Security

Reply
Frequent Contributor I
Posts: 65
Registered: ‎09-29-2010

Access denied on ClearPass Captive Portal

I followed the instructions in the "Aruba Wireless and Clearpass 6 intergration guide v1.3" and most of it is working, but the the guest self-registration.  The guest can hit the captive portal, create the account but the login part isn't working.

 

I enter the login, and it would briefly display "Connecting to the network" or something along those lines and bring me back to the captive portal login screen with Access Denied. 

 

I changed the IP Address on the "NAS Vendor Settings" to the controller (the IP address on the guest network for the controller) and when I hit login it takes me to a page on the controller (I have to approve the security certififiate) and then back to the ClearPass portal login screen with Access denied.

 

The Access tracker doesn't show any reasons why this isn't passing (the captive portal logins don't show up there).  Any idea of where I can look for a better error description, or ideas of a next step in troubleshooting?

 

Thanks!

MVP
Posts: 4,124
Registered: ‎07-20-2011

Re: Access denied on ClearPass Captive Portal

 

Make sure that this field matches your guest SSID : Configuration » Services » Edit - <Service Name>

ClearPass Policy Manager - Aruba Networks_2013-10-01_13-43-35.png

 

Also make sure under the Guest setup  you have the IP address of your controller in the allowed dynamic list :

 

Home » Configuration » Guest Self-Registration

 

 

On the Access tracker what do you see in the Alerts tab :

 

ClearPass Policy Manager - Aruba Networks_2013-10-01_14-01-24.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor I
Posts: 65
Registered: ‎09-29-2010

Re: Access denied on ClearPass Captive Portal

Victor thanks for the ideas.

 1. I had this in the system correctly.  Mine did use the "EQUALS" instead of "BELONGS_TO" I'm thinking those work about the same, but I changed mine to match your config but didn't fix anything.

 

2. I'm not sure where this dynamic list is, can you give me more details?  I went to Home >> Configuration >> Guest Self-Regisration - Selected the page but I'm not sure where to go from there on this.

 

3. There isn't a logged event for this - I'm guessing because the access denied is happening on the Captive Portal login, not on the wireless authentication?

 

Any other ideas would be great!

Thanks!

Aruba
Posts: 1,536
Registered: ‎06-12-2012

Re: Access denied on ClearPass Captive Portal

Look in the event viewer and see if there are any errors in there.

 

It might be a simple password mismatch on the controller

 

Also in your controller make sure you have the server setup as the auth source.

 

controller2.png

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Regular Contributor II
Posts: 202
Registered: ‎01-30-2013

Re: Access denied on ClearPass Captive Portal

Hi,

 

I follow also the same guide and can connect to the guest ssid, but can't see captive portal ...

 

tomorrow going to check all settings... it seems reading this post  that my guest setting "radius:aruba does not match my guest ssid...

 

regards

 

 

 

Aruba
Posts: 1,536
Registered: ‎06-12-2012

Re: Access denied on ClearPass Captive Portal

You will see a failed request with no service attached if that was the case. It sounds like you are just are missing a setting in your controller.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Frequent Contributor I
Posts: 65
Registered: ‎09-29-2010

Re: Access denied on ClearPass Captive Portal

Thanks Troy - the screenshot saved the day!

 

I had Guest login checked instead of user login.  After I changed that everything started working!

 

Thanks!
ClearPassSetup.PNG

Search Airheads
Showing results for 
Search instead for 
Did you mean: