Chromebooks

Reply
L1 Bithead

Chromebooks

We are a school district with a growing number of Chromebooks.  We are having problems identifying what student is on the Chromebook.  We have a work around right now (Captive Portal), but it relies on the student shutting down the Chromebook when they are done using it.  If the student does not shut it down that next student would be still using the credentials from the earlier student until the session timeout expired.  This is not a great solution.  It may be possible to utilize RADIUS authentication to the wireless network, however we need a way to identity the user.  Is there any custom XML API's around that can do this?   

Tags (3)
L5 Sessionator

Re: Chromebooks

Hello cornbelt140 ,

If you disable session cookies in the Captive portal (CP) config, a CP user mapping would be lost once the browser window is closed.

Using is behavior to your advantage , a user using a shared Chromebook can just close the browser window to let a new user re-authenticate.

The following Doc talks about Radius and User-ID integration in the environments using 802.1x devices and wireless access points and controllers.

A script can be configured to run on the Syslog server that will extract the user and IP information from the message, format it correctly for the UID-API, and then send it to the API agent.

Ref : UserID API integration using Syslog

Also check : USER ID Issues

HTH,

Ameya

L1 Bithead

Re: Chromebooks

We have tried closing the browser on the Chromebook (CB), but it will not release the CP until we shutdown the CB.  I will look at the other API stuff, but I'm not a programmer, so I hope I can figure it out.  Is there any sample scripts available for me to look at?

Thanks,

Mike

SP
L0 Member

Re: Chromebooks

Did API stuff solve the problem? We are experiencing the same issue. What affect occur if we disable session cookies in the Captive portal (CP) config for all personal devices (iPhones, iPads, Andriod, etc.)?

L1 Bithead

Re: Chromebooks

We have not successfully built an API, so I don't know if it fixes the problem yet.  Any help in building/implementing the API would be great.

L2 Linker

Re: Chromebooks

If the idea of using the API and Programming scares you, you could deploy a V6 UserID agent (or upgrade you existing UserID deployment) which will except syslog directly from you wireless solution as discussed in the above doc.  All you would have to do is write a regex pattern to pull the username and ip address out of the messages sent from your wireless solution.  The onbox PANOS V6 agent already has some regex patterns for more popular wireless and other solutions so if you update this post with the system you are using someone running PANOS 6 may give you the regex you need.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!