07-11-2013 04:41 PM - edited 07-04-2021 12:24 AM
Hi All,
If Web-Auth is set to passthrough with email input as username is it possible to log email/username
string to radius accounting or will I have to use syslog and a script.
I have Windows NPS for my 802.1x and I get the accounting data fine because I am using radius for auth & acct,
but nothing at all for my web-auth users.
07-11-2013 07:40 PM
a similiar discussion for you
https://supportforums.cisco.com/thread/2004163, please refer
07-13-2013 05:12 PM
I used the template, but is there any issue with the login.html file that comes with the Webauth bundle.
When doing webauth to external server I get the login page twice and the redirect comes back has
"The requested URL /undefined was not found on the server"
I am using the virtual controller with 7.4 code and internal webauth is not supported
07-13-2013 05:15 PM
You might just be better off opening a TAC case as it still might be an issue with the vWLC.
Sent from Cisco Technical Support iPhone App
07-13-2013 05:47 PM
May have to, trouble is far to much stuff doesn't work as it's meant to, into the arms of Aruba at this rate.
07-13-2013 06:01 PM
Well... I don't really like the vWLC. Features are not there compare to hardware.
Sent from Cisco Technical Support iPhone App
07-13-2013 06:34 PM
Nor do I, common features and configurations that work on the 2500/5508 series behave far too oddly on the vWLC, thanks anyway.
03-04-2024 03:34 AM
Hi,
I would like to archieve the same what g.peart would like but that discussion you linked is not available. (I have 3504 wlc, not vWLC)
Could you add any information about how can I do that?
Thanks!
03-05-2024 07:40 AM
You should think about using an external web auth provider which will include that kind of feature as standard. The internal web auth really isn't designed for that @schulcz
03-06-2024 05:12 AM - edited 03-06-2024 05:13 AM
I downloaded the webauth bundle from Cisco site for my controller that contains a readme file states that the wlc can send these data to the RADIUS server.
Quote from the readme file:
This is an example custom webauth bundle when passthrough (user does 'accept' or 'reject') is in use and there is a radius-server which will be used to collect users' entered email addresses. The 'Email Input' button under the WLAN also needs to be checked. The WLC will not make a decision based on the users' email but will forward the email to the radius-server in accounting records when it is entered. While the WLC code was enhanced with code changes as a result of CSCsu50080 which requires that the user put an '@' sign in the email, there is nothing to prevent users from entering mickey.mouse@guesswhere.com.
When email is configured, 'debug aaa all enable' will show the WLC sending an accounting record to the radius-server with:
User-Name....bozo@the.clown Nas-Port (x1d) NAS-IPaddress (in 4 hex octets) framed-ip-address (that the user has in 4 hex octets) NAS-Identifier (system name of the WLC) Airespace/WLAN-Identifier (on the WLC) Calling-Station-Id (PC's mac) Called-station-id (WLC's ip address)
and other attributes including Acct-Session-Id, Acct-Authenticator, Tunnel-Type xd, tunnel-medium-type x6, tunnel-group-id '5', Acct-Status-Type.
03-06-2024 05:30 AM
Ah well seems like you have the answer there already (I wasn't aware of that before) - are you using that now?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide