Re: Web Authentication and J9051A wireless module

Franco_24 · ‎07-23-2008

Hi,

I'm trying to setup a web-auth configuration on my 5406zl and the WESM module but it do not work.

My configuration is as follows:
- WT.01.15
- VLAN1 : management
- WLAN1: Admin WLAN (not used yet)
- WLAN2: web-auth, no encryption
- Routing enabled between WLAN1 and WLAN2
- Connection to WLAN is ok.
- I can ping the WLAN2 IP address
- Radius is internal
- Web-auth pages are internal
- Empty web-auth "Allow list"

When I try to surf to acces the web-auth page I have the following error:
URL: "https://WESM-WLAN2-IP:444/WLAN2/login.html"
TEXT(firefox 3.0): "Connection failed... Firefox couldn't establish a connection to WESM-WLAN2-IP:444.
...
Site seems up, but the browser couldn't establish a connection..."

Here's what I tried:
- Tried in simple WEP64 configuration: it works
- Tried with/out WLAN2 IP in web-auth "Allow list": no change
- Reload of WESM module: no change

I'll be glad if someone could point me to any hint.

Max

Franco_24 · ‎07-23-2008

Hi again,

I also tried:
- Moving web-auth on WLAN1. WLAN1 is now the only SSID available, but this did not change anything.
- Disabled my Windows XP Firewall

I also noticed that the web-auth configuration do not work until you reload the WESM module.

I also could give you config file if needed.

Max

Franco_24 · ‎07-31-2008

Again me,

Finally, when all my tries did not get any results, I deleted the startup-confg and started from scratch.

I managed to have web-auth almost working. The DNS requests were not all passing through the WESM. Sometimes yes and most ofthen not. When they passed through, I finally had the internal login page displayed.

Then I wanted to restart the module to make a test. So I saved the config and restarted it. Then I get the same error message of my first post.
I then restarted the whole 5406zl and the web-auth worked again :)

During my debug session I noticed some problem with the internal Radius server and the web-auth. Despite radius was agreeing on my login/pwd, the WESM would'nt let me through:

Jul 31 11:59:36 2008: %CC-6-WEBAUTHFAILED: Station 00-09-B7-02-56-D2 failed web authentication on wlan 1
Jul 31 11:59:36 2008: %DAEMON-5-NOTICE: radiusd[5759]: Login OK: [guest] (from client localhost port 1 cli 00-09-B7-02-56-D2)

I had to use an external radius server to make it work and go further in my debugging.

Max

Note:
I couldn't configure IE7 to make it work with the web-auth. Firefox3.x is ok

MichaelvL · ‎07-31-2008

Hi Max,

Is "Enable HTTPS" checked on the WESM?
Do you have a valig trustpoint?
Does your client get an IP address?

When you change from web-auth to no-auth, can you access your network/internet?

I attached my working configuration. On the router I've configured NAT.

Michael

Franco_24 · ‎08-20-2008

Hi Michael and thanks for your reply,

- HTTPS is enabled (by default)
- I have the defaut TrustPoint and it is valid up to next year. When I try to create a new self-signed cert, the web interface give me the error "Unable to configure the new Truspoint: Not Writable".
- The Client receive an IP address from the WESM
- When I use WEP or other auth or encryption, the WESM works well

I'll test your config file and post the result here.

Thanks

Max

Franco_24 · ‎08-21-2008

Hi Michael,

I compared your configuration and mine. Yours seems to be exempt of the securty configuration, or not ?

I attached my configuration with a test TrustPoint. Even with this test trustpoint created through the CLI, I can't see it on the web management page.

I confirm I can't create any key or certificate from the web pages. Perhaps I should change my WESM module ? I don't know where to go from here.

Max

MichaelvL · ‎08-25-2008

Hi Max,

If I'm correct you can only use the local radius server for managing guest accounts.
I used a blank shared-key for the local radius.

In your config I see that you guest group is not configured for vlan 81.

Also I discovered a problem with timezones.
If I created a guest account with a starting date/time (through CLI or web). That account will become valid (given our timezone and daytime saving) 2 hours later.
Therefore I set my timezone to GMT and created account will become active instantly.

Michael

Franco_24 · ‎08-26-2008

Hi Michael,

I tested again my configuration with your guest group vlan suggestion.

After a few tries/changes and else, web-auth worked for a few minutes(explained below). While it was working, external radius was working fine. So it's not Radius.

I noticed a serious instability in the web-auth service. I ran my tests with these OS:
Windows XP SP3 (Main test machine)
Windows Vista 32bits
Linux

While I never encountered any problem with the Linux station, I had very strange results on XP. Here's an exemple :
- Once I was authenticated, I could surf and else.
- Then I disconnected my station and reconnected it => not working anymore.
- Waited ~20mn => worked again.
- Surfed with it (to relax a bit) => not working anymore after 15mn

The behaviour of the Vista stations was very similar to XP.

I'm now installing an old Wi-Fi card to my Windows 2000 notebook. I'm not optimist on the result.

Max

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Web Authentication and J9051A wireless module

Web Authentication and J9051A wireless module