topic Re: Captive Portal Authentication - External and Local Domains in General Topics

Captive Portal Authentication - External and Local Domains

FabioGarcia — Wed, 24 Sep 2014 22:08:04 GMT

Hello Everybody!

Our Captive Portal is configured to authenticate according an "authentication sequence" LDAP based (LDAP-Local-Auth).

We set 4 different AD servers from different Offices as per below

Captive Portal can authenticate only for first 2 servers.... When users from AD-MEX try to authenticate they receive this page

At monitor > system we can see they are correctly authenticated,,,, but Captive Portal waits for only 2 tries... 1st and 2nd options...

Example below, show a user from Mexico (3rd AD server in auth sequence)...

- 1st try he got deny (1st AD server... OK) - 6:20 PM

- 2nd try he got deny (2nd AD server from Colombia... OK deny expected) - 6:20PM

- then Captive block the access without wait the 3rd try (AD Mexico) - 6:20 PM

- 3rd try he got ALLOW .... but CP had already blocked the access.... - 6:21 PM

Any help on that ?

Thanks !!!

Re: Captive Portal Authentication - External and Local Domains

jtyler — Wed, 24 Sep 2014 22:56:50 GMT

I think this is caused by the l3 service timeout. By default, that timeout is 3 seconds. Try using the following command to increase that timeout value. You may have to modify the value some until you get the results you are looking for.

> configure

> set deviceconfig setting l3-service timeout 10

> commit

Re: Captive Portal Authentication - External and Local Domains

hshah — Thu, 25 Sep 2014 00:35:16 GMT

Hi Essilorbr,

Can you move third profile to first in the list.And try captive portal. If it works than its a sequence/timeout issue.

If it doesnt work than its something to do with config/authentication. It appears to be easiest step now.

Regards,

Hardik Shah

Re: Captive Portal Authentication - External and Local Domains

Retired Member — Thu, 25 Sep 2014 13:39:22 GMT

seems to be a timeout issue for me too

Please update after trying the suggestion came from jtyler

Re: Captive Portal Authentication - External and Local Domains

FabioGarcia — Mon, 13 Oct 2014 20:57:41 GMT

Hello Everyone!!

Thanks for all replies and help!! really appreciated

I did the suggested command as per above.... (set deviceconfig setting l3-service timeout 10)

But it seems that didnt work.... I change the order, put europe AD at 2nd place, but that didnt work as well... depite I see auth success at monitor > system logs

New sequence order

I tried to login w/ a user from europe domain (AD-FRA)... same behavior

I dont understand, why PA doesnt check the domain.... I mean even if I use ie europe\user it still try to autheticate at other domains... PA should autheticate w/ europe domain... right ? Looks like it doesnt care about the "domain\"...

Another screen shot might be helpful... sometimes I receive this error message....

Any other suggestion ?

Thank you very much guys !

Re: Captive Portal Authentication - External and Local Domains

FabioGarcia — Mon, 13 Oct 2014 21:27:53 GMT

Hey guys!!!

That is working!!!!

I have changed to 30 seconds!!

now I can logging w/ anyone... from all ADs!!!!

Thanks everyone!!!!!!!