Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
884
Views
0
Helpful
2
Replies

WLC 5508 Web Authentication issue with RADIUS WIN2012 NPS

sony_issac
Level 1
Level 1

‎07-18-2019 01:56 PM - edited ‎07-05-2021 10:43 AM

Hi,

We have a WLC 5508 with 2 WLAN. One with 802.x WPA2 authentication and Second one with Web splash page authentication.

We have a Radius server 2012 NPS. WAP2 802.x authentication work with Radius server.

Issue

Second wlan  Web splash page authentication not working with Radius server. Web Authentication works only with local user (Internal user created in WLC) NOT with Radius server. 

We would like the second WLAN (Web Authentication)  authenticated by both local user and AD credentials through Radius Server.

Open a case with Cisco and they are saying all the config in Cisco WLC are fine I need to contact Microsoft regarding this. 

This is the SNMP trap message

Wed Jul 17 11:45:00 2019 AAA Authentication Failure for Client MAC: x:x:x:x:x:ce UserName:***** User Type: WLAN USER Reason: Invalid Parameter

This is the Debug message

 

*ewmwebWebauth1: Jul 17 13:47:26.415: 28:16:a8:61:43:ce Username entry (xeroxdo) already exists in name table, length = 7
*ewmwebWebauth1: Jul 17 13:47:26.415: 28:16:a8:61:43:ce Added the MAC entry for Username entry (xeroxdo) in name table, length = 7 at index 1
*ewmwebWebauth1: Jul 17 13:47:26.415: 28:16:a8:61:43:ce Username entry (xeroxdo) created in mscb for mobile, length = 7
*ewmwebWebauth1: Jul 17 13:47:26.422: 28:16:a8:61:43:ce Username entry 'xeroxdo' is deleted for mobile from the UserName table
*ewmwebWebauth1: Jul 17 13:47:26.423: 28:16:a8:61:43:ce Plumbing web-auth redirect rule due to user logout
*ewmwebWebauth1: Jul 17 13:47:26.423: 28:16:a8:61:43:ce Web Authentication failure for station
*ewmwebWebauth1: Jul 17 13:47:26.423: 28:16:a8:61:43:ce 172.16.1.38 WEBAUTH_REQD (8) Reached ERROR: from line 6920

 

Pls help.

Labels:
0 Helpful
2 Replies 2

Haydn Andrews
VIP Alumni
VIP Alumni

‎07-18-2019 03:13 PM

What are you seeing on the NPS side? Are you seeing the authentications as successful from that side?

Here is a link of how to configure the WLC to use an external RADIUS server in this case ACS for authentication captive portal.

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69340-web-auth-config.html#backinfo

 

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
0 Helpful

sony_issac
Level 1
Level 1
In response to Haydn Andrews

‎07-18-2019 07:37 PM

How AD users authenticated by controller for web authentication ? Radius Server or LDAP server? 

In that document Radius ACS has an intenal user database that used to login. But is it possible Radius NPS server use to authenticate AD credentials? If yes then I need a screen shot for NPS network policy property for web authentication

I have an existing network policy for WPA2 clients and is working fine.  

 

Thanks

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card