Wireless Access

Reply
New Contributor

External Captive Portal - RADIUS Authentication

I'm relatively new to Aruba, but have a requirement for an external captive portal (splash page), authenticated via a RADIUS.

 

I initially set this up almost a month ago and has worked perfectly since - until the end of last week. Now, it just won't authenticate. The form submits to the Aruba authentication URL - but there is no response from that URL - I can't even ping it. Has it changed, or am I missing something?

 

I've changed nothing within Aruba Central, and the captive portal displays - it's only the authentication that's not working. For reference, the RADIUS is being used to authenticate a different network with Meraki APs, and works fine, so don't believe that it's RADIUS related.

 

This is the form I am using:
<form method="post" ACTION="https://securelogin.arubanetworks.com/cgi-bin/login">
<input type="hidden" name="user" value="">
<input type="hidden" name="password" value="">
<input type="hidden" name="cmd" value="authenticate">
<input id="device_mac" type="hidden" name="mac" value="<?php echo $_REQUEST['mac']; ?>">
<input id="ap_mac" type="hidden" name="apmac" value="<?php echo $_REQUEST['apmac']; ?>">
<input id="ip_address" type="hidden" name="ip" value="<?php echo $_REQUEST['ip']; ?>">
<input type="hidden" name="url" value="<?php echo $_REQUEST['url']; ?>">
<button class="button" type="submit">Continue</button>
</form>

 

Look forward to any suggestions anyone may have?

Re: External Captive Portal - RADIUS Authentication

As a quick check, please change securelogin.arubanetworks.com to securelogin.hpe.com in your HTML code.

 

Explanation: In the past, all Aruba APs and controllers came with a pre-installed trusted certificate for securelogin.arubanetworks.com. Since last summer it is no longer possible to ship APs with such a certificate (https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/ta-p/275814). Customers are expected to install their own certificate, and all references that pointed to securelogin.arubanetworks.com now have to be changed to the common-name.

Users of Aruba Central cloud management platform, more specific the Guest module, will receive a trusted certificate pushed from the platform with the name securelogin.hpe.com to make deployment easier.  This only happens if there is no customer specific certificate installed.

 

The captive portal login will only respond to the common name in the certificate that is installed to the Instant AP.

 

If you are unsure what certificate is installed, you can check it on the AP with the CLI: show cpcert, or in the GUI under Maintenance, the Certificates. Scroll a bit down to the Current CP Server Certificate.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
New Contributor

Re: External Captive Portal - RADIUS Authentication

Thanks for your help - that's exactly what it was. Strange it did work for the first few week though.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: