Security

Reply
Contributor II

Clearpass Post Authentication Information Collection

Hi,

 

I have Clearpass configured in such a way whereby operators can create logins with usernames based on events and with very simple passwords. Such as, username: airheadsconference, password: airheadsconference, which then lasts for the duration of the conference.

 

End users connect to the conference SSID, hit captive portal, authenticate against a user authentication with MAC caching service and login with the simple credentials.

 

I'd like to collect the names and email addresses of the people using the shared username and password with some sort of HTML webpage that they get redirected to post authentication that then requests this information and adds it to the endpoint.

 

Is this possible?

 

Cheers

Shaun

Guru Elite

Re: Clearpass Post Authentication Information Collection

You would need to use a self-registration workflow instead of a web login.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II

Re: Clearpass Post Authentication Information Collection

Hi Tim,

 

Thanks for the reply,

 

So my understanding of Self Registration is that it allows anyone to access the network by entering simple details and then a sponsor allowing them access.

 

We do not want to inundate the sponsor with 1000's of emails from prospective wireless users. We'd like them to authenticate with a pre defined guest account. How do we get around this?

 

Cheers

Shaun

Guru Elite

Re: Clearpass Post Authentication Information Collection

You do not have to enable sponsorship on a guest self-registration.

 

Just create a custom field with a validator to check the "code".


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II

Re: Clearpass Post Authentication Information Collection

Sorry Tim you've lost me - Can you elaborate please?

Contributor II

Re: Clearpass Post Authentication Information Collection

Ok so I've managed to resolve this now by doing the following, it's a bit of a fudge but it works well and no JavaScript is involved.

 

When an end user connects they get placed into a role with a captive portal profile leading them to a web login, the inital role has an authentication role that again has a captive portal profile leading them to a self registration form requesting details, and then after authenticating in self registration they there are placed into an authenticated role wthout captive portal and allowed out the door.

 

So in essence an end user connects and is presented with a weblogin, after authenticating they are then presented with a self registration form, and then after authenticating with self registration they are free.

 

Hope this helps for those who had the same question as me and needed to protected thier network via a shared username and password but also required collecting visitor details.

 

Cheers

Shaun

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: