Security

last person joined: 2 days ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass - Guest authentication failed - "Invalide user name or password"

  • 1.  Clearpass - Guest authentication failed - "Invalide user name or password"

    Posted Jan 22, 2019 01:55 AM

    Hi all,

     

    New Clearpass Guest Install version 6.7 with a sonicwall redirection.

    We are correctly redirected to authentication page but we have an error message : "Invalide user name or password".

     

    All flows are open between Clearpass and Sonicwall.

     

    Topology :

    Infra.png

     

    Config_web_2.png

    Connection page configuration :

    Config_web_1.png

    User page configuration :

    User_page.png

     

    Sonicwall guest services configuration :

    Config_sonic_1.pngConfig_sonic_2.png

    Authentication error :

     

    Erreur_authe.pngErreur_authe_details.png

     

     



  • 2.  RE: Clearpass - Guest authentication failed - "Invalide user name or password"

    Posted Jan 22, 2019 04:07 AM

    'Service Classification failed' means that you didn't have a matching service defined in the ClearPass services.

     

    From the log, you can also see that the incoming request is of the type WebAuth, and you don't have any WebAuth services defined.

     

    Did you follow some integration guide? From this point, I would add a WEBAUTH service and see what comes into ClearPass then,

     

    What is not clear to me is how the actual authentication will happen in this situation. There are basically two methods for guest authentication. First is where the access device will do a RADIUS authentication against ClearPass, second is where the client will do a WebAuth against ClearPass and ClearPass then sends a RADIUS CoA (Change of Authorization) to the access device to allow traffic. This last method is often combined with a MAC authentication.



  • 3.  RE: Clearpass - Guest authentication failed - "Invalide user name or password"

    Posted Jan 22, 2019 06:06 AM

    We choose the Radius authentication and now, we have a loop after authentication succeed.

     

    The Radius service is match we are accepted BUT we are loop with the authentication page.

    Service Captive Portal Authentication - RADIUS :

    Service_guest.png

     

    Tracker authentication :Tracker.png

    Tracker_inter.png

    Any idea ?



  • 4.  RE: Clearpass - Guest authentication failed - "Invalide user name or password"

    Posted Jan 22, 2019 08:11 AM

    You can see that the authentication is happening from the ClearPass itself (127.0.0.1 / localhost). What you likely see here is a WebAuth to the ClearPass that authenticates.

     

    Again, I'm not aware of how the integration with SonicWall would work, but there are the two basic options I explained earlier. Which of those is used here?

     

    Have you found an integration document that you followed?