Extreme Networks

Hello, Yury!

First of all, thank you very much for such detailed response. Unfortunately, at the moment I can't give you all answers cause I am far away from my demo installation and have remote access only.

So, what I can say right now?

My primary task is to change autorization portal from Fortigate's to Extreme NAC's and it's almost done. There are a few interface things which still unclear, but I hope we'll solve them=)

Then, I want to make NAC to make lookups to my LDAP (Active Directory). And it's done.

I can say that two things above work in connection, but not 100% correct.

Details:

After connection to SSID is established, I try to open any website in browser and get to NAC's portal page.

There is a question: https://nac/main - is it correct URL for redirection? Cause I've set exactly this page...

Regardless correct it or not, on a client side I see this (everything below demostrated for wired client, but from a wireless client I see the same):

(Black text on foreground is a disgusting thing - I don't know now to remove that)

So, If I input wrong password I get:

If I enter correct login/password I get:

After I tick "Agree" and click "Complete registration" I get endless "Network Registration in Progress..."

There are my questions:

1) Actually, I want just to give users Internet access after successful login without any "Policy Acceptance" - let they get a page they have requested. How can I get that?

2) How can I remove black text in foreground "You have been denied network access because your device is not currently registered to the network. bla-bla-bla..."?

3) Are there any ways to make NAC's portal page appear automatically without manual browser opening by user? Like in 100% airports and hotels are...?

Many thanks to you, Yury...

I am not sure I got it correctly . WHen you say "NAC customization" is that about the web page customization or access control ? If latter , then I need to know few things .
First - as I understand , you are using your Captive portal BYOD (Authenticated Registration) option which will make a lookup back to your LDAP (Windows AD) . So , when the user enters the credentials (which exists in your AD) , the NAC will be changing policy from "Unregistered" to "Guest Access" (by default , unless you changed it) . YOu need to check couple of things : 1. On the End-Systems page , do you see that the Profile of the user changed to Guest Access ? If not , we would need to stop here and figure out why .If yes , then the next step -2. check on the Wireless Controller (Report page , the one with the client) if the customer get corresponded Role (Guest Access) . If not , then it would mean one of the thing - it is either this Role does no exist on WIreless Controller , or you have an issue with time sync. For the latter please check that both - controller and NAC has exactly the same time - the best point it to the same NTP server. If time is not in-sync , controller refuse the CoA change and role will stay the same.

Yury, it's done. After the upgrade I did exactly as you've said. Now, after connection I open browser and trying to access whatever get to NAC page!!! Thanks a lot!

So, do you have an article about further NAC customization. I enter my AD credentials, they are accepted, but there is still no access for me.

Please, look:

How may I make NAC authorize me?

Many thanks to you, Yury!

You are using 10.01 , this is a GA more the two years old I believe . Please upgrade it to 10.41 . Or 10.31 at least .The feature we are talking about (role based redirect , redirect at AP) was introduced in 10.11.
If it's VM , don't forget to change the disk to "para-virtual" as per release notes.