wlc 2504 external web authentication with untangle captive portal

i want to authenticate wifi client with untangle captive portal but it's not working.
I have dns issues...i think the issue is with virtual interface dns hostname on the wlc.
i also get the attached error.
Wondering if somebody had this same issue before.

thanks E
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Craig BeckCommented:
So the client gets redirected to the portal, but then you get an error from the portal?
DAL_GroupAuthor Commented:
no, i can't reach the login page
Craig BeckCommented:
So where are you seeing the error?
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

DAL_GroupAuthor Commented:
instead of getting the captive portal login page, i get the  error attache when i try to access any website.
Craig BeckCommented:
So you are getting redirected by the WLC, but the page you're seeing is throwing an error at the Untangle box.

If you connect to the network via wire, can you see the Untangle portal page properly?
DAL_GroupAuthor Commented:
yes, i can authenticate normally through untangle via wire..
i think i am not configuring the virtual interface incorrectly...should i enter the controller dns name or untangle host name?
Craig BeckCommented:
The DNS name should be the WLC hostname.  When you configure the redirect you configure the URL with the Untangle hostname or its IP.  It looks like you're configuring the URL with the Untangle IP, so you should be good with the WLC config.

The fact that you're getting to the Untangle (whether it's throwing an error or not) tells me that it's not something wrong at the WLC side.  You don't have to configure the virtual interface DNS name - it will work without as long as you're using the virtual IP (which I can see that you are, and that it's configured as
DAL_GroupAuthor Commented:
what about the ACL? i configured it to permit all tcp traffic on both direction to untangle server.
So it suppose to be configured this way?
Craig BeckCommented:
Yes.  The fact that you can see an error from the Untangle box means the ACL is good.

When you test via wire are you on the same subnet as the wireless client?
DAL_GroupAuthor Commented:
yes. i am on different subnet. What about untangle captive portal rules? i have it configured to capture any non-wan  source interface... Is there any configuration i need to add

i have the controller mgmt interface on diff subnet from untangle
DAL_GroupAuthor Commented:
do i need to download untangle to wlc ? maybe it,s the issue.
Craig BeckCommented:
You are using an external portal so no download to WLC required.

The WLC doesn't need to be able to see the portal - it just tells the client to go to it itself.
DAL_GroupAuthor Commented:
i can connect to untangle captive portal now...but it doesn't authenticate
Referring to cisco:

-The login page takes user credentials input, and sends the request back to the action_URL, example, of the WLC web server. then wlc intiate RADIUS server request or use the local database.
In my case, i have untangle authenticating users with AD.

That's why i i am thinking of replacing the controller web server certificate with untangle certificate.

Is there a way i can configure the controller to use untangle for authentication? any suggestion ...
Craig BeckCommented:
-The login page takes user credentials input, and sends the request back to the action_URL, example, of the WLC web server. then wlc intiate RADIUS server request or use the local database.
Does your WLC have an interface on the same subnet as the Untangle (usually the interface that the Guest WLAN is bound to)?

What version of code do you have on the WLC?
DAL_GroupAuthor Commented:
untangle is on different subnet as it is used for internet filtering and authentication for users on other subnets. Captive portal authenticate users through directory connector.

Controller 2504 with software release 7.6
Craig BeckCommented:
Ok, can Untangle ping the IP address of the dynamic interface on the WLC?
DAL_GroupAuthor Commented:
yes, it can ping it.
Craig BeckCommented:
Should be no problem then.  Is there a firewall between the WLC's dynamic (not management) interface and the Untangle?
DAL_GroupAuthor Commented:
no firewall in between....after practicing and testing,  the controller is trying to authenticate users through radius and since there is no radius configured, it wont authenticate.am i right??

 i am trying to authenticate users through untangle directory connector.
Craig BeckCommented:
If the SSID is configured with no layer2 security it won't be trying to use RADIUS unless it's using local web authentication (which it isn't).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.