Security

Hello, 

It seems that there is a problem with the web authentication for onboard when using Active Directory. 

If I enter my credential in the web portal I get a username / password invalid. But when looking at  CPPM, I got the following error :

Error Code:
105
Error Category:
Internal error
Error Message:
Internal error in performing authentication
Alerts for this Request
WebAuthService Value for param Authentication:Username not found

When I look at the logs, I got this error :

2014-12-15 12:28:21,855 [ajp-apr-8009-exec-1] R:W00000001-01-548f1a35] ERROR com.avenda.tips.dataaccess.ldap.LdapAuthenSession - Failed to authenticate user=bellwifi @ AD Hopital(10.1.1.98)
2014-12-15 12:28:21,857 [ajp-apr-8009-exec-1] R:W00000001-01-548f1a35] WARN com.avenda.tips.webauthservice.AuthenHandler - Authentication failed @ AD Hospital
2014-12-15 12:28:21,858 [ajp-apr-8009-exec-1] R:W00000001-01-548f1a35] ERROR com.avenda.tips.webauthservice.WebAuthHandler - Failed to perform webauth, reason=InternalErrorInAuthentication

The connection with my AD is working properly because I can authenticate using PEAP-MSCHAPv2 and it works.

I have install the patch#3 thinking I will maybe resolve this bug but with no luck...

I have restarted the server and it is still not working.

I don't think there is a bug in there cause I'm running onboard with AD authentication without any problem using Patch#3 for 6.4. Fastest way to solve this would be to open a TAC case.

A few things to try..

* Did you use the Wizard for implementing the Onboard services? Verify that those are triggered, and you have added AD is an auth source on the Onboard Pre-Auth and Onboard Provisioning service.

* Does this procedure work with guest accounts? Try registering one and see how it goes when logging in with that.

* Create a normal web-login and see if you can successfully authenticate with an AD account.

Check that the service involved for onboarding is similar to where you have successfull authentication when it comes to auth type and auth source.

That could narrow it down to either problems with the form, or perhaps the services involved.

Hello John,

I would propably have to open a ticket with the TAC.

Yes the onboard services has been created using the wizard. I have added the AD authentication source to both services and I tried to use a guest account to log in and it worked. It really seems to not communicate with the AD at all but I know that my AD is properly configured because I can use it for authenticating user using PEAP.

I have added some picture showing the error logs.

I assume you've also tried with a client connected on wifi?

Try TAC - they are quick to respond ;)

I am running 6.4.3.69023

Patches 1, 2 and 3 are installed and applied.

Finally, I have found the problem. It was a space character in the filter query of the AD connection.