Hi there,
we have some user groups (Microsoft Active Directory Users) who have only acces via a proprietary captive portal appliance. The user devices aren't domain members. These users gain access via an open/unecrypted WLAN (Aruba controller/Access Points).
We consider to replace this proprietary captive portal with either the integrated captive portal function on the mobility controllers or clearpass.
Question: Is there a way that these users are able to change their AD password via the captive portal page (in case of password expiration and the user has to change it). Let me write down the process at a very high level:
- User is redirected to captive portal login page
- User provides credentials
- Mobility Controller/RADIUS receives message from AD that the password it expired and the user has to change it
- Captive Portal Page informs the user that the password has expired
- Captive Portal Page provides a form the user can enter the old password (for validation) and the new password
- Mobility Controller/RADIUS changes the users password in AD
- User is either authenticated or has to provide the new password again to gain access
With the current proprietary solution this is possible. RADIUS and MSCHAPv2 supports password changes, see the FreeRADIUS v3 implementation as a reference: https://github.com/FreeRADIUS/freeradius-server/blob/v3.1.x/doc/modules/mschap.rst#password-changes
It would be great if anybody could explain if this is possible with Aruba captive portals (slightly different solutions would help me also)
Thanks in advance,
Tobias