auto password reset for guest SSID and email to users

Solved
freddy7
Here to help

auto password reset for guest SSID and email to users

We are trying to setup a guest wifi. The requirements would be that the guest wifi password would need to change once per week. We have setup a user and assigned a password and authorized the user. we can access and login to guest ssid. The issue per-se is, can the process of changing the password weekly and emailing password to certain folk be automated? Trying to make this as hands off as possible. Thank you

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

Splash Access also offer a nice paid solution that can do this.

https://www.splashaccess.com/portfolio/splashaccess-traditional/ 

View solution in original post

10 Replies 10
alemabrahao
Kind of a big deal

Unfortunately with the dashboard options you won't be able to do this automatically. You would need a third party solution.
 
One option is to integrate with AD and on the server set a password expiration policy.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

If you change to using WPA2-PSK, and a splash page, you can find a lot of scripts for changing the PSK.  Google "github meraki change psk".

 

You then need to schedule the script to run weekly.

PhilipDAth
Kind of a big deal
Kind of a big deal

Splash Access also offer a nice paid solution that can do this.

https://www.splashaccess.com/portfolio/splashaccess-traditional/ 

Madhan_kumar_G
Getting noticed

Hi, 

Yes, It's very much possible with the API and a python script. We have achieved the same for daily rotation and with an email having details of the rotated passwords. 

 

You need to tweak the script for weekly basis. I am attaching the link with details here. 

 

https://drive.google.com/file/d/1YsMqvV3MvqL0S237zWA_r3sji7bXBgWe/view?usp=drivesdk

TBHPTL
A model citizen

Or use a third party radius provider for a captive portal with a rotating passcode. That service will  send emails to whoever you want on what ever cycle you tell it. After its set up and for extra measure, I have a certain team recipient that  updates an announcement only mailbox that anyone can dial into that has access to our voip phones. Codes get updated at the halflife of the period you mandate so at any given time there are two valid codes. One new one and one on the way out. Anyone can call and be told the code for acces  with 5 digit dialing announcement.

 

 

BALAJIRG
Here to help

Hi,

 

Automated WPA2-PSK be achieved by API.

 

Edit the following python script as highlighted in red referring to the details.

 

Get the details 

 

"

import meraki

import requests

import random

import string

import smtplib

import ssl

from email.mime.text import MIMEText

from email.mime.multipart import MIMEMultipart

 

 

api_key = "your_api_key" # enter your meraki api key here

network_id = "your_network_id" # enter the network id of the network you

want to change here

ssid_number = "ssid_number"# enter the number of the ssid you want to change here 0 - 14

password_length = 15  # enter the desired length of the new PSK min 8 max 63

character_types = string.ascii_lowercase + string.ascii_uppercase + string.digits # remove or change according to needs

gmail_password = "App_password_generated" # enter the generated gmail app password here

sender_email = "sender@gmail.com" # sending gmail address

receiver_email = "reciver@gmail.com" # receiving address(es)

 

def random_string(stringlength=password_length):

    return ''.join(random.choice(character_types) for i in range(stringlength))

 

 

def set_new_psk(new_psk, ssid=ssid_number):

    url = "https://api.meraki.com/api/v0/networks/"+network_id+"/ssids/"+str(ssid)  #remove the spaces the I inserted to get around a community bug

    payload = "{\r\n    \"psk\": \""+str(new_psk)+"\"\r\n}"

    headers = {

        'Accept': "*/*",

        'Content-Type': "application/json",

        'cache-control': "no-cache",

        'X-Cisco-Meraki-API-Key': api_key

    }

 

    response = requests.request("PUT", url, data=payload, headers=headers)

 

    print(str(response.status_code) + " - " + response.text)

    return(response.status_code)

 

 

def send_password_email(new_psk_param):

 

    message = MIMEMultipart("alternative")

    message["Subject"] = "New Wi-Fi PSK"

    message["From"] = sender_email

    message["To"] = receiver_email

 

    # Create the plain-text and HTML version of your message

    text = """\

    Hi,

    We've changed the Wi-Fi password to: {new_psk}

    Kind regards,

    pskscript""".format(new_psk=new_psk_param)

    html = """\

    <html>

      <body>

        <div>Hi,<br>

           <br>

           We've changed the Wi-Fi password to: <br> #content to be recived

           <h1>{new_psk}</h1>

           Kind regards,<br>

           pskscript

        </div>

      </body>

    </html>

    """.format(new_psk=new_psk_param)

 

    # Turn these into plain/html MIMEText objects

    part1 = MIMEText(text, "plain")

    part2 = MIMEText(html, "html")

 

    # Add HTML/plain-text parts to MIMEMultipart message

    # The email client will try to render the last part first

    message.attach(part1)

    message.attach(part2)

 

    # Create secure connection with server and send email

    context = ssl.create_default_context()

    with smtplib.SMTP_SSL("smtp.gmail.com", 465, context=context) as server:

        server.login(sender_email, gmail_password)

        server.sendmail(

            sender_email, receiver_email, message.as_string()

        )

 

 

new_psk = random_string(password_length)

if set_new_psk(new_psk) == 200:

    send_password_email(new_psk)

 

 

Schedule Python script to run weekly on some online platforms like "www.pythonanywhere.com" or you can run the script in the internal server with using crontab.

 

freddy7
Here to help

Thank you all for your input. I will be looking in to the Splash Access option. Whether or not we go with this option is another thing. 

PrashantNagaraj
Comes here often

Hello,

 

I am trying to use this script to change the password on a given Wireless SSID. I have installed the python modules: meraki & requests . Customized according to my ORG Info. like API_Key, Network_ID, SSID_Number

 

When I run the script, I get error as : python3 pwdmeraki.py

===

File "/home/user/Desktop/pwdmeraki.py", line 21
return ''.join(random.choice(character_types) for i in range(stringlength))
^
IndentationError: expected an indented block after function definition on line 20

===

 

The lines 19 to 22 look like
===
gmail_password = "My_Gmail_App_Password" # enter the generated gmail app password here
sender_email = "App_Password_User@gmail.com" # sending gmail address
receiver_email = "receive@gmail.com" # receiving address(es)

 

# the below two lines are line 20 and 21
def random_string(stringlength=password_length):
return ''.join(random.choice(character_types) for i in range(stringlength))

 

def set_new_psk(new_psk, ssid=ssid_number):
url = "https://api.meraki.com/api/v0/networks/"+network_id+"/ssids/"+str(ssid)
payload = "{\r\n \"psk\": \""+str(new_psk)+"\"\r\n}"
headers = {
'Accept': "*/*",
'Content-Type': "application/json",
'cache-control': "no-cache",
'X-Cisco-Meraki-API-Key': api_key
}

===

How to solve this ?

PhilipDAth
Kind of a big deal
Kind of a big deal

These bits should be indented.

 

 

def set_new_psk(new_psk, ssid=ssid_number):
   url = "https://api.meraki.com/api/v0/networks/"+network_id+"/ssids/"+str(ssid)
   payload = "{\r\n \"psk\": \""+str(new_psk)+"\"\r\n}"
   headers = {
      'Accept': "*/*",
      'Content-Type': "application/json",
      'cache-control': "no-cache",
      'X-Cisco-Meraki-API-Key': api_key
   }

 

PrashantNagaraj
Comes here often

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels