ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.
We are a school district with a growing number of Chromebooks. We are having problems identifying what student is on the Chromebook. We have a work around right now (Captive Portal), but it relies on the student shutting down the Chromebook when they are done using it. If the student does not shut it down that next student would be still using the credentials from the earlier student until the session timeout expired. This is not a great solution. It may be possible to utilize RADIUS authentication to the wireless network, however we need a way to identity the user. Is there any custom XML API's around that can do this?
Hello cornbelt140 ,
If you disable session cookies in the Captive portal (CP) config, a CP user mapping would be lost once the browser window is closed.
Using is behavior to your advantage , a user using a shared Chromebook can just close the browser window to let a new user re-authenticate.
The following Doc talks about Radius and User-ID integration in the environments using 802.1x devices and wireless access points and controllers.
A script can be configured to run on the Syslog server that will extract the user and IP information from the message, format it correctly for the UID-API, and then send it to the API agent.
Also check : USER ID Issues
We have tried closing the browser on the Chromebook (CB), but it will not release the CP until we shutdown the CB. I will look at the other API stuff, but I'm not a programmer, so I hope I can figure it out. Is there any sample scripts available for me to look at?
Did API stuff solve the problem? We are experiencing the same issue. What affect occur if we disable session cookies in the Captive portal (CP) config for all personal devices (iPhones, iPads, Andriod, etc.)?
If the idea of using the API and Programming scares you, you could deploy a V6 UserID agent (or upgrade you existing UserID deployment) which will except syslog directly from you wireless solution as discussed in the above doc. All you would have to do is write a regex pattern to pull the username and ip address out of the messages sent from your wireless solution. The onbox PANOS V6 agent already has some regex patterns for more popular wireless and other solutions so if you update this post with the system you are using someone running PANOS 6 may give you the regex you need.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!