Security

Reply
New Contributor
Posts: 1
Registered: ‎02-29-2016

Clearpass - Intermittent "user not found" during registration/first login

I have a new implementation with User Authentication with MAC caching in a cluster that is working 90% of the time....  New guest user is captive portaled correctly, they fill out basic form and accept terms, then receipt page auto submits and the user is allowed on (MAC is then cached for future access).

 

Intermittently, when the user fills out the registration form and submits it, the controller authentication back to clearpass guest fails with: Error Code 201 - Authentication Failure

Alerts for this Request:

RADIUS [Guest User Repository] - localhost: User not found.

Cannot select appropriate authentication method

 

Without changing anything, the user can then typically submit the form again and this time they are logged in and everything is working. Sometimes they can submit multiple times and get the same error each time.  Access Tracker shows it as a Reject, but the "incoming" RADIUS data is identical to a working scenario....          

 

It works most of the time across the cluster so I've not found anything configuration related.....      Note: it is possible the registration may occur on node 2 while the radius request is sent to node 3.  I thought maybe it could be a local database replication delay issue or something but don't know where to begin there.... and sometimes I see it fail when the user account is clearly visible on the node in question....

 

Has anyone seen this before?   Any thoughts?  

 

 

 

Aruba Employee
Posts: 370
Registered: ‎11-04-2011

Re: Clearpass - Intermittent "user not found" during registration/first login

Sounds indeed like a database synchronization delay between the nodes. Guest accounts are created on the publisher, then synced back to the subscribers.

 

What might help is adding a delay to the login action, or let the user press a login button.

 

On the Guest Selfregistration page, under Advanced Editor, there is an option: Automatic Login - Guest Delay, with a default setting of 0 seconds. You may try setting this to 2 or 3 seconds and see if that resolves your issue.

 

Screenshot 2016-05-08 at 12.22.44.png

 

If this does not help, please work with your partner or Aruba TAC to get this resolved.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC.
Search Airheads
Showing results for 
Search instead for 
Did you mean: