Security

Hi, I have a local controller and a DMZ controller setup, i have an external captive portal and Guest self-registration enabled. Under my Guest self-registration profile i have NAS vendor setting with "send Cleartext password over HTTP"

, everything is working, I am just curious why when credentials are sent over HTTP and the credential are either invalid or expired it shows "Internal server error"

but when HTTPS is selected under NAS vendor setting if the credentials are wrong it send you back to the captive portal with an "authentication failed "null"?? 

I know that i can select Pre-Auth and avoid this but for me is not an option since i am using an external authentication souce "Active directory" I am attaching a couple of screenshots so all makes more sense. BTW i am using OS Version 6.4.2.8 on the controllers.

A couple of things:

1. Pre-auth can be used with non-guest sources. You just have to choose RADIUS or application and then create a service in ClearPass to handle the request
2. Looks like you're using the default controller certificate. Please replace it. https://community.arubanetworks.com/t5/Controller-Based-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Controllers/ta-p/275809

Hi, sorry for me late response, 

1. Pre-auth can be used with non-guest sources. You just have to choose RADIUS or application and then create a service in ClearPass to handle the request.

Can this be done with Guest self-registrations? I see the option with Web Logins

Guest self-registrations

Web Logins

And for the certificate I am changing it, building the CA on my lab still.

You would use a custom web login form instead of the one built into the self-registration.

By any chance do you have an example of this? or any article i can use