WLC Guest Internet Service / ACS Authentication

Unanswered Question
Nov 8th, 2007

I hope some one can help me with my issue here, i'm excited I've gotten this far in our migration with LWAPP as a whole. I've been successful in setting upa customized authentication webpage on the WLC, NOT an external web site. In this site I've embedded the Login/Submit button to login as the user Guest (I'll explain later as to why). In testing this, I hadn't setup a user yet but wanted to see if the button would perform..it did great. Later, in the process of creating our Help Desk a helpdesk lobby admin user, I noticed in the ACS Failed Attempts log that the user guest had failed. Obviously it would fail as it hadn't been set up, but I didn't know (had hoped) that the guest user accounts could be passed to the ACS! One problem.... Excited about this (again, I'll explain later) I created a basic user of guest and the password that is set for him in the html file and tested it, failed login - CS Password Invalid. I can create the same user on the WLC for web authentication and it works. What could be stopping it and giving an invalid password error? I of course checked the password multiple times, it's simply guest as well. I've made sure all the settings on ACS are correct and that a user of guest and a password of guest would be allowed by the Local Password Management. Also, the radius servers are set up on the WLC and I have it selected for Network User. Any ideas? Of course, again if I create the user locally on the WLC it works great.

Now, the reason I would like the user Guest on the acs is I would like to be able to pass some radius attributes such as idle-timeout and session-timeout for this user, but have the user be able to login a multiple of times (different visitors). Also, the reasoning behind embedding the usernet in the submit button is because the next step is to have a seperate login/password area for visiting Vendors. This will allow them access to different things versus's just plain jane internet service. So, I suppose the question is can the WLC even accept radius attributes correctly? Has anyone ever used a max-upload max-download attribute on the ACS for bandwidth limitation? Lots of questions, hope some one has a clue.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
raun.williams Thu, 11/08/2007 - 13:57

I went ahead and recopied the shared-secret from ACS to the WLC and it seems to work now. Not sure why ACS reports it as CS Password Invalid instead of invalid shared-secret. So does anyknow if the WLC will accept radius attributes or aironet radius attributes?


This Discussion



Trending Topics - Security & Network