Web authentication different user same client

Ag0000001 · ‎07-16-2013

Hi,

We are currently building a guest WLAN. The authentication works with LDAP via web authentication. Users can log on via smartphones and Windows laptops. Now we have a little problem with the Windows laptops, discovered in the testing phase. When user A is successful logon to the laptop through web authentication and then log off the laptop. User B can simply work under the same credentials of user A, without problems. This is not desirable, another user must then log in to the laptop with own credentials.

The WLC 5508 remember the client MAC address, not the user.

Any tips?

Thank you!

Viten Patel · ‎07-16-2013

What happens when the user log off? The WLC maintains the session until the idle user timeout. You ll need to see the entire debug from when the user A logs in, logs out and then user B logs in using old or new credentials.

Sent from Cisco Technical Support iPhone App

Ag0000001 · ‎07-17-2013

When the user logs off the session remains active on the WLC.

We have the "User Idle Timeout" set on 100000 sec. Unchecked the "Enable Session Timeout". This to logout users after a certain time via a time trigger. Guests 24 hours, students half year, staff 1 year. (If the WLC not often need to restart).

For non domain devices this is not a problem, since users are not dependent on the Windows domain then.

How can we debug users, lets say user A en B on one laptop?

Viten Patel · ‎07-17-2013

Just run the following debug

- debug client

Sent from Cisco Technical Support iPhone App

Shaoqin Li · ‎07-20-2013

from your description I would like to say wlc is working as expected. how can wlc know user B is using user A's credential?

it also has nothing to do with A's status, no matter it is online ( except simultaneous login=1) or not.

something you want to achieve may need some user fringerprint on PC, like mac binding etc...

Sent from Cisco Technical Support iPad App

blenka · ‎08-30-2013

It should not happen like this, however please go through the link will help you to configure or address your query.

see the page 390 and the step 14 should answer your query.

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/consolidated/b_cg74_CONSOLIDATED.pdf

Jacob Snyder · ‎09-03-2013

Why are guest accounts logging in and out? Is this a guest kiosk machine? If so you may want to run a logout script on the PC to force a disassociation so the next user will have to login.

Sent from Cisco Technical Support iPhone App

Saravanan Lakshmanan · ‎12-28-2013

It is expected, if you don't prefer to use same credentials on multiple session then set max login session to 1 instead of 0 or 8. Also, it works on first come first serve basis, whoeve uses the credentials first can login and the same cred is not allowed until the first one logsout.

George Stefanick · ‎12-29-2013

Wow 100,000 on the idle timeout .. Man that client list has to be crazy ..

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________