Wireless Access

Reply
Frequent Contributor I
Posts: 64
Registered: ‎02-23-2015

ClearPass Captive portal login by using just access codes rather than username and password.

Hello,

 

I am configuring a CPPM and so far Guest Captive portal is working. This is the way I did.

 

  • Guests/visitors connect to GUEST SSID.
  • They get redirected to captive portal page.
  • There's a link for them to create account if they don't have it yet.
  • In create account page, they enter their phone number and email as username.
  • They then receive a password for their email as username through text message.
  • They login.. then there's the internet. Their MAC is cached for a day or so, so they don't need to be redoing all the steps.

 

The problem is, the director doesn't want guest/visitors to be entering username and password but instead, they will receive an access code through SMS which they then enter on the captive portal. So the steps would be pretty similar:

 

  • Guests/visitors connect to GUEST SSID.
  • They get redirected to captive portal page.
  • There's a link for them to get an access code if they don't have it yet.
  • In get access code page, they enter their phone number.
  • They then receive an access code through text message.
  • They enter access code.. then there's the internet. Their MAC is cached for a day or so, so they don't need to be redoing all the steps.

 

 

I've been trying to reconfigure the CPPM but I am stuck so far. I would love to hear how to do this.

 

Thank you.

 

Guru Elite
Posts: 8,643
Registered: ‎09-08-2010

Re: ClearPass Captive portal login by using just access codes rather than username and password.

You could leverage the new MFA SMS workflow in ClearPass 6.6



http://www.arubanetworks.com/techdocs/ClearPass/6.6/Guest/Default.htm#Config
uration/MultiFactorAuth_Info.htm





Access Code - Only require a username for authentication-This option does
not require a password. If you are setting up Multi-Factor Authentication
(MFA) with username-only authentication, choose this option.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 64
Registered: ‎02-23-2015

Re: ClearPass Captive portal login by using just access codes rather than username and password.

Hi,

 

I have now changed the login form to Access Code.  However, everytime I receive the SMS receipt I still get an included generated PW with the generated username. When I use to login just  the username (which serves as the code) it complains that I entered an invalid username and PW. I expect that the PW should have nothing to do with this form of logging in as long as the username is valid. Am I missing something here.. Thank you.

 

r4KXF3P[1].png

 

 

Guru Elite
Posts: 8,643
Registered: ‎09-08-2010

Re: ClearPass Captive portal login by using just access codes rather than username and password.

Are you running 6.6? MFA was added in that release.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 64
Registered: ‎02-23-2015

Re: ClearPass Captive portal login by using just access codes rather than username and password.

I am running ClearPass Policy Manager 6.5.5.78974on 2x CP-HW-25K platform.

 

I'll try upgrade to 6.6 right now.

 

Thank you.

Frequent Contributor I
Posts: 64
Registered: ‎02-23-2015

Re: ClearPass Captive portal login by using just access codes rather than username and password.

Hi,

 

I was able to update CPPM to 6.6.0.81015. I noticed that everytime I do an upgrade, the subscriber always gets dropped and I have to resync it every time. Well, that's another issue.

 

I can see now the MFA feature however, I dont think this is what we want. We want a more simple approach.  Here's a simple walk through:

 

  • Client connects to GUEST SSID.
  • Redirected to Captive portal.
  • If  he has not received a generated USER ID(username) yet through SMS he has to click Register link.
  • In Register Page, he enters his phone number.
  • Through SMS, he receives a unique generated USER ID that expires in 24 hours.
  • He enters this USER ID and then comes the internet.

 

So basically, the condition is: if USER ID exist and has not expired then he gets internet.

 

I can now generate USER ID with no problem but in weblogin, it seem that it requires to enter a PW.

Frequent Contributor I
Posts: 64
Registered: ‎02-23-2015

Re: ClearPass Captive portal login by using just access codes rather than username and password.

[ Edited ]

Duplicate: sorry

Frequent Contributor I
Posts: 64
Registered: ‎02-23-2015

Re: ClearPass Captive portal login by using just access codes rather than username and password.

[ Edited ]

Duplicate: sorry

Frequent Contributor I
Posts: 64
Registered: ‎02-23-2015

Re: ClearPass Captive portal login by using just access codes rather than username and password.

[ Edited ]

Duplicate: sorry

Frequent Contributor I
Posts: 64
Registered: ‎02-23-2015

Re: ClearPass Captive portal login by using just access codes rather than username and password.

[ Edited ]

Duplicate: sorry

 

-Not sure what happened here but I got so many duplicate post. Mod please clean this up. Sorry for the mess.

Search Airheads
Showing results for 
Search instead for 
Did you mean: