ClearPass Guest 3.9.1 Release Notes (Amigopod 3.9.
Copyright © 2012 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, Green Island®. All rights reserved. All other trademarks are the property of their respective owners.
Contents Chapter 1 Release Overview .................................................................................... 7 Supported Browsers..............................................................................................7 Virtual Appliance....................................................................................................7 System Requirements ...........................................................................................8 VMware Requirements .....................
RADIUS Services .................................................................................................22 MAC Auto-Registration in ClearPass Policy Manager ..................................22 Internal Authorization Type Configuration Option.........................................22 Extra Spaces Trimmed from Values on Web Login ......................................23 SMS Services ......................................................................................................
Parsing Value Error ......................................................................................31 Scrolling Behavior on Apple Devices ...........................................................31 Skins ....................................................................................................................31 HTML Error on iPhone During Device Provisioning .....................................31 Chapter 4 Known Issues....................................................................
| ClearPass Guest 3.9.
Chapter 1 Release Overview ClearPass Guest 3.9.1 is a patch release that introduces new features and fixes to previous outstanding issues.
System Requirements When deploying a ClearPass Guest virtual machine, the following minimum system resources are required: Table 1 Virtual Machine Requirements Resource Minimum Recommended Configuration CPU 1 virtual CPU Memory 1024 MB Storage 8 GB virtual disk Network Adapters 2 virtual NICs This configuration is the minimum recommended and is suitable only for very small-scale deployments or to support basic evaluation and testing.
Configuring VMware Player If you are using VMware Player and your host machine has more than one Ethernet adapter installed, you might encounter difficulties obtaining a DHCP network address if the Ethernet adapter selected for automatic bridging is not the correct adapter. Although VMware Player does not have a menu option to configure virtual networks, the network configuration can be viewed and modified using the Virtual Network Configuration application. This program is called vmnetcfg.
EMEA emea_support@arubanetworks.com WSIRT Email Email details of any security problem found in any Aruba product. wsirt@arubanetworks.com 10 | Release Overview ClearPass Guest 3.9.
Chapter 2 What’s New in This Release This chapter provides a brief summary of the new features in this release. Introducing ClearPass Guest and ClearPass Onboard With the 3.9 release, we are proud to introduce the integration of Amigopod with Aruba Networks’ QuickConnect and the ClearPass Policy Manager platform. As part of the changes, the Amigopod Visitor Management Solution has been renamed, and is now called ClearPass Guest.
Plugins Renamed As part of the ClearPass platform rollout, several plugins have been renamed, as shown in Table 3. To view the list of available plugins, go to Administrator > Plugin Manager > Manage Plugins.
Configurable Page Elements From the Customize Forms and Views page, you can now customize the page title, header HTML, and footer HTML for many of the application’s forms and views, including the Create Guest Account form, Edit Guest Accounts view, and others. These options are in the new Page Properties area at the bottom of the Edit Properties form.
Command line interface (CLI) default reset password—When using the CLI option “Reset web password for admin to default”, the password is now reset to admin instead of amigopod. Application plugins—Many plugin names are updated. These are described in Plugins Renamed in this chapter.
Guest Management Single Password for Multiple Accounts Supported Support was added for the password field on the Create Multiple Guest Accounts form (create_multi). After you customize this form to include the password field, you can create multiple accounts that have the same password. (2291) To use this feature: 1. Go to Customization > Forms & Views, click the create_multi row, then click its Edit Fields link. The Customize Form Fields view opens, showing a list of form fields and their descriptions.
4. In the User Interface row, choose Password text field from the drop-down list. The Field Required check box should now be automatically marked, and the Validator field should be set to IsNonEmpty. 5. Click Save Changes. On the Customize Form Fields view, the password field is now included and can be edited. 6. Go to Guests > Create Multiple. The Create Accounts form opens, and includes the Visitor Password field. 7. In the Number of Accounts field, enter the number of accounts you wish to create.
Sponsor Confirmation for Role Selection The sponsored self-registration workflow now allows the sponsor to choose the role for the user account at the time the sponsor approves the self-registered account. (2151) To use this feature: 1. Go to Customization > Guest Self-Registration, click the Guest Self-Registration row, then click its Edit link. The Customize Guest Registration diagram opens, providing links to the various forms available for the configuration process. 2.
5. In the Role Override row, choose (Prompt) from the drop-down list. 6. Complete the rest of the form, then click Save Changes. You are returned to the Customize Guest Registration diagram. Click the Launch this guest registration page link at the upper left to preview. The Guest Registration login page is displayed as the guest would see it. When a guest completes the form and clicks the Register button, the sponsor receives an email notification. 7.
2. To configure MAC device caching, mark the Enabled check box. The form expands to include options for the role override, expiration, and device limit settings. Onboard (Mobile Device Provisioning Services) Mobile Device Provisioning Services (MDPS) is now ClearPass Onboard Mobile Device Provisioning Services has merged with QuickConnect and is now called ClearPass Onboard. It also supports configuration and provisioning for all BYOD and IT-managed devices, including Windows, Android, OS X 10.
Device Enrollment Support Additional device enrollment support was implemented for the QuickConnect Enterprise product. (2004) Operating Systems Support As part of the merge with QuickConnect and support for all device types in ClearPass Onboard, the MDPS Wi-Fi settings Proxy Username and Proxy Password are no longer necessary and have been removed. Any field or section of a form that is applicable to only a subset of devices is clearly identified in the application.
3. To include the trust chain in a certificate bundle that can be imported as the server certificate in ClearPass Policy Manager, mark the Include certificate trust chain check box, then click the Export Certificate button. Certificate Bundle Downloads You can now download the root CA certificate together with any intermediate certificates as a bundle. (2287) To use this feature: 1. Go to Onboard > Certificate Authority Settings and click the View CA Certificate link at the top of the page.
5. In the Trusted Certificate drop-down list, choose the certificate you want to use. Tag for Username Included in Device Information The “Owner” tag is now included in the Onboard device information that is sent to ClearPass Policy Manager when a device is provisioned. This tag contains the username of the person who enrolled the device. This allows some functions that operate on tags to perform username-based queries.
Extra Spaces Trimmed from Values on Web Login Leading and trailing spaces are now automatically removed from all values submitted on the Web login and account setup pages. This prevents issues where a login attempt would fail if the user had entered extra spaces in a field—for example, following a username or email address. (2348) SMS Services Support for Conversion to 16-Bit Hex Encoding Unicode support for custom SMS handlers was added.
SMTP Services Email Format Cleanup Supported The email and sponsor_email fields were updated to remove display and other formatting passed with the email address by some email clients. Now when an address is passed by applications such as Outlook or Mail.app in a format such as mailto: Alice Pleasance Liddel , the extraneous elements are stripped away and the format is converted to the plain email address, alice@wonderland.org.
Chapter 3 Fixed Issues The following issues were fixed in this release. Administrator DNS Server Configuration Bug ID Description 2277 Corrected an issue where, under certain conditions, manually configured DNS servers could be omitted from the system's DNS configuration. Network Settings Issue on Chrome Browser Bug ID Description 1588 Corrected an issue where changing network interface or DNS settings would not redirect correctly on the Chrome browser.
Customization Custom Field Creation Bug ID Description 2172 Corrected an issue where a new custom field could be created with the same name as an existing field and the existing field would be overwritten. A new field is now validated for a unique name and cannot overwrite an existing field.
Out-of-Memory Error During Plugin Update Bug ID Description 2350 Corrected an issue where updating plugins on a system that had numerous guest self-registration forms had caused an out-of-memory condition. High Availability Services Domain Join and Leave Operations Bug ID Description 2169 Removed the ability to join or leave the Active Directory domain when a node is part of a High Availability cluster.
“Undefined Index” PHP Message Bug ID Description 2332 Corrected an issue where a PHP message had referred to “Undefined index: P27” (and similar numbers) was sometimes logged during a plugin update. These messages were benign and did not indicate the presence of a problem. LDAP Sponsor Lookup Lookups were Case-Sensitive Bug ID Description 2304 Corrected an issue where LDAP sponsor lookup matches were case-sensitive, which was unexpected behavior. Sponsor detail matching is now case-insensitive.
“Does Not Have Valid Fingerprint” Error Bug ID Description 2368 Corrected an issue where, if Onboard was configured to use the Intermediate CA mode, using the “Reset to Factory Defaults” option to delete all Onboard certificates would sometimes generate the message “Internal error: the certificate with ID ... does not have a valid fingerprint.
Operating System Kernel Package Security Updates Bug ID Description 2075 The Linux kernel is now updated with security fixes from RHSA-2012:0007. For more information on the issues addressed by this update, see https://rhn.redhat.com/errata/RHSA-2012-0007.html. The kernel packages contain the Linux kernel, the core of any Linux operating system. 2157 The Linux kernel is now updated with security fixes from RHSA-2012:0107. For more information on the issues addressed by this update, see https://rhn.
RADIUS Services Active Sessions Username Display and Disconnect Issues Bug ID Description 2197 Corrected an issue where Active Directory user accounts authenticated by RADIUS Services were displayed in the Active Sessions list view with a double backslash separating the domain name and the username. This issue also caused RFC 3576 disconnections to fail for these sessions.
| Fixed Issues ClearPass Guest 3.9.
Chapter 4 Known Issues The following are known issues and caveats. Applicable bug IDs and workarounds are included when possible. General Bug ID Description 1956 1973 Connecting multiple network adapters to the same physical network, or having the same subnet assigned to multiple network adapters is not recommended. This configuration may cause errors such as “IP address already in use” when changing network interface settings, or bringing one of the network interfaces up or down.
| Known Issues ClearPass Guest 3.9.
Chapter 5 Upgrade Procedure This chapter contains information and procedures for successfully updating to this software release as well as upgrading the appliance. The upgrade procedure and requirements are the same as they were in the 3.7 release. To ensure a successful upgrade, read the contents in this chapter completely before upgrading. The basic upgrade is: 1. Verify that your system’s memory is sufficient to upgrade. 2. Perform a complete configuration backup. 3.
Figure 1 Increasing the web application's memory limit Configuration Backup Perform a complete configuration backup and virtual machine snapshot (if applicable) before upgrading your software. The configuration backup and virtual machine snapshot will provide a restore point in the event restoring is required. Navigate to Administrator > Backup & Restore > Configuration Backup (see Figure 2) and download a complete backup configuration. Figure 2 Configuration Backup dialog prior to a system update.
Figure 3 A virtual machine snapshot prior to update. Enter the name and date of this snapshot, then click “OK” (see Figure 4) Figure 4 Take Virtual Machine Snapshot dialog To free space on the VMware host, you can remove this snapshot after a successful upgrade. Maintaining multiple snapshots may reduce performance of the virtual machine. Upgrading Amigopod Software If you are running Amigopod 3.3 or 3.5, follow the instructions in this section. Use the Plugin Manager to upgrade your Amigopod software.
4. Restart your system services or reboot the server before your software upgrade takes effect. When upgrading a High Availability cluster, the cluster must be destroyed prior to updating any plugins. Repeat the plugin update on both nodes of the cluster, and rebuild the cluster after the software update has been completed successfully. Figure 5 Add New Plugins 38 | Upgrade Procedure ClearPass Guest 3.9.