03-12-2015 11:11 AM
I need to use IAP205 APs with ClearPass. I have a guest SSID where the ClearPass provides the external Captive Portal. I can see that the guest users needs to authenticate on the Captive Portal every time when they connect to the SSID. I try to configure that once a client successfully authenticate on the Captive Portal the next few hours there won't be need to reauthenticate with the same device. How can I configure this?
Thanks a lot!
03-19-2015 09:53 AM - edited 03-25-2015 09:09 AM
if i would like to authenticate with my domain username and password on Captive Portal with Guest MAC Cache service, how change my service settings?
I added my AD auth source to the MAC cache service (Radius Enforcement Generic), but it's not work for me. I got a reject, when the mac auth is in progress.
I can see the following error in Request Details Alert tab:
"Failed to get value for attributes=[UserName]"
03-25-2015 09:11 AM
03-25-2015 10:09 AM
we have two services in ClearPass Tips:
I added my AD to Authentication Source to User Authentication with MAC. If I connect to my SSID, the Captive Portal page displayed. I logged in my domain username and password, the connection was ACCEPT.
If I disconnected my device, and i connect again my SSID, I got a REJECT from MAC Authentication service. The following error is:
03-25-2015 11:50 AM
You shouldn't have MAC-authentication in your web login service.
Can you try setting this up with the service template instead?
03-26-2015 07:07 AM - edited 03-26-2015 07:20 AM
I resolved the issue. I can use my userAccountStatus attribute than Guest Role ID.
The MAC service can find this value, what contains every standard user account.
This value is constant 512. And I modified the [Employee] Post Authentication Role, and I use this value.