This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Wireless
- ExtremeWireless (WiNG)
- Wing Captive Portal User Self-registration
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Wing Captive Portal User Self-registration
Wing Captive Portal User Self-registration
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-19-2020 10:07 PM
Hello Community,
I read the documentation https://documentation.extremenetworks.com/WiNG/Implementation_Guides/WiNG5_CaptivePortal_Onboard_Sel... and another Zebra branded document. In my lab I had the setup working described in “CaptivePortal_Onboard_Self_Registration” where users enter their email address on the captive portal and are immediately authenticated / have internet access. However I cannot get a working configuration where users receive a password by email for captive portal authentication.
the setup is the following.
VX 9000 controller version 5.9.3.0-018R
Access points are AP-7522, AP-7612 and AP-8432
Goal
Captive portal running on APs where users register with their email address. After registration they should receive a password for wifi login.
Problem
Users are redirected to the captive portal registration page. After users enter their email address and click the register button they are redirected to the login page, but don’t receive an email with a login password. I tested with the default captive portal html files provided by the controller.
Excerpt of running config
aaa-policy Guest-Self-Registration
authentication server 1 onboard centralized-controller
!
!
captive-portal Guest-Portal
access-type registration
access-time 10080
inactivity-timeout 86400
simultaneous-users 2
terms-agreement
webpage internal login footer Please contact the front desk if you have not been issued a username and password.
use aaa-policy Guest-Self-Registration
webpage-auto-upload
no webpage internal registration field city enable
no webpage internal registration field street enable
no webpage internal registration field name enable
no webpage internal registration field zip enable
no webpage internal registration field via-sms enable
no webpage internal registration field mobile enable
no webpage internal registration field age-range enable
webpage internal registration field email type e-address enable mandatory label "Email" placeholder "you@domain.com"
no webpage internal registration field via-email enable
!
radius-group Guest-Self-Registration
guest
policy vlan 200
!
radius-server-policy Testcorp-RADIUS-Policy
authentication data-source ldap ssid TestSSID01 precedence 1
authentication data-source local ssid Guest precedence 3
authentication data-source ldap fallback
authentication eap-auth-type peap-mschapv2
ldap-server primary host $LDAP-Config net-timeout 3
ldap-agent primary domain-name $LDAP-Config
use radius-group Guest-Self-Registration
use radius-group TestSSID01
!
guest-management TESTCORP-GM
email host 10.1.1.20 sender guest-registration@Testcorp.com security none
email subject Testcorp guest wifi password
email message Dear guest,CR-NLCR-NLyour password for Testcorp guest wifi is: GM_PASSCODECR-NLCR-NLbest regardsCR-NLTestcorp IT Department
!
profile vx9000 Tetscorp-VX9000
use radius-server-policy Testcorp-RADIUS-Policy
use guest-management TESTCORP-GM
use firewall-policy default
use auto-provisioning-policy NOC
use captive-portal server Guest-Portal
!
wlan Guest
ssid Guest
vlan 200
bridging-mode local
encryption-type none
authentication-type none
no answer-broadcast-probes
no client-client-communication
use wlan-qos-policy Guest
use captive-portal Guest-Portal
captive-portal-enforcement
registration user group-name Guest-Self-Registration expiry-time 4320
use ip-access-list out BROADCAST-MULTICAST-CONTROL
use mac-access-list out PERMIT-ARP-AND-IPv4
!
The mongo db database is running on the controller.
vx9000-AABBCC*#show database status
--------------------
MEMBER STATE ONLINE TIME
--------------------
localhost PRIMARY 17 sec
--------------------
Authentication: Disabled Authentication User: None
--------------------
I ran a debug log while trying to register to guest wifi. It looks like the controller receives a registration, but does not generate an email. After that the radius-policy kicks in and denies access.
vx9000-AABBCC*#remote-debug captive-portal rf-domain Testcorp-RF clients AA-BB-CC-11-22-33 events all
Printing upto 50 messages from each remote system for upto 60 seconds. Use Ctrl-C to abort
[ap7522-112233] 03:55:35.420: client:captive-portal registration req [HS_REG_REQ] received for AA-BB-CC-11-22-33 (extif.c:1380)
[ap7522-112233] 03:55:35.420: client:reg server[] proxy_mode[0] send_mode[0] reg req for AA-BB-CC-11-22-33 (extif.c:675)
[ap7522-112233] 03:55:35.420: client:user registration request/info sent to user-db (to adopter) (extif.c:704)
[ap7522-112233] 03:55:35.420: client:reg status [Successfully registered the user details] [1] for AA-BB-CC-11-22-33 (extif.c:1429)
[ap7522-112233] 03:55:35.420: client:sent guest registration response to cgi for AA-BB-CC-11-22-33 (extif.c:1435)
[ap7522-112233] 03:55:35.420: client:adding client AA-BB-CC-11-22-33 to hotspot user cache (usercache.c:339)
[ap7522-112233] 03:55:37.439: client:hotspot auth request received for AA-BB-CC-11-22-33 (extif.c:1314)
[ap7522-112233] 03:55:37.439: client:handle forwarded auth request message for client[AA-BB-CC-11-22-33:AA-BB-CC-11-22-33] (extif.c:517)
[ap7522-112233] 03:55:37.439: radius:aaa-policy Guest-Self-Registration user: AA-BB-CC-11-22-33 mac: AA-BB-CC-11-22-33 server_is_candidate: 1 0
[ap7522-112233] 03:55:37.440: radius:access-req sent to wireless controller to be proxied via its adopter centralized controller (if any) to 1
[ap7522-112233] 03:55:37.442: radius:rx access-reject for AA-BB-CC-11-22-33 (radius.c:3756)
[ap7522-112233] 03:55:37.442: client:Forwarding hs-auth-response to hsd with status Failure for AA-BB-CC-11-22-33 (extif.c:271)
[ap7522-112233] 03:55:37.442: client:hotspot authentication failed for client AA-BB-CC-11-22-33 (extif.c:1303)
[ap7522-112233] 03:55:48.748: client:Hotspot client IP:10.2.1.234 vlan :200 Mac:AA-BB-CC-11-22-33 (config.c:1427)
[ap7522-112233] 03:55:48.748: client:Found session [0x107688] for client AA-BB-CC-11-22-33 (hs_main.c:276)
[ap7522-112233] 03:55:48.748: client:Hotspot resolved IPv4: 10.2.1.44 vlan :200 client: AA-BB-CC-11-22-33 (utils.c:88)
[ap7522-112233] 03:55:48.748: client:Hotspot client IP: 10.2.1.234, vlan :200, Mac: AA-BB-CC-11-22-33 (hs_main.c:2744)
[ap7522-112233] 03:55:48.748: client:Hotspot client AA-BB-CC-11-22-33 is being redirected on wlan 5 and vlan 200 (hs_main.c:2761)
[ap7522-112233] 03:55:48.748: client:read: client AA-BB-CC-11-22-33, num_bytes: 111, p_sess->buf: GET /connecttest.txt HTTP/1.1
Anybody has a similar setup working or an idea why it is not working as expected?
Thanks in advance
Ned
0 REPLIES 0
