Meru Connect

14.10
Release Notes
IMPORTANT: Previously called Identity Manager,, the product has been renamed Meru Connect and
the skin colour changed.

Meru Connect (formerly known as Identity Manager) provides comprehensive answers to issues facing
IT pertaining to role management, policy management and reporting across the BYOD life-cycle.
Packaged in a simple, wizard driven application, all facets of managing IT workload in deploying BYOD
are addressed effectively:

Onboarding for web and 802.1X authentications, abstracted across multiple OSs and devices
(laptops, smart phones, tablets) with iOS, Android,
Android Microsoft Windows, Apple MacOS X,
Linux
Wired and wireless network vendor-agnostic user access, device onboarding, policy and access
management
Role (visitor, temporary user, employee) and device based policy management
Integrated reporting and auditing
Integration across vertical-specific
vertical
applications (property management systems, payment
gateways) for ease of deployment
Retrieval and verification of identity and group based policies across multiple identity stores
(LDAP, RADIUS, social networking identities, other databases)
Integrated policy and reporting across specialized
specialized policy enforcement devices like firewalls
Integration with leading MDM vendors to define policies based on device compliance
Enterprise grade clustering for scalability and high-availability
high
Tailored to run on Meru SA series appliances or virtualized environments
vironments running VMWare
Plus much more....

Features & benefits

Seamless integration with multi-vendor

multi
network infrastructure and client platforms
Policy and role-based
based provisioning of wireless/wired network access
Optimized for ease-of-use
use for both IT staff and end users
Enterprise-strength
strength authentication and encryption
Simplifies device onboarding
Dramatically reduces IT workload
Supports existing infrastructure
infrastruct
and employee devices
Protects the network and sensitive data
Enterprise-strength
strength 802.IX authentication

1 | Meru Connect 14.10 Release Notes (December 2014)

Meru Networks Inc.

New Features

Single License Count - There are no longer two separate license counts, these have been removed
and replaced with one license count for all users whether they be internal or external Meru
Connect users.
Sponsor Reset Password - ability to allow a Sponsor to reset a users password manually for them.
Device Number Exceeded - ability to indicate to a guest when they have exceeded their allotted
number of devices on the network.
REST API Support - Implementation of REST APIs
iOS 8.1 Support
General Performance and scalability enhancements

2 | Meru Connect 14.10 Release Notes (December 2014)

Meru Networks Inc.

Fixed Issues
BugID
45270

44876
44873

44870
44203

44202

44172
43975
43238
43757
43797
43490
43491

42982
42926
42928

Description
A vulnerability is found in the SSLv3.0 protocol and all implementations of
SSLv3.0 are affected. This vulnerability allows a man-in-the-middle attacker to
decrypt ciphertext using a padding oracle side-channel attack.
For more information about this vulnerability:
POODLE: SSLv3.0 vulnerability (CVE-2014-3566).
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 for details
Underlying CentOS is vulnerable, updated BASH rpm to fix the issue.
See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271 for details
Auto lowercase of the Realm name while adding RADIUS Authentication policy.
This patch allows Realm name to be saved in the same case as entered by the
admin user while configuring the policy.
Under certain circumstance if the Meru controller is unresponsive IDM will also
become unresponsive.
Successful Sponsor mappings are not recorded in the audit log when
doing SSO authentication, this is not consistent with other authentication
methods.
When the same AD server is used for both Guest and Sponsor authentication,
the AD SSO Mapping matching can fail leading to AD SSO sponsor authentication
failure.
Under some circumstances a Guest Portal doesn't show the Success Page option
under Portal Redirect Policy.
If the IP address of the appliance has changed the Automatic setup will still
use the previous IP address when configuring the controller.
When using IE9 the place holder text for form input elements is not displayed.
On SA2000 appliances upgraded from previous IDM versions (IDM 13.10 or older)
the disk space information reported only refers to the first hard drive.
In some circumstances an error occurs when handling an API response, causing the
authentication to fail.
Allow Admin user to specify shared secret and port number when configuring
RadSec authentication policy with eduroam support.
Several vulnerabilities were recently found in OpenSSL,
IDM patch 4 contains updated OpenSSL 0.9.8 RPM's to address these issues.
For details see: http://www.openssl.org/news/secadv_20140605.txt
However 4 of the vulnerabilities listed do not affect IDM:
1. DTLS recursion flaw (CVE-2014-0221)
2. DTLS invalid fragment vulnerability (CVE-2014-0195)
REASON: IDM currently not using OpenSSL as DTLS client/server:
3. SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
4. SSL_MODE_RELEASE_BUFFERS session injection or denial of service
(CVE-2010-5298) REASON: These only effect applications using OpenSSL 1.0.0/1
The OS X Smart Connect DMG filesystem is corrupted & prevents the client from
mounting the disk & running the Smart Connect app
Gmail / Google Apps authentication failure due to SSL certificates
on imap.gmail.com nodes containing CN's which differ from their hostnames.
Facebook authentication failure due to changed SSL certificates.

3 | Meru Connect 14.10 Release Notes (December 2014)

Meru Networks Inc.

BugID

42647
42460
42645
41804

42008
42039
42214
42205
42293

Description
Also enabling Login Notification, security settings, on Facebook account causes
failure.
The SSL certificate used by the Twilio SMS server has changed.
The NTP service for date/time synchronisation did not automatically restart on
system boot.
In certain circumstances an error may occur when processing a user
authentication via the "Remember me" guest portal feature.
VRRP not behaving as expected in an L3 network configuration
[Client IP in subnet outside of IDM subnet].
Backup server responds to ARP contrary to VRRP RFC.
Increased time out value when establishing a connection to SMPP gateway
Changed "Identity Networks" to "Meru Networks" in description of Meru Networks
Responsive theme.
Allow My Account page to extend/reactivate accounts with no last name.
Fixed searching the guest account using an optional field as search filter.
In some circumstances IDM will default to the secondary RADIUS server
even though the primary is available.

Supported Hardware and VMware Version

Hardware
The following hardware products are supported for this release:
Supported
Unsupported

SA200, SA250, SA2000

VMWare

NOTE

ESX 3.5
ESX 3.5i
ESX 4.x
ESX 4.xi
ESX 5.xi
Server 1.0 or later
Microsoft Hyper V on Windows 2008 or later
Workstation 5.0 or later
Fusion 2.0 or later
Workstation and Fusion versions are only supported for evaluation or demonstration
purposes.

4 | Meru Connect 14.10 Release Notes (December 2014)

Meru Networks Inc.

Upgrading Meru Connect

NOTE

Users running versions prior to Meru Connect 13.10 must upgrade to 13.10 before
upgrading to 14.10 or later.

From the CLI Administration menu you can perform an upgrade

upgra of your Meru Connect.
Connect To allow this you
must have already uploaded the upgrade file to your Meru Connect; this can be done via the Meru
Connect administration interface once you have logged on for the first time.

NOTE

All previous releases of Identity Manager must be upgraded to 13.10 before upgrading
to Meru Connect 14.10. If running from SSH do not close the session or lose network
connectivity as this will terminate the upgrade and cause potential issues. To avoid this
problem you can
n run the upgrade from the appliance console.

1. From the Meru Connect Admin select Server and click on Upgrades (1) as shown below.

5 | Meru Connect 14.10 Release Notes (December 2014)

Meru Networks Inc.

2. Click on the browse button (2)

( and select the upgrade file from your locally stored directory. The file
should upload automatically.
3. From the CLI Administration Menu select option 7.

4. Select option 1 to perform the upgrade.

Licensing and Initial Configuration

Meru Connect requires a license file before it can run. For instructions on initial system setup and how
to obtain a license, refer to Chapter 4 (System Setup) of the Meru Connect User Guide.

Additional Documentation for this Release

In addition to these 14.10 release notes, the following documentation is available.

Meru Connect Configuration Guide

6 | Meru Connect 14.10 Release Notes (December 2014)

Meru Networks Inc.

Meru Support and Contact

For the first 90 days after you buy a Meru product, you have access to online support. If you have a
support contract, you have access for the length of the contract. See the web site
http://support.merunetworks.com for information such as:

Knowledge Base (Q&A)

Downloads
Open a ticket or check an existing one
Customer Discussion Forum

For assistance, contact Meru Customer Services and Support 24 hours a day toll-free
toll
at 888-637-8952
(888-Meru-WLAN)) or at 650-385
385-3144.
3144. Send email to support@merunetworks.com.

Meru Customer Services and Support provide end users and channel partners with the following:
Telephone technical support
Software update support
Spare parts and repair service

RMA Procedures
Contact Meru Customer Services and Support for a Return Material Authorization (RMA) for any Meru
equipment. Please have the following available when making the call:

Company and contact information

Equipment model and serial numbers
Meru software release and revision numbers
Description of the symptoms

Copyright Meru Networks, Inc., 2003 2014. All Rights Reserved

Other names and brands may be claimed as the property of others