Security

Reply
Contributor I
Posts: 25
Registered: ‎11-25-2013

Guest Login order Auth for AD then Guest Local DB

Hi all,

 

I want to set up my Guest Portal to have users with AD credentials be able to login with those credentials. However if a user doesn't have AD credentials I want them to self register and log in with the local Guest Account created.

 

In my service on CPPM I have the Web Auth service and the Guest portal works great with local Guest accounts. Under the service authentication I've added the AD Authentication Source and I'm unable to log in to the portal with AD credentails. I keep getting invalide Username or password. The worst part is nothing shows up in the Asset Tracker or any logs showing me why this is happening.

 

If anyone has experienced this let me know. Also it'd be helpful if anyone could give me some tips on where to look for debug logs.

 

Thanks,

Aruba
Posts: 1,520
Registered: ‎06-12-2012

Re: Guest Login order Auth for AD then Guest Local DB

What type of guest page are you using.

 

Self-reg

Web login

CPPM Onguard.

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor I
Posts: 25
Registered: ‎11-25-2013

Re: Guest Login order Auth for AD then Guest Local DB

tarnold,

 

Thanks for your quick reply. I'm using the Web Login with the self-reg option if the user doesn't have an AD account.

 

 

Guru Elite
Posts: 7,847
Registered: ‎09-08-2010

Re: Guest Login order Auth for AD then Guest Local DB

[ Edited ]

Do you have PAP enabled as an authentication method?

Anything in the event viewer?


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 25
Registered: ‎11-25-2013

Re: Guest Login order Auth for AD then Guest Local DB

I do have internal auth type as PAP. Also I should mention that I'm not a part of the domain, nor do I want to join the domain. I want to authenticate with the authentication source configurd for AD. In that Auth source I can search the base DN and everything, so I assume this source is working.

 

I don't see anything in the event viewer. I've set the log level to DEBUG under Radius, Policy Server, and Admin Server and nothing shows up.

Contributor I
Posts: 25
Registered: ‎11-25-2013

Re: Guest Login order Auth for AD then Guest Local DB

Actually I think I may just be using self-reg page.

Contributor I
Posts: 25
Registered: ‎11-25-2013

Re: Guest Login order Auth for AD then Guest Local DB

Ok,

 

I think your questions put me in the right mindset. So I'd like to confirm what I've found.

 

The Self-registration login and the Web Login are completely independent of each other. Is this correct?

 

I was hoping that I could present the Login for Self Registration and then the user enters AD credentials and it would authenticate. I believe this is where my hang up was.

 

Instead I need to present them with the Web Login. This will perform a RADIUS auth against CPPM where I can use the Auth source of AD to authenticate users. However if they dont' have an AD account, then I need to redirect them to the self-register page and they would log in via the Self Register login page.

 

I'm working through the scenario now to see if this works. Let me know if I'm on the right track.

Contributor I
Posts: 25
Registered: ‎11-25-2013

Re: Guest Login order Auth for AD then Guest Local DB

The issue has been resolved. The key for me was to disable the Pre-Auth Check. This then used the WebAuth I had created. Thanks for eveyones help.

Search Airheads
Showing results for 
Search instead for 
Did you mean: