We have a WLC 5508 with 2 WLAN. One with 802.x WPA2 authentication and Second one with Web splash page authentication.
We have a Radius server 2012 NPS. WAP2 802.x authentication work with Radius server.
Second wlan Web splash page authentication not working with Radius server. Web Authentication works only with local user (Internal user created in WLC) NOT with Radius server.
We would like the second WLAN (Web Authentication) authenticated by both local user and AD credentials through Radius Server.
Open a case with Cisco and they are saying all the config in Cisco WLC are fine I need to contact Microsoft regarding this.
This is the SNMP trap message
Wed Jul 17 11:45:00 2019 AAA Authentication Failure for Client MAC: x:x:x:x:x:ce UserName:***** User Type: WLAN USER Reason: Invalid Parameter
This is the Debug message
*ewmwebWebauth1: Jul 17 13:47:26.415: 28:16:a8:61:43:ce Username entry (xeroxdo) already exists in name table, length = 7
*ewmwebWebauth1: Jul 17 13:47:26.415: 28:16:a8:61:43:ce Added the MAC entry for Username entry (xeroxdo) in name table, length = 7 at index 1
*ewmwebWebauth1: Jul 17 13:47:26.415: 28:16:a8:61:43:ce Username entry (xeroxdo) created in mscb for mobile, length = 7
*ewmwebWebauth1: Jul 17 13:47:26.422: 28:16:a8:61:43:ce Username entry 'xeroxdo' is deleted for mobile from the UserName table
*ewmwebWebauth1: Jul 17 13:47:26.423: 28:16:a8:61:43:ce Plumbing web-auth redirect rule due to user logout
*ewmwebWebauth1: Jul 17 13:47:26.423: 28:16:a8:61:43:ce Web Authentication failure for station
*ewmwebWebauth1: Jul 17 13:47:26.423: 28:16:a8:61:43:ce 172.16.1.38 WEBAUTH_REQD (8) Reached ERROR: from line 6920
What are you seeing on the NPS side? Are you seeing the authentications as successful from that side?
Here is a link of how to configure the WLC to use an external RADIUS server in this case ACS for authentication captive portal.
How AD users authenticated by controller for web authentication ? Radius Server or LDAP server?
In that document Radius ACS has an intenal user database that used to login. But is it possible Radius NPS server use to authenticate AD credentials? If yes then I need a screen shot for NPS network policy property for web authentication.
I have an existing network policy for WPA2 clients and is working fine.