01-19-2020 10:07 PM
I read the documentation https://documentation.extremenetworks.com/WiNG/Implementation_Guides/WiNG5_CaptivePortal_Onboard_Sel... and another Zebra branded document. In my lab I had the setup working described in “CaptivePortal_Onboard_Self_Registration” where users enter their email address on the captive portal and are immediately authenticated / have internet access. However I cannot get a working configuration where users receive a password by email for captive portal authentication.
the setup is the following.
VX 9000 controller version 18.104.22.168-018R
Access points are AP-7522, AP-7612 and AP-8432
Captive portal running on APs where users register with their email address. After registration they should receive a password for wifi login.
Users are redirected to the captive portal registration page. After users enter their email address and click the register button they are redirected to the login page, but don’t receive an email with a login password. I tested with the default captive portal html files provided by the controller.
Excerpt of running config
authentication server 1 onboard centralized-controller
webpage internal login footer Please contact the front desk if you have not been issued a username and password.
use aaa-policy Guest-Self-Registration
no webpage internal registration field city enable
no webpage internal registration field street enable
no webpage internal registration field name enable
no webpage internal registration field zip enable
no webpage internal registration field via-sms enable
no webpage internal registration field mobile enable
no webpage internal registration field age-range enable
webpage internal registration field email type e-address enable mandatory label "Email" placeholder "email@example.com"
no webpage internal registration field via-email enable
policy vlan 200
authentication data-source ldap ssid TestSSID01 precedence 1
authentication data-source local ssid Guest precedence 3
authentication data-source ldap fallback
authentication eap-auth-type peap-mschapv2
ldap-server primary host $LDAP-Config net-timeout 3
ldap-agent primary domain-name $LDAP-Config
use radius-group Guest-Self-Registration
use radius-group TestSSID01
email host 10.1.1.20 sender guest-registration@Testcorp.com security none
email subject Testcorp guest wifi password
email message Dear guest,CR-NLCR-NLyour password for Testcorp guest wifi is: GM_PASSCODECR-NLCR-NLbest regardsCR-NLTestcorp IT Department
profile vx9000 Tetscorp-VX9000
use radius-server-policy Testcorp-RADIUS-Policy
use guest-management TESTCORP-GM
use firewall-policy default
use auto-provisioning-policy NOC
use captive-portal server Guest-Portal
use wlan-qos-policy Guest
use captive-portal Guest-Portal
registration user group-name Guest-Self-Registration expiry-time 4320
use ip-access-list out BROADCAST-MULTICAST-CONTROL
use mac-access-list out PERMIT-ARP-AND-IPv4
The mongo db database is running on the controller.
vx9000-AABBCC*#show database status
MEMBER STATE ONLINE TIME
localhost PRIMARY 17 sec
Authentication: Disabled Authentication User: None
I ran a debug log while trying to register to guest wifi. It looks like the controller receives a registration, but does not generate an email. After that the radius-policy kicks in and denies access.
vx9000-AABBCC*#remote-debug captive-portal rf-domain Testcorp-RF clients AA-BB-CC-11-22-33 events all
Printing upto 50 messages from each remote system for upto 60 seconds. Use Ctrl-C to abort
[ap7522-112233] 03:55:35.420: client:captive-portal registration req [HS_REG_REQ] received for AA-BB-CC-11-22-33 (extif.c:1380)
[ap7522-112233] 03:55:35.420: client:reg server proxy_mode send_mode reg req for AA-BB-CC-11-22-33 (extif.c:675)
[ap7522-112233] 03:55:35.420: client:user registration request/info sent to user-db (to adopter) (extif.c:704)
[ap7522-112233] 03:55:35.420: client:reg status [Successfully registered the user details]  for AA-BB-CC-11-22-33 (extif.c:1429)
[ap7522-112233] 03:55:35.420: client:sent guest registration response to cgi for AA-BB-CC-11-22-33 (extif.c:1435)
[ap7522-112233] 03:55:35.420: client:adding client AA-BB-CC-11-22-33 to hotspot user cache (usercache.c:339)
[ap7522-112233] 03:55:37.439: client:hotspot auth request received for AA-BB-CC-11-22-33 (extif.c:1314)
[ap7522-112233] 03:55:37.439: client:handle forwarded auth request message for client[AA-BB-CC-11-22-33:AA-BB-CC-11-22-33] (extif.c:517)
[ap7522-112233] 03:55:37.439: radius:aaa-policy Guest-Self-Registration user: AA-BB-CC-11-22-33 mac: AA-BB-CC-11-22-33 server_is_candidate: 1 0
[ap7522-112233] 03:55:37.440: radius:access-req sent to wireless controller to be proxied via its adopter centralized controller (if any) to 1
[ap7522-112233] 03:55:37.442: radius:rx access-reject for AA-BB-CC-11-22-33 (radius.c:3756)
[ap7522-112233] 03:55:37.442: client:Forwarding hs-auth-response to hsd with status Failure for AA-BB-CC-11-22-33 (extif.c:271)
[ap7522-112233] 03:55:37.442: client:hotspot authentication failed for client AA-BB-CC-11-22-33 (extif.c:1303)
[ap7522-112233] 03:55:48.748: client:Hotspot client IP:10.2.1.234 vlan :200 Mac:AA-BB-CC-11-22-33 (config.c:1427)
[ap7522-112233] 03:55:48.748: client:Found session [0x107688] for client AA-BB-CC-11-22-33 (hs_main.c:276)
[ap7522-112233] 03:55:48.748: client:Hotspot resolved IPv4: 10.2.1.44 vlan :200 client: AA-BB-CC-11-22-33 (utils.c:88)
[ap7522-112233] 03:55:48.748: client:Hotspot client IP: 10.2.1.234, vlan :200, Mac: AA-BB-CC-11-22-33 (hs_main.c:2744)
[ap7522-112233] 03:55:48.748: client:Hotspot client AA-BB-CC-11-22-33 is being redirected on wlan 5 and vlan 200 (hs_main.c:2761)
[ap7522-112233] 03:55:48.748: client:read: client AA-BB-CC-11-22-33, num_bytes: 111, p_sess->buf: GET /connecttest.txt HTTP/1.1
Anybody has a similar setup working or an idea why it is not working as expected?
Thanks in advance