Guest

Cisco NAC Guest Server

Release Notes for Cisco NAC Guest Server, Release 1.1.3

  • Viewing Options

  • PDF (250.2 KB)
  • Feedback
Release Notes for Cisco NAC Guest Server, Release 1.1.3

Table Of Contents

Release Notes for Cisco NAC Guest Server, Release 1.1.3

Contents

Cisco NAC Guest Server Releases

System Requirements

Hardware Supported

Determining the Software Version

Upgrading to Software Release 1.1.3

New and Changed Information

Enhancements in Release 1.1.3

Enhancements in Release 1.1.2

New Software Features in Release 1.1.1

Guest Role Support

Additional NTP Server

FTP Backup Directory

New Software Features in Release 1.1.0

LDAP Sponsor Authentication

RADIUS Sponsor Authentication

Sponsor Authentication Server Ordering

Sponsor Interface Timeout

Sponsor User Group Ordering

Account Time Restrictions

Bulk Account Creation

Random Account Creation

Guest Account Time by Template

Guest Details Policy

Multiple Cisco NAC Appliance Clean Access Manager Support

Additional RADIUS Client Attributes

User Default Selection, Sponsor Confirmation Email, and Multiple Template (Language) Support

Local User Password Change

Root Certificate Authority Upload Support

Scheduled Backup

Web-Based Backup and Restore

Support Logs Download

License Management

Active/Active Resilience and Replication

Caveats

Open Caveats - Release 1.1.3

Resolved Caveats - Release 1.1.3

Resolved Caveats - Release 1.1.2

Resolved Caveats - Release 1.1.1

Resolved Caveats - Release 1.1.0

Documentation Updates

Related Documentation

Obtaining Documentation and Submitting a Service Request


Release Notes for Cisco NAC Guest Server, Release 1.1.3


Revised: October 29, 2010, OL-14643-01

Contents

These release notes provide late-breaking and release information for Cisco NAC Guest Server, Release 1.1.3. This document describes new features, changes to existing features, limitation and restrictions ("caveats"), upgrade instructions and related information.

These release notes supplement the Cisco NAC Guest Server Installation and Configuration Guide, Release 1.1.1.

Cisco NAC Guest Server Releases

Cisco NAC Guest Server Version
Release Date

1.1.3 ED

May 12, 2009

1.1.2 ED

January 22, 2009

1.1.1 ED

June 6, 2008

1.1.0 ED

February 25, 2008


System Requirements

The Cisco NAC Guest Server can be integrated with the Cisco NAC Appliance Clean Access Manager through its API, or with Cisco Wireless LAN controllers through the RADIUS protocol. Cisco NAC Guest Server is compatible with the Cisco NAC Appliance and Cisco Wireless LAN Controller component versions shown in Table 1.

Table 1 Components Supported by Cisco NAC Guest Server

Cisco NAC Guest Server Version
Cisco NAC Appliance Version
Wireless LAN Controller Version

1.1.0 and later

4.0(1) and later

4.0.219 and later


Hardware Supported

The Cisco NAC Guest Server is a standalone hardware appliance based on the Cisco NAC Appliance 3310 platform. The Cisco NAC Guest Server is supported only on the NAC-3310 hardware platform.


Note The NAC-3310 appliance is based on the HP ProLiant DL140 G3 server and is subject to any BIOS/firmware upgrades required for the DL140 G3. Refer to Supported Hardware and System Requirements for Cisco NAC Appliance (Cisco Clean Access) for additional details.


Determining the Software Version

The bottom left of the Cisco NAC Guest Server administrator console displays the software version. To determine the current software version, login to the administration interface.

To view the software version from the command line:

1. SSH or console to the Cisco NAC Guest Server.

2. Issue the following command:

cat /guest/www/admin/includes/version.html

Upgrading to Software Release 1.1.3

The Cisco NAC Guest Server comes pre-installed with initial software release 1.0.0. Software release 1.1.3 can be applied to an existing 1.0.0, 1.1.0, 1.1.1, or 1.1.2 installation.

If the appliance needs to be re-imaged, refer to the instructions in the installation chapter of the e Cisco NAC Guest Server Installation and Configuration Guide, Release 1.1.1 before applying the 1.1.3 upgrade.


Note If the Cisco NAC Guest Server has replication active, you will need to do the following steps simultaneously on both Cisco NAC Guest Servers that form the replicating pair. You will also need to guarantee that there is connectivity between both.


The following steps need to be performed to install the 1.1.3 update.


Step 1 Download the nac-guest-upgrade-1-1-3.tar.gz upgrade file from the Cisco software download page.

http://www.cisco.com/cisco/software/cart.html?imageGuId=2B0ED7E98D6A2BE58D72D4681C98A5D2617BD4EE&i=rs.

You will need to log in with your Cisco.com credentials to access the page.

Step 2 Connect to the Cisco NAC Guest Server with an SFTP client such as WinSCP. You will need to log in using root account credentials. The default password for this account is cisco.

Step 3 Copy the nac-guest-upgrade-1-1-3.tar.gz file using the SFTP client to the /guest/upgrade directory.

Step 4 Connect to the Cisco NAC Guest Server console using SSH, a keyboard and monitor, or a serial connection and log in using root account credentials.

Step 5 Navigate to the /guest/upgrade directory

cd /guest/upgrade

Step 6 Run the following command at the console to ensure that the md5 value listed matches the MD5 value obtained by clicking the link to the upgrade file at http://www.cisco.com/cgi-bin/tablebuild.pl/nac-guest:

md5sum nac-guest-upgrade-1-1-3.tar.gz

Step 7 Extract the upgrade files.

tar zxvf nac-guest-upgrade-1-1-3.tar.gz

Step 8 Execute the upgrade script.

/guest/upgrade/1.1.3/upgrade.sh

Step 9 When the upgrade has finished, if instructed, reboot the appliance. Reboot is only needed if upgrading from 1.0.0 or 1.1.0. Reboot is not needed if upgrading from 1.1.1 or 1.1.2.

reboot

Note A backup of the existing database is taken before the upgrade and is stored in the /guest/backup/pre_1_1_3_upgrade.sql file. Cisco recommends backing up this file from the appliance via SFTP.



Note The upgrade process is recorded in the /guest/logs/upgrade_1_1_3.log file. You can view the log file by entering less /guest/logs/upgrade_1_1_3.log in a command prompt window.



New and Changed Information

Enhancements in Release 1.1.3

Enhancements in Release 1.1.2

New Software Features in Release 1.1.1

New Software Features in Release 1.1.0

Enhancements in Release 1.1.3

Release 1.1.3 is a general and important bug fix release for the Cisco NAC Guest Server that addresses the caveats described in Resolved Caveats - Release 1.1.3.

Enhancements in Release 1.1.2

Release 1.1.2 is a general and important bug fix release for the Cisco NAC Guest Server that addresses the caveats described in Resolved Caveats - Release 1.1.2.

New Software Features in Release 1.1.1

Guest Role Support

Additional NTP Server

FTP Backup Directory

Guest Role Support

Guest Role Support provides the ability for Sponsors to create guest accounts with different privileges. This includes provisioning into different roles on the Clean Access Manager, returning different RADIUS attributes to RADIUS clients or only allowing access from specified networks.

Additional NTP Server

The 1.1.1 release introduces the ability to configure two NTP servers instead of a single NTP server in 1.1.0.

FTP Backup Directory

The 1.1.1 release allows a directory to be specified as part of the scheduled FTP backup, prior versions placed the backup in the default directory of the FTP user account.

New Software Features in Release 1.1.0

LDAP Sponsor Authentication

RADIUS Sponsor Authentication

Sponsor Authentication Server Ordering

Sponsor Interface Timeout

Sponsor User Group Ordering

Account Time Restrictions

Bulk Account Creation

Random Account Creation

Guest Account Time by Template

Guest Details Policy

Multiple Cisco NAC Appliance Clean Access Manager Support

Additional RADIUS Client Attributes

User Default Selection, Sponsor Confirmation Email, and Multiple Template (Language) Support

Local User Password Change

Root Certificate Authority Upload Support

Scheduled Backup

Web-Based Backup and Restore

Support Logs Download

License Management

Active/Active Resilience and Replication

LDAP Sponsor Authentication

LDAP Sponsor Authentication provides the ability to authenticate the sponsor interface against LDAP servers. Group attributes from the LDAP servers can be used to assign permissions to the sponsor.

This feature adds the following page to the Guest Server administrator console:

Authentication > Sponsors > LDAP Servers

RADIUS Sponsor Authentication

RADIUS Sponsor Authentication provides the ability to authenticate the sponsor interface against RADIUS servers. Sponsors can be assigned permissions based upon the class attribute assigned in the RADIUS server.

This feature adds the following page to the Guest Server administrator console:

Authentication > Sponsors > Radius Servers

Sponsor Authentication Server Ordering

The authentication servers can be ordered so that when a sponsor authenticates the Cisco NAC Guest Server will try and authenticate the sponsor against the authentication servers in a pre-determined order.

This feature adds the following page to the Guest Server administrator console:

Authentication > Sponsors > Authentication Order

Sponsor Interface Timeout

A timeout value can be set so that if the sponsor is inactive for the timeout period the sponsor will be automatically logged out.

This feature adds the following page to the Guest Server administrator console:

Authentication > Sponsors > Settings

Sponsor User Group Ordering

Sponsor User Group Ordering provides the ability to order the checking of user groups upon sponsor authentication. This is enabled so that the first match of group settings will result in the sponsor being assigned the permissions from that user group.

This enhancement affects the following page of the Guest Server administrator console:

Authentication > User Groups | new up, down, and Change Order buttons

Account Time Restrictions

Time restrictions can be placed on Sponsor User Groups. This is so sponsors in those groups can be restricted to the maximum number of days in the future they can create a guest account. Also the maximum duration of a guest account can be specified.

This enhancement affects the following page of the Guest Server administrator console:

Authentication > User Groups > Add Group | Edit Group includes two new settings for Number of days in the future the account can be created and Maximum duration of account (in days)

Bulk Account Creation

Bulk Account Creation gives the ability for a sponsor to create multiple user accounts by either entering the details of multiple guests into a form, or by uploading the guests detail from a spreadsheet in CSV format.

This enhancement affects the following page of the Guest Server administrator console:

Authentication > User Groups > Add Group | Edit Group includes two new Create Bulk Accounts and Import CSV settings

Random Account Creation

Random Account Creation allows a sponsor to create a defined number of accounts without specifying the guests details. The accounts can be provided to guests and the details entered into the Cisco NAC Guest Server at a later date for audit purposes.

This enhancement affects the following page of the Guest Server administrator console:

Authentication > User Groups > Add Group | Edit Group includes new Create Random Accounts setting

Guest Account Time by Template

Guest Account Time by Template provides the ability for the administrator to specify that a list of durations that the sponsor can create accounts for, such as 1 hour, 12 hours, 3 days etc. This will be used instead of the sponsor having to specify specific start and end times.

This enhancement affects the following page of the Guest Server administrator console:

User Interface > Templates > Add Template | Edit Template > Accounts > Account Duration

Guest Details Policy

The Administrator can configure the details that are mandatory, optional, or not requested when sponsors are filling out the guests details. This feature also enables the administrator to configure five additional user details fields to store customized data about guests.

This feature adds the following page to the Guest Server administrator console:

Guest Policy > Guest Details

Multiple Cisco NAC Appliance Clean Access Manager Support

Cisco NAC Guest Server 1.1.0 now supports the ability to provision guest accounts on more than one Cisco NAC Appliance Clean Access Manager (CAM).

This enhancement affects the following page of the Guest Server administrator console:

Devices > NAC Appliance

Additional RADIUS Client Attributes

One or more additional attributes can be specified for individual RADIUS clients. The attributes will be sent to the RADIUS client on successful authentication of a guest. You can also use the new settings on this page to change the order of multiple additional RADIUS client attributes and remove attributes from the RADIUS client configuration.

This feature provides support for Catalyst Web Authentication, IOS Proxy Authentication, and PIX/ASA Authentication Proxy.

This enhancement affects the following page of the Guest Server administrator console:

Devices > Radius Clients > Add Radius | Edit Radius includes new configuration settings:

RADIUS Attribute and associated Value settings allow you to specify one or more additional attributes for the RADIUS client

The Move up, Move down, and Remove buttons allow you to change the order of multiple RADIUS client attributes and remove attributes from the RADIUS client configuration

User Default Selection, Sponsor Confirmation Email, and Multiple Template (Language) Support

Sponsors can now select the default settings for template, time zone, country code, start page, etc. In addition, sponsors can use this new configuration page to have the guest account details emailed to themselves after they are created.

Previous versions of Cisco NAC Guest Server only allowed a single sponsor interface template to be active at any one time. With Cisco NAC Guest Server 1.1.0, each sponsor can choose their own template. This gives them the ability to choose a template that the administrator defines for another local language.

This feature adds the following page to the Guest Server sponsor console:

My Settings > Preferences

Local User Password Change

Provides the ability for sponsors with accounts locally defined on the Cisco NAC Guest Server to be able to change their password from the Guest Server sponsor console.

Root Certificate Authority Upload Support

Provides the ability to load certificates of trusted root certificate authorities into the Cisco NAC Guest Server.

This enhancement affects the following page of the Guest Server administrator console:

Server > SSL Settings > Upload includes a new Upload Root CA Certificate option

Scheduled Backup

Backups can be scheduled via the web administration interface to backup to a directory on the Cisco NAC Guest Server or to an external FTP server.

This feature adds the following page to the Guest Server administrator console:

Server > Backup new features under the Change the backup settings heading

Web-Based Backup and Restore

Provides the ability to take a point in time backup of the Cisco NAC Guest Server configuration and restore a backup file onto the Cisco NAC Guest Server via the web administration interface.

This feature adds the following page to the Guest Server administrator console:

Server > Backup

New snapshot button under the Snapshot heading

New options in the Restore menu

Support Logs Download

Ability to download all the support logs in a single archive via the web administration interface.

This feature adds the following page to the Guest Server administrator console:

Server > Support Logs

License Management

Existing licenses can be viewed and replaced through the web administration interface.

This feature adds the following page to the Guest Server administrator console:

Server > Licensing


Note For detailed information on Cisco NAC Guest Server licenses, refer to Cisco NAC Appliance Service Contract/Licensing Support.


Active/Active Resilience and Replication

Active/Active Resilience and Replication provides the ability for a pair of Cisco NAC Guest Servers to synchronize their databases for resilience.

Each Guest Server will be able to actively service requests from sponsors and RADIUS clients at the same time. The sponsor web interface will need load balancing providing by external load balancing devices such as the CSS, CSM or ACE.

This feature adds the following page to the Guest Server administrator console:

Server > Replication Settings

Caveats

This section describes caveats related to the Cisco NAC Guest Server:

Open Caveats - Release 1.1.3

Resolved Caveats - Release 1.1.3

Resolved Caveats - Release 1.1.2

Resolved Caveats - Release 1.1.1

Resolved Caveats - Release 1.1.0


Note If you are a registered cisco.com user, you can view Bug Toolkit on cisco.com at the following website:

http://www.cisco.com/pcgi-bin/Support/Bugtool/home.pl

To become a registered cisco.com user, go to the following website:

http://tools.cisco.com/RPF/register/register.do


Open Caveats - Release 1.1.3

Table 2 List of Open Caveats

DDTS Number
Software Release 1.1.3
Corrected
Caveat

CSCso26993

No

Logo file is not replicated between two Cisco NAC Guest Servers configured as a replication pair

This issue affects Cisco NAC Guest Server Release 1.1.0.

Workaround

Manually upload the logo on the second Guest Server by editing the template (using the same method as on the first Guest Server).

CSCsq86376

No

Authentication attempts fail when "calling-station-id" is set to a MAC address

After upgrading to Cisco NAC Guest Server, Release 1.1.1, authentication fails if the wireless controller is set to send the MAC address for the "calling-station-id" attribute.

Workaround

Change the attribute to use the IP address instead of the MAC address. Alternatively, Cisco TAC can edit the configuration to remove the IP check, but the location feature does not work.

CSCsx21004

No

IDE Error messages seen on Guest server during upgrade.

Upgrade is successful, however a number of "hdc: packet command error:" messages are shown during upgrade.

CSCsz31445

No

When an invalid license is installed the NAC Guest Server redirects a user to the license page

The URL is generated based upon the IP address of the eth0 interface. If the user is accessing behind NAT, then this will fail.

Workaround   To resolve this issue, the administrator must access the box using the real IP address of the server to re-install a valid license.


Resolved Caveats - Release 1.1.3

Table 3 List of Resolved Caveats

DDTS Number
Software Release 1.1.3
Corrected
Caveat

CSCsx20606

Yes

Users can't login when password policy has a space or ampersand in it

Conditions   If the password policy includes spaces or ampersands then the passwords are not correctly created on the NAC Manager. This means guests cannot login with this account.

Workaround   Remove any spaces (" ") or ampersands "&" from the Other characters field of the password policy.

CSCsx20876

Yes

Setting in Guest Role > NAC Role is forced even if it's unchecked

Steps to reproduce

1. Add a NAC appliance in Guest Server and assign it a default role "Guest".

2. Make sure that role "Guest" exists on CAM.

3. Create a guest account now. It will be assigned "Unauthenticated" role.

4. Go and change the value in NAC Roles but uncheck the box.

5. Create an account now. It will be assigned "Guest" Role.

CSCsy34424

Yes

Date and time do not exist

This issue only occurs if the current day does not exist in the month for which we are setting the date. For example, if the current date is 30-01-2009 (January 30, 2009) and we are creating an account starting in February (e.g. 03-02-2009).

This is caused by the way we handle Dates. We normally instantiate a date object and then set its components (day,month,year) separately, so for the case above, we would see the following:

instantiate date (date = 30-01-2009)

set year to 2009 (date = 30-01-2009)

set month to February (date = 02-03-2009)

set day to the second (date = 03-02-2009)

The date object in the second bullet knows that there is no February 30, so it automatically adjusts to March 2.

CSCsy71509

Yes

Time zone selection not saved after the page is submitted during guest account creation

While submitting a guest account creation page (newuser.php, randomaccounts.php,importcsv.php, or bulkaccounts.php), all guest information is displayed in the form, thus saving the Sponsor from re-entering all of the details in case the account could not be created. The time zone select box, however, reverts back to the Sponsor default time zone.

CSCsy71545

Yes

Sponsor usernames and passwords containing slashes (\) do not authenticate

Sponsor usernames and passwords containing slashes (\) are handled incorrectly, leading to authentication failures if the server against which the user authenticates is not the first on the list.


Resolved Caveats - Release 1.1.2

Table 4 List of Resolved Caveats

DDTS Number
Software Release 1.1.2
Corrected
Caveat

CSCsq76185

Yes

Variable names being printed after creating a guest user account rather than the values inputted by the sponsor.

Workaround

After creation go into Active Accounts page and print from there

CSCsq86714

Yes

When using internet explorer to connect to NAC Guest Server over a HTTPS connection certain files do not download correctly. This is due to a bug with the IE browser.

Workaround

Connect using HTTP instead of HTTPS with Internet Explorer 6.0, alternatively use a later version of Internet Explorer or use a different browser such as Firefox or Safari.

CSCsq92773

Yes

Unable to edit additional active directory server because the Guest Server adds a space in front of the AD server name, the edit page comes up blank as it looks for a server name without a space in the database.

Workaround

You can delete the server and insert it again without the space character at the end of the name or - :

1 - Login to the box through ssh

2 - Connect to the database: psql -U postgres gapdb

3 - Execute the following SQL statements (note the server name is

'dc4 RWS Domain Controller ' here in this example)

UPDATE adservers SET domain = 'dc4 RWS Domain Controller' WHERE domain = 'dc4 RWS Domain Controller ';

UPDATE serverorder SET servername = 'dc4 RWS Domain Controller' WHERE servername = 'dc4 RWS Domain Controller ';

CSCsq94240

Yes

NAC Guest Server can fail to parse/sanity check the AD DC entry

NAC Guest Server can fail to parse/sanity check the AD DC entry with certain misconfigurations of Active Directory Server entries and will fail to display all entries in group mapping.

Workaround

Correct the entry for the domain controller IP address or hostname

CSCsq94602

Yes

Server creates bad username when importing a CSV file with Username Policy option 2

Workaround


1. Open the CSV file in Notepad, copy the contents and paste into the text entry form. User Accounts > Multiple Accounts > Create Multiple Accounts

2. Or, change the username policy to use email address instead of first/last names.

CSCsr19498

Yes

Twin service stops intermittently when performing a lot of failovers.

Workaround

There is no workaround as this issue will be resolved in version 1.1.2

CSCsr22834

Yes

LDAP users allowed to login without permissions to do so as the authentication function is not setting the user as invalid.

Workaround

Remove all the permissions for the local group, the user will be able to login but not perform any actions, however, there is a patch available from Cisco TAC

CSCsr68115

Yes

When calling the CAM API with the getuserinfo or getoobuserinfo operations, the Guest Server makes an incorrect call to CCA causing all users to get removed from the OUL.

Workaround

There is no workaround as this issue will be resolved in version 1.1.2

CSCsr82031

Yes

Changing a search whilst paging in a full report and viewing a page greater than the amount of results returned by a future query will show no results.

Workaround

Return to page 1 before changing the search

CSCsu00058

Yes

Radius Authentications fail when Role option set to Unused

Radius authentications for all users created on the Guest Server release 1.1.1 will fail even though password and shared secrets are correct. This occurs when the "Roles" setting under "Guest Policy" > "Guest Details" is set to unused.

Workaround

Set the Roles option to "Displayed" or "Not Displayed" (anything other than unused).

CSCsu70899

Yes

Hal Daemon using all available CPU prevents Radius daemon rom running.

Workaround

Login to the command line as root, then issue the following commands

service haldaemon stop

chkconfig haldaemon off

This will stop the CPU issue by turning off the unneeded haldaemon service

CSCsu87661

Yes

Guest Server database only supports 32 character account session IDs, if the NAS sends a larger session ID it could cause the Radius service to crash.

Workaround

There is no workaround as this issue will be resolved in version 1.1.2

CSCsu88136

Yes

The LDAP server configuration on the NAC Guest server ignores any values in the "port" field and always applies the default value (389) irrespective of the value configured.

Workaround

Specify the port in the LDAP server URL,

e.g.: ldap://10.0.0.1:3387


Resolved Caveats - Release 1.1.1

Table 5 List of Resolved Caveats

DDTS Number
Software Release 1.1.1
Corrected
Caveat

CSCso26886

Yes

LDAP Authentication does not perform group mapping

When authenticating sponsors using an LDAP server the Cisco NAC Guest Server correctly authenticates the user, but does not set the group correctly. All LDAP users get mapped to the default group.

Workaround

Install the functions.php file from CSCso26886-ldap-1.1.0.zip available in the Cisco NAC Guest Server download folder at http://www.cisco.com/cgi-bin/tablebuild.pl/nac-guest.

CSCso26951

Yes

HTML or quotes (") used in the template do not display correctly

This affects Cisco NAC Guest Server Release 1.1.0 when using HTML or quotes (") in the displayable screen template components.

Workaround

Do not use HTML or quotes in the templates.

CSCso26979

Yes

Bulk account creation not working correctly

If a user is placed in a group that only features the Create Bulk Account permission (and does not include the Create Account permission), bulk account creation does not work. This issue affects Cisco NAC Guest Server Release 1.1.0.

Workaround

Provide the user group the create account permission.

CSCso40874

Yes

Email sent to notify guests of their accounts is not sent from the correct email address

Currently the email comes from "apache@<hostname>.<domain>" (from the Network Settings page). The sent-from header is set correctly, but the return path header is not set. If this behavior is acceptable, you do not need to use the workaround below.

Note Some Email configurations verify this and drop the email if it does not recognize the return path.

Workaround

You can edit two files to set this correctly:

Note Cisco recommends making copies of these files in case you need to back out.

1. Edit the /etc/mail/trusted-users file to add the following line at the end:

apache 

2. Open the /etc/php.ini file and change the line that begins "sendmail_path" to:

sendmail_path = /usr/sbin/sendmail -t -i -F <email 
adderss> -f <email address>

3. Reboot the Cisco NAC Guest Server.

CSCso50592

Yes

Cisco NAC Guest Server will not add manual AD group mappings in Microsoft Internet Explorer 6

Note In Guest Server 1.1.0, a new text box for manual AD group mapping was created. If the group name does not appear in the list of groups that the Guest Server is able to pull from the AD, then you cannot add the group name.

Workaround

Use another browser. Firefox has been proven to work.

CSCsq21586

Yes

Account duration functionality not working from GUI

Account duration change done under the group policy has no affect on the guest account.

Workaround

Open an SSH session to the Cisco NAC Guest Server and enter the following commands where xxx is the number of days into the future the account can be created and yyy is the maximum account duration in days:

psql -U postgres gapdb UPDATE accountduration 
SET futuredays=xxx,durationdays=yyy; 
\q 

CSCsq42872

Yes

Not able to change the Authentication Order on the Cisco NAC Guest Server

This happens when the administrator deletes the server that appears at the top of the list.

Workaround

Log in to the Cisco NAC Guest Server using SSH and enter the following commands:

psql -U postgres gapdb 
UPDATE serverorder set orderid = 1 WHERE id = 0; 
\q 

CSCsq48553

Yes

Valid Sponsor can authenticate with a blank password via LDAP authentication

A valid user can authenticate to the Cisco NAC Guest Server Sponsor page via LDAP when using an anonymous bind password and can create guest accounts.

Note The Sponsor profile must already exist on the LDAP server to take advantage of the anonymous bind.

CSCsq67776

Yes

HTTP redirect fails on Cisco NAC Guest Serves

HTTP redirect does not redirect properly on Cisco NAC Guest Server, Release 1.1.0. When this function is enabled, The Guest Server attempts to access NGS via HTTP, but fails.


Resolved Caveats - Release 1.1.0

Table 6 List of Resolved Caveats

DDTS Number
Software Release 1.1.0
Corrected
Caveat

CSCsk95396

Yes

The description field for RADIUS clients is mandatory.

The workaround is to enter any text in this field.

CSCsk95409

Yes

Accounts are only marked as active in the user interface if they have been correctly created on a Clean Access Manager (CAM). If there is no Clean Access Manager they appear as inactive, but are still valid for authentication by the RADIUS component. This is a cosmetic issue.

CSCsl02391

Yes

Certain "Other Characters" in passwords are not supported

The default password policy includes certain "Other Characters" (non-alphanumeric characters) that cannot be used with the CAM API. This includes the% character.

"Other Characters" that are known not to work include:
£ % < ¬ ` ' \ |

CSCsl06878

Yes

Certificate files cannot be downloaded

When trying to download the certificate, CSR, or private key, a zero length file is downloaded.

CSCsm18249

Yes

Date Picker does not display correctly in Microsoft Internet Explorer 6

When using Internet Explorer 6 the Javascript Date Picker does not display correctly. The Date Picker gets confused with the Timezone dropdown.

This issue only affects Internet Explorer 6 and earlier.

CSCsm18263

Yes

Full reporting shows all accounts regardless of permissions

If you do not wish to allow sponsors to view all the accounts created by any user, set their group permission to be "No." This will not allow them to run full reports at all.

CSCsm23361

Yes

Create User template changes not working

When the template is changed for the button on the Create User page, the page does not submit correctly.

This issue affects version 1.0.0 only.


Documentation Updates

Table 7 Updates to Release Notes for Cisco NAC Guest Server

Date
Description

5/12/09

Updates for Cisco NAC Guest Server Release 1.1.3:

Updated Cisco NAC Guest Server Releases

Added Enhancements in Release 1.1.3

Updated Upgrading to Software Release 1.1.3

Updated Open Caveats - Release 1.1.3

Added Resolved Caveats - Release 1.1.3

1/22/09

Updates for Release 1.1.2:

Cisco NAC Guest Server Releases

Enhancements in Release 1.1.2

Upgrading to Software Release 1.1.2

Open Caveats - Release 1.1.2

Resolved Caveats - Release 1.1.2

10/23/08

Added caveat CSCsu00058 to Open Caveats - Release 1.1.1, page 9

7/9/07

Added caveats CSCsq92773, CSCsq94240, CSCsq94602, and CSCsr22834 to Open Caveats - Release 1.1.1, page 9

Added caveat CSCsq48553 to Resolved Caveats - Release 1.1.1

6/19/08

Added caveats CSCsq76185, CSCsq86376, and CSCsq86714 to Open Caveats - Release 1.1.1, page 9

6/9/08

Updated instructions in Upgrading to Software Release 1.1.3

Added caveat CSCsq67776 to Resolved Caveats - Release 1.1.1

6/6/08

Release 1.1.1

3/18/08

Added caveats CSCso26886, CSCso26951, CSCso26979, and CSCso26993 to Open Caveats - Release 1.1.0

3/6/08

Release 1.1.0.


Related Documentation

For the latest updates to Cisco NAC Guest Server and Cisco NAC Appliance documentation on Cisco.com see: http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home.html

or simply http://www.cisco.com/go/nac/appliance

Release Notes for Cisco NAC Guest Server, Release 1.1.3 (this document)

Cisco NAC Guest Server Installation and Configuration Guide, Release 1.1.1

Cisco NAC Appliance Service Contract/Licensing Support

Cisco NAC Guest Server Data Sheet

Cisco NAC Guest Server Q & A

Cisco NAC Appliance - Cisco Clean Access Manager Installation and Configuration Guide

Cisco Wireless LAN Controller Configuration Guide, Release 4.0

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.

This document is to be used in conjunction with the documents listed in the "Related Documentation" section.