Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Guest Login order Auth for AD then Guest Local DB

This thread has been viewed 0 times

  • 1.  Guest Login order Auth for AD then Guest Local DB

    Posted Nov 25, 2013 04:39 PM

    Hi all,

     

    I want to set up my Guest Portal to have users with AD credentials be able to login with those credentials. However if a user doesn't have AD credentials I want them to self register and log in with the local Guest Account created.

     

    In my service on CPPM I have the Web Auth service and the Guest portal works great with local Guest accounts. Under the service authentication I've added the AD Authentication Source and I'm unable to log in to the portal with AD credentails. I keep getting invalide Username or password. The worst part is nothing shows up in the Asset Tracker or any logs showing me why this is happening.

     

    If anyone has experienced this let me know. Also it'd be helpful if anyone could give me some tips on where to look for debug logs.

     

    Thanks,



  • 2.  RE: Guest Login order Auth for AD then Guest Local DB

    EMPLOYEE
    Posted Nov 26, 2013 12:23 AM

    What type of guest page are you using.

     

    Self-reg

    Web login

    CPPM Onguard.



  • 3.  RE: Guest Login order Auth for AD then Guest Local DB

    Posted Nov 26, 2013 10:25 AM

    tarnold,

     

    Thanks for your quick reply. I'm using the Web Login with the self-reg option if the user doesn't have an AD account.

     

     



  • 4.  RE: Guest Login order Auth for AD then Guest Local DB

    EMPLOYEE
    Posted Nov 26, 2013 10:34 AM

    Do you have PAP enabled as an authentication method?

    Anything in the event viewer?



  • 5.  RE: Guest Login order Auth for AD then Guest Local DB

    Posted Nov 26, 2013 10:46 AM

    I do have internal auth type as PAP. Also I should mention that I'm not a part of the domain, nor do I want to join the domain. I want to authenticate with the authentication source configurd for AD. In that Auth source I can search the base DN and everything, so I assume this source is working.

     

    I don't see anything in the event viewer. I've set the log level to DEBUG under Radius, Policy Server, and Admin Server and nothing shows up.



  • 6.  RE: Guest Login order Auth for AD then Guest Local DB

    Posted Nov 26, 2013 11:05 AM

    Actually I think I may just be using self-reg page.



  • 7.  RE: Guest Login order Auth for AD then Guest Local DB

    Posted Nov 26, 2013 11:31 AM

    Ok,

     

    I think your questions put me in the right mindset. So I'd like to confirm what I've found.

     

    The Self-registration login and the Web Login are completely independent of each other. Is this correct?

     

    I was hoping that I could present the Login for Self Registration and then the user enters AD credentials and it would authenticate. I believe this is where my hang up was.

     

    Instead I need to present them with the Web Login. This will perform a RADIUS auth against CPPM where I can use the Auth source of AD to authenticate users. However if they dont' have an AD account, then I need to redirect them to the self-register page and they would log in via the Self Register login page.

     

    I'm working through the scenario now to see if this works. Let me know if I'm on the right track.



  • 8.  RE: Guest Login order Auth for AD then Guest Local DB

    Posted Dec 04, 2013 12:15 PM

    The issue has been resolved. The key for me was to disable the Pre-Auth Check. This then used the WebAuth I had created. Thanks for eveyones help.