Security

Reply
Occasional Contributor II
Posts: 16
Registered: ‎01-19-2014

Trouble with setting up ClearPass Guest Self Registration

Hi.  I need help in figuring why I'm unable to get the guest self registration web page come up when I connect up to my guest SSID.  The logs state there is an error 201 Authentication failure User not found.  Cannot select appropriate authentication method.

 

I've gone through various guides and it looks like I have everything configured correctly on both the controller and in ClearPass.  I'm completely stumped.

 

Thanks for any help with this.

Guru Elite
Posts: 8,649
Registered: ‎09-08-2010

Re: Trouble with setting up ClearPass Guest Self Registration

Do you have the guest user database as an authentication source under your
guest web login service?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 16
Registered: ‎01-19-2014

Re: Trouble with setting up ClearPass Guest Self Registration

Tim,

 

Thanks for the reply.  Excuse the noob questions as I'm brand new to ClearPass.

 

When you're referring to the authentication source for my guest web login service, are you referring to the guest service I configured in CPPM or is there a spot some where in the ClearPass Guest part?

Guru Elite
Posts: 21,291
Registered: ‎03-29-2007

Re: Trouble with setting up ClearPass Guest Self Registration

[ Edited ]

zx10guy,

 

If an incoming authentication is not classified, that means it did not satisfy the initial requirements of the service rules to handle it: below is a guest access service and listed on the summary and service tab are service rules for that specific service to handle an incoming authentication.  If you look at the access tracker on the failed authentication and look at the Input tab, it will tell you what the incoming attributes were for authentication.  You can compare it to the requirements on the service tab to see what you were missing:

 

service.PNG

 

For guest access it is probably best that you create the service using a service template in CPPM, because it will save you some time.  If you want to stick with what you have, please use the suggestion above to figure out why it is not being classified/handled by your guest service.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 16
Registered: ‎01-19-2014

Re: Trouble with setting up ClearPass Guest Self Registration

I used the service templates to do the initial setup.  I used the Guest Access template.

 

The only service rules I have set up are Calling-Station-Id, Client-Mac-Address, and Aruba-Essid-Name.  I configured the ESSID to match against the SSID I'm using for guest access.  Initially, CPPM wasn't even hitting this service but was matching with a different service.  I was able to get CPPM to use the guest access service I had set up by changing the match criteria of the service rule to ANY from ALL of the following conditions.  I'm not sure if this is also a clue into why this isn't working for me.

Guru Elite
Posts: 21,291
Registered: ‎03-29-2007

Re: Trouble with setting up ClearPass Guest Self Registration

What specifically are you looking at for the Calling Station ID and Client MAC address?  You do not want to specifiy those on the services tab, unless you just want to make sure that they exist...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 16
Registered: ‎01-19-2014

Re: Trouble with setting up ClearPass Guest Self Registration

[ Edited ]

Nothing specific.  Those service rules were included as part of the default parameters when I went through the Services Templates.  I took them out as I want to keep it as simple as possible to get this working.  I'm still getting the same error.  It keeps stating it can't find a user in the localhost Guest User Repository and that it cannot select the appropriate authentication method.

 

I also want to reiterate that I never get the self registration web page.  I try to get the page to come up by trying to access google.com and the browser just sits there waiting eventually timing out.  I do have network connectivity as I can ping the gateway.

Guru Elite
Posts: 21,291
Registered: ‎03-29-2007

Re: Trouble with setting up ClearPass Guest Self Registration

Well then, you need to add the guest repository as an authentication source to the service.  If you used the template, it would have already added that.  You also might want to check to see what authentication method is being used in the Input tab of the access tracker to determine what to add.  BOTH should have been added by the template.

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 16
Registered: ‎01-19-2014

Re: Trouble with setting up ClearPass Guest Self Registration

Yes.  The [Guest User Repository][Local SQL DB] is configured under Authentication Sources set up with Service Templates.  Under the Input tab in Access Tracker, I don't see anywhere where it states what Authentication source is being used.  All I have listed under Computed Attributes are:

 

Authentication:

ErrorCode

Full-Username

Full-Username-Normalized

MacAuth

Posture

Status

Username

 

The username looks to be some randomly generated name as it's a mix of numbers and letters.

Guru Elite
Posts: 21,291
Registered: ‎03-29-2007

Re: Trouble with setting up ClearPass Guest Self Registration


zx10guy wrote:

Yes.  The [Guest User Repository][Local SQL DB] is configured under Authentication Sources set up with Service Templates.  Under the Input tab in Access Tracker, I don't see anywhere where it states what Authentication source is being used.  All I have listed under Computed Attributes are:

 

Authentication:

ErrorCode

Full-Username

Full-Username-Normalized

MacAuth

Posture

Status

Username

 

The username looks to be some randomly generated name as it's a mix of numbers and letters.


It will not say the source in access tracker.  

 

It looks like you might have the controller configured for mac caching (sending a user's mac address as the username), but you do not have a service on the CPPM side to handle mac caching.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: