Captive Portal Authentication - External and Local Domains

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Captive Portal Authentication - External and Local Domains

L3 Networker

Hello Everybody!

Our Captive Portal is configured to authenticate according an "authentication sequence" LDAP based (LDAP-Local-Auth).

ScreenShot003.jpg

We set 4 different AD servers from different Offices as per below

ScreenShot001.jpg

Captive Portal can authenticate only for first 2 servers.... When users from AD-MEX try to authenticate they receive this page

ScreenShot002.jpg

At monitor > system we can see they are correctly authenticated,,,, but Captive Portal waits for only 2 tries... 1st and 2nd options...

Example below, show a user from Mexico (3rd AD server in auth sequence)...

- 1st try he got deny (1st AD server... OK) - 6:20 PM

- 2nd try he got deny (2nd AD server from Colombia... OK deny expected) - 6:20PM

- then Captive block the access without wait the 3rd try (AD Mexico) - 6:20 PM

- 3rd try he got ALLOW .... but CP had already blocked the access.... - 6:21 PM

ScreenShot004.jpg

Any help on that ?

Thanks !!!

1 accepted solution

Accepted Solutions

L1 Bithead

I think this is caused by the l3 service timeout. By default, that timeout is 3 seconds. Try using the following command to increase that timeout value. You may have to modify the value some until you get the results you are looking for.

> configure

> set deviceconfig setting l3-service timeout 10

> commit

View solution in original post

5 REPLIES 5

L1 Bithead

I think this is caused by the l3 service timeout. By default, that timeout is 3 seconds. Try using the following command to increase that timeout value. You may have to modify the value some until you get the results you are looking for.

> configure

> set deviceconfig setting l3-service timeout 10

> commit

L6 Presenter

Hi Essilorbr,

Can you move third profile to first in the list.And try captive portal. If it works than its a sequence/timeout issue.

If it doesnt work than its something to do with config/authentication. It appears to be easiest step now.

Regards,

Hardik Shah

seems to be a timeout issue for me too

Please update after trying the suggestion came from jtyler

L3 Networker

Hello Everyone!!

Thanks for all replies and help!! really appreciated

I did the suggested command as per above....  (set deviceconfig setting l3-service timeout 10)

But it seems that didnt work.... I change the order, put europe AD at 2nd place, but that didnt work as well... depite I see auth success at monitor > system logs

New sequence order

ScreenShot024.jpg

I tried to login w/ a user from europe domain (AD-FRA)... same behavior

ScreenShot023.jpg

I dont understand, why PA doesnt check the domain.... I mean even if I use ie europe\user it still try to autheticate at other domains... PA should autheticate w/ europe domain... right ? Looks like it doesnt care about the "domain\"...

Another screen shot might be helpful... sometimes I receive this error message....

ScreenShot022.jpg

Any other suggestion ?

Thank you very much guys !

L3 Networker

Hey guys!!!

That is working!!!!

I have changed to 30 seconds!!

now I can logging w/ anyone... from all ADs!!!!

Thanks everyone!!!!!!!

  • 1 accepted solution
  • 4726 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!