Wireless Access

Reply
Occasional Contributor I

External login (splash) page and RADIUS

Hi guys!

 

I've just started using Aruba APs, I'm using an external login (splash) page for my captive portal setup - at the moment Aruba just looks for a 'success' confirmation text in the output to grant wi-fi access. 

 

I noticed that many people use RADIUS together with external login pages and I can't figure out why? Could anybody clarify please?

 

I mean, if users credentials are stored elsewhere (presumably in the same application that provides login pages), why add extra complexity? Why would somebody choose RADIUS auth over success text auth? 

 

Also, what credentials would Aruba AP even send to RADIUS? The login page is external so Aruba doesn't get the username/password pair (unless you point external form back to APs built-in web-server?)

 

Thanks in advance!

Guru Elite

Re: External login (splash) page and RADIUS

The RADIUS server handles communication to the identity store and can also provide additional features like profiling, advanced policy control, device caching, etc.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: External login (splash) page and RADIUS

Ok I see, but what credentials would Aruba send to RADIUS for verification? Since it's an external page, I assume the credentials entered weren't captured by Aruba (unless, as I mentioned earlier, you somehow direct the form to AP itself)

Guru Elite

Re: External login (splash) page and RADIUS

Many times the external login page also lives on the RADIUS server. If you were using the controller's splash page, the controller would send the credentials off to the RADIUS server which will process the request and check against the identity store.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: External login (splash) page and RADIUS

If the external page is hosted on the same machine as RADIUS, where would the login form (I mean HTML <form>) point to - back to Aruba AP so that it receives the credentials?

 

Otherwise, I don't see how Aruba would finalise RADIUS authentication?

Guru Elite

Re: External login (splash) page and RADIUS

The credentials are submitted through the controller and then a RADIUS
request is crafted. The RADIUS server will then send back a response to the
controller.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: External login (splash) page and RADIUS

I'm sorry, but how can credentials be submitted through the controller in case of an external login page? User enters his details on that external page, controller doesn't have them? 

Guru Elite

Re: External login (splash) page and RADIUS

The POST is made to the controller.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: