Security

 View Only
Back to discussions
Expand all | Collapse all

Clearpass captive Portal With AD authentication

This thread has been viewed 86 times

  • 1.  Clearpass captive Portal With AD authentication

    Posted Nov 30, 2022 06:31 PM

    Hi all

    we are having an issue with the captive portal, while using AD as authentication source

    if We use the guest repository our portal is working ok. 


    Ir we use AD repository we get a login error, like invalid username or password. 

    What could be the issue?


    regards



  • 2.  RE: Clearpass captive Portal With AD authentication

    Posted Nov 30, 2022 06:48 PM
    so i take it you have guest repository and AD as auth sources right?
    please share the screenshot for access tracker as well

    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------

    Original Message


  • 3.  RE: Clearpass captive Portal With AD authentication

    Posted Nov 30, 2022 08:05 PM
    @ariyap In the access tracker we do not see any request logged



    Original Message


  • 4.  RE: Clearpass captive Portal With AD authentication

    Posted Nov 30, 2022 08:51 PM
    what clearpass version are you running?
    also check the event viewer for any entries

    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------

    Original Message


  • 5.  RE: Clearpass captive Portal With AD authentication

    Posted Dec 01, 2022 09:35 AM
    6.9.10

    I do not see any entries regarding the guest service with AD. Seems that the requests are not coming to clearpass correct. I only get the IP address correct and the our guest portal. AS I put some AD credential it comes back again to the same login portal saying invalid user /password
    Original Message


  • 6.  RE: Clearpass captive Portal With AD authentication

    Posted Dec 02, 2022 07:36 AM
    Hi,

    Did you enable 'pre-auth check' on Guest Page?  With that option ClearPass check credentials against AD. But you have to create an 'Application Authentication' service to serve this request.

    ------------------------------
    Tuna AKYOL // ACMX#1374 // AASX
    ------------------------------

    Original Message


  • 7.  RE: Clearpass captive Portal With AD authentication

    Posted Dec 02, 2022 09:19 AM
    Hi 

    I do not touch pre-auth cheching , but yes its enable.

    I need to create that authetication app where?

    Regards
    Original Message


  • 8.  RE: Clearpass captive Portal With AD authentication

    Posted Dec 02, 2022 09:50 AM
    pre-auth check can be RADIUS or App Authentication. It can be edited in guest page editor. Imo you should use "RADIUS -- check using a RADIUS request". And you need to create a Radius service on policy manager which include Auth source as your AD to handle your RADIUS request. Or you can use App Authentication in the same way as RADIUS.

    ------------------------------
    Tuna AKYOL // ACMX#1374 // AASX
    ------------------------------

    Original Message


  • 9.  RE: Clearpass captive Portal With AD authentication

    Posted Dec 02, 2022 10:18 AM
    Edited by beconnect Dec 02, 2022 10:23 AM
    Hi,

    I am already using guest service with mac caching with local user database.

    You are saying that I need to create another service for radius request??

    When I test a client machine to connect I get welcome by the captive portal with an initial guest role, when I input the credentials it loads and then it send  back to the captive portal with an "Authentication Failed" message.



    Original Message


  • 10.  RE: Clearpass captive Portal With AD authentication

    Posted Dec 03, 2022 12:36 AM
    as you have mentioned, you have pre-auth check = App Authentication on your weblogin page.
    you have mentioned that your guest users authenticate fine.
    This means that you have a service of type = Aruba Application Authentication, this service does the pre-auth check
    so in this service do you have AD auth source as well?

    Pre-auth CPPM service should look something line this



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------

    Original Message


  • 11.  RE: Clearpass captive Portal With AD authentication

    Posted Dec 05, 2022 12:07 PM
    Hi,

    I will check  tomorrow , but I think that service I don´t have.
    I only have a setting under Clearpass Guest page enabling pre auth check.

    But I will see that and get back to you guys

    Thanks
    Original Message


  • 12.  RE: Clearpass captive Portal With AD authentication

    Posted Dec 07, 2022 08:12 AM
    Hi All

    seems working now 
    I had already to services running Guest mac authentication and also Guest user authentication with mac caching with local DB

    What i needed to do , to get AD repository to be accepted, was to add on Guest user authentication with mac caching Service the AD repository and also to go to the guest management under CLearpass and on the "pre auth check" setting change it to " radius --check sing radius request"

    Now seems ok
    Regards and thanks
    Original Message


  • 13.  RE: Clearpass captive Portal With AD authentication

    Posted Oct 17, 2024 06:34 AM

    hi BECONNECT.

    I'm doing the same thing as you. however having issues with invalid username\password.

    i've got 2 x services MAC-AUTH and USER AUTHENTICATION with mac caching.

    i was on a call with TAC and they said i need a 3rd service to get it to work.

    This doesn't sound right to me.

    Can you confirm you had it working with just the 2 x policy manager services and the Guest page pre-auth check setting to "radius checking radius request ?


    Original Message


  • 14.  RE: Clearpass captive Portal With AD authentication

    Posted Oct 17, 2024 05:34 PM
    Peter. Almost sure that yes. 

    Its working like that. 
     Sent from my Iphone

    Bruno Costa

    IT Support Specialist

     

    CONNECTing Projectos e Consultoria Lda.

    Rua Diogo de Silves, 33C

    1400-107 Lisboa

    Tlm: +351 916 158 228

    Email: baraujo@connecting.pt







    Original Message


  • 15.  RE: Clearpass captive Portal With AD authentication

    Posted Oct 17, 2024 09:03 PM

    peter.elm, have you enabled  'pre-auth check' on Guest Page?



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------

    Original Message


  • 16.  RE: Clearpass captive Portal With AD authentication

    Posted Oct 18, 2024 03:59 AM

    hi Ariyap,

    thanks for getting back

    i'm using a web login and i have pre-auth check (the same as Bruno) with radius set. " radius --check using radius request"

    cheers

    Peter


    Original Message


  • 17.  RE: Clearpass captive Portal With AD authentication

    Posted Oct 18, 2024 04:03 AM

    hi Ariyao,

    reading your message again,

    do you mean a pre-auth check SERVICE in Policy Manager?

    regards

    Peter


    Original Message


  • 18.  RE: Clearpass captive Portal With AD authentication

    Posted Oct 18, 2024 03:56 AM

    hi Bruno,

    thanks for getting back mate.

    the weird thing is i have it set up in my lab and all working Clearpass version 6.10.8, however it is with aruba controller, at the customer site everything the same except they have Aruba Central managed Instant AP and Clearpass version 6.11.8.

    The error message in Access is "can't apply appropriate authentication method" but i do have PAP enabled.

    cheers

    Peter


    Original Message


Related Content