Security

In clearpass guest - what is the best way to create a single click SSID with just a captive portal that requires you to click accept to terms and then automatically creates a guest account and logs into the NAS device?

I have the "I agree to terms" part but am not sure how to remove the guest receipt/login page and still log into the network device. 

Is this controller CP or Clearpass Guest?

Clearpass based you can use the section that is at the bottom of the page

https://afp.arubanetworks.com/afp/index.php/Terms_and_Conditions_on_ClearPass#Terms_Only_Web_Logins

Controller based

https://afp.arubanetworks.com/afp/index.php/Guest_Wireless_Access_Acceptable_Use_Policy

Can someone post the contents of this link here?  I would like to configure the same setup, but I do not have a partner login.

https://afp.arubanetworks.com/afp/index.php/Terms_and_Conditions_on_ClearPass#Terms_Only_Web_Logins

The content is customer approved:

Terms Only Web Logins

To enable a login page solely containing terms and conditions, create a new web login with the folowing:

• Authentication: Anonymous – Do not require a username or password
• Auto-Generate: Checked
• Anonymous User: Choose a unique username of your choice. It will not be visible outside the account list.
• Pre-Auth Check: Local — match a local account

Sorry for resurrecting, but that link is no longer valid and searching just brings me back to this thread.

I have done the web login setup, but clicking login generates a RADIUS login attempt in Clearpass, which does not match any existing service.  What does that service definition have to look like?

If you look at the RADIUS request in Access Tracker, you should be able to compare the attributes to your existing web-login service to see where the mismatch is.

I'm kinda starting from scratch on this one.

I have defined the web login page in Clearpass guest to use the Aruba vendor settings and the controller-initated login. I get the clickthrough page fine, but clicking through gives me an access denied(null) message on the screen above the form, and I see nothing in access tracker. I was able to generate the unclassifed RADIUS service last night, but I can't remember how and it's not happening any more.

Changing to server-initated gives me an unclassified webauthservice error in access tracker, and the error message on the clickthrough screen changes to invalid username or password.

Should I be using controller initiated or server initiated?  And what service template should I be using?

OK, figured it out.

I had disabled the user login option in the L3 authentication profile.  Once I turned that back on I started getting the service classification error again and was able to create a matching service.

What I was missing was that even though the user was a "guest" in Clearpass, that user was still logging in from the point of view of the controller.