05-05-2015 06:46 AM
I have a few questions related to a custom external captive portal. My company wants to develop an in-house solution (ie they don't want to buy the guest provisioning portion of Clearpass ;)) to redirect our free public wifi users to an external server. The programmer I'm working with wants to know if the controller can send the mac address info of the user to the external server.
The other question we have is about how the reauth period is defined. So once someone gets access via the captive portal, how long is it before they have to reauthenticate? Can that be a value that's sent over from the external server? The reason I ask is because we are a tourist attraction/hospitality venue and we'd like to set something up so once someone is granted access and we confirm they have a ticket or are a hotel guest, they wouldn't have to keep going through the captive portal.
Any help/insight would be much appreciated. Also, fyi we have two 7220 controllers, master/local setup, and are running 188.8.131.52. Thanks!
05-05-2015 07:12 AM
1. You need to change the the "Login Page" parameter in the Captive Portal Authentication Profile to point to your external Captive Portal (by default this parameter points to /auth/index.html which is a login page internal to the local controller. In addition, in the "logon" role that the user is assigned, you MUST allow http and https access to this external server. You can also manipulate how long before the user is prompted for credentials by enabling and configuring the user idle timeout as shown below in the same Captive Portal Authentication profile. For users that are returning, you can do mac authentication and send back a user idle-timeout via Radius.
2. The external HTML page can be constructed using the same information used to construct a custom HTML page here: http://www.arubanetworks.com/techdocs/ArubaOS_64_W
A second way that can be done is via the XML-API, where your external server can programatically change the role on users (authenticate), blacklist and even query users. This is more advanced, of course: http://www.arubanetworks.com/techdocs/ArubaOS_64_W
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
05-06-2015 08:23 AM
I can only assume that this is what Colin meant to put for #3...
3. Or use ClearPass with an external Authentication source. This won't use Guest Licensing.
So, if you can query your external DB (Postgres, MySQL, MSSQL, or Oracle 11g) for the ticket number or room information, then you could use that as the authentication source.
Last name can be used as the username and Ticket/Room Number could be the password, assuming you have access to the database with that information, and it is one of the database types listed above.