I can't completely understand how captive portal authentication with ClearPass Guest works. Could anyone explain in more detail steps 3 to 5 of the below picture?
I have read something about in some point of the process the client sends the credentials directly to ClearPass (skipping NAD), ClearPass replies directly to the client (skipping NAD again) and then client sends the credentials to NAD and then NAD to ClearPass. Also I have read something about ClearPass POST the user credentials to the NAD device? All this sounds very weird to me. Is there any documentation of the entire process? I have only found the following article:
But this is not explained in detail. I have also found this:
Which is very well explained, but it doesn't include the part of ClearPass.
3 and 4 are the local internal ClearPass credential check to the local user database.
5 is where the client browser submits the credentials to the controller. The controller iniaates a RADIUS request to ClearPass.
6 - If authentication is successful, ClearPass response with an access accept.
What errors are you seeing? What isn't working?
Hello! So, regading this same issue:
3- When the customer clicks Login button, the user credentials are sent to the Clearpass directly? So, they aren't proxied by the NAD?
4- ClearPass checks the credentials in its database and reponds directly to client (again with no intervention of NAD device).
So what types of messages/response does it send back to the customer?
I have a Clearpass enviroment and when I click Login always get: "Error 404: Page not found". So is this one of those messages I could get at step 4? Before the NAD even makes the RADIUS request?
OK, many thanks for the clarifications. Now I understand better this process.
OK, perfect. Then there is not step where ClearPass sends the user credentials back to the NAD device, right?
Then let me know if this is correct:
3 - When the client is entering the credentials in the Web Login page and click on "Login", are the credentials sent directly to ClearPass (with no intervention of NAD device)?
4 - ClearPass checks the credentials in its database and reponds directly to client (again with no intervention of NAD device) saying "Logging in..." or "Invalid username or password".
5 - Client sends credentials to NAD and NAD sends them in a RADIUS request to ClearPass.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.