We are using a Cisco 4402 Controller, and testing methods of web authentication. We are also testing a Meru controller - so our tests are geared towards the pros / cons of each.
With Meru, we are able to point the web authentiction page to a RADIUS server, and then have the RADIUS server run various types of scripts. One takes any username and password and enters them to a file, then returns a "0" to RADIUS which authenticates the user. Another script authenticates anyone with a certain e-mail suffix, and one shared password. And a 3rd one uses a CGI script to authenticate the username/passwords to our e-mail server.
All of this works great....
But not on the Cisco.
The Cisco controller can only accept a local username/password pair that's on the RADIUS server. Whenever we try a script (any one of them), the login fails completely.
Most authentication failures result from the user incorrectly entering the credentials when connecting to the NAS. Such failed attempts are logged to the Cisco Secure ACS Failed Attempts report. Entries in this report have a Message-Type of Authen Failed and a failure code set to one of the values given in the below url