Security

Hi AirHeads,

Im facing some issue with simple Aruba controller captive<> ClearPass guest auth.

 

When using the Clearpass guest page that i created, I cant see the  POST arrving to the ACCESS TRACKER .... (**When testing with local aruba captive page - i do see the POST arrving to the ACCESS TRACKER**)

Im using normal (and default clearpass guest)

guest can see the login page,but when entering details, I cant see the POST getting to the CPPM and they get "invalid u/p" (Even due the CPPM configure as needed as server-group under the L3 auth profile)

Im using HTTP (not https) and i configure all the needed arugements under the guest module in order for it work in HTTP,screenshot attached.

 

Can some please advise me what im missing here? (BTW: IF IM CREATING USER VIA THE SELF REG PAGE I CREATED I DO ABLE TO LOGIN DIRECTLY AFTER GETTING THE PASS/RECEPIT PAGE)

i spent 8 hours to try to figure it out. why from the login page itself

(not self-reg) i cant see the POST of the u/p getting to the ACCESS TRACKER at all . (Really simple config/except that it's HTTP and not HTTPS)

 

Are you still using the default certificate on the Aruba Controllers for captive portal or did you upload your own? The general workflow is that after user clicks Login on guest receipt page, ClearPass Guest does HTTP POST to controller, then controller initiates RADIUS request to Policy Manager and you see that in Access Tracker. Sounds to me like the initial POST is not reaching the controller. Can you run pcap on controller interface and see if its receiving the HTTP POST from ClearPass? Also, in captive portal profile on controller, do you have HTTP authentication and user login checked?


#AirheadsMobile

I manged to fix the issue.

it was HTTPS configure in one of the pages that cause all the process not to be flawless as CPPM-GUEST is :)

 

Thanks for the assistance.

Hi

Could You explain in detail, how have resolved the problem, I have similar issue.

Regards 

Karol

------------------------------
Karol Karkowski
------------------------------

Original Message:
Sent: Oct 30, 2017 01:45 PM
From: Asa Birenbaum
Subject: Aruba Controller > HTTP POST > ClearPass Guest (Nothing on Access Tracker?)

I manged to fix the issue.

it was HTTPS configure in one of the pages that cause all the process not to be flawless as CPPM-GUEST is :)

 

Thanks for the assistance.

As this is an old post, it's well possible that you have a different issue. I would advise you to open a new topic, or better work with your Aruba partner or Aruba support to investigate what is actually happening.

Getting a captive-portal workflow working without certificate warnings involves many components including the client, different wired/wireless solutions. There is unfortunately no generic fix. One guideline: make sure you have proper certificates for your APs and ClearPass/Captive Portal. I have seen multiple cases where people tried to get around public certificates, either for testing or cost, but in the end, after the certificates were added things started working. Please note that most browsers these days will not post login credentials over HTTP, or only after a lot of complaining.

Here is a good guide that may help you to do the investigations if you want to look at it yourself.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Dec 08, 2020 05:29 PM
From: Karol Karkowski
Subject: Aruba Controller > HTTP POST > ClearPass Guest (Nothing on Access Tracker?)

Hi

Could You explain in detail, how have resolved the problem, I have similar issue.

Regards 

Karol

------------------------------
Karol Karkowski

Original Message:
Sent: Oct 30, 2017 01:45 PM
From: Asa Birenbaum
Subject: Aruba Controller > HTTP POST > ClearPass Guest (Nothing on Access Tracker?)

I manged to fix the issue.

it was HTTPS configure in one of the pages that cause all the process not to be flawless as CPPM-GUEST is :)

 

Thanks for the assistance.

Hi herman 

Thank You for replay. 
I have public HTTPS certificates already added to ClearPass and Mobility Controllers. I have also added/checked all sub and root certificate in cert file.
It works fine on Windows and Android devices. Problem is only on MacOS and seems only Safari browser. 
With automatic popup We get Error 404 from CPPM, and with manual the same (on Safari). When Edge/Chrome is used the whole portal authentication process works fine. 
I have opened TAC case but there is no big progress in it.

I have tried to use (as suggested with TAC) http, but I cannot even open http guest portal page manually from CPPM , I also get Error 404 from CPPM. 

Karol

------------------------------
Karol Karkowski
------------------------------

Original Message:
Sent: Dec 09, 2020 04:22 AM
From: Herman Robers
Subject: Aruba Controller > HTTP POST > ClearPass Guest (Nothing on Access Tracker?)

As this is an old post, it's well possible that you have a different issue. I would advise you to open a new topic, or better work with your Aruba partner or Aruba support to investigate what is actually happening.

Getting a captive-portal workflow working without certificate warnings involves many components including the client, different wired/wireless solutions. There is unfortunately no generic fix. One guideline: make sure you have proper certificates for your APs and ClearPass/Captive Portal. I have seen multiple cases where people tried to get around public certificates, either for testing or cost, but in the end, after the certificates were added things started working. Please note that most browsers these days will not post login credentials over HTTP, or only after a lot of complaining.

Here is a good guide that may help you to do the investigations if you want to look at it yourself.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Dec 08, 2020 05:29 PM
From: Karol Karkowski
Subject: Aruba Controller > HTTP POST > ClearPass Guest (Nothing on Access Tracker?)

Hi

Could You explain in detail, how have resolved the problem, I have similar issue.

Regards 

Karol

------------------------------
Karol Karkowski

Original Message:
Sent: Oct 30, 2017 01:45 PM
From: Asa Birenbaum
Subject: Aruba Controller > HTTP POST > ClearPass Guest (Nothing on Access Tracker?)

I manged to fix the issue.

it was HTTPS configure in one of the pages that cause all the process not to be flawless as CPPM-GUEST is :)

 

Thanks for the assistance.

Error 404 means 'page not found', so there is either an error in the URL or you configured the Allow/Deny access for the page to not allow for your source address. My preferred way to get the URL is to use 'launch' to open the page in a new tab, then from there copy the URL.

If you made up the URL manually, make sure you add '.php' at the end of the page name (like /guest/mypage.php for the pagename mypage), and first, make sure that the page loads in a browser before starting with the page redirects.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Dec 09, 2020 06:14 AM
From: Karol Karkowski
Subject: Aruba Controller > HTTP POST > ClearPass Guest (Nothing on Access Tracker?)

Hi herman 

Thank You for replay. 
I have public HTTPS certificates already added to ClearPass and Mobility Controllers. I have also added/checked all sub and root certificate in cert file.
It works fine on Windows and Android devices. Problem is only on MacOS and seems only Safari browser. 
With automatic popup We get Error 404 from CPPM, and with manual the same (on Safari). When Edge/Chrome is used the whole portal authentication process works fine. 
I have opened TAC case but there is no big progress in it.

I have tried to use (as suggested with TAC) http, but I cannot even open http guest portal page manually from CPPM , I also get Error 404 from CPPM. 

Karol

------------------------------
Karol Karkowski

Original Message:
Sent: Dec 09, 2020 04:22 AM
From: Herman Robers
Subject: Aruba Controller > HTTP POST > ClearPass Guest (Nothing on Access Tracker?)

As this is an old post, it's well possible that you have a different issue. I would advise you to open a new topic, or better work with your Aruba partner or Aruba support to investigate what is actually happening.

Getting a captive-portal workflow working without certificate warnings involves many components including the client, different wired/wireless solutions. There is unfortunately no generic fix. One guideline: make sure you have proper certificates for your APs and ClearPass/Captive Portal. I have seen multiple cases where people tried to get around public certificates, either for testing or cost, but in the end, after the certificates were added things started working. Please note that most browsers these days will not post login credentials over HTTP, or only after a lot of complaining.

Here is a good guide that may help you to do the investigations if you want to look at it yourself.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Dec 08, 2020 05:29 PM
From: Karol Karkowski
Subject: Aruba Controller > HTTP POST > ClearPass Guest (Nothing on Access Tracker?)

Hi

Could You explain in detail, how have resolved the problem, I have similar issue.

Regards 

Karol

------------------------------
Karol Karkowski

Original Message:
Sent: Oct 30, 2017 01:45 PM
From: Asa Birenbaum
Subject: Aruba Controller > HTTP POST > ClearPass Guest (Nothing on Access Tracker?)

I manged to fix the issue.

it was HTTPS configure in one of the pages that cause all the process not to be flawless as CPPM-GUEST is :)

 

Thanks for the assistance.