Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200

281

282

283

284

285

286

287

288

289

290

287 | BranchController Config for Controllers Dell Networking W-Series ArubaOS 6.4.x| User Guide

Picking Up the Survival Server for Authentication

The Survival Server performs an authentication or query request when:

l Authentication survivability is enabled > AND >

a. All servers are out of service in the server group if fail-through is disabled > OR >

b. All in-service servers failed the authentication and at least one server is out of service when fail-through

is enabled.

Access Credential Data Stored

In addition to the username, the following access credential data is stored:

l Password Authentication Protocol (PAP): authmgr receives the password provided by the client and then

stores the encrypted SHA-1 hashed value of the password.

l When employing 802.1X with disabled termination using EAP-TLS, the EAP indicator is stored.

l The CN lookup EXIST indicator is stored.

Authentication for Captive Portal Clients

This section describes the authentication procedures for Captive Portal clients us, both when the branch's

authentication servers are available and when they are not available. When the authentication servers are not

available, the Survival Server takes over the handling of authentication requests.

This section describes the following authentication scenarios:

l Captive Portal clients authentication using Password Authentication Protocol (PAP)

l External Captive Portal clients authentication using the XML-API

Captive Portal Client Authentication Using PAP

Table 55 describes what occurs for Captive Portal clients using PAP as the authentication method.

Table 55: Captive Portal Authentication Using PAP

When Authentication Servers Are

Available

When Authentication Servers Are Not Available

l If authentication succeeds, the associated

access credential with an encrypted SHA-1

hash of the password and Key Reply

attributes are stored in the Survival Server

database.

l If authentication fails, the associated

access credential and Key Reply attributes

associated with the PAP method (if they

exist) are deleted from the Survival Server

database.

When no in-service server in the associated server group is

available, the Survival Server is used to authenticate the

Captive portal client using PAP.

The Survival Server uses the previously stored unexpired

access credential to perform authentication and, upon

successful authentication, returns the previously stored Key

Reply attributes.

External Captive Portal Client Authentication Using the XML-API

Table 56 describes the authentication procedures for External Captive Portal clients using the XML-API, both

when the branch's authentication servers are available and when they are not available. When the

authentication servers are not available, the Survival Server takes over the handling of authentication requests.