05-01-2014 09:18 PM
If you already have a captive portal configured on clearpass, you are already sending back rejections to users who do not pass authentication. Your only option is to:
1. Create an HTML page on the Aruba Controller , or ClearPass with your message
2. Create a Captive Portal Authentication profile on the Aruba Controller that has the URL of the controller's or the ClearPass page as the "Login Page" URL
3. Create a role that has the Captive Portal ACL attached and configure the Captive Portal Authentication profile as the profile you created in step 2
4. When your users fail authentication in ClearPass, send back an "accept" in the enforcement profile but also send back and Aruba-User-Role VSA as the name of the role you created in step 3 on the controller.
When the user opens up a browser to see what happened, they will get the reject page you created in step#1. Not pretty and there are better ways to do it, but this is just to get you started.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs