Security

Reply
Highlighted
Occasional Contributor II

Re: MAC authentication vs Web authentication

Hi clembo,

 

Let me check this out and get back to you.

 

BR,

Highlighted
Moderator

Re: MAC authentication vs Web authentication

If you're using ClearPass for guest, yes you'll need a second service in
ClearPass to handle the web auth portion.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Occasional Contributor II

Re: MAC authentication vs Web authentication

Hi clembo,

 


@clembo wrote:

FYI; I think there is confusion around CP in your setup.

 

Captive Portal

or

ClearPass

 

I think you said you don't have ClearPass, but are using and external captive portal page.   Please see my suggestion abo e.


Yes, by CP I meant Captive Portal.

 

BR,

Highlighted
Moderator

Re: MAC authentication vs Web authentication

OK. So you dont' have ClearPass.

 

MAC caching is not possible without ClearPass.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Occasional Contributor II

Re: MAC authentication vs Web authentication


@clembo wrote:

If I understand you correctly, you want to do MAC authentication; but if that fails have the user enter credentals on the Captive Portal page.  You claim you have MAC authentication working but webauth is not working when users enter credentials.   Can you verify you have defined your RADIUS server group as the authentication source under your Captive Portal Profile?

 

aos-cp-rad-group.png


Yes confirmed that I have correctly defined my radius server group as the authentication source for my captive portal profile.

Highlighted
Moderator

Re: MAC authentication vs Web authentication

So you do have ClearPass? I'm very confused.

 

Can you post a screenshot of your service list in ClearPass?



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Occasional Contributor II

Re: MAC authentication vs Web authentication

Hi cappalli,

 

Please note I do not have Clearpass.

 

I have the MAC address cached on an external server to which my radius server group is able to query when checking if the mac credentials are known (stored previously).

 

BR,

Occasional Contributor II

Re: MAC authentication vs Web authentication

Hi clembo,

 


@clembo wrote:

Also, did you make sure the credential post is configured properly within the HTML of your external page:

 

http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-create-a-custom-Captive-Portal-for-public-access/ta-p/177854.

 


Thanks for the info, I confirm that the login form post http syntax is correct. This is why I can perform web authentication successfully. However, the issue at hand is that I am not always able to perform web authentication when using the captive portals to submit credentials. 

 

What debug commands can I use to verify the controllers reciept of the form post from the client, and the subsequent radius auth request generation to the radius server group. 

 

BR,

Highlighted
Aruba

Re: MAC authentication vs Web authentication

I a little confused to your issues.  You mention that you can do WebAuth, but WebAuth with Captive Portal is not working.  Aren't they one in the same?

 

  • Where is the Captive Portal page; on the controller or external?
  • Can you explain a bit further when it works?
  • Can you explain a bit further when it does not work?

 

You could try to debug the user session; may not see everything you ask for, but may help:

 

logging level debugging user-debug <mac-address-of-client>

show log user-debug | include <mac-of-client>

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Highlighted
Occasional Contributor II

Re: MAC authentication vs Web authentication

Hi clembo,

 

Basically my issue is that WebAuth with Captive Portal is not working. When I post credentials on the Captive Portal page, the Captive Portal gets the client to run a client-side javascript to do a HTTP login post to the controller. Following the login post, I cannot see evidence of the controller performing a radius authentication request to my radius server group. Ultimately, I know WebAuth is failing because I remain in the initial role and do not get placed into the Captive Portal's  default role which is "authenticated" (Internet access available).

 

Response to your queries:


@clembo wrote:

 

 

  • Where is the Captive Portal page; on the controller or external?
  • Can you explain a bit further when it works?
  • Can you explain a bit further when it does not work?

 


  • The Captive Portal page is external to the controller
  • To make this less complicated, I will say that the WebAuth is not working when I try to use it. I understand that the WebAuth process should be executed every time I submit credentials on the CaptivePortal page. I believeWebAuth is failing because I cannot see the corresponding radius authentication in the controlpath pcap . 

BR,

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: