05-13-2013 12:19 PM
when creating a new web login on clearpass guest 6.1 (not sure about before) the pre-auth check is enabled by default, is there any good reason to use it when you are doing simple guest access from an Aruba controller?
i was a bit dissapointed by the clearpass guest user guide, 6.1 is better then 6.0 which seems to skip the web login all together (only bits and pieces can be found) but both don't explain the use of pre-auth check.
Solved! Go to Solution.
05-13-2013 02:05 PM
The way NAS devices like wireless controllers do authentication on external captive portals only allows standard reject message handling like "authentication failed". The pre auth check allows CPPM to provide advanced error handling of a reject like "your time limit has been reached" before a user logs in. It is to do an end run around limited error handing of NAS devices on external captive portals.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
08-20-2013 08:05 AM
So now the next question, how does pre-auth check get user on the network? Is pre-auth and webauth service ordering significant? I don't see any post-auth actions on pre-auth, so will user have to submit credentials a second time?
Agree the documents don't give any explanation as to the use of both services (or just one) to accomplish user auth.
08-20-2013 08:42 AM - edited 08-20-2013 08:43 AM
i believe (but not a 100% anymore) that you will see two hits in the access tracker. there used to be a pre-auth service automatically generated with NAS-IP localhost (127.0.0.1), not sure how that goes in in 6.2.