Hello,
We are using ClearPass Guest and Aruba Instant.
We want to be able to provide a same captive portal for different type of people :
- Some who have an account in the Active Directory
- Some who don't have an account in the Active Directory and who must be authenticated using the sponsoring method
Here's what we did :
- We first joined CPPM in the AD and created it as a source of authentication.
- We then created services using the template 'Guest MAC Authentication' because we would like to implement MAC auth for these two types of people.
- We added the AD as an authentication source on the 'Guest Access With MAC Caching' Service.
When we test the login using a valid AD account on the portal, it works. But when we disconnect from the network and then reconnect to it, we are successfully accessing the Internet without getting redirected to the portal.
When we take a look at the access tracker, the user doesn't seem to go through any service at all. There is only a REJECT on the MAC Auth Profile.
Is that normal ?
How is it supposed to work ? Are the user credentials cached for a specific time ? If yes, where is it configured ?
I don't think we will have any problem to get the sponsoring method to work because we already set this up multiple times, but this is the first time we are working with Active Directory authentication and we don't really know the normal behaviour.
Thanks in advance.
- nice2k.