Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Lobby Ambassador expired accounts still accessible

We have received reports that expired guest accounts are still accessible. We've tested and indeed they are.

Anyone seen this before? Sound like a bug to me.

We are running 7.4.110.0 on the controllers and running Cisco Prime Infrastructure 1.3.0.20.

Just to say looking on the controller it looks like the user has been removed from it. Still visible on Cisco Prime Infrastructure though, although it is past the expiry date.

2 REPLIES
Community Member

Lobby Ambassador expired accounts still accessible

Hi, I recommend checking the WLC directly to insure the guest accounts have been removed. You can acheive this by using putty/secureCRT or another SSH client to ssh onto the WLC.

Once you have logged on, please execute the following command:

show netuser summary

This command will list all the users configured on the WLC and the User Type, you will be looking for type "Guest". Once you have found a expired user account, execute the following command:

show netuser detail useraccount

This will give you the lifetime of the user and when it was created etc.

Okay so to resolve this issue, you can do one of two things:

1. Remove the user directly of the WLC, by executing the following command on the WLC:

config netuser delete username

2. Check that Cisco Prime Infrastructure has connectivity to the controller. In prime, navigate to the controller and perform an audit, replace the WLC with the values from Prime. This will then overwrite and remove all settings that aren't in prime on the WLC. I actually recommend doing option 1 first and then performing the audit and keeping all the values of the WLC in Prime, then going forward insure that Prime is the only place where changes to the network are made.

Hope that helps mate

Community Member

Lobby Ambassador expired accounts still accessible

Looked on the controller and the user that I tried accessing with is not on the controller (any of them) but it is still visible on Cisco Prime.

Cisco Prime has connectivity to the controllers and we audit and re-synch them daily.

If the user is not on the controllers, how is it being authenticated?

I suppose the end solution is to manually remove the users from Cisco Prime, but I would like to understand the mechanisms used before I do that.

215
Views
0
Helpful
2
Replies
CreatePlease to create content