Security

Reply
Aruba

Re: Problems with Clearpass Radius Server -> Auth server timeout

You can simply remove the IP information from the Data/External port....but be careful if you are using that port/IP for anything today that may break.   I am not positive if it will ask for a restart, or if it will just restart the necessary services.

 

 

cp-server-ip.jpg

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Regular Contributor I

Re: Problems with Clearpass Radius Server -> Auth server timeout

Ok, thank you so mutch, what a bad mistake!

 

Now I get a Authentication faild message and in the Access Tracker it shows me this message:

 

Capture.JPG

 

what is now wrong? The shared secred is right!

Aruba

Re: Problems with Clearpass Radius Server -> Auth server timeout

Depends on how your service is setup.   There looks to be two issues, one the authentication type is not supported and second the user does not exist in the internal database.    

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Regular Contributor I

Re: Problems with Clearpass Radius Server -> Auth server timeout

The user is in the CP guest under Guest -> list Account.

 

What can I check now?

 

Aruba

Re: Problems with Clearpass Radius Server -> Auth server timeout

It looks like your service that is being matched is looking at the Local User database on ClearPass; not the Guest Users database (which is the same as the CPG List Accounts).    You need to reevaluate the service rule that is being hit for this authentication.   

 

Is this a test from the controller?  or a guest logon?

 

Export your whole Access Tracker event (zip file).

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Regular Contributor I

Re: Problems with Clearpass Radius Server -> Auth server timeout

Ok I test the login from Captive Portal and from the Controller. Controller says Authentication failed end Captive Portal says the same.

 

This is a Log from Captive Portal login i attachment:

 

Highlighted
Aruba

Re: Problems with Clearpass Radius Server -> Auth server timeout

You are matching a service called WLAN Enterprise Service which only supports EAP authentication methods.   The Captive Portal authentication is going to be PAP or MSCHAP depending on how you have it setup.

 

You should have two services setup; one for 802.1X authentication (if you are using this authentication type for employees) and a second for guest/captive portal authentication; each with the appropriate conditions, auth sources, etc.

 

Refer to the integration guide you mentioned in your original post.  The section titled Guest SSID Login service configuration (page 44) goes through the setup.    You may have done this, but be careful on the order of the policies as they are applied top down.   It looks like you have the Enterprise service above the Guest service and it is matching that one.   

 

 

 

 

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Regular Contributor I

Re: Problems with Clearpass Radius Server -> Auth server timeout

Ok, now it works!!!!!!  :smileyhappy:

 

Thank you so mutch for your help. I am so thankful !!!!!

 

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: