Security

I'm trying to set up something like this: http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Captive-portal-Guest-login-without-informing-an-email/m-p/27514/highlight/true#M1325  Anyone who clicks on the button gets authenticated and assigned to a role which only gives internet access.

I have it configured except it doesn't authenticate the user.  I suspect there needs to be a local user on the CPPM? Or controller?  There is also this: https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-154 but it doesn't quite seem to fit what I'm trying to do in this case.

Any ideas?

p.s. Arubapedia is not available to Aruba customers?

In the second article, there needs to be a user either in CPPM or in the local controller database that has the username "user1" and password of "passwd1".  The HTML has that user embedded in the Value statement:

<input type="hidden" name="user" id="user" type="text" value="user1" class="text" accesskey="u" />
<input type="hidden" id="password" name="password" type="text" value="passwd1" class="text" accesskey="p" />

I've tried the snippet above as well.  It doesn't seem to try to authenticate.  When I check the role on the controller, it still has the initial role.

<form name="form1" method="post" action="/auth/index.html/u">
<span class="bodytext">
<input type="hidden" id="email" name="email" type="text" value="user@company.com" class="text" accesskey="e" />
<input type="hidden" name="cmd" value="authenticate" />
<input type="submit" name="Login" value="I ACCEPT" class="button" />

or

<form name="form1" method="post" action="/auth/index.html/u">
<span class="bodytext">
<input type="hidden" name="user" id="user" type="text" value="user1" class="text" accesskey="u" />
<input type="hidden" id="password" name="password" type="text" value="passwd1" class="text" accesskey="p" />
<input type="hidden" name="cmd" value="authenticate" />
<input type="submit" name="Login" value="I ACCEPT" class="button" />

Neither seems to work.  I would think I would get an error trying to login if it failed.  It just takes me to https://{CPPM.ip}/tips/welcome.action screen.

Pdavis,

Let's set the bar low here, and then escalate it.  Do you have a Guest page on ClearPass that works in this scenario already before we do something custom?

Yes, using AD for the "login" box and self-registration works as well.  I've taken that baseline and added the 'guest' accept button code to that page (the original login page) using code in the Footer HTML section of the Login UI.

For self-registration, it uses the CPPM local DB.  The L3 captive portal configuration on the controllers uses AD (the username/password for the 'login' box on the CP page).  Hopefully I'm explaining that properly.

**and thanks for any/all help!!**

pdavis,

Question:

Is the page the way you want it in ClearPass, but you are trying to add Anomymous logins to the page?

Yes.