ArubaOS and Controllers

Reply
Contributor II

Two Captive Portal Questions

Greetings all:

We're trying to do something relatively simple. Use a captive portal gateway to auth our students before allowing access to the wireless network. However, we have two wrinkles:

1 - We would like the session to last for at least a week, and for that timer to reset any time the client used the network.

2 - We would like to auth directly against our AD server and not have to use an intermediary RADIUS server.

Are either of these two things possible? The only timeouts I've found on the captive portal seem to be tied to authentication, and I can't seem to find anything to set up an AD server as a "server" in the controller. Thanks for any help that can be provided!
Aruba Employee

Re: Two Captive Portal Questions

Hi,

1) I don't think you can have the timer that long... maybe someone else can confirm. There is a system level timeout of about 4 hours for a session.

2) You can configure LDAP instead of RADIUS. LDAP/LDAPs communicates directly with MS AD.

-Mike
Contributor II

Re: Two Captive Portal Questions


Hi,

1) I don't think you can have the timer that long... maybe someone else can confirm. There is a system level timeout of about 4 hours for a session.

-Mike




That's a bummer if so... is there anywhere at all to adjust this variable?


Hi,

2) You can configure LDAP instead of RADIUS. LDAP/LDAPs communicates directly with MS AD.

-Mike




That's what I sort of thought, but the "Windows Server" option in the server types was sort of throwing me off a bit. I'll run down the LDAP path and see what I can get to work.
Aruba Employee

Re: Two Captive Portal Questions

To set the idle timeout you do one of the following:
1) WebUI: Configuration >> Security >> Authentication >> Advanced; set the "User Idle Timeout". Maximum can be 15300 seconds (255 mins).

2) On CLI: "aaa timers idle-timeout <#> ".

Take a look at the admin guide for more info about the timeout.

Let me know if you get the LDAP working. I've done this many times without any issues.

-Mike
Contributor II

Re: Two Captive Portal Questions


To set the idle timeout you do one of the following:
1) WebUI: Configuration >> Security >> Authentication >> Advanced; set the "User Idle Timeout". Maximum can be 15300 seconds (255 mins).

2) On CLI: "aaa timers idle-timeout <#> ".

Take a look at the admin guide for more info about the timeout.

Let me know if you get the LDAP working. I've done this many times without any issues.

-Mike




My captive portal is up and the LDAP connection to AD is working. I just have to create a reasonable looking CP page now. As for the timeouts, on that same page, there is that "User Idle Timeout" and also the "Logon user lifetime". I wish the GUI had a little more help with what some settings mean, as both and neither at the same time could be construed to be what I'm looking for. I say neither, since this is under "Authentication Timers" which I would think to be "Time it takes to login" and yet both as well since I'm looking for the idle time it takes for a user to be booted from authentication and both of those headings could describe that. *sigh*
Aruba Employee

Re: Two Captive Portal Questions

daringone,

Glad you got the LDAP working. With regards to the "User Idle Timeout" and "Logon User Lifetime", if you take a look at the admin guide it gives you a very detail description of what each does.

Summary:
User Idle Timeout: Max period in minutes/seconds after which a client is considered idle if there is no user traffic from the client.

Logon User Timeout: Max time, in minutes, unauthenticated clients are allowed to remain logged on.


-Mike
Contributor II

Re: Two Captive Portal Questions

Having a rough time finding the Admin Guide. I'm on the Aruba Support site, and if I click on anything other than the Aruba OS KB, I'm being denied access. Now, it should be noted perhaps that we did buy our equipment OEM from Dell, but I'd think I'm still entitled to support. I checked Dell's site, and there's no documentation to be had there.
Aruba Employee

Re: Two Captive Portal Questions

Hi,

yes, the documentation should be available on the Support site. There's a section for "Documention". However, since you have a DELL OEM, I'm not sure how the support works there. Get in touch with your Dell rep and find out where you can obtain the support guide. If they cannot find it, contact Dell Support and they should be able to get it he admin guide from Aruba.

If you have issues obtaining it, let me know what version firmware you have and I can attach the admin guide for you.

-Mike
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: