03-02-2012 03:52 AM - edited 07-03-2021 09:42 PM
Hi guys.
Im looking in the behaviour and the guest user account limitations.
In Europe and Nordic countries many people use special characters for thier names etc.
Norway - ÆØÅ; Sweden - ÄÖÅ and so on.
Since these characters are basically the same ascii character I guess this will go wrong when authenticating.
What charater sets are allowed?
Very little is documented about this in config guides etc.
- Can anyone bring some light into this I wold apreciate this.
Sincere Regards
Mats Nilson
Solved! Go to Solution.
03-03-2012 01:23 AM
Mats,
According to the WLC FAQ, "all the special characters" are supported, but I think this is taken to mean the base ASCII character set and not extended ANSI, Unicode, etc. character sets. As a test, I tried creating usernames with some of the extended characters you put in your post and while the usernames were created and displayed correctly in the database, I was unable to log in with them (login error). (WLC 2504 v.7.0.230.0).
From Cisco's Q&A:
Q. How do I configure a local database on the wireless LAN controller (WLC)? What are the special characters that can be used for the local net user username and passwords?
A. The local user database stores the credentials (username and password) of all the local network users. These credentials are then used to authenticate the users. You can configure local network users either through the GUI or the CLI. You can enter up to 24 alphanumeric characters. All the special characters can be used when you configure username and passwords though CLI, but the single quote character cannot be used when you configure username and password through GUI.
Reference: http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008064a991.shtml
Here's what shows up in my controller logs during testing. Fail for test user ÄÖÅ, but success for user localUser2 (both using identical passwords without special or extended characters):
*emWeb: Mar 03 00:58:44.484: %PEM-1-WEBAUTHFAIL: pem_api.c:5068 Web
authentication failure for station xx::xx
*emWeb: Mar 03 00:58:44.483: %AAA-5-AAA_AUTH_NETWORK_USER: aaa.c:1170
Authentication failed for network user 'ÄÖÅ'
...
*emWeb: Mar 03 01:00:12.022: %AAA-5-AAA_AUTH_NETWORK_USER: aaa.c:1388
Authentication succeeded for network user 'localUser2'
*emWeb: Mar 03 01:00:12.021: %APF-6-USER_NAME_CREATED: apf_ms.c:5743
Username entry (localUser2) with length (10) created for mobile xx::xx
*emWeb: Mar 03 00:59:56.927: %AAA-6-DB_ADD_USER: file_db.c:2508 Adding
user 'localUser2' to AAA database.
Justin
03-03-2012 01:23 AM
Mats,
According to the WLC FAQ, "all the special characters" are supported, but I think this is taken to mean the base ASCII character set and not extended ANSI, Unicode, etc. character sets. As a test, I tried creating usernames with some of the extended characters you put in your post and while the usernames were created and displayed correctly in the database, I was unable to log in with them (login error). (WLC 2504 v.7.0.230.0).
From Cisco's Q&A:
Q. How do I configure a local database on the wireless LAN controller (WLC)? What are the special characters that can be used for the local net user username and passwords?
A. The local user database stores the credentials (username and password) of all the local network users. These credentials are then used to authenticate the users. You can configure local network users either through the GUI or the CLI. You can enter up to 24 alphanumeric characters. All the special characters can be used when you configure username and passwords though CLI, but the single quote character cannot be used when you configure username and password through GUI.
Reference: http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008064a991.shtml
Here's what shows up in my controller logs during testing. Fail for test user ÄÖÅ, but success for user localUser2 (both using identical passwords without special or extended characters):
*emWeb: Mar 03 00:58:44.484: %PEM-1-WEBAUTHFAIL: pem_api.c:5068 Web
authentication failure for station xx::xx
*emWeb: Mar 03 00:58:44.483: %AAA-5-AAA_AUTH_NETWORK_USER: aaa.c:1170
Authentication failed for network user 'ÄÖÅ'
...
*emWeb: Mar 03 01:00:12.022: %AAA-5-AAA_AUTH_NETWORK_USER: aaa.c:1388
Authentication succeeded for network user 'localUser2'
*emWeb: Mar 03 01:00:12.021: %APF-6-USER_NAME_CREATED: apf_ms.c:5743
Username entry (localUser2) with length (10) created for mobile xx::xx
*emWeb: Mar 03 00:59:56.927: %AAA-6-DB_ADD_USER: file_db.c:2508 Adding
user 'localUser2' to AAA database.
Justin
03-06-2012 08:20 AM
Thanks Justin for investigating.
I did find that the acual entries in the guest anchors had the US Ascii corresponding values instead of the original letters.
BTW will ISE be able to handle different ascii codes?
It could be a wway forward
BR
Mats
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide