Security

Hello,

 

We have a requirement for unique user accounts on our guest network for tracking purposes.   We don't want open access so we need some sort of authentication.  I've developed a sponsord self registration design but our Firm finds it cumbersome for larger groups of guests.    What I'm proposing is that we have a self registration process with unique accounts but users need to enter a common passphrase to enable the account.   The passphrase would be changed daily or weekly and would be applied to all user accounts.  Accounts would expire according to security policy.  All new accounts should created with the new passphrase set automatically.  We want to minimize the amount of administration of the process as much as possible.  Any requrement for intervention by reception or IT staff is undesirable.  At the most we'd only have to log in to change the password but it would be ideal if we could automatically generate a new common passphrase at defined intervals.  Can anybody tell me if this is possible and how I might do this?

So you want unique accounts, but dont need to know who used the account?
Like the standard anonymous self-registration, but not quite?

I'll tell you what I did and you'll tell me if that solves your issue.

The customer requirement was "Accept Terms" only, but still give a unique account to each user.
Using the Allow anonymous weblogin does this partly, but use the same account for each user.

It's been a while so I dont remember the exact details, but to work around this I basically created a normal self-registration page with accept terms checkbox as the only visible field, made the username field hidden and enabled NAS login. That caused an auto-generation of username/password with direct login option on receipt page..

If you cant get it working let me know and I'll look into the old code and see if there was any special tricks to it.

---

@jayjo wrote:

Hello,

 

We have a requirement for unique user accounts on our guest network for tracking purposes.   We don't want open access so we need some sort of authentication.  I've developed a sponsord self registration design but our Firm finds it cumbersome for larger groups of guests.    What I'm proposing is that we have a self registration process with unique accounts but users need to enter a common passphrase to enable the account.   The passphrase would be changed daily or weekly and would be applied to all user accounts.  Accounts would expire according to security policy.  All new accounts should created with the new passphrase set automatically.  We want to minimize the amount of administration of the process as much as possible.  Any requrement for intervention by reception or IT staff is undesirable.  At the most we'd only have to log in to change the password but it would be ideal if we could automatically generate a new common passphrase at defined intervals.  Can anybody tell me if this is possible and how I might do this?

---

You have two conflicting objectives:

 

- Setup Multiple accounts to give them individuality

- Give them all the same password

 

If everyone has the same password, can't someone login with someone's username and a different password?

 

If you don't want anyone to be authenticated, just have them sign up where it automatically enables the username and random password (no sponsor authorization).  You can have the Logon to NAS option enabled so that users will automatically get logged in with the random username and password.  You can also have the random password emailed to them so that if they disconnect, they can pull it up in their email.

 

Reading it through again I believe I misunderstood.

You want self-registration, but need some way to know that they really are your guests and not just randoms. Right?

Sponsors was the way to deal with that. How about using one sponsor email - like a receptionist person/group? That should take some of the load away.



Another way could be using two-stage login.
Search for "Implementing 2-Stage Web Login.pdf" which could help you with this challenge.