Security

HI,

 

I'm trying to integrate Clearpass Guest with a HP MSM 760 controller.

 

I've got it working in that i can connect a guest user to the wireless with credentials posted to the Clearpass server. This works fine for iOS and Windows devices however i've tried a couple of android devices and these dont' seem to be able to POST the credentials back to the HP controller.

 

Just wondering if anybody has experienced this or if there are any known issues with Android and HTTP redirects?

Scott

 

Further to that the authentication flow is like this:

 

 

HP AP (Open SSID with HTML Authentication) > MSM Controller > Redirect to CPPM Web Page > Credentials POSTed to CPPM  and verified against radius (OK) > Redirect to MSM controller interface and POST of these credentials to controller > MSM controller RADIUS to CPPM.

 

I'm not sure if it will help but There is an old amigopod - colubris guide on the support site did you look at it just in case it has any trouble shooting tips.

thanks, yeah i used that as a reference, its actually very outdated and the instructions in that guide don't work (you have to use the controller certificate URL to reference the authentication and not the IP address otherwise it won't accept the HTML POST).

 

The implementation seems find it's just one type of client won't work.

 

scott

Can you be a bit more specific about "don't seem to be able to POST the credentials back to the HP controller".

 

What Android devices, and what browsers are you testing on?

 

What happens?  Are you on the login message page, or somewhere else?  Do you have a packet capture that shows what's going on?

 

Does the Android device have cookies enabled in the browser?

I've had issues in the past with Guest access (Amigopod) if the device didn't have cookies enabled

 

I can't speak for HP, however, I'm using a mixed Cisco and Aruba environment and we are not seeing these issues with Android Specifically.  I am seeing other issues with some Browsers on Android, but I don't have the issues you are describing.  I am running CP 6.2.

hi all, thanks for the replys.

 

i returned to the client site yesterday to troubleshoot this further.

 

Upon arriving i setup my tablet to connect and started running packet captures, only to find it was working fine......

 

Couldnt' fault it and as far as i know nothing has changed.

 

Guess i'll just put this down to HP controlller having a bad day (as they so often do).

 

Thankyou all for your helpful replies.

 

Hey Scott (or anyone else),

Is there an integration guide for HP MSM controllers and ClearPass for Guest Portals?

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Comma
nd/Core_Download/Default.aspx?EntryId=21973

Thanks!

I dug all through there before I posted here. Your link took me directly to it, but I couldn't find it when I searched. Is there a secret I'm missing, or am I having a blonde moment?

-jj

Documentation > ClearPass > TechNotes

all TechNotes are here https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Default.aspx?EntryId=7961

 

you want HP MSM and ClearPass v3.pdf

 

 

to respond to dave, the issue was that all the captive portal stuff was working fine. Packet captures from the controller interface showed that the Android device was posting to clearpass and then as per the correct flow, the client was then instructed to post the credentials to the HP controller. Packet captures showed the TCP SYN going to the controller but no replys.....

 

i'm suspecting the new HP MSM software is buggy as i've seen some weird behaviour with inconsitent authentication from AP's in the same AP group.

 

For example, i use called station id in me clearpass services to filter the SSID from each network coming in. I had a case where 1 access point on the floor would not send the mac:ssid string, but rather only the  mac address. This is not right and rebooting the AP resolved it....

 

Scott