Home > Community > Technology > Wireless Access > ./create_group_dump.pl & ./restore_group_dump....

Wireless Access

Reply
Topic Options
MVP MVP
MVP
pmonardo

./create_group_dump.pl & ./restore_group_dump.pl caused AMP to delete local-userdb-guest accounts?

‎09-04-2013 01:07 PM

*TAC case has been opened*

 

Here is an interesting one for you all

I decided today to move a particular Airwave group from 1 AMP to another.

I used ./create_group_dump.pl to create the dump file on the current AMP

I then used ./restore_group_dump.pl to re-create that same AMP group on the destination AMP.

 

That worked no problem. Group was created, devices were moved over. I moved the devices afterwards into specific folders.

 

I then find out soon after that the following occured.

The "new" AMP went ahead and ran the following commands on the controllers:

Sep  4 10:22:30  fpcli: USER:MANUAirwave@10.204.65.13 COMMAND:<local-userdb-guest del username "sdsdsdsd" > -- command executed successfully
Sep  4 10:22:30  fpcli: USER:MANUAirwave@10.204.65.13 COMMAND:<local-userdb-guest del username "sdsdss" > -- command executed successfully
Sep  4 10:22:30  fpcli: USER:MANUAirwave@10.204.65.13 COMMAND:<local-userdb-guest del username "dfdf" > -- command executed successfully
Sep  4 10:22:30  fpcli: USER:MANUAirwave@10.204.65.13 COMMAND:<local-userdb-guest del username "ÉsdsdfÉ" > -- command executed successfully
Sep  4 10:22:30  fpcli: USER:MANUAirwave@10.204.65.13 COMMAND:<local-userdb-guest del username "ffsdg" > -- command executed successfully

 I changed the usernames for security reasons

 

None of the users were then able to authenticate to the network. I manually restored the usernames/passwords to the internal db and all was resolved.

 

Now the question arises? Why would Airwave go ahead and remove these users??

 

1. On the Original AMP, the devices were set to monitor-mode only

2. The Destination Airwave already had other groups and devices being monitored in monitor-mode only.

 

Original AMP: 7.6.2

Destination AMP: 7.6.4

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Alert a Moderator
Message 1 of 11
1,881 Views
Tags (1)
Reply
0 Kudos
Moderator Moderator
Moderator
rgin

Re: ./create_group_dump.pl & ./restore_group_dump.pl caused AMP to delete local-userdb-guest acc

‎09-04-2013 01:36 PM

That behavior seems odd unless the controller was in management mode.  What did the device and event logs for the controller show?


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Alert a Moderator
Message 2 of 11
1,875 Views
Reply
0 Kudos
MVP MVP
MVP
pmonardo

Re: ./create_group_dump.pl & ./restore_group_dump.pl caused AMP to delete local-userdb-guest acc

‎09-04-2013 02:06 PM - edited ‎09-04-2013 02:08 PM

What you see above your post is the audit-trail from the controller.

Device Events (controller)
 |AP mlixw16tornt11w@10.200.64.20 nanny|  Reboot Reason: AP rebooted Fri Nov 30 06:10:29 EST 2012; SAPD: Unable

 

ed Sep 4 10:30:11 2013     System     Alert     Configuration Mismatch: Device: MLIXWC1TOR200: Device Type is Access Point, Device Type is Controller or Device Type is Remote AP (Normal)             
Wed Sep 4 10:29:54 2013     System     Device     Aruba 6000 mlixwibmgofec2-Gough-Local-2 Configuration verification: configuration on device does not match desired configuration     288     Top > Controllers     Gough Local Controller 2
Wed Sep 4 10:24:56 2013     System     Device     Aruba AP 105 NT-12F-AP01 Discovered     2866         Access Points
Wed Sep 4 10:22:20 2013     System     Device     Aruba AP 105 mlixw10tornt12w Created     2865     Top     Manulife-POC
Wed Sep 4 10:22:19 2013     System     Device     Aruba AP 93 mlixw16tornt11w Created     2864     Top     Manulife-POC
Wed Sep 4 10:22:19 2013     System     Device     Aruba AP 93 mlixw17tornt12w Created     2863     Top     Manulife-POC
Wed Sep 4 10:22:18 2013     System     Device     Aruba AP 105 mlixw06tornt11w Created     2862     Top     Manulife-POC
Wed Sep 4 10:22:18 2013     System     Device     Aruba AP 93 mlixw15tornt11w Created     2861     Top     Manulife-POC
Wed Sep 4 10:22:17 2013     System     Device     Aruba AP 93 mlixw18tornt12w Created     2860     Top     Manulife-POC
Wed Sep 4 10:22:17 2013     System     Device     Aruba AP 105 mlixw09tornt11w Created     2859     Top     Manulife-POC
Wed Sep 4 10:22:16 2013     System     Device     Aruba AP 105 mlixw11tornt12w Created     2858     Top     Manulife-POC
Wed Sep 4 10:22:15 2013     System     Device     Aruba AP 105 mlixw05tornt11w Created     2857     Top     Manulife-POC
Wed Sep 4 10:22:15 2013     System     Device     Aruba AP 105 mlixw02tornt11w Created     2856     Top     Manulife-POC
Wed Sep 4 10:22:14 2013     System     Device     Aruba AP 105 mlixw04tornt11w Created     2855     Top     Manulife-POC
Wed Sep 4 10:22:14 2013     System     Device     Aruba AP 105 mlixw01tornt11w Created     2854     Top     Manulife-POC
Wed Sep 4 10:22:13 2013     System     Device     Aruba AP 105 mlixw08tornt11w Created     2853     Top     Manulife-POC
Wed Sep 4 10:22:13 2013     System     Device     Aruba AP 105 mlixw14tornt12w Created     2852     Top     Manulife-POC
Wed Sep 4 10:22:12 2013     System     Device     Aruba AP 105 mlixw07tornt11w Created     2851     Top     Manulife-POC
Wed Sep 4 10:22:12 2013     System     Device     Aruba AP 105 mlixw01torntb Created     2850     Top     Manulife-POC
Wed Sep 4 10:22:11 2013     System     Device     Aruba AP 105 mlixw12tornt12w Created     2849     Top     Manulife-POC
Wed Sep 4 10:22:11 2013     System     Device     Aruba AP 105 mlixw03tornt11w Created     2848     Top     Manulife-POC
Wed Sep 4 10:22:09 2013     System     Device     Aruba AP 105 mlixw13tornt12w Created     2847     Top     Manulife-POC
Wed Sep 4 10:22:08 2013     System     Device     Aruba 6000 MLIXWC1TOR200 Created     2846     Top     Manulife-POC
Wed Sep 4 10:22:05 2013     System     Device     Aruba 6000 MLIXWC2TOR200 Created     2845     Top

 

That's all it shows....

 

Also, why would it only erase those internal users and not overwrite it with the base AMP config for Aruba controllers?

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Alert a Moderator
Message 3 of 11
1,867 Views
Reply
0 Kudos
Moderator Moderator
Moderator
rgin

Re: ./create_group_dump.pl & ./restore_group_dump.pl caused AMP to delete local-userdb-guest acc

‎09-05-2013 07:56 AM

Normally I'd expect to see somewhere that says mismatch, and then a following line that says changes pushed.  Not seeing that in the log portions you sent.  Let me know what support finds out, I'd be interested in the root cause.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Alert a Moderator
Message 4 of 11
1,839 Views
Reply
0 Kudos
MVP MVP
MVP
pmonardo

Re: ./create_group_dump.pl & ./restore_group_dump.pl caused AMP to delete local-userdb-guest acc

‎09-05-2013 08:11 AM

Definitely will let you know.
I can provide you the case number if you'd like as well so you can poke through it.



Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Alert a Moderator
Message 5 of 11
1,837 Views
Reply
0 Kudos
Aruba Aruba
Aruba
dancomfort

Re: ./create_group_dump.pl & ./restore_group_dump.pl caused AMP to delete local-userdb-guest acc

‎09-05-2013 08:48 AM

On the AMP Setup page of the new server, do you have guest user creation enabled for all devices?  That could definitely contribute to this. 

Alert a Moderator
Message 6 of 11
1,831 Views
Reply
0 Kudos
MVP MVP
MVP
pmonardo

Re: ./create_group_dump.pl

‎09-05-2013 09:00 AM

Unfortunately yes
[cid:image001.png@01CEAA2F.79827260]

Even in monitor-mode it will still push a delete command?
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Alert a Moderator
Message 7 of 11
1,829 Views
Reply
0 Kudos
Aruba Aruba
Aruba
dancomfort

Re: ./create_group_dump.pl

‎09-05-2013 10:32 AM

Yes.  If the new AMP doesn't think the users should be there, but they are, it would delete them. 

 

For managing guest users, ClearPass is a better solution than AirWave in many ways.

Alert a Moderator
Message 8 of 11
1,823 Views
Reply
0 Kudos
MVP MVP
MVP
pmonardo

Re: ./create_group_dump.pl

‎09-05-2013 11:27 AM

Clearpass definitely. Unfortunately since we are an MSP, the end customer purchased the equipment through our partner, no clearpass.

I'm still confused as to why AMP would do this, the devices are in monitor-mode only, shouldn't AMP not touch the controllers at all if that's the case?
Is this documented somewhere.

As you know Dan, Airwave is my baby and I haven't seen this anywhere!
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Alert a Moderator
Message 9 of 11
1,820 Views
Reply
MVP MVP
MVP
pmonardo

Re: ./create_group_dump.pl

‎09-12-2013 04:28 AM

TAC is still working on this even though I through out what you mentioned to them Dan.

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Alert a Moderator
Message 10 of 11
1,780 Views
Reply
0 Kudos
Search Airheads
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Copyright © 2016 Aruba, a Hewlett Packard Enterprise company.
All Rights Reserved.
Powered by Lithium