07-29-2013 06:29 PM
I'm trying to integrate Clearpass Guest with a HP MSM 760 controller.
I've got it working in that i can connect a guest user to the wireless with credentials posted to the Clearpass server. This works fine for iOS and Windows devices however i've tried a couple of android devices and these dont' seem to be able to POST the credentials back to the HP controller.
Just wondering if anybody has experienced this or if there are any known issues with Android and HTTP redirects?
Solved! Go to Solution.
07-29-2013 06:32 PM
Further to that the authentication flow is like this:
HP AP (Open SSID with HTML Authentication) > MSM Controller > Redirect to CPPM Web Page > Credentials POSTed to CPPM and verified against radius (OK) > Redirect to MSM controller interface and POST of these credentials to controller > MSM controller RADIUS to CPPM.
07-29-2013 06:38 PM
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
07-29-2013 06:40 PM
thanks, yeah i used that as a reference, its actually very outdated and the instructions in that guide don't work (you have to use the controller certificate URL to reference the authentication and not the IP address otherwise it won't accept the HTML POST).
The implementation seems find it's just one type of client won't work.
07-29-2013 11:11 PM
Can you be a bit more specific about "don't seem to be able to POST the credentials back to the HP controller".
What Android devices, and what browsers are you testing on?
What happens? Are you on the login message page, or somewhere else? Do you have a packet capture that shows what's going on?
07-30-2013 09:53 AM
Does the Android device have cookies enabled in the browser?
I've had issues in the past with Guest access (Amigopod) if the device didn't have cookies enabled
07-31-2013 05:49 AM
I can't speak for HP, however, I'm using a mixed Cisco and Aruba environment and we are not seeing these issues with Android Specifically. I am seeing other issues with some Browsers on Android, but I don't have the issues you are describing. I am running CP 6.2.
08-07-2013 03:39 PM
hi all, thanks for the replys.
i returned to the client site yesterday to troubleshoot this further.
Upon arriving i setup my tablet to connect and started running packet captures, only to find it was working fine......
Couldnt' fault it and as far as i know nothing has changed.
Guess i'll just put this down to HP controlller having a bad day (as they so often do).
Thankyou all for your helpful replies.
08-07-2013 03:43 PM
to respond to dave, the issue was that all the captive portal stuff was working fine. Packet captures from the controller interface showed that the Android device was posting to clearpass and then as per the correct flow, the client was then instructed to post the credentials to the HP controller. Packet captures showed the TCP SYN going to the controller but no replys.....
i'm suspecting the new HP MSM software is buggy as i've seen some weird behaviour with inconsitent authentication from AP's in the same AP group.
For example, i use called station id in me clearpass services to filter the SSID from each network coming in. I had a case where 1 access point on the floor would not send the mac:ssid string, but rather only the mac address. This is not right and rebooting the AP resolved it....