{if $u.guest_name} guest name | {$u.guest_name} |
{/if} If this code is placed in the User Account HTML section it will cater for the create, edit and delete options.Click the Create Template button to save your newly created print template and return to the list. Modifying Wizard-Generated Templates Once you have created a print template using the print template wizard, you can return to the wizard to modify it. Click the Edit print template code (Advanced) link to use the standard print template editor. See “Creating New Print Templates” in this chapter for a description.
Read-only access – the print template is visible in the list, and the settings for it may be viewed. The print template cannot be edited or deleted. Update access – the print template is visible in the list, and may be edited. The print template cannot be deleted and the permissions for the print template cannot be modified. Update and delete access – the print template is visible in the list, and may be edited or deleted. The permissions for the print template cannot be modified.
Create the Print Template By default, the print templates include username, password, expiration, as well as other options. For the purpose of access codes, we only want the username presented. This access code login example bases the print template off an existing scratch card templates. 1. Navigate to Customization > Print Templates. 2. Select Two-column scratch cards and click Duplicate. 3. Select the Copy of Two-column scratch cards template, then click Edit. 4.
Customize the Guest Accounts Form Next, modify the Guest Accounts form to add a flag that to allows access-code based authentication. 1. Navigate to Customization > Forms & Views. 2. In the Customize Forms & Views list, select create_multi and then click Edit Fields. 3. In the Edit Fields list, look for a field named username_auth. If the field exists, but is not bolded and enabled, select it and click Enable Field.
2. Select the Username Authentication field added in the procedure above. (If you do not select this check box and if the username is entered on the login screen, the authentication will be denied.) The example shown below will create 10 accounts that will expire in two weeks, or fours hours after the visitors first log in, whichever comes first. . 3. Click Create Accounts to display the Finished Creating Guest Accounts page.
4. Confirm that the accounts settings are as you expected with respect to letters and digits in the username and password, expiration, and role. 5. Click the Open print window using template drop-down list and select the new print template you created using this procedure. See “Create the Print Template” for a description of this procedure. A new window or tab will open with the cards.
Figure 25 MAC Authentication Plugin—Configuration On the controller, the fields look as follows: Figure 26 MAC Authentication Profile Managing Devices To view the list of current MAC devices, go to Guests > List Devices. The Guest Manager Devices page opens. Amigopod 3.
All devices created by one of methods described in the following section are listed. Options on the form let you change a device’s account expiration date; remove, activate, or edit the device; view active sessions or details for the device; or print details, receipts, confirmations, or other information. You can use the Filter field to narrow the search parameters.
1. In the Account Expiration row, choose one of the options in the drop-down list to set an expiration date: If you choose Account expires after, the Expires After row is added to the form. Choose an interval of hours, days, or weeks from the drop-down list. If you choose Account Expires at a specified time, the Expiration Time row is added to the form. Click the button to open the calendar picker.
Activating a Device To activate a disabled device’s account, click the device’s row in the Guest Manager Devices list, then click its Activate link. The row expands to include the Enable Guest Account form. 1. In the Activate Account row, choose one of the options in the drop-down list to specify when to activate the account. You may choose an interval, or you may choose to specify a time. 2. If you choose Activate at specified time, the Activation Time row is added to the form.
2. If you need to change the activation time, choose one of the options in the Account Activation dropdown list. You may choose to activate the account immediately, at a preset interval of hours or days, or at a specified time. If you choose Activate at a specified time, the Activation Time row is added to the form. Click the button to open the calendar picker.
Viewing Current Sessions for a Device To view any sessions that are currently active for a device, click the Sessions link in the device’s row on the Guest Manager Devices form. The Active Sessions list opens. For more information, see “Active Sessions Management”. Viewing and Printing Device Details To print details, receipts, confirmations, or other information for a device, click the device’s row in the Guest Manager Devices list, then click its Print link.
1. In the Sponsor’s Name row, enter the name of the person sponsoring the visitor account. 2. Enter the name for the device in the Device Name row. 3. Enter the address in the MAC Address row. If you need to modify the configuration for expected separator format or case, go to Administrator > Plugin Manager > Manage Plugins and click the Configuration link for the MAC Authentication Plugin. 4. Choose one of the options in the Account Activation drop-down list.
5. To set the account’s expiration time, choose one of the options in the Account Expiration drop-down list. You may set the account to never expire, or to expire at a preset interval of hours or days, or at a specified time. If you choose any time in the future, the Expire Action row is added to the form. Use this dropdown list to indicate the expiration action for the account—either delete, delete and log out, disable, or disable and log out.
Figure 27 Modify fields Edit the receipt form fields: Edit username to be a Hidden field Edit password to be a Hidden field Adjust any headers or footers as needed. When the visitor registers, they should be able to still log in via the Log In button. The MAC will be passed as their username and password via standard captive portal means. The account will only be visible on the List Devices page.
UI: Hidden field Field Required: optional Validator: IsValidMacAddress Add or enable mac_auth_pair UI: Hidden field Initial Value: -1 Any other expiration options, role choice, surveys and so on can be entered as usual. You will see an entry under both List Accounts and List Devices. Each should have a View Pair action that cross links the two. Note if you delete the base account, all of its pairings will also be deleted.
&& NwaDynamicLoad('NwaNormalizeMacAddress') // Required call && ($mac=NwaNormalizeMacAddress(GetAttr('Calling-Station-Id'))) // All MACs need to be normalized && ((!empty($user['id']) && NwaCreateUser(array(// We are caching the MAC for a local user account 'creator_accept_terms'=>1, 'mac_auth'=>1, // Flag as a MAC so it shows in List Devices 'mac'=>$mac, // The normalized MAC 'mac_auth_pair'=>$user['id'], // Formally pair the two accounts. Cross links and whatnot in the GUI.
Figure 28 RADIUS Role Editor Note that modify_expire_time supports any valid syntax of strtotime. 216 | Guest Management Amigopod 3.
Importing MAC Devices The standard Guests > Import Guests supports importing MAC devices. At a minimum the following two columns are required: mac and mac_auth. mac_auth,mac,notes 1,aa:aa:aa:aa:aa:aa,Device A 1,bb:bb:bb:bb:bb:bb,Device B 1,cc:cc:cc:cc:cc:cc,Device C Any of the other standard fields can be added similar to importing regular guests. Advanced MAC Features 2-Factor Authentication 2-factor authentication checks against both credentials and the MAC address on record.
Navigate to Administrator > Plugin Manager > Manage Plugins: MAC Authentication: Configuration and enable MAC Detect. Edit the header of your redirect landing page (login or registration) and include the following:
{if $guest_receipt.u.visitor_name} Welcome back to the show, {$guest_receipt.u.
To view and manage active sessions for the RADIUS server, go to Guests > Active Sessions. The Active Sessions list opens. You can use this list to modify, disconnect or reauthorize, or send SMS notifications for active visitor sessions; manage multiple sessions; or customize the list to include additional fields. On the Manage Multiple Sessions form, the start time of each session is used to select the sessions to work with.
Session States A session may be in one of three possible states: Active—An active session is one for which the RADIUS server has received an accounting start message and has not received a stop message, which indicates that service is being provided by a NAS on behalf of an authorized client. While a session is in progress, the NAS sends interim accounting update messages to the RADIUS server. This maintains up-to-date traffic statistics and keeps the session active.
Filtering the List of Active Sessions You can use the Filter tab to narrow the search parameters and quickly find all matching sessions: Enter a username or IP address in the Filter field. Additional fields can be included in the search if the “Include values when performing a quick search” option was selected for the field within the view. To control this option, use the Choose Columns command link on the More Options tab.
Closing All Stale Sessions Immediately By default, the Close Stale Sessions option is selected when the Manage Multiple Sessions form opens. This option allows you to quickly close all stale sessions with one click. Stale sessions should be closed to keep accounting statistics accurate. To close all stale sessions, leave the Close Stale Sessions radio button marked and click Make Changes. All stale sessions are closed and are removed from the Active Sessions list.
5. Use the Session Stop drop-down list to specify how the stop time will be calculated for each session. If you choose Use session start time, the session will be closed when you commit your changes on this form. To specify a range of time after a session’s start time, choose one of the options for hours, day, or week. Sessions will be closed when that amount of time has elapsed after the start time. Since this setting is relative to start time, each session may be closed at a different time.
3. Use the Start Time row to indicate the beginning of the time range for selecting sessions. To specify a time for the beginning of the range, click the button to open the calendar picker. In the calendar, use the arrows to select the year and month, click the numbers in the Time fields to increment the hours and minutes, then click a day to select the date. If this field is left empty, the earliest available session start time is used.
If you choose Use session start time, the session will be closed when you commit your changes on this form. To specify a range of time after a session’s start time, choose one of the options for hours, day, or week. Sessions will be closed when that amount of time has elapsed after the start time. Because this setting is relative to start time, each session may be closed at a different time. To specify a range of time that is not included in the list, select the Specify another value option.
2. Use the Start Time row to indicate the beginning of the time range for selecting sessions. To specify a time for the beginning of the range, click the button to open the calendar picker. In the calendar, use the arrows to select the year and month, click the numbers in the Time fields to increment the hours and minutes, then click a day to select the date. If this field is left empty, the earliest available session start time is used.
3. Enter the message in the Message text box. Messages may contain up to 160 characters. 4. Click Send. SMS Services With SMS Services, you can configure the Amigopod Visitor Management Appliance to send SMS messages to guests. You can use SMS to send a customized guest account receipt to your guest’s mobile phone. You are also able to use SMS Services to send an SMS from your Web browser. To use the SMS features of the Amigopod Visitor Management Appliance, you must have the SMS Services plugin installed.
The SMS Gateways window displays the name and available credits for any currently defined SMS gateways. To create a new SMS gateway, click the Create new SMS gateway link to display the SMS Service Configuration form. If your country uses a national dialing prefix such as “0”, you may enter this on the form. When sending an SMS to a number that starts with the national dialing prefix, the prefix is removed and replaced with the country code instead.
The New SMS Message form appears . Complete the form by typing in the SMS message and entering the mobile phone number that you are sending the SMS to. If multiple services are available, you may also choose the service to use when sending the message. The SMS is limited to a maximum length of 160 characters. The number of remaining characters is displayed on this form. Click the Send Message button to send the SMS. About SMS Credits Each SMS message sent consumes one credit.
The Amigopod Visitor Management Appliance may be configured to automatically send SMS receipts to visitors, or to send receipts only on demand. To manually send an SMS receipt, navigate to the Guests > List Accounts window, select the guest to which you want to send a receipt, then click the Send SMS receipt link displayed on the guest account receipt page.
Figure 29 Configure SMS Services Plugin SMS Receipt – Select the print template to be used when an SMS receipt is created. The print template used for the receipt must be in plain text format. Phone Number Field – Select which guest account field contains the guest’s mobile telephone number. This field is used to determine the SMS recipient address. Amigopod 3.
Auto-Send Field – Select a guest account field which, if set to a non-empty string or non-zero value, will trigger an automatic SMS when the guest account is created or updated. The auto-send field can be used to create an “opt-in” facility for guests. Use a check box for the auto_send_sms field and add it to the create_user form, or a guest self-registration instance, and SMS messages will be sent to the specified phone number only if the check box has been selected.
Figure 30 Customize SMS Receipt page SMS Receipt Fields The behavior of SMS receipt operations can be customized with certain guest account fields. You can override global settings by setting these fields. sms_enabled – This field may be set to a non-zero value to enable sending an SMS receipt. If unset, the default value is true. sms_handler_id – This field specifies the handler ID for the SMS service provider. If blank or unset, the default value from the SMS plugin configuration is used.
values “_Disabled” and “_Enabled” may be used to never send an SMS or always send an SMS, respectively. sms_warn_before_message – This field overrides the logout warning message. If blank or unset, the default value from the Customize SMS Receipt page is used. The logic used to send an SMS receipt is: If SMS receipts are disabled, take no action. Otherwise, check the auto-send field. If it is “_Disabled” then no receipt is sent. If it is “_Enabled” then continue processing.
Email receipts may be sent manually by clicking the account receipt page. Send email receipt link displayed on the guest When using guest self-registration, the Email Delivery options available for the receipt page actions allow you to specify the email subject line, the print template and email format, and other fields relevant to email delivery.
Email Receipt Options The Customize Email Receipt form may be used to set default options for visitor account email receipts. Figure 31 Customize Email Receipt page The Subject line may contain template code, including references to guest account fields. The default value, Visitor account receipt for {$email}, uses the value of the email field. See “Smarty Template Syntax” in the Reference chapter for more information on template syntax.
Do not send copies – The Copies To list is ignored and email is not copied. Always send using ‘cc:’ – The Copies To list is always sent a copy of any guest account receipt (even if no guest account email address is available). Always send using ‘bcc:’ – The Copies To list is always sent a blind copy of any guest account receipt (even if no guest account email address is available).
SMTP Receipt Fields The behavior of email receipt operations can be customized with certain guest account fields. You do this on a per user basis. smtp_enabled – This field may be set to a non-zero value to enable sending an email receipt. If unset, the default value from the email receipt configuration is used.
smtp_warn_before_template_id – This field overrides the print template ID specified under Logout Warnings on the email receipt. If the value is “default”, the default template ID under the Logout Warnings section on the email receipt configuration is used. smtp_warn_before_receipt_format – This field overrides the email format under Logout Warnings to use for the receipt.
| Guest Management Amigopod 3.
Chapter 7 Report Management The Reporting Manager provides you with a set of tools to summarize the visitor accounts that have been created and analyze the accounting data collected by the RADIUS server. Through the predefined reports and the custom reports you can create using the report editor, you can get a complete picture of the network usage of your guests.
Number of concurrent sessions by role – This report shows the number of concurrent sessions according to the user’s role across a time interval. Number of sessions per NAS – This report shows the total number of sessions per NAS in the selected period. Number of sessions per day – This report shows the total number of sessions per day. Number of users per day – This report shows the number of distinct users per day.
Run The Run option allows you to change the date range of the report before it is run. Choose a time period for the report from the Date Range drop-down list. If the report definition includes any additional parameters that have a user interface, these will also be displayed as part of the Report Options form. Click the Run Report button to generate the report using the selected parameters. A progress window will appear as the report is generated, and then the report will be displayed automatically.
The Report Type editor allows you to change the defaults for the Date Range and the Formats for the report you have selected. If you want to change the default for another report you must also edit that report. Click the Save Changes button to have these changes become the new default. Delete a Report You can delete any predefined reports by selecting the report and clicking the Delete link. You are asked to confirm the deletion. Once you delete a report, it is permanently deleted.
No access – the report is not visible on the list, and cannot be used, edited, duplicated, or deleted. Visible-only access – the report is visible in the list. It can be viewed in HTML but cannot be edited Read-only access – the report is visible in the list and it may be viewed and duplicated. The report cannot be edited or deleted. Update access – the report is visible in the list and may be duplicated and edited.
Exporting Report Definitions Report definitions may be exported to a file and later imported. This provides an easy way to move reports from one appliance to another. Click the More Options tab at the top of the report list to access the Export Reports command link. (This link also appears on the Reporting start page.) Use the check boxes to select the reports to export.
Importing report Definitions Report definitions may be imported from a file that has been generated with the Export Reports command. Click the More Options tab at the top of the report list to access the Import Reports command link. (This link also appears on the Reporting start page.) You may select a file to upload using your Web browser, or alternatively the report definition may be pasted into the text area provided.
About Custom Reports The Report Editor is used to build a custom report. The process used to generate a report is shown in the figure below. In this diagram, the arrows represent the flow of data, while the icons represent the processing stages that the data goes through. Figure 33 Report generation process . Starting from the top left, and working clockwise: The Report Type ( “Report Type”) specifies the basic properties for the report.
Data Sources The available data sources are: Local RADIUS Accounting – Accounting traffic consists of summary information about visitor sessions, reported by NAS devices to the Amigopod Visitor Management Appliance. In the RADIUS Accounting data source, each data record corresponds to a single visitor session.
Figure 35 Reporting – Bin west of GMT The next diagram is similar but for time zones that are east of GMT Figure 36 Reporting – Bin east of GMT . This process may be automated by entering an expression as the value for the time zone offset. The correct expression to use for the Bin Offset is: = -date("Z") Explanation: The PHP date() function returns the time zone offset in seconds when passed the “Z” format string.
Statistics from Classification Groups The classification groups that you define in a report will determine what type of statistics that can be derived for that report. This is shown in the following diagrams. The following figure shows how statistics are calculated per bin when bins are present but groups are not present. For example, if each bin represents a different date, and the source data is a traffic measurement, then the statistic here could be the total amount of traffic per day. See Figure 37.
Figure 39 Components of the Report Editor Report Type The Report Type link opens a window where you type a distinct name or Title for the report. You can add additional information in the Description field. This could be used to explain the purpose of the report. 252 | Report Management Amigopod 3.
While you are working on creating the report you could leave the Enabled field unchecked. When you want the report to be available for use, mark the Enabled check box. You should set a default Date Range for the report. The available options are listed under the drop down menu. You are able to change the Unit for this date range to seconds, minutes, hours, weeks, months or years. You must select one or more of the Output Formats. When the report is run, it will be generated in each of these formats.
Properties for individual fields within an output series (header) Properties for presentation blocks (container CSS style) Properties for table cells within a presentation block (CSS style) Within text presentation blocks In these cases the report editor may simply indicate that a value is required. To use the value of a report parameter in a template, use the syntax {$parameter}.
Parameter User Interface Editing The Edit Parameter form is used to specify the default value for a parameter as well as the type of user interface to use for this parameter. If No user interface is selected, then the parameter will have a fixed value and cannot be edited before the report is run.
The initial value displayed on this form for a report parameter may be specified as the Value for the parameter. The Run Preview and Run Default icon links will be available for a report if all parameters have an acceptable default value. This is determined by the validation properties for each parameter. If no validation properties are specified, all parameter values are considered to be valid.
Click the Save Changes button to return to the Report Editor. Select Fields If you have not selected fields in the Data Source form, you must select the required source fields here. Fields can be defined one at a time by clicking the Create Source Field tab. Source fields are the basic building blocks from which the rest of the report is constructed.
Each source field has a name that is unique within the report. You can also attach a description to the field for use by the report designer. If you select a field from the Data Source Field drop down list, that field name is automatically placed in the Field Name area. It can be changed if you want. As derived fields do not exist in the Data Source, you will need to give each field a unique name. You are also required to give the field a value.
If you select to calculate a value by summing over source fields, you are required to nominate the fields to be summed. Click the Create Source Field button to create the source or derived field in the report. Source Filters Source filters are applied to the data source fields to determine whether a data record will be included for processing in the report. The statistics, metrics and output data of the report can only be generated from source data that has passed through the source filters.
To add additional filters, click the first source filter. An action row is displayed with Edit and After links. There is also a Set Default Report Range option for the first date/time filter. The filter. Edit link allows you to alter the options for the source filter as well as being able to disable the Click the The Insert Save Changes button to keep any changes you have made. Insert After link allows you to create additional filters.
You must then select the filter from the Filter Type drop down list.
To create a bin or a classification group, click the Groups list view. Create Classifier tab in the Edit Classification You are required to choose the classification method and the Source Field to use for the classification. The Editor.
Time measurement: bin by days – See “Binning Example – Time Measurements” in this chapter for the bin classification method description. The bin classification method uses the specified date/time field to calculate a day number. Times that fall within the same day are assigned the same bin number. The bin offset is used to account for time zones as explained in the . Time measurement: bin by hours – This bin classification method uses the specified date/time field to calculate an hour number.
Like the statistic fields, metrics share a close relationship with the report’s classification groups. When designing a report, consider the metrics that you would like to generate, and work backwards to determine the statistics you will need in order to calculate each metric and the classification groups will be needed to calculate each statistic. Each statistic and metric field has a name that is unique within the report. You can also attach a description to the field for use by the report designer.
Median value – the median (middle) value of the source field over the selected classification group is calculated Minimum value – the minimum value of the source field over the selected classification group is calculated Number of bins – the number of different bin classification groups is calculated Number of distinct values – the number of distinct values that the source field takes over the selected classification group is calculated Number of groups – the total number of classificatio
Number of distinct values – the number of distinct values that the statistic field takes over the selected report dimension is calculated Subtract (value 1 – value 2) – the values are subtracted Sum of values – the sum of all values of the statistic field over the selected report dimension is calculated Use an expression to calculate value – a PHP expression is used to calculate a value for the metric over the selected report dimension from one or more statistic fields Value 1 and Value 2 li
You are required to enter a unique name for this output series. You must also select the Dimension to be used. This could be the source data or one of the classification groups defined in the report. Click the Create Output Series button to add the output series definition to the report. The Edit Output Series form will then be displayed to allow the components of the output series to be defined.
To edit an output series field, click the below. Edit link for the field. The Edit Series field opens, as shown The Header is displayed in tables and charts that use this output series. Use a short description of the values contained in this field. The Value Format specifies how to generate the value for the output series field. You can specify an expression to calculate the value; in the expression, use the variable $_ to obtain the value of the report field for this output series.
Match filters check if a value matches a particular condition, which could be a regular expression or other match value. List filters check to see if a value is found in a list. Click the Create output filter link to create an output filter. Select the output series you want to filter in order to view the remaining filter options. You can select any of the source fields that would be available to the output series, or any of the fields in the output series.
Unconditionally exclude item if filter matches – If the filter matches the item in the output series, the item will never be included in the output. No further filters will be applied to the data once this filter has matched. Click the Create Output Filter button to add the new output filter to the report definition. Presentation Options The Presentation Options provide you with a number of choices regarding the final presentation of your report.
Scatter Polar In general, the first field in the output series is used as the category values for the chart. The second and subsequent fields are used as the values to display on the chart. The Pie and Pie 3-D charts support only a single data point for each category value. A pie chart is used to compare the relative proportions of different values in a single data series. The Floating Column and Floating Bar charts require two data points for each category value.
This standard header includes the report title, the time at which the report was run, and the date range included in the report.
Creating the Report – Step 1 The following form will be displayed when the Create New Report link is clicked. This is the same form that you would obtain if you clicked the Report Type option in the Report Editor. See “Report Type” in this chapter for more details about this form. Click the Continue button to move to Step 2. Creating the Report – Step 2 In step 2, the Select Data Source form is displayed.
Creating Sample Reports Report Based on Modifying an Existing Report This sample involves modifying the predefined Number of users per day report to report on the number of users per week. 1. Select the “Number of users per day” report. 2. Click the Edit link. This opens the Report Editor. 3. Click Report Type in the Report Editor, as you need to change the title of the report to “Number of users per week”.
Report Created from Report Manager using Create New Report To create a report that lists today’s user sessions, follow this process. 1. To create a new report without it being based on an existing report, click Create New Report. 2. You must give the report a Title. For this report, Today’s Sessions would be an appropriate name. 3. Enable the report by marking the Enabled check box. 4. Ensure that the Date Range is Today and select an Output Format. These changes are shown in the screen below. 5.
6. Select the required fields in Step 2. For this report the fields are shown in the screen below. These are the fields of interest for the report. 7. Click the Save Changes button to have the report created. The Report Editor screen is displayed. 8. If you click the Final Report option in the Report Editor you can see the report as it is after these two steps. 276 | Report Management Amigopod 3.
9. You can continue to further enhance this report using the Report Editor. To change the formatting of the table you would use the Presentation Options; to remove a column you would use the Output Series option; to restrict the data in the table you would use a filter, for example, a source filter to limit by NAS IP address; a classification group would enable you to carry out statistical analysis, for example, grouping by NAS IP address.
11. The Source Field will be changed to nas_ip_address, as this report is to calculate the average traffic by NAS rather than the average traffic by user. The field will also be renamed to total_nas to reflect the new value it will contain. These changes are shown in the screen below. 12. Click the Save Changes button. 13. Because the total_users field is no longer available in the report, the average_bytes field must be updated to refer to the total_nas field instead.
20. Click the Back to report editor link to return to the Report Editor. 21. As there are no further changes required, click the Final Report icon to preview your new report. Report Troubleshooting Report Preview with Debugging If you are experiencing problems with your report, you can receive help with the Report Diagnostics. The diagnostics run the report and show you the internal data that is being used to generate the contents of the final report.
0 => /* group 0 */ array ( 'a' => /* group value: 'a' */ array ( 0 => first data record 1 => second data record ... ), ), ), 234 => /* bin value: 234 */ array ( /* bin items organized by group */ ) ), 1 => /* bin 1 */ ... ) Troubleshooting Tips The following tips may be useful to you when developing new reports. Draw a diagram – Make a sketch of any charts or tables you want to include in the report.
Chapter 8 Administrator Tasks The Amigopod Administrator provides tools used by a network administrator to perform both the initial configuration and ongoing maintenance of the Amigopod Visitor Management Appliance. Accessing Administrator Use the Administrator command link on the Amigopod Visitor Management Appliance home page to access the system administration features. Alternatively, use the Administrator navigation menu to jump directly to any of the system administration features.
Automatic Network Diagnostics When you view or edit the appliance’s network configuration on the Network Setup, HTTP Proxy, Network Diagnostics, or Network Interfaces page, an automatic network connectivity test determines the current status of the network, and the results of the diagnostic are displayed.
The system hostname should match the common name of the installed SSL certificate. If these names do not match, then HTTPS access to the appliance may result in security warnings from your Web browser. A valid hostname is a domain name that contains two or more components separated by a period (.).
Delete – Remove a network interface. Manually created network interfaces may be deleted—for example, tunnel, VLAN, or secondary interfaces. The standard system network interfaces cannot be deleted. Routes – Define static routes that specify the gateway IP addresses for other networks. Bring Down – Disables the network interface. Bring Up – Enables the network interface.
To specify an IP address for the network interface, select Manually configure IP address. The following form is displayed for IP address details. The MTU field allows you to specify the Maximum Transfer Unit size in bytes for the network interface. While standard Ethernet uses a MTU of 1500 bytes, you may find it necessary to reduce the MTU slightly in some network topologies. The Amigopod Visitor Management Appliance uses a default MTU of 1476 bytes unless otherwise specified in this form.
Click the Save Changes button to update the network interface with the specified settings. The new settings will be tested and the results of the test displayed. If DNS name resolution is not working, the system will be unable to perform many common tasks. To resolve this issue, check the DNS server settings for the network interface. If you are using DHCP, check that your DHCP server provides DNS server information, and enable this option for the network interface.
Managing Static Routes In the Network Interfaces list view, click the network interface to edit, and then click Network Interface Routes list view will be displayed. Routes. The Click the Create tab to add a new static route. You must specify the network address of the destination network as an IP address and netmask, and the gateway for the destination network. The gateway IP address must be reachable directly from the network interface. Click the Create Route button to add the route.
Figure 40 Network diagram showing IP addressing for a GRE tunnel To create a GRE tunnel, navigate to the Network Interfaces page and click the network interface link. The Network Interface Settings form is displayed. Create a tunnel The Interface Name is the system’s internal name for this tunnel interface. A default value is supplied, which may be used without modification. A Display Name may be specified to identify the connection in the list of network interfaces.
Use the Create a VLAN interface link to create a new network interface with a specific VLAN tag. The Create a New VLAN form is displayed. In this form, select the physical interface through which the VLAN traffic will be routed, and enter a name for the VLAN and the corresponding VLAN ID. Use a descriptive name for the VLAN Name field, as this is only used by administrators to identify the network interface. The corresponding VLAN ID is used by the network infrastructure to identify a specific virtual LAN.
VLAN interfaces are distinguished from other network interfaces with blue icons. The possible states for the system’s network interfaces are summarized in the table below Table 25 Network Interface States Interface State Physical VLAN Active (up) Active with default gateway Inactive (down) The actions available when selecting a VLAN interface are: Show Details – Displays detailed information and statistics about the network interface.
Secondary network interfaces have the same name as the underlying physical interface, with a suffix such as “:1”, “:2” and so on for each subsequent IP address created. All secondary interfaces will be brought down if the corresponding physical interface is brought down. Login Access Control Both guests and operators may use HTTP or HTTPS to access the Amigopod user interface. The system does not distinguish between these types of users at the protocol level.
The ‘Deny Behavior’ drop-down list may be used to specify the action to take when access is denied. The access control rules will be applied in order, from the most specific match to the least specific match. Access control entries are more specific when they match fewer IP addresses. The most specific entry is a single IP address (for example, 1.2.3.4), while the least specific entry is the match-all address of 0.0.0.0/0. As another example, the network address 192.168.2.
Select a diagnostic from the drop-down list. Depending on the diagnostic you have selected, additional parameters will also be available: DHCP Leases – Select a network interface to view the DHCP lease information for that interface. DNS Lookup – Enter a hostname to perform a domain name lookup and display the results. Firewall Rules – Displays the iptables firewall rules that are currently in effect. Interface Addresses– Displays all active IP addresses and interface details.
form. Additional RADIUS attributes may also be included by adding Attribute-Name = Value pairs in the Extra Arguments field; see the example below. Routing Table – Displays the current IPv4 routing table. The list shows the static, network addresses and default routes configured for the system. Traceroute – Enter a hostname or IP address to determine the route that packets traverse to that host. The test may take a considerable amount of time (30 seconds or more), depending on network conditions.
Select the network interface and, if required, enter filtering parameters to restrict the type and number of packets to be captured. You can enter network addresses in the Source IP and Destination IP fields by using an IP address and a network address length; for example, 192.168.2.0/24. Click the Capture button to begin the packet capture operation. While packet capturing is in effect, the status of the packet capture is displayed as part of the Network Diagnostics form. Amigopod 3.
Once the packet capture has completed, the status is updated, and a link to Download packet capture file is available. Click this link to download a packet capture file, which may be analyzed using the Wireshark utility or another tool capable of reading the “pcap” file format. To delete the saved file, select the Delete current packet capture file check box and click the button. To start another packet capture, modify the filtering parameters if required and click the button.
The fields on each line are separated by any number of blanks or tab characters. Any text from a # character to the end of the line is a comment, and is ignored. Hostnames may contain only alphanumeric characters, minus signs (“-”), and periods (“.”). A hostname must begin with an alphabetic character and end with an alphanumeric character. After making changes in the Hosts field, click the file.
The SNMP Setup form is used to configure the system’s SNMP server and enable SNMP access. To enable SNMP access, one of the available modes must be selected. Version 2c, version 3, or both versions may be enabled. The System Contact and System Location parameters are basic SNMP “system” MIB parameters that are frequently used to identify network equipment. See “Supported MIBs” in this chapter for a list of supported MIBs.
SNMP version 2c has only one configuration option, which is the name of the community string. SNMP clients must provide this value in order to access the server. The default community string is public. SNMP version 3 adds authentication and encryption capabilities to the protocol. You must supply a set of credentials to be used for SNMP v3 access. You can also select whether encryption should be used. Traps are notification messages sent when certain conditions are reached.
SNMP-VIEW-BASED-ACM-MIB TCP-MIB UCD-DISKIO-MIB UCD-DLMOD-MIB UCD-SNMP-MIB UDP-MIB SMTP Configuration The SMTP Configuration form is used to provide system default settings used when sending email messages. To manage and view the current SMTP configuration click the SMTP Configuration command link on the Administrator > Network Setup page. See “SMTP Services” in the Guest Management chapter for additional configuration options for SMTP services.
The From Address must be specified. This is the sender of the email and will be visible to all email recipients. It is recommended that you provide a valid email address so that guests receiving email receipts are able to contact you.
A completed sample certificate request is shown below. Click the Create Certificate Request button to generate the certificate signing request. The certificate signing request is displayed in a text field in the browser. This can be used to copy and paste the request directly to a certificate authority that supports this form of request submission. Alternatively, you may click the Download the current CSR link to download a .csr file to your browser.
The process for installing an SSL certificate has been simplified. In the first step, select whether you will be copying and pasting the certificate as plain text, or uploading the certificate from a file. In the second step, you must provide between one and three items of information: The Certificate field must contain the digital certificate. This can be a file containing a base-64 representation of the certificate, or it can be a block of text that contains the certificate.
To resolve this error, first check that you have provided the correct intermediate certificate. If the problem persists, check with your certificate authority for the appropriate root certificate to use. As an optional third step, if you have a private key that corresponds to the SSL certificate, it may be specified separately. This is only required if you did not generate the certificate signing request on the server. Click the Upload Certificate button to install the new SSL certificate.
Backup and Restore Click the Backup & Restore command link on the Adminstrator start page to make backups of the appliance’s current configuration as well as restore a previous backup. It is recommended that you make a complete configuration backup of the system after completing a deployment and after making configuration changes.
Server Configuration), you can select to back up the entire area or only a particular part of that area. To access the components within an area, click the down arrow . There are five possible states for each area, described below: 1. Complete backup – The tick mark is highlighted: . The components of the area are not displayed, but the entire area and all of its components will be backed up. 2. Partial backup – The down arrow is highlighted: .
You are able to select either a complete or custom backup to run on the schedule. The options available are the same as for the manual backup. You are required to enter a prefix for the backup filename. The backup name is used as the basis for the name of the backup file. The current time and date is used to identify different backups, in the format YYYYMMDD-hhmmss. For example, with the backup name ‘backup’, the backup filename will be backup.20080101-123456.dat.
proxy*: proxy related arguments quote=CMD: send custom command to FTP server require-ssl: require SSL connection for success SMB options kerberos: use Kerberos authentication (Active Directory) domain=NAME or workgroup=NAME: set the workgroup to NAME debug: generate additional debugging messages which are logged to the application log Multiple options should be separated with semicolons.
restore, be sure to select the appropriate items by clicking the tick icon for each configuration item to restore. 4. Mark the Restore settings from backup check box. Be aware that it is possible to overwrite any local configuration changes that have been made since the backup was created. 5. Click the Restore Configuration button for the restore to commence. A progress window is shown for the restore operation. 6. You are presented with a ‘System restore operation completed successfully’ message.
using the Amigopod’s built-in Web server. To access the Content Manager, click the Content Manager command link on the Customization start page. You can add content items by using your Web browser to upload them. You can also copy a content item stored on another Web server by downloading it. To use a content item, you can insert a reference to it into any custom HTML editor within the application.
After you have completed the form, click the Fetch Content button to have the file downloaded. The file is placed in the public directory on the Web server. You are then able to reference this file when creating custom HTML templates. Additional Content Actions The Properties link allows you to view and edit the properties of the item. Editable properties include the content item’s filename and description.
A security assessment will be performed and a report will be displayed containing the recommendations from the security assessment. Reviewing Security Audit Results For each of the security recommendations presented, you can choose to accept the recommendation, ignore the recommendation, or disable the recommendation. A Details link may be provided, containing more information about this security message or guidance on a recommended fix.
The Amigopod appliance has a command line interface(CLI) which may be accessed using the appliance console or SSH.
2. In the Warning Levels drop-down list, specify the maximum number of alerts to receive. If you do not want to receive notifications, choose 0-Disable warnings. 3. If you enabled warnings, in the Level 1 field, enter the amount of remaining disk space at which the first notification should be sent. 4.
Determining Installed Operating System Packages Use the Advanced view of the System Information page to display a list of the installed operating system packages, together with the corresponding version numbers. Plugin Manager Plugins are the software components that fit together to make your Web application. The Plugin Manager allows you to manage subscriptions, list available plugins, add new plugins, and check for updates to the installed plugins.
Managing Subscriptions A subscription ID is a unique number used to identify your software license and any custom software modules that are part of your Amigopod solution. To view current subscription IDs, navigate to Administrator > Plugin Manager, then click Manage Subscriptions. The Amigopod Subscription page opens.
Adding or Updating New Plugins You can add or update plugins either from the Internet or from a file provided to you by email. If your new plugin was emailed to you as a file, navigate to Administrator > Plugin Manager > Add New Plugin. On the Add New Plugin page, choose the Add Plugin from File command, then browse to the file to upload it. The Add New Plugin page also provides the option to choose the internet download method.
When you select multiple available updates on the Add New Plugins page and click the Finish button, the system updates them sequentially. If an update for one plugin cannot be completed—for example, due to low disk space—the update for that plugin is cancelled. The other updates are not affected, and the system continues to process the rest of the plugin updates in the queue.
To undo any changes to the plugin’s configuration, click the plugin’s Restore default configuration link. The plugin’s configuration is restored to the factory default settings. In most cases, plugin configuration settings do not need to be modified directly. Use the customization options available elsewhere in the application to make configuration changes.
1. To change the application’s title, enter the new name in the Application Title field (for example, your company name) to display that text as the title of your Web application. Click Save Configuration. 2. TheKernel plugin’s Debug Level, Update Base URL and Application URL options should not be modified unless you are instructed to do so by Aruba support. 3. To restore the plugin’s configuration to the original settings, click the Restore default configuration link below the form.
2. The default navigation layout is “expanded.” To change the behavior of the navigation menu, click the Navigation Layout drop-down list and select a different expansion level for menu items. 3. The Page Heading field allows you to enter additional heading text to be displayed at the very top of the page. The default skin used by the Amigopod Visitor Management Appliance is the one that is enabled in the Plugin Manager.
To ensure that authentication, authorization, and accounting (AAA) is performed correctly, it is vital that the server maintains the correct time of day at all times. It is strongly recommended that you configure one or more NTP servers to automatically synchronize the server’s time. NTP can interfere with timekeeping in virtual machines.
System Control The System Control commands on the Administrator > System Control page allow you to: Shut down the server immediately. Reboot the system which stops all services while the reboot is taking place. Restart the system services without stopping the server. This would usually be done after a plugin installation if required, or if performing other system changes such as installing a new SSL certificate or changing the server’s time zone.
Log Rotation: Configuring Data Retention To configure the number of weeks to retain records for data, log files, disabled accounts, and mobile device certificates, click the Configure data retention link in Log Rotation row. The Data Retention Policy page opens. Log files are rotated and expired logs are cleared according to the database maintenance schedule you define. See Managing Data Retention. Log Collector: Storing Incoming Syslog Messages Your Amigopod server can also act as a syslog server.
Facility: Redirecting Application Log Messages To redirect log messages from the application log to the syslog, select an option from the Facility field drop-down menu. The default option None – Do not send application log messages to syslog stores all application-generated messages in the separate application log. If you select a specific syslog facility, the minimum priority level for the corresponding syslog facility determines whether the syslog message is forwarded to the remote collector.
For high-traffic sites that are maintaining many weeks of log files, enter a non-zero value for Disk Space to ensure that the log files cannot fill up the system’s disk. If the disk space check is enabled, the server’s free disk space is checked daily at midnight, and if it is below the specified threshold, old log files are deleted to free up space. The syslog protocol is used to send log messages from one system to a syslog server (also known as a ‘collector’). The syslog protocol uses UDP port 514.
Figure 41 Data Retention Policy page Select Enable to enable the the data retention policy opton and enter how many weeks in the Log Rotation field to indicated how many weeks you want log files kept before they are deleted. You can specify how many weeks a guest account persists after the account is disabled in the Guest Accounts field. For mobile device certificates, select the minimum delay, in weeks, required before an expired certificate or rejected request can be deleted.
Changing Database Configuration Parameters The Database Configuration form allows you to configure the system’s database and manage its maintenance schedule. Access this form by navigating to System Control > Database Config. The Options field is a text field that accepts multiple name = value pairs. You can also add comments by entering lines starting with a # character.
Changing Web Application Configuration Certain performance and security options may be configured that affect the operation of the Web application GUI. Use the Web Application Configuration command link to adjust these configuration parameters. The Memory Limit may be increased to allow larger reports to be run on the system. The File Upload Size may be increased to allow larger content items to be uploaded, or larger backup files to be restored.
Changing Web Server Configuration High-traffic deployments may need to adjust certain performance options related to the system’s Web server. Use the Web Server Configuration command link to adjust these configuration parameters. The Maximum Clients option specifies the maximum number of clients that may simultaneously be making HTTP requests. The default value should only need to be increased for high-traffic sites.
This report can be downloaded for support purposes. Adding Disk Space Storage capacity can be increased on VMware-based deployments. To increase available storage, click the Add Space option on the System Information screen. TheAdding Disk Space screen appears. Follow instructions on this page. Amigopod 3.
. 332 | Administrator Tasks Amigopod 3.
System Log The system log viewer available on the Support > System Logs page displays messages that have been generated from multiple different sources: Application Logs—messages generated by the Amigopod application. HTTP Logs—messages generated by the Apache Web Server. RADIUS Logs—messages generated by the RADIUS server during authentication, authorization or accounting. System Logs—messages generated by the system and various internal processes within it.
Use the Filter tab to control advanced filtering settings, such as which logs to search and the time period to display: Click the Apply Filter button to save your changes and update the view, or click the remove the filter and return to the default view. Reset button to Exporting the System Log Use the Export tab to save a copy of the system logs, in one of several formats. Select one of the following formats from the Format drop-down list: Comma Separated Values (*.
Searching the Application Log You are able to search for particular log records using the form displayed when you click the tab. Click the Search Reset Form button to clear the search and return to displaying all records in the log. Exporting the Application Log Use the Export tab to save the log in other formats, including HTML, text, CSV, TSV and XML. You can select options to print, email or download the data. Amigopod 3.
| Administrator Tasks Amigopod 3.
Chapter 9 Hotspot Manager The Hotspot Manager controls self provisioned guest or visitor accounts. This is where the customer is able to create his or her own guest account on your network for access to the Internet. This can save you time and resources when dealing with individual accounts. The following diagram shows how the process of customer self provisioning works.
Manage Hotspot Sign-up You can enable visitor access self provisioning by navigating to Customization > Hotspot Manager and selecting the Manage Hotspot Sign-up command. This allows you to change user interface options and set global preferences for the self-provisioning of visitor accounts. The Enable visitor access self-provisioning check box must be ticked for self-provisioning to be available. 338 | Hotspot Manager Amigopod 3.
The Require HTTPS field, when enabled, redirects guests to an HTTPS connection for greater security. The Service Not Available Message allows a HTML message to be displayed to visitors if self-provisioning has been disabled. See “Smarty Template Syntax” in the Reference chapter for details about the template syntax you may use to format this message. Click the Save Changes button after you have entered all the required data.
You can customize which plans are available for selection, and any of the details of a plan, such as its description, cost to purchase, allocated role and what sort of username will be provided to customers. Above is the list of default plans supplied with the Amigopod Visitor Management Appliance. Plans that you have enabled have their name in bold with the following icon: . Plans that have not been enabled do not have names in bold and their icon is a little different: .
Creating New Plans Custom hotspot plans are added by clicking the displayed. Click the Create Hotspot plan button. The following form is Create Plan button to create this plan for use by your Hotspot visitors. See “Format Picture String Symbols” in the Reference chapter for a list of the special characters that may be used in the Generated Username and Generated Password format strings.
eWAY Netregistry Paypal WorldPay Amigopod also includes a Demo transaction processor that you can use to create hotspot forms and test hotspot transactions. Creating a New Transaction Processor To define a new transaction processor, navigate to Customization > Hotspot Manager, click Manage Transaction Processors then select New Transaction Processor. In the Name field, enter a name for the transaction processor.
You can customize the title shown on the invoice and how the invoice number is created. You can also customize the currency displayed on the invoice. The Invoice Title must be written in HTML. See “Basic HTML Syntax” in the Reference chapter for details about basic HTML syntax. You are able to use Smarty functions on this page. See “Smarty Template Syntax” in the Reference chapter for further information on these. You are able to insert content items such as logos or prepared text.
Customize Page One Page one of the guest self-provisioning process requires that the guest selects a plan. You are able to customize how this page is displayed to the guest. You are able to give this page a title, some introductory text and a footer. The Introduction and the Footer are HTML text that may use template syntax, See “Smarty Template Syntax” in the Reference chapter.
Amigopod 3.
See “Smarty Template Syntax” in the Reference chapter for details about the template syntax you may use to format the content on this page. Customize Page Three You can make changes to the content of page 3, where the customer receives an invoice containing confirmation of their transaction and the details of their newly created wireless account. See “Smarty Template Syntax” in the Reference chapter for details about the template syntax you may use to format the content on this page.
Chapter 10 High Availability Services The goal of a highly available system is to continue to provide network services even if a hardware failure occurs. High Availability Services provides the tools required to achieve this goal. These tools include service clustering, fault tolerance, database replication, configuration replication, automatic failover and automatic recovery.
A cluster’s virtual IP address is a unique IP address that will always be assigned to the primary node of the cluster. In order to take advantage of the cluster’s fault tolerance, all clients that use the cluster must use the cluster’s virtual IP address, rather than each node’s IP address. Replication is the process of ensuring that the secondary node maintains an exact copy of the primary node’s database contents and configuration.
The cluster relies on DNS for name lookup. Each node must have a unique hostname, and each node must be able to resolve the other node’s IP address by performing a DNS lookup. The nodes in the cluster must be connected to the same local network. Use high quality network cables and reliable switching equipment to ensure the nodes have an uninterrupted network connection. There should be no routers, gateways, firewalls, or network address translation (NAT) between the two nodes.
accounting information, are replicated from the primary node to the secondary node. The replication delay will depend on the volume of database updates and system load but is generally only a few seconds. Replicating the database contents ensures that in the event of a primary node failure, the secondary node is up to date and can continue to deliver the same network services to clients.
SMTP settings for email receipts ( See “Email Receipt Options” in the Guest Management chapter) SNMP server settings ( See “SNMP Configuration” in the Administrator Tasks chapter) The set of currently installed plugins ( See “Plugin Manager” in the Administrator Tasks chapter) Web Login pages ( See “Web Logins” in the RADIUS Services chapter) Certain configuration items are not replicated.
The cluster will continue operating without service interruption. Network services will be unaffected as the cluster’s virtual IP address is assigned to the primary node. While the secondary node is offline, the cluster will no longer be fault-tolerant. A subsequent failure of the primary node will leave the cluster inoperable. To recover the cluster, the secondary node must be brought back online.
Table 27 Cluster Status Descriptions (Continued) The primary node is running, but the secondary node is down or stopped. The secondary is no longer available. Check the Remote Status on the primary node to determine the cause of the problem. To clear the error condition, bring the secondary node back online. The cluster will return to faulttolerant mode automatically. If the secondary node needs to be replaced, the cluster must be rebuilt. See “Recovering From a Hardware Failure” in this chapter.
Prepare Primary Node Use the Cluster Configuration form to enter the basic network and control parameters for the cluster. If you have not already set a unique hostname for this server, you can do so here. Each node in the cluster must have a unique hostname. You can selec a single virtual IP address by entering one IP address in the Virtual IP Address field, or specify more than one virtual IP by entering a comma-separated list of multiple IP addresses.
If you have not already set a unique hostname for this server, you can do so here. Each node in the cluster must have a unique hostname. A valid hostname is a domain name that contains two or more components separated by a period (.). Hostname parameters are as follows: Each component of the hostname must not exceed 63 characters The total length of the hostname must not exceed 255 characters Only letters, numbers, and the hyphen (-) and period (.
You can select a single virtual IP address by entering one IP address in the Virtual IP Address field, or specify than one virtual IP by entering a comma-separated list of multiple IP addresses. Each node in the cluster must be able to resolve the other node by using a DNS lookup. This is verified during the cluster initialization. In practice, this means that you must configure your local DNS or DHCP server with appropriate entries for each node. You must enter a shared secret for this cluster.
The Cluster Initialization form is displayed. Select the check box and click the Initialize Cluster button to proceed. During the cluster initialization process, the entire contents of the RADIUS database (including guest accounts, user roles, and accounting history) and all configuration settings of the primary node will be replicated to the secondary node. The existing database contents and configuration settings on the secondary node will be destroyed.
The maintenance commands that are available on this page will depend on the current state of the cluster as well as which node you are logged into. Some maintenance commands are only available on the secondary node. Other commands may change the active state of the cluster. For this reason it is recommended that cluster maintenance should only be performed by logging into a specific node in the cluster using its IP address.
6. Recovery is complete. The secondary node is now the new primary node for the cluster. The cluster is back in a fault-tolerant mode of operation. The Recover Cluster command will only work if the node that failed is brought back online with the same cluster configuration. This is normally the case in all temporary outages. See “Recovering From a Hardware Failure” in this chaper, in this case, for a description of how to recover the cluster.
To check the current status of a node, log into that node and click the Show details link displayed with the cluster status on the High Availability page. The node’s current status is displayed under the Local Status heading. Use this procedure to make the current primary node the secondary node: 1. Log into the current secondary node of the cluster. 2. Click Cluster Maintenance, and then click the Swap Primary Server command link. 3. A progress meter is displayed while the primary node is switched.
To avoid unexpected failover of the cluster, ensure that the network connection to the nodes of the cluster is always available. Use high quality network equipment, including cables, and secure physical access to the servers to prevent accidental dislodgement of cables. If network access to the cluster is intermittent, this may indicate a possible hardware failure on the current primary node.
| High Availability Services Amigopod 3.
Chapter 11 Reference Basic HTML Syntax The Amigopod Visitor Management Appliance allows different parts of the user interface to be customized using the Hypertext Markup Language (HTML). Most customization tasks only require basic HTML knowledge, which is covered in this section. HTML is a markup language that consists primarily of tags that are enclosed inside angle brackets, for example,
.
Table 29 Standard HTML Tags (Continued) Styled text (block)
Uses CSS formatting
Uses predefined style
Hypertext Hyperlink Link text to click on Inline image – XHTML equivalent Floating image For more details about HTML syntax and detailed examples of its use, consult a HTML tutorial or reference guide.Table 30 Formatting Classes (Continued) nwaTop Table Header Table heading at top nwaLeft Table Header Left column of table nwaRight Table Header Right column of table nwaBottom Table Header Table heading at bottom nwaBody Table Cell Style to apply to table cell containing data nwaHighlight Table Cell Highlighted text (used for mouseover) nwaSelected Table Cell Selected text (table row after mouse click) nwaSelectedHighlight Table Cell Selected text with mouseover highlight nwaInfo A
Comments To remove text entirely from the template, comment it out with the Smarty syntax {* commented text *}. Note that this is different from a HTML comment, in that the Smarty template comment will never be included in the page sent to the Web browser.
{/section} Note that the content after a {sectionelse} tag is included only if the {section} block would otherwise be empty.
Table 31 Smarty Modifiers (Continued) Modifier Description nwamoneyformat Formats a monetary amount for display purposes; an optional modifier argument may be used to specify the format string. This modifier is equivalent to the NwaMoneyFormat() function; see “NwaMoneyFormat” in this chapter for details.
The “text” parameter is the explanatory text describing the action that lies behind the command link. (This is optional.) The “linkwidth” parameter, if specified, indicates the width of the command link in pixels. This should be at least 250; the recommended value is 400. The “width” and “height” parameters, if specified, provide the dimensions of the icon to display. If not specified, this is automatically determined from the image.
The “width” and “height” parameters, if specified, provide the dimensions of the icon to display. If not specified, this is automatically determined from the image. The “alt” parameter, if specified, provides the alternate text for the icon. The “class” parameter, if specified, is the style name to apply to a containing DIV element wrapped around the content. If this is empty, and a default is not provided through the “type” parameter, no wrapper DIV is added.
{nwa_radius_query _method=GetCallingStationTraffic callingstationid=$dhcp_lease.mac_address from_time=86400 in_out=out _assign=total_traffic} This example uses the GetCallingStationTraffic query function. , and passes the “callingstationid”, “from_time” and “in_out” parameters. The result is assigned to a template variable called total_traffic, and will not generate any output. See “GetCallingStationTraffic()” .
GetCurrentSession($criteria) GetUserCurrentSession($username) GetIpAddressCurrentSession($ip_addr = null) GetCallingStationCurrentSession($callingstationid, $mac_format = null) GetSessionTimeRemaining($username, $format = “relative”) ChangeToRole($username, $role_name) The $criteria array consists of of one or more criteria on which to perform a databased search. This array is used for advanced cases where pre-defined helper functions do not provide required flexiblity.
nwa_makeid {nwa_makeid …} Smarty registered template function. Creates a unique identifier and assigns it to a named page variable. Identifiers are unique for a given page instantiation. Usage example: {nwa_makeid var=some_id} The “var” parameter specifies the page variable that will be assigned. Alternative usage: {nwa_makeid var=some_id file=filename} The “file” parameter specifies a file which contains a unique ID. This allows issued IDs to be unique across different page loads.
The “reset” parameter may be specified to clear any existing navigation settings. Usage example: {nwa_nav block=level1_active}
@a@{/nwa_nav} {nwa_nav block=level1_inactive}@a@{/nwa_nav} ... The ‘output’ parameter specifies the metadata field to return If ‘output’ is not specified, the default is ‘output=id’; that is, the plugin ID is returned. nwa_privilege {nwa_privilege} … {/nwa_privilege} Smarty registered block function. Includes output only if a certain kind of privilege has been granted. Usage examples: {nwa_privilege access=create_user} .. content .. {/nwa_privilege} The “access” parameter specifies the name of a privilege to check for any access.
Usage examples: {nwa_userpref name=prefName} {nwa_userpref name=prefName default=10} {nwa_userpref has=prefName} “name”: return the named user preference “default”: supply a value to be returned if the preference is not set “has”: return 1 if the named preference exists for the current user, 0 if the preference does not exist nwa_youtube {nwa_youtube video=ID width=cx height=cy …} … {/nwa_youtube} Smarty registered block function.
Table 33 Date and Time Formats (Continued) hh:mm:ss %H:%M:%S 14:13:45 iso8601 %Y%m%d 20080407 iso8601t %Y%m%d%H%M%S 20080407141345 iso-8601 %Y-%m-%d 2008-04-07 iso-8601t %Y-%m-%d %H:%M:%S 2008-04-07 14:13:45 longdate %A, %d %B %Y, %I:%M %p Monday, 07 April 2008, 2:13 PM rfc822 %a, %d %b %Y %H:%M:%S %Z Mon, 07 Apr 2008 14:13:45 EST displaytime %I:%M %p 2:13 PM recent – 2 minutes ago The % items on the right hand side are the same as those supported by the php function strftime().
Date/Time Format String Reference Table 34 Date and Time Format Strings 378 | Reference Format Result %a Abbreviated weekday name for the current locale %A Full weekday name for the current locale %b Abbreviated month name for the current locale %B Full month name for the current locale %c Preferred date and time representation for the current locale %C Century number (2-digit number, 00 to 99) %d Day of the month as a decimal number (01 to 31) %D Same as %m/%d/%y %e Day of the month as
Programmer’s Reference NwaAlnumPassword NwaAlnumPassword($len) Generates an alpha-numeric password (mixed case) of length $len characters. NwaBoolFormat NwaBoolFormat($value, $options = null) Formats a boolean value as a string. If 3 function arguments are supplied, the 2nd and 3rd arguments are the values to return for false and true, respectively. Otherwise, the $options parameter specifies how to do the conversion: If an integer 0 or 1, the string values “0” and “1” are returned.
NwaDigitsPassword($len) NwaDigitsPassword($len) Generates digit-only passwords of at least $len characters in length. NwaDynamicLoad NwaDynamicLoad($func) Loads the PHP function $func for use in the current expression or code block. Returns true if the function exists (that is, the function is already present or was loaded successfully), or false if the function does not exist. Attempting to use an undefined function will result in a PHP Fatal Error.
The $format argument may be null, to specify the default behavior (U.S. English format), or it may be a pattern string containing the following: currency symbol (prefix) thousands separator decimal point number of decimal places The format “€1.000,00” uses the Euro sign as the currency symbol, “.” as the thousands separator, “,” as the decimal point, and 2 decimal places. If not specified explicitly, the default format is “$1,000.00”.
NwaParseXml NwaParseXml($xml_text) Parses a string as an XML document and returns the corresponding document structure as an associative array.
NwaVLookup NwaVLookup($value, $table, $column_index, $range_lookup = true, $value_column = 0, $cmp_fn = null) Table lookup function, similar to the Excel function VLOOKUP(). This function searches for a value in the first column of a table and returns a value in the same row from another column in the table. This function supports the values described in the table below.
Field, Form and View Reference GuestManager Standard Fields The table below describes standard fields available for the GuestManager form. Table 37 GuestManager Standard Fields 384 | Reference Field Description account_activation String. The current account activation time in long form. This field is available on the change_expiration and guest_enable forms.
Table 37 GuestManager Standard Fields (Continued) Field Description do_expire Integer that specifies the action to take when the expire time of the account is reached. See “expire_time” . 0—Account will not expire 1—Disable 2—Disable and logout 3—Delete 4—Delete and logout “Disable” indicates that the enabled field will be set to 0, which will prevent further authorizations using this account.
Table 37 GuestManager Standard Fields (Continued) 386 | Reference Field Description expire_time Integer. Time at which the account will expire. The expiration time should be specified as a UNIX timestamp. Setting an expire_time value also requires a non-zero value to be set for the do_expire field; otherwise, the account expiration time will not be used. Set this field to 0 to disable this account expiration timer. expire_usage Integer.
Table 37 GuestManager Standard Fields (Continued) Field Description modify_expire_usage String. Value indicating how to modify the expire_usage field. This field is only of use when editing a visitor account.
Table 37 GuestManager Standard Fields (Continued) 388 | Reference Field Description netmask String. Network address mask to use for stations using the account. This field may be up to 20 characters in length. The value of this field is not currently used by the system. However, a RADIUS user role may be configured to assign network masks using this field by adding the Framed-IP-Netmask attribute, and setting the value for the attribute to: = $user["netmask"] no_password Boolean.
Table 37 GuestManager Standard Fields (Continued) Field Description password_last_change Integer. The time that the guest’s password was last changed. The password change time is specified as a UNIX timestamp. This field is automatically updated with the current time when the guest changes their password using the self-service portal. random_password String. This field contains a randomly-generated password. This field is set when modifying an account (guest_edit form). random_password_length String.
Table 37 GuestManager Standard Fields (Continued) 390 | Reference Field Description random_username_method String. Identifier specifying how usernames are to be created. It may be one of the following identifiers: nwa_sequence to assign sequential usernames. In this case, the multi_prefix field is used as the prefix for the username, followed by a sequential number; the number of digits is specified by the random_username_length field.
Table 37 GuestManager Standard Fields (Continued) Field Description simultaneous_use Integer. Maximum number of simultaneous sessions allowed for the account. sponsor_email Email address of the sponsor of the account. If the sponsor_email field can be inserted into an email receipt and used future emails, the “Reply-To” email address will always be the email address of the original sponsor, not the current operator. sponsor_name String. Name of the sponsor of the account.
Table 38 Hotspot Standard Fields (Continued) Field Description personal_details No Type. Field attached to a form label. purchase_amount No Type. Total amount of the transaction. This field is only used during transaction processing. purchase_details No Type. Field attached to a form label. state String. The visitor’s state or locality name. submit_free No Type. Field attached to a form submit button. visitor_accept_terms Boolean.
Table 40 SMPT Services Standard Fields Field Description auto_send_smtp Boolean. Flag indicating that an email receipt should be automatically sent upon creation of the guest account. Set this field to a non-zero value or a non-empty string to enable an automatic email receipt to be sent. This field can be used to create an opt-in facility for guests.
Table 40 SMPT Services Standard Fields (Continued) (Continued) Field Description smtp_warn_before_receipt_format String. This field overrides the format in the Email Receipt field under Logout Warnings. It may be one of “plaintext” (No skin – plain text only), “html_embedded” (No skin – HTML only), “receipt” (No skin – Native receipt format), “default” (Use the default skin), or the plugin ID of a skin plugin to specify that skin.
Any other alphanumeric characters in the picture string will be used in the resulting username or password. Some examples of the picture string are shown below: Table 42 Picture String Example Passwords Picture String Sample Password #### 3728 user#### user3728 v^^#__ vQU3nj @@@@@ Bh7Pm Form Field Validation Functions See “Form Validation Properties” in this chapter and “Examples of Form field Validation” in the Guest Management chapter for details about using validation functions for form fields.
'corp-domain.com', 'other-domain.com', ), 'deny' => array( 'blocked-domain.com', 'other-blocked-domain.com', ), ) The keys ‘whitelist’ and ‘blacklist’ may also be used for ‘allow’ and ‘deny’, respectively. An ‘allow’ or ‘deny’ value that is a string is converted to a single element array. Wildcard matching may be used on domain names: the prefix ‘*.’ means match any domain that ends with the given suffix.
username – specifies the name of the field containing the username. If empty or unset, the password is not checked against this field for a match. minimum_length – specifies the minimum length of the password in characters. disallowed_chars – if set, specifies characters that are not allowed in the password. complexity_mode – specifies the set of rules to use when checking the password. complexity – if set, specifies rules for checking the composition of the password.
NwaConvertStringToOptions – Converts a multi-line string representation of the form key1 | value1 key2 | value2 to the array representation array ( 'key1' => 'value1', 'key2' => 'value2', ) NwaImplodeComma – Converts an array to a string by joining all of the array values with a comma. NwaTrim – Removes leading and trailing whitespace from a string value. NwaTrimAll – Removes all whitespace from a string (including embedded spaces, newlines, carriage returns, tabs, etc).
Table 44 Form Field Display Functions (Continued) Function Description NwaDateFormat Format a date like the PHP function strftime(), using the argument as the date format string. Returns a result guaranteed to be in UTF-8 and correct for the current page language.
View Display Expression Technical Reference A page that contains a view is displayed in an operator’s Web browser. The view con tains data that is loaded from the server dynamically. Because of this, both data formatting and display operations for the view are implemented with JavaScript in the Web browser. For each item displayed in the view, a JavaScript object is constructed. Each field of the item is defined as a property of this object.
Table 45 Display Expressions for Data Formatting (Continued) (Continued) Value Description Nwa_NumberFormat(value[, if_undefined]) Nwa_NumberFormat(value, decimals) Nwa_NumberFormat(value, decimals, dec_point, thousands_sep[, if_undefined]) Converts a numerical value to a string. If the value has an undefined type (in other words, has not been set), and the if_undefined parameter was provided, returns if_undefined.
If the expression evaluates to true, the AccessReject() will cause authorization to be refused. If the expression evaluates to false, the AccessReject() is not called, and authorization process will continue (however, the attribute will not be included in the Access-Accept, as the condition expression has evaluated to false). EnableDebug() EnableDebug($flag = 1) Enables debugging for the remainder of the processing of this request. The flag may also be set to false or 0 to disable debugging.
MacEqual() MacEqual($addr1, $addr2) Compares two MAC addresses for equality, using their canonical forms. Example usage as a condition expression for an attribute: return MacEqual(GetAttr('Calling-Station-Id'), '00-01-02-44-55-66') MacAddrConvert() MacAddrConvert($mac, $mac_format) Converts a MAC address to a specified format. This function accepts anything that can be interpreted as a MAC address using some fairly liberal guidelines and returns the address formatted with the $mac_format string.
If $to_time is specified, the interval considered is between $from_time and $to_time. Returns the total session time for all matching accounting records in the time interval specified. GetSessions() GetSessions($criteria, $from_time, $to_time = null) Calculate the number of sessions from accounting records in the database.
Limit by MAC address, 50 MB download in past 24 hours: return GetCallingStationTraffic(86400, 'out') > 50000000 && AccessReject() GetUserTraffic() GetUserTraffic($from_time, $to_time = null, $in_out = null) Calculate sum of traffic counters in a time interval. Sessions are summed if they have the same User-Name attribute as that specified in the RADIUS Access-Request. See “GetCallingStationTraffic()” for details on how to specify the time interval.
GetCallingStationSessions() GetCallingStationSessions($from_time, $to_time = null, $mac_format = null) Calculate the number of sessions for accounting records matching a specific calling-station-id. The calling station id address is looked up automatically from the RADIUS Access-Request (Calling-Station-ID attribute). Because different NAS equipment can send differently-formatted MAC addresses in the Calling-Station-Id attribute, the $mac_format argument may be specified.
'acctuniqueid' => 'c199b5a94ebf5184', 'username' => 'demo@example.com', 'realm' => '', 'role_name' => 'Guest', 'nasipaddress' => '192.168.2.20', 'nasportid' => '', 'nasporttype' => '', 'calledstationid' => '', 'callingstationid' => '', 'acctstarttime' => '1249258943', 'connectinfo_start' => '', 'acctstoptime' => NULL, 'connectinfo_stop' => NULL, 'acctsessiontime' => 0, 'acctinputoctets' => 0, 'acctoutputoctets' => 0, 'acctterminatecause' => NULL, 'servicetype' => '', 'framedipaddress' => '192.168.2.
GetUserStationCount() GetUserStationCount($from_time = null, $to_time = null, $exclude_mac = null) Count the total number of unique MAC addresses used in a time interval, for all sessions with the same User-Name attribute as that specified in the RADIUS Access-Request. If $exclude_mac is set, any sessions matching that MAC address are excluded from the count.
Example: Use the following as a conditional expression for an attribute. If the user's traffic in the past 24 hours exceeds 50 MB, the user is changed to the "Over-Quota" role. return GetUserTraffic(86400) > 50e6 && ChangeToRole("Over-Quota"); RADIUS Server Options These are the advanced server options that may be configured using the RADIUS Server Options text field. Where applicable, the default value for each configuration option is shown.
General Configuration Table 47 General Configuration Settings 410 | Reference Value Description max_request_time = 30 The maximum time (in seconds) to handle a request. Requests which take more time than this to process may be killed, and a REJECT message is returned. cleanup_delay = 5 The time to wait (in seconds) before cleaning up a reply which was sent to the NAS. The RADIUS request is normally cached internally for a short period of time, after the reply is sent to the NAS.
Table 47 General Configuration Settings (Continued) Value Description log_auth_goodpass = no Log correct passwords with the authentication requests. Allowed values are no and yes. lower_user = no lower_pass = no Convert the username or password to lowercase “before” or “after” attempting to authenticate. If set to “before”, the server will first modify the request and then try to authenticate the user.
Security Configuration Table 48 Security Configuration Settings Value Description security.max_attributes = 200 The maximum number of attributes permitted in a RADIUS packet. Packets which have more than this number of attributes in them will be dropped. If this number is set too low, then no RADIUS packets will be accepted. If this number is set too high, then an attacker may be able to send a small number of packets which will cause the server to use all available memory on the machine.
Table 49 Proxy Configuration Settings (Continued) (Continued) Value Description proxy.dead_time = 120 If the home server does not respond to any of the multiple retries, then the RADIUS server will stop sending it proxy requests, and mark it ‘dead’. If there are multiple entries configured for this realm, then the server will failover to the next one listed. If no more are listed, then no requests will be proxied to that realm.
Table 50 Thread Pool Settings (Continued) (Continued) Value Description thread.max_requests_per_server = 0 Set the maximum number of requests a server should handle before exiting. Zero is a special value meaning “infinity”, or “the servers never exit”. thread.max_queue_size = 65536 414 | Reference Set the maximum number of incoming requests which may be queued for processing. After the queue reaches this size, new requests are dropped. The default value is recommended for most deployments.
Authentication Module Configuration Table 51 Authentication Module Configuration Settings Value Description module.pap = yes PAP module to authenticate users based on their stored password. pap.encryption_scheme = crypt The PAP module supports multiple encryption schemes: clear: Clear text crypt: Unix crypt md5: MD5 encryption sha1: SHA1 encryption module.chap = yes Authenticates requests containing a CHAP-Password attribute. module.pam = yes Pluggable Authentication Modules for Linux.
Database Module Configuration Table 52 Database Modeule Configuration Settings Value Description sql.case_insensitive_usernames = 0 Set this option to 1 to match usernames in the local user database without regard to case. This will allows basic RADIUS authentication to work when the case of the username provided by the NAS is different from the case of the username in the local user database.
Table 53 Optional EAP Module Options (Continued) Function Description eap.default_eap_type = md5 Invoke the default supported EAP type when EAP-Identity response is received. The incoming EAP messages DO NOT specify which EAP type they will be using, so it MUST be set here. Only one default EAP type may be used at a time. If the EAP-Type attribute is set by another module, then that EAP type takes precedence over the default type configured here. eap.
Table 53 Optional EAP Module Options (Continued) 418 | Reference Function Description module.eap_tls = no Enables EAP-TLS module. The following functions onfigure digital certificates for EAP-TLS. If the private key and certificate are located in the same file, then private_key_file and certificate_file must contain the same filename. eap.tls.private_key_password = not set eap.tls.private_key_file = "${raddbdir}/certs/cert-srv.pem" eap.tls.certificate_file = "${raddbdir}/certs/cert-srv.
Table 53 Optional EAP Module Options (Continued) Function Description module.eap_peap= no PEAP authentication. The PEAP module needs the TLS module to be installed and configured, in order to use the TLS tunnel inside of the EAP packet. You will still need to configure the TLS module, even if you do not want to deploy EAP-TLS in your network. Users will not be able to request EAP-TLS, as it requires them to have a client certificate. EAP-PEAP does not require a client certificate. eap.peap.
Table 54 LDAP Module Settings (Continued) 420 | Reference Setting Description ldap.password_attribute = “nspmPassword” To support Novell eDirectory Universal Password, this option must be set to “nspmPassword”. Retrieves the user’s plain-text password from the directory and uses in the RADIUS server for user authentication. Universal Password requires a secure connection to the LDAP server. Required for Novell eDirectory support.
Table 54 LDAP Module Settings (Continued) Setting Description ldap.tls_certfile = not set The PEM Encoded certificate file that should be presented to clients that connect. ldap.tls_keyfile = not set The PEM Encoded private key that should be used to encrypt the session. ldap.tls_randfile = not set A file containing random data to seed the OpenSSL PRNG. Not needed if your OpenSSL is already properly random. ldap.tls_require_cert = not set Certificate Verification requirements.
Table 54 LDAP Module Settings (Continued) Setting Description ldap.groupmembership_filter = not set The filter to search for group membership of a particular user after we have found the DN for the group. Example filter: (|(&(objectClass=GroupOfNames)(member=%{LdapUserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember= %{Ldap-UserDn}))) ldap.groupmembership_attribute = not set The attribute in the user entry that states the group the user belongs to.
Table 55 Rewrite Module Configuration Settings (Continued) Value Description module.attr_rewrite.name.replacewith = not set The replacement value which will be used for the attribute value, if the attribute matches the “searchfor” regular expression.
| Reference Framed-IP-Address: This attribute indicates the address to be configured for the user. In an Accounting-Request packet, it indicates the IP address of the user. Framed-IP-Netmask: This attribute indicates the IP netmask to be configured for the user when the user is a router to a network. Framed-Routing: This attribute indicates the routing method for the user, when the user is a router to a network. It is only used in Access-Accept packets.
RADIUS Server Internal Attributes The Simultaneous-Use attribute is used by the RADIUS server during the processing of a request. It never returned to a NAS. Simultaneous-Use specifies the maximum number of simultaneous logins a given user is permitted to have. When the user is logged in this number of times any additional attempts to log in are rejected. LDAP Standard Attributes for User Class The following list provides some of the attributes for the LDAP User class.
Table 56 Regular Expressions for Pattern Matching (Continued) (Continued) ^a Any string starting with “a” ^a$ Only the string “a” a$ Any string ending with “a” . Any single character \. A literal “.
Chapter 12 Glossary Access-Accept Response from RADIUS server indicating successful authentication, and containing authorization information. Access-Reject Response from RADIUS server indicating a user is not authorized. Access-Request RADIUS packet sent to a RADIUS server requesting authorization. Accounting-Request RADIUS packet type sent to a RADIUS server containing accounting summary information.
| Glossary operator profile The characteristics assigned to a class of operators, such as the permissions granted to those operators. operator/operator login User of Amigopod Visitor Management Appliance to create guest accounts or perform system administration. ping Test network connectivity using an ICMP echo request (“ping”). print template Formatted template used to generate guest account receipts. RFC Request For Comments; a commonly-used format for Internet standards documents.
Index A Application log ........................................................ 334 Export ............................................................... 334 Files .................................................................. 334 Filtering ............................................................. 333 Search .............................................................. 335 AAA...................................................................... 23, 45 Attribute values .......................
Check for updates................................................... 317 Classification groups............................................... 261 Closed session ........................................................ 220 Cluster ..................................................................... 347 Concurrent sessions................................................ 241 Configuration replication ......................................... 350 Configure Active Directory authentication.......................
Download Content ............................................................. 310 Download content ................................................... 311 Downtime threshold ................................................ 351 duplicate fields ........................................................ 159 Dynamic authorization............................. 156, 218, 220 E EAP............................................................................ 77 EAP-TLS ...............................................
secret_answer................................................... 195 secret_question ................................................ 195 Show forms....................................................... 159 Show views ....................................................... 159 simultaneous_use ..................................... 152, 154 sms_auto_send_field ................................ 234, 392 sms_enabled............................................. 233, 392 sms_handler_id ..........................
Create multiple.................................................. 137 Delete................................................................ 141 Disable .............................................................. 141 Edit............................................................ 123, 142 Email receipt ..................................................... 137 Export ............................................................... 148 Filtering .....................................
Time server ......................................................... 40 Update plugins.................................................... 43 Virtual machine ................................................... 32 Intermediate certificate............................................ 303 K Keep-alive ............................................................... 349 L LDAP Advanced options ............................................... 98 Create translation rule.......................................
Create LDAP server .......................................... 119 LDAP ................................................................. 119 Navigation ......................................................... 109 Password complexity........................................ 130 Password options ............................................. 111 User roles.......................................................... 112 Operator profile Privileges...........................................................
Local RADIUS accounting ................................ 249 Managing.......................................................... 242 Parameters ....................................................... 253 Print .......................................................... 242, 243 Reset to defaults............................................... 247 Run default ....................................................... 242 Run options ...................................................... 243 Run preview............
session filter creating ..................................................... 112, 117 Sessions Active ................................................................ 220 Closed............................................................... 220 Stale .................................................................. 220 sessions filtering .............................................................. 221 Setup wizard.............................................................. 34 Shared Secret............
Virtual IP address .................................................... 348 Virtual machine.......................................................... 32 NTP and timekeeping ......................................... 41 NTP configuration ............................................. 322 Visitor......................................................................... 27 Visitor Account .......................................................... 27 VLAN RADIUS Attributes .........................................