Hi Experts,
I am trying to configure a self sponsored captive portal solution where a user verifies their email. Its on a v6 controller and clearpass. I have configured the exact same solution twice before with v8 MM/MC and clearpass and it worked fine. The issue i am seeing is that reauthentication is not working on the controller. It is neither re-authenticating after the session times out or when it drops back to captive portal role (it should reauthenticate because of registration-role paramater)
Basically a user creates an account with an expiration of 5 minutes (initially). That generates an auth request which receives the following attributes from clearpass.
Role = Preauth_role
Session-timeout = 300
Termination-action = Radius-request (1)
They receive an email to sponsor themselves and extend that to 7 days.
After the session times out a new mac-auth request SHOULD be generated. That auth requests hits the mac auth service in clearpass which verifies that the user has sponsored themselves and clearpass responds with a different role. However that mac-auth is not happening, instead after the timeout the client just drops back to captive portal role and doesn't attempt a mac auth request. I would also expect a reauthentication to occur when the user drop back to captive portal role because of the registration-role paramater that is configured, this also doesn't work .
I think I might confuse things by copying my entire captive portal clearpass/controller config in. Everything is working except the reauthentication which should happen after the radius attributes above are sent to the controller.
I have a TAC case open with this the past few days but it isn't progressing anywhere fast. Any advice on this really appreciated. This seems like it should be a very basic fundamental feature but it is not working no matter how it is poked. I have come across a few other threads on airheads with similar problems but found none with valid solutions.
Thanks in advance