Cisco NAC Guest Server

Table Of Contents

Release Notes for Cisco NAC Guest Server, Release 1.1.3

Contents

Cisco NAC Guest Server Releases

System Requirements

Hardware Supported

Determining the Software Version

Upgrading to Software Release 1.1.3

New and Changed Information

Enhancements in Release 1.1.3

Enhancements in Release 1.1.2

New Software Features in Release 1.1.1

Guest Role Support

Additional NTP Server

FTP Backup Directory

New Software Features in Release 1.1.0

LDAP Sponsor Authentication

RADIUS Sponsor Authentication

Sponsor Authentication Server Ordering

Sponsor Interface Timeout

Sponsor User Group Ordering

Account Time Restrictions

Bulk Account Creation

Random Account Creation

Guest Account Time by Template

Guest Details Policy

Multiple Cisco NAC Appliance Clean Access Manager Support

Additional RADIUS Client Attributes

User Default Selection, Sponsor Confirmation Email, and Multiple Template (Language) Support

Local User Password Change

Root Certificate Authority Upload Support

Scheduled Backup

Web-Based Backup and Restore

Support Logs Download

License Management

Active/Active Resilience and Replication

Caveats

Open Caveats - Release 1.1.3

Resolved Caveats - Release 1.1.3

Resolved Caveats - Release 1.1.2

Resolved Caveats - Release 1.1.1

Resolved Caveats - Release 1.1.0

Documentation Updates

Related Documentation

Obtaining Documentation and Submitting a Service Request

Release Notes for Cisco NAC Guest Server, Release 1.1.3

---

Revised: October 29, 2010, OL-14643-01

Contents

These release notes provide late-breaking and release information for Cisco NAC Guest Server, Release 1.1.3. This document describes new features, changes to existing features, limitation and restrictions ("caveats"), upgrade instructions and related information.

These release notes supplement the Cisco NAC Guest Server Installation and Configuration Guide, Release 1.1.1.

Cisco NAC Guest Server Releases

Cisco NAC Guest Server Version	Release Date
1.1.3 ED	May 12, 2009
1.1.2 ED	January 22, 2009
1.1.1 ED	June 6, 2008
1.1.0 ED	February 25, 2008

System Requirements

The Cisco NAC Guest Server can be integrated with the Cisco NAC Appliance Clean Access Manager through its API, or with Cisco Wireless LAN controllers through the RADIUS protocol. Cisco NAC Guest Server is compatible with the Cisco NAC Appliance and Cisco Wireless LAN Controller component versions shown in Table 1.

Table 1 Components Supported by Cisco NAC Guest Server

Cisco NAC Guest Server Version	Cisco NAC Appliance Version	Wireless LAN Controller Version
1.1.0 and later	4.0(1) and later	4.0.219 and later

Hardware Supported

The Cisco NAC Guest Server is a standalone hardware appliance based on the Cisco NAC Appliance 3310 platform. The Cisco NAC Guest Server is supported only on the NAC-3310 hardware platform.

---

Note The NAC-3310 appliance is based on the HP ProLiant DL140 G3 server and is subject to any BIOS/firmware upgrades required for the DL140 G3. Refer to Supported Hardware and System Requirements for Cisco NAC Appliance (Cisco Clean Access) for additional details.

---

Determining the Software Version

The bottom left of the Cisco NAC Guest Server administrator console displays the software version. To determine the current software version, login to the administration interface.

To view the software version from the command line:

1. SSH or console to the Cisco NAC Guest Server.

2. Issue the following command:

cat /guest/www/admin/includes/version.html

Upgrading to Software Release 1.1.3

The Cisco NAC Guest Server comes pre-installed with initial software release 1.0.0. Software release 1.1.3 can be applied to an existing 1.0.0, 1.1.0, 1.1.1, or 1.1.2 installation.

If the appliance needs to be re-imaged, refer to the instructions in the installation chapter of the e Cisco NAC Guest Server Installation and Configuration Guide, Release 1.1.1 before applying the 1.1.3 upgrade.

---

Note If the Cisco NAC Guest Server has replication active, you will need to do the following steps simultaneously on both Cisco NAC Guest Servers that form the replicating pair. You will also need to guarantee that there is connectivity between both.

---

The following steps need to be performed to install the 1.1.3 update.

---

Step 1 Download the nac-guest-upgrade-1-1-3.tar.gz upgrade file from the Cisco software download page.

http://www.cisco.com/cisco/software/cart.html?imageGuId=2B0ED7E98D6A2BE58D72D4681C98A5D2617BD4EE&i=rs.

You will need to log in with your Cisco.com credentials to access the page.

Step 2 Connect to the Cisco NAC Guest Server with an SFTP client such as WinSCP. You will need to log in using root account credentials. The default password for this account is cisco.

Step 3 Copy the nac-guest-upgrade-1-1-3.tar.gz file using the SFTP client to the /guest/upgrade directory.

Step 4 Connect to the Cisco NAC Guest Server console using SSH, a keyboard and monitor, or a serial connection and log in using root account credentials.

Step 5 Navigate to the /guest/upgrade directory

cd /guest/upgrade

Step 6 Run the following command at the console to ensure that the md5 value listed matches the MD5 value obtained by clicking the link to the upgrade file at http://www.cisco.com/pcgi-bin/tablebuild.pl/nac-guest:

md5sum nac-guest-upgrade-1-1-3.tar.gz

Step 7 Extract the upgrade files.

tar zxvf nac-guest-upgrade-1-1-3.tar.gz

Step 8 Execute the upgrade script.

/guest/upgrade/1.1.3/upgrade.sh

Step 9 When the upgrade has finished, if instructed, reboot the appliance. Reboot is only needed if upgrading from 1.0.0 or 1.1.0. Reboot is not needed if upgrading from 1.1.1 or 1.1.2.

reboot

---

Note A backup of the existing database is taken before the upgrade and is stored in the /guest/backup/pre_1_1_3_upgrade.sql file. Cisco recommends backing up this file from the appliance via SFTP.

---

---

Note The upgrade process is recorded in the /guest/logs/upgrade_1_1_3.log file. You can view the log file by entering less /guest/logs/upgrade_1_1_3.log in a command prompt window.

---

---

New and Changed Information

•Enhancements in Release 1.1.3

•Enhancements in Release 1.1.2

•New Software Features in Release 1.1.1

•New Software Features in Release 1.1.0

Enhancements in Release 1.1.3

Release 1.1.3 is a general and important bug fix release for the Cisco NAC Guest Server that addresses the caveats described in Resolved Caveats - Release 1.1.3.

Enhancements in Release 1.1.2

Release 1.1.2 is a general and important bug fix release for the Cisco NAC Guest Server that addresses the caveats described in Resolved Caveats - Release 1.1.2.

New Software Features in Release 1.1.1

•Guest Role Support

•Additional NTP Server

•FTP Backup Directory

Guest Role Support

Guest Role Support provides the ability for Sponsors to create guest accounts with different privileges. This includes provisioning into different roles on the Clean Access Manager, returning different RADIUS attributes to RADIUS clients or only allowing access from specified networks.

Additional NTP Server

The 1.1.1 release introduces the ability to configure two NTP servers instead of a single NTP server in 1.1.0.

FTP Backup Directory

The 1.1.1 release allows a directory to be specified as part of the scheduled FTP backup, prior versions placed the backup in the default directory of the FTP user account.

New Software Features in Release 1.1.0

•LDAP Sponsor Authentication

•RADIUS Sponsor Authentication

•Sponsor Authentication Server Ordering

•Sponsor Interface Timeout

•Sponsor User Group Ordering

•Account Time Restrictions

•Bulk Account Creation

•Random Account Creation

•Guest Account Time by Template

•Guest Details Policy

•Multiple Cisco NAC Appliance Clean Access Manager Support

•Additional RADIUS Client Attributes

•User Default Selection, Sponsor Confirmation Email, and Multiple Template (Language) Support

•Local User Password Change

•Root Certificate Authority Upload Support

•Scheduled Backup

•Web-Based Backup and Restore

•Support Logs Download

•License Management

•Active/Active Resilience and Replication

LDAP Sponsor Authentication

LDAP Sponsor Authentication provides the ability to authenticate the sponsor interface against LDAP servers. Group attributes from the LDAP servers can be used to assign permissions to the sponsor.

This feature adds the following page to the Guest Server administrator console:

•Authentication > Sponsors > LDAP Servers

RADIUS Sponsor Authentication

RADIUS Sponsor Authentication provides the ability to authenticate the sponsor interface against RADIUS servers. Sponsors can be assigned permissions based upon the class attribute assigned in the RADIUS server.

This feature adds the following page to the Guest Server administrator console:

•Authentication > Sponsors > Radius Servers

Sponsor Authentication Server Ordering

The authentication servers can be ordered so that when a sponsor authenticates the Cisco NAC Guest Server will try and authenticate the sponsor against the authentication servers in a pre-determined order.

This feature adds the following page to the Guest Server administrator console:

•Authentication > Sponsors > Authentication Order

Sponsor Interface Timeout

A timeout value can be set so that if the sponsor is inactive for the timeout period the sponsor will be automatically logged out.

This feature adds the following page to the Guest Server administrator console:

•Authentication > Sponsors > Settings

Sponsor User Group Ordering

Sponsor User Group Ordering provides the ability to order the checking of user groups upon sponsor authentication. This is enabled so that the first match of group settings will result in the sponsor being assigned the permissions from that user group.

This enhancement affects the following page of the Guest Server administrator console:

•Authentication > User Groups | new up, down, and Change Order buttons

Account Time Restrictions

Time restrictions can be placed on Sponsor User Groups. This is so sponsors in those groups can be restricted to the maximum number of days in the future they can create a guest account. Also the maximum duration of a guest account can be specified.

This enhancement affects the following page of the Guest Server administrator console:

•Authentication > User Groups > Add Group | Edit Group includes two new settings for Number of days in the future the account can be created and Maximum duration of account (in days)

Bulk Account Creation

Bulk Account Creation gives the ability for a sponsor to create multiple user accounts by either entering the details of multiple guests into a form, or by uploading the guests detail from a spreadsheet in CSV format.

This enhancement affects the following page of the Guest Server administrator console:

•Authentication > User Groups > Add Group | Edit Group includes two new Create Bulk Accounts and Import CSV settings

Random Account Creation

Random Account Creation allows a sponsor to create a defined number of accounts without specifying the guests details. The accounts can be provided to guests and the details entered into the Cisco NAC Guest Server at a later date for audit purposes.

This enhancement affects the following page of the Guest Server administrator console:

•Authentication > User Groups > Add Group | Edit Group includes new Create Random Accounts setting

Guest Account Time by Template

Guest Account Time by Template provides the ability for the administrator to specify that a list of durations that the sponsor can create accounts for, such as 1 hour, 12 hours, 3 days etc. This will be used instead of the sponsor having to specify specific start and end times.

This enhancement affects the following page of the Guest Server administrator console:

•User Interface > Templates > Add Template | Edit Template > Accounts > Account Duration

Guest Details Policy

The Administrator can configure the details that are mandatory, optional, or not requested when sponsors are filling out the guests details. This feature also enables the administrator to configure five additional user details fields to store customized data about guests.

This feature adds the following page to the Guest Server administrator console:

•Guest Policy > Guest Details

Multiple Cisco NAC Appliance Clean Access Manager Support

Cisco NAC Guest Server 1.1.0 now supports the ability to provision guest accounts on more than one Cisco NAC Appliance Clean Access Manager (CAM).

This enhancement affects the following page of the Guest Server administrator console:

•Devices > NAC Appliance

Additional RADIUS Client Attributes

One or more additional attributes can be specified for individual RADIUS clients. The attributes will be sent to the RADIUS client on successful authentication of a guest. You can also use the new settings on this page to change the order of multiple additional RADIUS client attributes and remove attributes from the RADIUS client configuration.

This feature provides support for Catalyst Web Authentication, IOS Proxy Authentication, and PIX/ASA Authentication Proxy.

This enhancement affects the following page of the Guest Server administrator console:

•Devices > Radius Clients > Add Radius | Edit Radius includes new configuration settings:

–RADIUS Attribute and associated Value settings allow you to specify one or more additional attributes for the RADIUS client

–The Move up, Move down, and Remove buttons allow you to change the order of multiple RADIUS client attributes and remove attributes from the RADIUS client configuration

User Default Selection, Sponsor Confirmation Email, and Multiple Template (Language) Support

Sponsors can now select the default settings for template, time zone, country code, start page, etc. In addition, sponsors can use this new configuration page to have the guest account details emailed to themselves after they are created.

Previous versions of Cisco NAC Guest Server only allowed a single sponsor interface template to be active at any one time. With Cisco NAC Guest Server 1.1.0, each sponsor can choose their own template. This gives them the ability to choose a template that the administrator defines for another local language.

This feature adds the following page to the Guest Server sponsor console:

•My Settings > Preferences

Local User Password Change

Provides the ability for sponsors with accounts locally defined on the Cisco NAC Guest Server to be able to change their password from the Guest Server sponsor console.

Root Certificate Authority Upload Support

Provides the ability to load certificates of trusted root certificate authorities into the Cisco NAC Guest Server.

This enhancement affects the following page of the Guest Server administrator console:

•Server > SSL Settings > Upload includes a new Upload Root CA Certificate option

Scheduled Backup

Backups can be scheduled via the web administration interface to backup to a directory on the Cisco NAC Guest Server or to an external FTP server.

This feature adds the following page to the Guest Server administrator console:

•Server > Backup new features under the Change the backup settings heading

Web-Based Backup and Restore

Provides the ability to take a point in time backup of the Cisco NAC Guest Server configuration and restore a backup file onto the Cisco NAC Guest Server via the web administration interface.

This feature adds the following page to the Guest Server administrator console:

•Server > Backup

–New snapshot button under the Snapshot heading

–New options in the Restore menu

Support Logs Download

Ability to download all the support logs in a single archive via the web administration interface.

This feature adds the following page to the Guest Server administrator console:

•Server > Support Logs

License Management

Existing licenses can be viewed and replaced through the web administration interface.

This feature adds the following page to the Guest Server administrator console:

•Server > Licensing

---

Note For detailed information on Cisco NAC Guest Server licenses, refer to Cisco NAC Appliance Service Contract/Licensing Support.

---

Active/Active Resilience and Replication

Active/Active Resilience and Replication provides the ability for a pair of Cisco NAC Guest Servers to synchronize their databases for resilience.

Each Guest Server will be able to actively service requests from sponsors and RADIUS clients at the same time. The sponsor web interface will need load balancing providing by external load balancing devices such as the CSS, CSM or ACE.

This feature adds the following page to the Guest Server administrator console:

•Server > Replication Settings

Caveats

This section describes caveats related to the Cisco NAC Guest Server:

•Open Caveats - Release 1.1.3

•Resolved Caveats - Release 1.1.3

•Resolved Caveats - Release 1.1.2

•Resolved Caveats - Release 1.1.1

•Resolved Caveats - Release 1.1.0

---

Note If you are a registered cisco.com user, you can view Bug Toolkit on cisco.com at the following website:

http://www.cisco.com/pcgi-bin/Support/Bugtool/home.pl

To become a registered cisco.com user, go to the following website:

http://tools.cisco.com/RPF/register/register.do

---

Open Caveats - Release 1.1.3

Table 2 List of Open Caveats

DDTS Number	Software Release 1.1.3
	Corrected	Caveat
CSCso26993	No	Logo file is not replicated between two Cisco NAC Guest Servers configured as a replication pair This issue affects Cisco NAC Guest Server Release 1.1.0. Workaround Manually upload the logo on the second Guest Server by editing the template (using the same method as on the first Guest Server).
CSCsq86376	No	Authentication attempts fail when "calling-station-id" is set to a MAC address After upgrading to Cisco NAC Guest Server, Release 1.1.1, authentication fails if the wireless controller is set to send the MAC address for the "calling-station-id" attribute. Workaround Change the attribute to use the IP address instead of the MAC address. Alternatively, Cisco TAC can edit the configuration to remove the IP check, but the location feature does not work.
CSCsx21004	No	IDE Error messages seen on Guest server during upgrade. Upgrade is successful, however a number of "hdc: packet command error:" messages are shown during upgrade.
CSCsz31445	No	When an invalid license is installed the NAC Guest Server redirects a user to the license page The URL is generated based upon the IP address of the eth0 interface. If the user is accessing behind NAT, then this will fail. Workaround   To resolve this issue, the administrator must access the box using the real IP address of the server to re-install a valid license.

Resolved Caveats - Release 1.1.3

Table 3 List of Resolved Caveats

DDTS Number	Software Release 1.1.3
	Corrected	Caveat
CSCsx20606	Yes	Users can't login when password policy has a space or ampersand in it Conditions   If the password policy includes spaces or ampersands then the passwords are not correctly created on the NAC Manager. This means guests cannot login with this account. Workaround   Remove any spaces (" ") or ampersands "&" from the Other characters field of the password policy.
CSCsx20876	Yes	Setting in Guest Role > NAC Role is forced even if it's unchecked Steps to reproduce 1. Add a NAC appliance in Guest Server and assign it a default role "Guest". 2. Make sure that role "Guest" exists on CAM. 3. Create a guest account now. It will be assigned "Unauthenticated" role. 4. Go and change the value in NAC Roles but uncheck the box. 5. Create an account now. It will be assigned "Guest" Role.
CSCsy34424	Yes	Date and time do not exist This issue only occurs if the current day does not exist in the month for which we are setting the date. For example, if the current date is 30-01-2009 (January 30, 2009) and we are creating an account starting in February (e.g. 03-02-2009). This is caused by the way we handle Dates. We normally instantiate a date object and then set its components (day,month,year) separately, so for the case above, we would see the following: •instantiate date (date = 30-01-2009) •set year to 2009 (date = 30-01-2009) •set month to February (date = 02-03-2009) •set day to the second (date = 03-02-2009) The date object in the second bullet knows that there is no February 30, so it automatically adjusts to March 2.
CSCsy71509	Yes	Time zone selection not saved after the page is submitted during guest account creation While submitting a guest account creation page (newuser.php, randomaccounts.php,importcsv.php, or bulkaccounts.php), all guest information is displayed in the form, thus saving the Sponsor from re-entering all of the details in case the account could not be created. The time zone select box, however, reverts back to the Sponsor default time zone.
CSCsy71545	Yes	Sponsor usernames and passwords containing slashes (\) do not authenticate Sponsor usernames and passwords containing slashes (\) are handled incorrectly, leading to authentication failures if the server against which the user authenticates is not the first on the list.

Resolved Caveats - Release 1.1.2

Table 4 List of Resolved Caveats

DDTS Number	Software Release 1.1.2
	Corrected	Caveat
CSCsq76185	Yes	Variable names being printed after creating a guest user account rather than the values inputted by the sponsor. Workaround After creation go into Active Accounts page and print from there
CSCsq86714	Yes	When using internet explorer to connect to NAC Guest Server over a HTTPS connection certain files do not download correctly. This is due to a bug with the IE browser. Workaround Connect using HTTP instead of HTTPS with Internet Explorer 6.0, alternatively use a later version of Internet Explorer or use a different browser such as Firefox or Safari.
CSCsq92773	Yes	Unable to edit additional active directory server because the Guest Server adds a space in front of the AD server name, the edit page comes up blank as it looks for a server name without a space in the database. Workaround You can delete the server and insert it again without the space character at the end of the name or - : 1 - Login to the box through ssh 2 - Connect to the database: psql -U postgres gapdb 3 - Execute the following SQL statements (note the server name is 'dc4 RWS Domain Controller ' here in this example) UPDATE adservers SET domain = 'dc4 RWS Domain Controller' WHERE domain = 'dc4 RWS Domain Controller '; UPDATE serverorder SET servername = 'dc4 RWS Domain Controller' WHERE servername = 'dc4 RWS Domain Controller ';
CSCsq94240	Yes	NAC Guest Server can fail to parse/sanity check the AD DC entry NAC Guest Server can fail to parse/sanity check the AD DC entry with certain misconfigurations of Active Directory Server entries and will fail to display all entries in group mapping. Workaround Correct the entry for the domain controller IP address or hostname
CSCsq94602	Yes	Server creates bad username when importing a CSV file with Username Policy option 2 Workaround 1. Open the CSV file in Notepad, copy the contents and paste into the text entry form. User Accounts > Multiple Accounts > Create Multiple Accounts 2. Or, change the username policy to use email address instead of first/last names.
CSCsr19498	Yes	Twin service stops intermittently when performing a lot of failovers. Workaround There is no workaround as this issue will be resolved in version 1.1.2
CSCsr22834	Yes	LDAP users allowed to login without permissions to do so as the authentication function is not setting the user as invalid. Workaround Remove all the permissions for the local group, the user will be able to login but not perform any actions, however, there is a patch available from Cisco TAC
CSCsr68115	Yes	When calling the CAM API with the getuserinfo or getoobuserinfo operations, the Guest Server makes an incorrect call to CCA causing all users to get removed from the OUL. Workaround There is no workaround as this issue will be resolved in version 1.1.2
CSCsr82031	Yes	Changing a search whilst paging in a full report and viewing a page greater than the amount of results returned by a future query will show no results. Workaround Return to page 1 before changing the search
CSCsu00058	Yes	Radius Authentications fail when Role option set to Unused Radius authentications for all users created on the Guest Server release 1.1.1 will fail even though password and shared secrets are correct. This occurs when the "Roles" setting under "Guest Policy" > "Guest Details" is set to unused. Workaround Set the Roles option to "Displayed" or "Not Displayed" (anything other than unused).
CSCsu70899	Yes	Hal Daemon using all available CPU prevents Radius daemon rom running. Workaround Login to the command line as root, then issue the following commands service haldaemon stop chkconfig haldaemon off This will stop the CPU issue by turning off the unneeded haldaemon service
CSCsu87661	Yes	Guest Server database only supports 32 character account session IDs, if the NAS sends a larger session ID it could cause the Radius service to crash. Workaround There is no workaround as this issue will be resolved in version 1.1.2
CSCsu88136	Yes	The LDAP server configuration on the NAC Guest server ignores any values in the "port" field and always applies the default value (389) irrespective of the value configured. Workaround Specify the port in the LDAP server URL, e.g.: ldap://10.0.0.1:3387

Resolved Caveats - Release 1.1.1

Table 5 List of Resolved Caveats

DDTS Number	Software Release 1.1.1
	Corrected	Caveat
CSCso26886	Yes	LDAP Authentication does not perform group mapping When authenticating sponsors using an LDAP server the Cisco NAC Guest Server correctly authenticates the user, but does not set the group correctly. All LDAP users get mapped to the default group. Workaround Install the functions.php file from CSCso26886-ldap-1.1.0.zip available in the Cisco NAC Guest Server download folder at http://www.cisco.com/pcgi-bin/tablebuild.pl/nac-guest.
CSCso26951	Yes	HTML or quotes (") used in the template do not display correctly This affects Cisco NAC Guest Server Release 1.1.0 when using HTML or quotes (") in the displayable screen template components. Workaround Do not use HTML or quotes in the templates.
CSCso26979	Yes	Bulk account creation not working correctly If a user is placed in a group that only features the Create Bulk Account permission (and does not include the Create Account permission), bulk account creation does not work. This issue affects Cisco NAC Guest Server Release 1.1.0. Workaround Provide the user group the create account permission.
CSCso40874	Yes	Email sent to notify guests of their accounts is not sent from the correct email address Currently the email comes from "apache@<hostname>.<domain>" (from the Network Settings page). The sent-from header is set correctly, but the return path header is not set. If this behavior is acceptable, you do not need to use the workaround below. Note Some Email configurations verify this and drop the email if it does not recognize the return path. Workaround You can edit two files to set this correctly: Note Cisco recommends making copies of these files in case you need to back out. 1. Edit the /etc/mail/trusted-users file to add the following line at the end: apache 2. Open the /etc/php.ini file and change the line that begins "sendmail_path" to: sendmail_path = /usr/sbin/sendmail -t -i -F <email adderss> -f <email address> 3. Reboot the Cisco NAC Guest Server.
CSCso50592	Yes	Cisco NAC Guest Server will not add manual AD group mappings in Microsoft Internet Explorer 6 Note In Guest Server 1.1.0, a new text box for manual AD group mapping was created. If the group name does not appear in the list of groups that the Guest Server is able to pull from the AD, then you cannot add the group name. Workaround Use another browser. Firefox has been proven to work.
CSCsq21586	Yes	Account duration functionality not working from GUI Account duration change done under the group policy has no affect on the guest account. Workaround Open an SSH session to the Cisco NAC Guest Server and enter the following commands where xxx is the number of days into the future the account can be created and yyy is the maximum account duration in days: psql -U postgres gapdb UPDATE accountduration SET futuredays=xxx,durationdays=yyy; \q
CSCsq42872	Yes	Not able to change the Authentication Order on the Cisco NAC Guest Server This happens when the administrator deletes the server that appears at the top of the list. Workaround Log in to the Cisco NAC Guest Server using SSH and enter the following commands: psql -U postgres gapdb UPDATE serverorder set orderid = 1 WHERE id = 0; \q
CSCsq48553	Yes	Valid Sponsor can authenticate with a blank password via LDAP authentication A valid user can authenticate to the Cisco NAC Guest Server Sponsor page via LDAP when using an anonymous bind password and can create guest accounts. Note The Sponsor profile must already exist on the LDAP server to take advantage of the anonymous bind.
CSCsq67776	Yes	HTTP redirect fails on Cisco NAC Guest Serves HTTP redirect does not redirect properly on Cisco NAC Guest Server, Release 1.1.0. When this function is enabled, The Guest Server attempts to access NGS via HTTP, but fails.

Resolved Caveats - Release 1.1.0

Table 6 List of Resolved Caveats

DDTS Number	Software Release 1.1.0
	Corrected	Caveat
CSCsk95396	Yes	The description field for RADIUS clients is mandatory. The workaround is to enter any text in this field.
CSCsk95409	Yes	Accounts are only marked as active in the user interface if they have been correctly created on a Clean Access Manager (CAM). If there is no Clean Access Manager they appear as inactive, but are still valid for authentication by the RADIUS component. This is a cosmetic issue.
CSCsl02391	Yes	Certain "Other Characters" in passwords are not supported The default password policy includes certain "Other Characters" (non-alphanumeric characters) that cannot be used with the CAM API. This includes the% character. "Other Characters" that are known not to work include: £ % < ¬ ` ' \ |
CSCsl06878	Yes	Certificate files cannot be downloaded When trying to download the certificate, CSR, or private key, a zero length file is downloaded.
CSCsm18249	Yes	Date Picker does not display correctly in Microsoft Internet Explorer 6 When using Internet Explorer 6 the Javascript Date Picker does not display correctly. The Date Picker gets confused with the Timezone dropdown. This issue only affects Internet Explorer 6 and earlier.
CSCsm18263	Yes	Full reporting shows all accounts regardless of permissions If you do not wish to allow sponsors to view all the accounts created by any user, set their group permission to be "No." This will not allow them to run full reports at all.
CSCsm23361	Yes	Create User template changes not working When the template is changed for the button on the Create User page, the page does not submit correctly. This issue affects version 1.0.0 only.

Documentation Updates

Table 7 Updates to Release Notes for Cisco NAC Guest Server

Date	Description
5/12/09	Updates for Cisco NAC Guest Server Release 1.1.3: •Updated Cisco NAC Guest Server Releases •Added Enhancements in Release 1.1.3 •Updated Upgrading to Software Release 1.1.3 •Updated Open Caveats - Release 1.1.3 •Added Resolved Caveats - Release 1.1.3
1/22/09	Updates for Release 1.1.2: •Cisco NAC Guest Server Releases •Enhancements in Release 1.1.2 •Upgrading to Software Release 1.1.2 •Open Caveats - Release 1.1.2 •Resolved Caveats - Release 1.1.2
10/23/08	•Added caveat CSCsu00058 to Open Caveats - Release 1.1.1, page 9
7/9/07	•Added caveats CSCsq92773, CSCsq94240, CSCsq94602, and CSCsr22834 to Open Caveats - Release 1.1.1, page 9 •Added caveat CSCsq48553 to Resolved Caveats - Release 1.1.1
6/19/08	Added caveats CSCsq76185, CSCsq86376, and CSCsq86714 to Open Caveats - Release 1.1.1, page 9
6/9/08	•Updated instructions in Upgrading to Software Release 1.1.3 •Added caveat CSCsq67776 to Resolved Caveats - Release 1.1.1
6/6/08	Release 1.1.1
3/18/08	Added caveats CSCso26886, CSCso26951, CSCso26979, and CSCso26993 to Open Caveats - Release 1.1.0
3/6/08	Release 1.1.0.

Related Documentation

For the latest updates to Cisco NAC Guest Server and Cisco NAC Appliance documentation on Cisco.com see: http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home.html

or simply http://www.cisco.com/go/nac/appliance

•Release Notes for Cisco NAC Guest Server, Release 1.1.3 (this document)

•Cisco NAC Guest Server Installation and Configuration Guide, Release 1.1.1

•Cisco NAC Appliance Service Contract/Licensing Support

•Cisco NAC Guest Server Data Sheet

•Cisco NAC Guest Server Q & A

•Cisco NAC Appliance - Cisco Clean Access Manager Installation and Configuration Guide

•Cisco Wireless LAN Controller Configuration Guide, Release 4.0

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.

This document is to be used in conjunction with the documents listed in the "Related Documentation" section.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2009 Cisco Systems, Inc. All rights reserved.