Wireless Access

Reply
Occasional Contributor I
Posts: 6
Registered: ‎05-09-2016

How to manage RAP users via Airwave API?

I'm getting started with Airwave API and I would like to manage RAP users via the Airwave API.

 

I'm able to get a valid auth token by using curl and visiting /LOGIN and I can get stats by visiting /amp_stats.xml as well as ap_list.xml...

 

Successfully log in and get a token:

 

curl -k -c ./cjar -d "credential_0=USERNAME" -d "credential_1=PASSWORD" -d "destination=/" -d "login=Log In" https://airwave-hostname/LOGIN

 

 

Successfully query stats:

 

curl -vvvv -k -b ./cjar "https://airwave-hostname/amp_stats.xml 2>/dev/null

 

 

But user-related requests (shown below) are all met with a 403 error, which is most confusing because I can query stats from the above stats URL before and after getting the 403, which suggests I have a valid login token. It's as if there is a separate authentication required for the user operations... is there?

 

Fail to get all users - response: "403 Session expired; please log in again":

curl -vvvv -k -b ./cjar -vikd 'xml=<?xml version="1.0" encoding="ISO-8859-1" standalone="yes"?> <guest_user_api:get_all version="1"></guest_user_api:get_all>' -H "https://airwave-hostname/guest_user_api"


Fail to look up a given user - response: "403 Session expired; please log in again":

curl -vvvv -k -b ./cjar -vikd 'xml=<?xml version="1.0" encoding="ISO-8859-1" standalone="yes"?><guest_user_api:get version="1" xmlns:guest_user_api="http://www.airwave.com"><username>A_VALID_USERNAME</username></guest_user_api:get>' https://airwave-host/guest_user_api

 

 

What am I missing?

 

Thanks

 

 

 

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: How to manage RAP users via Airwave API?

What exactly are you trying to manage?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 6
Registered: ‎05-09-2016

Re: How to manage RAP users via Airwave API?

 

Enable/disable of individual RAP units

 

In an environment with many RAPs, and many controllers... I'm assuming Airwave is the one-stop-shop for doing this sort of management.

 

 

Guru Elite
Posts: 21,271
Registered: ‎03-29-2007

Re: How to manage RAP users via Airwave API?

arubatriangle do you have ClearPass?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎05-09-2016

Re: How to manage RAP users via Airwave API?

 

Clearpass is not used in this environment - we are managing users in Radius. Does that answer your question?

 

Tying this back to my original question, are you thinking there could be an underlying dependency on Clearpass?

Guru Elite
Posts: 21,271
Registered: ‎03-29-2007

Re: How to manage RAP users via Airwave API?

Okay.  I thought you wanted to manage the remote access points that users connect to in radius.  I thought you wanted to possibly disable the remote access points in general.  ClearPass could be used as a whitelist for remote access points and there is an API where you could disable them there.  That is what I thought you were talking about.

 

You are looking to disable the users that connect to those access points?  Is that typically after you have already disabled their accounts in AD, or are you looking to do something different? 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎05-09-2016

Re: How to manage RAP users via Airwave API?

I actually want to target the device itself, and disable it (turn off radio, turn off ports, render it unusable by anybody on premasis but still centrally manageable).

 

Occasional Contributor I
Posts: 6
Registered: ‎05-09-2016

Re: How to manage RAP users via Airwave API?

I have opened support case #1892152.

Occasional Contributor I
Posts: 6
Registered: ‎05-09-2016

[SOLVED] Re: How to manage RAP users via Airwave API?

Thank you to the helpful support staff.

 

As it turns out, I was missing the X-BISCOTTI header which gets set during /LOGIN and must be carried through to all requests made using that authorization.

 

Sample:

 

curl -k -D ./hjar -c ./cjar -d "credential_0=USERNAME" -d "credential_1=PASSWORD" -d "destination=/" -d "login=Log In" https://$AIRWAVE_HOST/LOGIN

if [ "$BISCOTTI_HEADER" = "" ] ; then
        BISCOTTI_HEADER="$(grep X-BISCOTTI ./hjar)"
fi

curl -k -b ./cjar -k --header "$BISCOTTI_HEADER" "https://$AIRWAVE_HOST/ap_list.xml" > ./ap_list.xml

 

 

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: