ArubaOS and Controllers

Reply
Regular Contributor II
Posts: 207
Registered: ‎09-28-2010

Captive portal and "must change password"

I'm running into a problem with our new deployment.

All new users have an account created in AD with the "User must change password at next logon" option checked.

When attempting to authenticate to the captive portal, it fails with a message of "Authentication failed."

Error message on the IAS server (2003) is:

Connect request: IAS_PASSWORD_MUST_CHANGE
Connect result: Rejected
Terminate cause: PASSWORD_MUST_CHANGE


Would really appreciate any help or a point in the right direction.
Aruba Employee
Posts: 119
Registered: ‎05-16-2007

Re: Captive portal and "must change password"

There is no mechanism for the end users to change this password when using the Aruba controller for CP that I can think of.

Using Aruba Amigopod external captive portal system--does have this setting.

I would disable that checkbox for your guest users. Actually though, maybe these aren't guest users? Care to elaborate?
Regular Contributor II
Posts: 207
Registered: ‎09-28-2010

Re: Captive portal and "must change password"


There is no mechanism for the end users to change this password when using the Aruba controller for CP that I can think of.

Using Aruba Amigopod external captive portal system--does have this setting.

I would disable that checkbox for your guest users. Actually though, maybe these aren't guest users? Care to elaborate?





Thanks, I didn't think there was, but wanted to make sure.

These aren't really "guest" users in the pure sense. Basically, they are independent contractors and have complained about the costs and requirements (and limits) of being joined to our network - requiring certain version of Windows, corporate A/V software, naming convention, internet web filters, patching, time to wait for a technician, etc.

Since all of their required applications are now web based, our solution is to give them access to our "internet only" vlan via the captive portal. Now they can bring in their iPads, iPhones, iPods, smart phones, netbooks, or whatever they want and suck down all the bandwidth they want! They also receive access to printers, but only via TCP/IP ports.

However, they still require AD accounts to access their e-mail and other applications.

True "guests" receive bandwidth limited "internet only" access, with no access to printers.
Search Airheads
Showing results for 
Search instead for 
Did you mean: