Security

Reply
Regular Contributor I

single click guest SSID

In clearpass guest - what is the best way to create a single click SSID with just a captive portal that requires you to click accept to terms and then automatically creates a guest account and logs into the NAS device?

 

I have the "I agree to terms" part but am not sure how to remove the guest receipt/login page and still log into the network device. 

Regards,

Josh
___________
ACMP, ACCP
Aruba

Re: single click guest SSID

Is this controller CP or Clearpass Guest?

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Aruba

Re: single click guest SSID

Clearpass based you can use the section that is at the bottom of the page

 

https://afp.arubanetworks.com/afp/index.php/Terms_and_Conditions_on_ClearPass#Terms_Only_Web_Logins

 

Controller based

 

https://afp.arubanetworks.com/afp/index.php/Guest_Wireless_Access_Acceptable_Use_Policy

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Regular Contributor I

Re: single click guest SSID

Thanks tarnold. I knew I saw that article at some point.
Regards,

Josh
___________
ACMP, ACCP
New Contributor

Re: single click guest SSID

Can someone post the contents of this link here?  I would like to configure the same setup, but I do not have a partner login.

 

https://afp.arubanetworks.com/afp/index.php/Terms_and_Conditions_on_ClearPass#Terms_Only_Web_Logins

 

Regular Contributor I

Re: single click guest SSID

The content is customer approved:

 

Terms Only Web Logins

To enable a login page solely containing terms and conditions, create a new web login with the folowing:

  • Authentication: Anonymous – Do not require a username or password
  • Auto-Generate: Checked
  • Anonymous User: Choose a unique username of your choice. It will not be visible outside the account list.
  • Pre-Auth Check: Local — match a local account
Regards,

Josh
___________
ACMP, ACCP
Contributor II

Re: single click guest SSID

Sorry for resurrecting, but that link is no longer valid and searching just brings me back to this thread.

 

I have done the web login setup, but clicking login generates a RADIUS login attempt in Clearpass, which does not match any existing service.  What does that service definition have to look like?

Guru Elite

Re: single click guest SSID

If you look at the RADIUS request in Access Tracker, you should be able to compare the attributes to your existing web-login service to see where the mismatch is.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II

Re: single click guest SSID

I'm kinda starting from scratch on this one.

 

I have defined the web login page in Clearpass guest to use the Aruba vendor settings and the controller-initated login. I get the clickthrough page fine, but clicking through gives me an access denied(null) message on the screen above the form, and I see nothing in access tracker. I was able to generate the unclassifed RADIUS service last night, but I can't remember how and it's not happening any more.

 

Changing to server-initated gives me an unclassified webauthservice error in access tracker, and the error message on the clickthrough screen changes to invalid username or password.

 

Should I be using controller initiated or server initiated?  And what service template should I be using?

Contributor II

Re: single click guest SSID

OK, figured it out.

I had disabled the user login option in the L3 authentication profile.  Once I turned that back on I started getting the service classification error again and was able to create a matching service.

What I was missing was that even though the user was a "guest" in Clearpass, that user was still logging in from the point of view of the controller.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: