Extreme Networks

Antonio_Opromol · 2 weeks ago

Hi,

I've updated my XIQ-SE + ExtremeControl to latest version

and I'm trying How to Implement Microsoft Entra ID Registration with OpenID

I've configured Captive Portal for Entra ID registration and the test is successful

I've added the nac rule:

But on the client, when press the Button "Sign in with Microsoft" nothing happen (network login and Register as Guest works instead).

How can I debug what's the problem?

Zdeněk_Pala · a week ago

Hi Antonio.

I did not test the Entra ID with PBR.

Regarding troubleshooting/debugging, I suggest opening a GTAC ticket.

Regards Zdeněk Pala

Antonio_Opromol · 2 weeks ago

Hi Zdenek,

when I press the "SIgn in with Microsoft" button, in my wireshark session on the client, I don't see DNS request for any microsoft websites, seems that there is no redirection to the login page of microsoft and I don't see client connections to microsoft website at all.

In my configuration for the redirection I use the "Proxy DNS" method because my lab router (pfsense) seems not works with PBR.

Antonio_Opromol · 2 weeks ago

Hi Ryan and Zdenek,

I've added login.microsftonline.com to the allowed URL and domain in the network settings and allowed web of the captive portal

but when I click on the Microsoft login button the redirection to microsoft site doesn't happen.

If in the web client browser I try to go to https://login.microsoftonline.com I've a redirect page but empty:

Probally I don't put the Allowed web site in the correct format ....How debug more deep the problem?

Zdeněk_Pala · 2 weeks ago

both the Access Control Engine and the client must have access to the Microsoft

Regards Zdeněk Pala

Ryan_Yacobucci · 2 weeks ago

Hello,

Are you allowing client traffic out to Microsoft through the walled garden on the policy on the controller or switch?

The button should redirect the client out to login.microsoftonline.com, if the client has access to this resource blocked.

Thanks
-Ryan