04-22-2015 08:11 AM
I've ran into an issue when I strip the domain if the users enter their full e-mail address in the authentication form in a captive portal. I'm using the "user:@" strip rule which works fine for AD authentication source but the full e-mail username is needed for Clearpass guest auth source accounts. With this strip rule active users can't login with guest accounts. I don't have the luxury of disabling the rule since some AD users still use their full e-mail to authenticate at times.
Anyone have any ideas of how to solve this challenge? I thought that I could possibly use @ouraddomain as separator for AD users but that does not appear to be allowed.
Solved! Go to Solution.
04-22-2015 08:15 AM
I have run into this and solved it by using a separate employee web login page with two different services. You can key off the page name in the service rules.
| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |