I have an IAP cluster, using Clearpass as the Radius server. The Captive Portal is on ClearPass Guest.
I have 2 services setup for accessing this network: MAC Authentication, and User Authentication with MAC Caching, listed in that order.
When a user connect to the Guest network for the first time, they fail MAC Authentication, and are assigned the Captive Portal Profile.
At the Captive Portal, you land on the login page, but have a link to go to the self-registration portal. if either a user connects with their AD account at the login, or creates an account to sign in, 2 scenerios occur:
1. after selecting login, they receive a DNS error, they cannot reach captiveportal-login.domain.com.
2. They are redirected back to the login page
Both scenerios have nothing show up in the Access tracker, outside of their initial MAC Auth failure.
The Captive portal profile is set to Clearpass, and the authentication server is set to clearpass and the accounting server is set to Clearpass.
The Guest login page has the correct URL listed for the wildcart cert being used on the IAPs.
It's difficult to debug as I'm not seeing the entry in the access tracker.
I'm also able to have the occasional user sign in successfully depending on their device. I just had a user unable to sign in on their laptop, but successfully sign in on their iphone using the same login credentials. MAC authentication works after initial sign in.
I've heard a bit about having the pre-auth check enabled in clearpass guest, and have a service associated to it, but lack understanding on what this does.
Versions
Clearpass: 6.5.0.71095
IAP: 6.5.0.0-4.3.0.0_56428
AirWave: 4.3.0
I'm in deseprate need for help on figuring out this problem. It has been ongoing for a while.
Thank you