Security

When users self-register through the captive portal, their accounts are successfully authenticated, granting them Internet access. However, accounts created by administrators fail to authenticate and cannot access the Internet.

Problem Details:

• Failed Accounts: Created by administrators.

  • Root Cause: Missing required attributes, resulting in authentication failure.

    
    

    

    

    

• Successful Accounts: Self-registered by users.

  • Result: Properly authenticated with full Internet access.

    
    
    
    
    
    
    
    
    
    

Expected Behavior: Both administrator-created and self-registered accounts should authenticate correctly and allow Internet access.

Everything you are showing under "failed" is a MAC auth, everything under the "successful" is a WebAuth.  Those are two separate processes/workflows and have nothing to do with how the account was created, and are for two different authentication purposes.

The MAC auth is there to allow a device associated with a previously allowed client using a WebAuth to reconnect without going through the captive portal again.

When users self-register through the captive portal, their accounts are successfully authenticated, granting them Internet access. However, accounts created by administrators fail to authenticate and cannot access the Internet.

Problem Details:

• Failed Accounts: Created by administrators.

  • Root Cause: Missing required attributes, resulting in authentication failure.

    
    

    

    

    

• Successful Accounts: Self-registered by users.

  • Result: Properly authenticated with full Internet access.

    
    
    
    
    
    
    
    
    
    

Expected Behavior: Both administrator-created and self-registered accounts should authenticate correctly and allow Internet access.

Dear chulcher

Thank you for your detailed explanation regarding the distinction between MAC authentication and WebAuth, as well as their respective purposes in the workflow. Your clarification has been very helpful in understanding how these processes operate independently while serving complementary roles in the authentication system.

If I may ask a follow-up question: Could you elaborate on how the system ensures seamless transitions between MAC auth and WebAuth for devices that switch networks or encounter connectivity issues?

I appreciate your time and expertise.

Everything you are showing under "failed" is a MAC auth, everything under the "successful" is a WebAuth.  Those are two separate processes/workflows and have nothing to do with how the account was created, and are for two different authentication purposes.

The MAC auth is there to allow a device associated with a previously allowed client using a WebAuth to reconnect without going through the captive portal again.

When users self-register through the captive portal, their accounts are successfully authenticated, granting them Internet access. However, accounts created by administrators fail to authenticate and cannot access the Internet.

Problem Details:

• Failed Accounts: Created by administrators.

  • Root Cause: Missing required attributes, resulting in authentication failure.

    
    

    

    

    

• Successful Accounts: Self-registered by users.

  • Result: Properly authenticated with full Internet access.

    
    
    
    
    
    
    
    
    
    

Expected Behavior: Both administrator-created and self-registered accounts should authenticate correctly and allow Internet access.

Not sure what you are asking.  There's nothing particularly seamless about the "transition", those are two separate authentications and are accomplished at different points within the connection or client session.  MAC is L2 and done at association, WebAuth is L3 and done as part of the client session and interaction with the captive portal.

Dear chulcher

Thank you for your detailed explanation regarding the distinction between MAC authentication and WebAuth, as well as their respective purposes in the workflow. Your clarification has been very helpful in understanding how these processes operate independently while serving complementary roles in the authentication system.

If I may ask a follow-up question: Could you elaborate on how the system ensures seamless transitions between MAC auth and WebAuth for devices that switch networks or encounter connectivity issues?

I appreciate your time and expertise.

Everything you are showing under "failed" is a MAC auth, everything under the "successful" is a WebAuth.  Those are two separate processes/workflows and have nothing to do with how the account was created, and are for two different authentication purposes.

The MAC auth is there to allow a device associated with a previously allowed client using a WebAuth to reconnect without going through the captive portal again.

When users self-register through the captive portal, their accounts are successfully authenticated, granting them Internet access. However, accounts created by administrators fail to authenticate and cannot access the Internet.

Problem Details:

• Failed Accounts: Created by administrators.

  • Root Cause: Missing required attributes, resulting in authentication failure.

    
    

    

    

    

• Successful Accounts: Self-registered by users.

  • Result: Properly authenticated with full Internet access.

    
    
    
    
    
    
    
    
    
    

Expected Behavior: Both administrator-created and self-registered accounts should authenticate correctly and allow Internet access.