Security

Reply
Frequent Contributor II

CPPM and captive portal

I have everything set up and working fine except CP through CPPM.  We can do the self registration portion and use internal users but I cannot get CPPM to use AD.  AD works fine for .1x through CPPM so it is a configuration of the captive portal service.

 

Goal: users in AD can use AD to auth to an SSID which uses CPPM as the host of the CP.

(cannot use controller for other reasons at this time).

 

As soon as I press enter on the CP page (using my AD information), it returns bad username/password.  I do not see any thing logged on the CPPM either so I can't figure out where the problem is located.

 

It all seems so simple but something is just not quite right.  I have AD added in all the places I think it should be... but no joy.

 

Any ideas?

Guru Elite

Re: CPPM and captive portal

On the Aruba Controller, your Captive Portal profile needs to have a server group that has CPPM in it.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: CPPM and captive portal

It has the CPPM server as the only server.  Is there something that needs to point the CPPM toward that Captive Portal Profile?

 

The issue with the controllers, at this time, is the local CP has ip cp-redirect pointing to a controller (3600) for tunnel termination. It is an old design we will eventually fix but all 13 controllers point to this 3600 for guest access (not many guest).

 

Since the current CPPM CP works with this in place, I do not think the ip cp-redirect is causing an issue.

 

 

**EDIT**

Found the 'pointer'.  In the initial role, we are pointing them to the correct Captive Portal profile.

Guru Elite

Re: CPPM and captive portal

If it says bad username or password, something is rejecting it.  You are probably not configuring the correct captive portal authentication profile.  If you see a rejection and only cppm is in the server group, the rejection must come from cppm, period..



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: CPPM and captive portal

**embarrassed**

 

In my switch over from testing, I did not change the VAP we were using for the testing.  Unfortunately it now says web authentication is disabled.  I'll start working on that issue before I can get to authentication on the CPPM.

 

*guessing this might be related to the ip cp-redirect*

MVP

Re: CPPM and captive portal

I understand your embarrassment, I do that a lot also.

 

On the other hand, thanks for the topic, your discussion with Colin reminded me to check my own test turned production... I also am still using the test VAP. Or was until a moment ago.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Frequent Contributor II

Re: CPPM and captive portal

I have it corrected (web auth online) but it is back to 'invalid username or password' for all attempts with no log in the access tracker.

Aruba

Re: CPPM and captive portal

What auth sources do you have in the service? Can you show a screen shot of the service?

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Frequent Contributor II

Re: CPPM and captive portal

For both authentication and authorization, I have our AD as the target.

Guru Elite

Re: CPPM and captive portal

Frankly if you are not seeing it in the access tracker, you first need to look at the controller.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: