Wireless Access

Reply
Regular Contributor I

Captive Portal not assigning correct Role

I've setup a second Captive Portal page using the guest-logon as the initial role and the ****Guest us the user role after authentication.  We see users get assigned the guest-logon initial role, but once they authenticate via Captive Portal they are placed on the guest role instead.

 

I've checked everything and cannot find why this is happening.  Any suggestions?

Retired Employee

Re: Captive Portal not assigning correct Role

I would check the default role under 

"show aaa authentication captive-portal <profile-name>" 

 

--
HT
Aruba Employee

Re: Captive Portal not assigning correct Role

Are the users authenticated using the internal database on the controller?  If so, they will have "guest" as the role by default and a server provided role takes precendence over the default role.

 

If you want to use a role other than "guest", you will have to edit the internal account roles OR use an external authentication server (AFAIK).

Contributor I

Re: Captive Portal not assigning correct Role

Run the command 'show aaa server-group <server group name>' Do you see: 'set role condition role value-of'? The default server groups applies this Server Rule. Either remove this rule, or if this Sever Group is being referenced by other profiles create a new Server Group, and leave out that Server Rule

New Contributor

Re: Captive Portal not assigning correct Role

I've run into the same issue recently.  What code are you running?

Aruba Employee

Re: Captive Portal not assigning correct Role

I would probably debug that user and check in the user-debug logs, where these roles are getting derived from.

Regular Contributor I

Re: Captive Portal not assigning correct Role

Sorry for the late reply.  After doing some reading on your code release version, we found the issue.  We are on code 3.3.3.2.  Apparently on this code the default role assigned for guest users via Captive Portal is "guest".  There is nowheere in the CLI or GUI where this shows, we just found it by reading.

New Contributor

Re: Captive Portal not assigning correct Role

you can also check the role by 

show user ip <ip address of client>    or by show user mac <mac of client >

there it will have all the info about the client and look for role and vlan derivation.

 

New Contributor

Re: Captive Portal not assigning correct Role

also try checking the user table and look for authentication as web that means it went through captive portal , once verified look for the role client is getting , if its not the role u mentioned then , check the default-role you specified in aaa authentication captive <name >. 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: