you know.

-Pat

Hi Robert,

Unfortunately, it looks like you might be out of luck while running 4.2.61.0 WLC code. I could not find a way to print the guest usernames in that version.

I upgraded my controller to 4.2.176.0 (and 4.2.207.0 also works), and then the guest users were printing in a "show running-config" -- you can then use the config passwd-cleartext enable to view the password portion as well.

So depending on the number of guest users, it might be worth upgrading your WLC to be able to extract this information.

-Pat

Thank you again Patrick. You are extremely helpful.

One more question.

I have WCS running on 7.0.172.0 to manage all the WLCs. From the WCS I can see the guest users and the passwords. I can apply the guest user to the new Guest Anchor controller (5508). The problem is that I can only do it one by one. Since we have 500 guest users, is there a way to apply all the guest users along with the passwords to the new 5508 controller?

Thanks a lot.

Hi Patrick,

I've rated your answer.

I think I can get another 4402 WLC with the same version of code, download the configuration from the old 4402 and upload to the new 4402. Then upgrade the new 4402's code to the latest. By doing this I can transfer all the guest user accounts and passwords. If something goes wrong, I still have the old one for backup.

Correct me if I'm wrong.

Thanks again.

Hi Robert,

Yes, that should work -- you will just need to be careful not to have the other 4402 on your production network when you do so, or you'll end up with duplicate IP addresses!

Please let me know if you run into any problems with the process, I was able to upgrade my WLC and extract the commands so this should work.

-Pat

If you can see the user/pass in full clear text, then I have a script that can pull that info. You can then parse the output into a .csv and import it into the new controller.