Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Disable edit and delete button @Guest Provisioning Interface

This thread has been viewed 1 times

  • 1.  Disable edit and delete button @Guest Provisioning Interface

    Posted Nov 27, 2017 01:54 PM

    Hello, I'm traying to give access for provisioning guests to everyone on the company (to provide a guest user for their guests). but i need to disable the edit and delete button in order to deny for the "provisioning user" account at the controller to modify or delete the guest users created by others employees that used already the account. Is it possible?

     

    Thank you

     

    Gabriel



  • 2.  RE: Disable edit and delete button @Guest Provisioning Interface
    Best Answer

    EMPLOYEE
    Posted Nov 27, 2017 02:02 PM

    http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/Management_Utilities/Guest_Provisioning.htm

    "Starting with ArubaOS 3.4 release, a guest user account that is created by a guest provisioning user can only be viewed, modified or deleted by the guest provisioning user who created the account or the network administrator. A guest user account that is created by the network administrator can only be viewed, modified or deleted by the network administrator."

     

    You cannot disable buttons.  It seems you would only be able to accomplish that if guest provisioners were using unique usernames to log into the controller...



  • 3.  RE: Disable edit and delete button @Guest Provisioning Interface

    Posted Nov 27, 2017 02:44 PM

    And you know if there is a possibility to enable access to the controller as guest-provisioning account to an Active Directory group?



  • 4.  RE: Disable edit and delete button @Guest Provisioning Interface

    EMPLOYEE
    Posted Nov 27, 2017 02:55 PM

    You can do this via management authentication.  If you have a radius server that can authenticate users via AD group, you can return the Aruba-admin-role attribute of "guest-provisioning" to have those users authenticate and see the guest page.



  • 5.  RE: Disable edit and delete button @Guest Provisioning Interface

    Posted Nov 30, 2017 07:42 AM

    Could you explain me how to do this? I can't find where i have to set the things that you said.



  • 6.  RE: Disable edit and delete button @Guest Provisioning Interface

    EMPLOYEE
    Posted Nov 30, 2017 08:15 AM

    You would need:

     

    - An external radius server to authenticate management users, sending back the "guest-provisioning" value for the "Aruba-Admin-Role".

    - To configure the Aruba Controller to accept management authentication from a radius server

     

    How to configure your radius server varies, depending on the radius server.  If you have IAS, vanilla instructions are here:  http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Content/ArubaFrameStyles/802.1x_XPClient_IAS_Config/Configure_Management_Aut.htm