Custom Secure Hotspot - ZD keeps returning 202 Authentication Pending

  • 1
  • Question
  • Updated 2 years ago
I am building a cutsom secure hotspot following the guidance in the Ruckus Tech Note "Configuring Hotspots with Secure Hotspot". When I set the HostSpot Authentication Server to anything other than "Local Database" all I get back for known valid users is a 202 Authentication Pending response. Can anyone advise on how I might resolve this? Ideally I am wanting to use an AD server for authentication and this works fine for WLANs - it is only when used in a HotSpot that it fails.
Photo of John

John

  • 2 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Michael Brado

Michael Brado, Official Rep

  • 2101 Posts
  • 297 Reply Likes

If you're following the HotSpot tech note, you'll see you need to define your login.html page on your external server too, and specify this unauthenticated URL in your configuration, and you'll need to use RADIUS in front of your AD user database for authentication.

Is this the tech note you have?

http://a030f85c1e25003d7609-b98377aee968aad08453374eb1df3398.r40.cf2.rackcdn.com/support/secure_hots... 

Photo of John

John

  • 2 Posts
  • 0 Reply Likes
Thanks for the response. I am not entirely sure we are quite on the same page.
Firstly, yes, that is the Tech Note I have worked from. Taking the chart on page 24 as a reference, I am getting as far as step 6. The "response-code" in the XML coming back from the Zone Director is consistently a 202 if I use AD or Radius as the Authentication Server in the HotSpot configuration; if I use Local Database I can get a successful 201 but this is obviously not much help (beyond establishing that my server-side code is working). I get the same response when I use a request generating tool such as "PostMan", so I know I am sending the XML to the ZoneDirector correctly and I am getting valid XML back. I just don't understand why credentials known to be good (and tested in the AAA config page) are producing the 'Authentication Pending' response.

Am I missing a crucial point in your response (or in the tech note) or did I not make clear in my original post just how far I am getting? I would appreciate any further help you might be able to offer.
(Edited)
Photo of Michael Brado

Michael Brado, Official Rep

  • 2101 Posts
  • 297 Reply Likes
Sorry John, I'm not a programmer, HotSpot is not trivial, and a case with Tech Support is your best bet, unless any programmers in the audience can chime in.
Photo of Dmitry Ivanko

Dmitry Ivanko

  • 11 Posts
  • 0 Reply Likes
Dear John,
You need to send another request to check user status.  This request completes the auth process. There is the XML below
<ruckus> 
<req-password>my password</req-password>
<version>1.0</version>
<command cmd="check-user-status" ipaddr="10.0.38.253" macaddr="**:**:**:**:**:**" name="**" password="************"/>
</ruckus>
This request returns an XML response with status code


The tech note http://a030f85c1e25003d7609-b98377aee968aad08453374eb1df3398.r40.cf2.rackcdn.com/support/secure_hots... doesn't clear point us to this command.