11-25-2013 01:39 PM
I want to set up my Guest Portal to have users with AD credentials be able to login with those credentials. However if a user doesn't have AD credentials I want them to self register and log in with the local Guest Account created.
In my service on CPPM I have the Web Auth service and the Guest portal works great with local Guest accounts. Under the service authentication I've added the AD Authentication Source and I'm unable to log in to the portal with AD credentails. I keep getting invalide Username or password. The worst part is nothing shows up in the Asset Tracker or any logs showing me why this is happening.
If anyone has experienced this let me know. Also it'd be helpful if anyone could give me some tips on where to look for debug logs.
11-25-2013 09:22 PM
What type of guest page are you using.
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
11-26-2013 07:34 AM - edited 11-26-2013 07:34 AM
Do you have PAP enabled as an authentication method?
Anything in the event viewer?
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
11-26-2013 07:46 AM
I do have internal auth type as PAP. Also I should mention that I'm not a part of the domain, nor do I want to join the domain. I want to authenticate with the authentication source configurd for AD. In that Auth source I can search the base DN and everything, so I assume this source is working.
I don't see anything in the event viewer. I've set the log level to DEBUG under Radius, Policy Server, and Admin Server and nothing shows up.
11-26-2013 08:30 AM
I think your questions put me in the right mindset. So I'd like to confirm what I've found.
The Self-registration login and the Web Login are completely independent of each other. Is this correct?
I was hoping that I could present the Login for Self Registration and then the user enters AD credentials and it would authenticate. I believe this is where my hang up was.
Instead I need to present them with the Web Login. This will perform a RADIUS auth against CPPM where I can use the Auth source of AD to authenticate users. However if they dont' have an AD account, then I need to redirect them to the self-register page and they would log in via the Self Register login page.
I'm working through the scenario now to see if this works. Let me know if I'm on the right track.