Security

Reply
Frequent Contributor I
Posts: 99
Registered: ‎05-31-2015

CP final authentication

I am trying to understand the mechanics of the last part of authentication and final step in internet access for guest clients.

In my scenario I have a ClearPass setup that returns the string server.customer.com instead of the securelogin.arubanetworks.com default cert.

What happens with this string when passed back to the controller/client - does the client do a DNS lookup for this?.

I read somewhere this is the case and the controller then intercepts this and does something with this request but I'm not sure specifically what.

I would appreciate some help understanding this so I can fill in the blanks.

Guru Elite
Posts: 20,001
Registered: ‎03-29-2007

Re: CP final authentication

The fqdn should be for the captive portal certificate on the controller. The controller automatically intercepts DNS requests for the fqdn of its captive portal certificate and responds with its own IP address. That way, when the user clicks on submit, the request is always sent to the controller.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Frequent Contributor I
Posts: 99
Registered: ‎05-31-2015

Re: CP final authentication

I think I follow that - so when the user clicks the login button (Specifically on the receipt page from a clearpass based web page) he is then attempting to open up a web page at securelogin.arubanetworks.com which triggers the DNS lookup?

Frequent Contributor I
Posts: 99
Registered: ‎05-31-2015

Re: CP final authentication

Anybody know the details of this trigger?

Guru Elite
Posts: 20,001
Registered: ‎03-29-2007

Re: CP final authentication


MDRF wrote:

I think I follow that - so when the user clicks the login button (Specifically on the receipt page from a clearpass based web page) he is then attempting to open up a web page at securelogin.arubanetworks.com which triggers the DNS lookup?


Yes.  The controller always intercepts DNS requests for the common name of the certificate installed on the controller and replies with the ip address of the controller.

 

 

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: