Security

Hi, Im totally newby and Im having some problems trying to authenticate an user from External Captive Portal using the internal Radius.
The goal is to let the user use the wifi after pressing a button on my external captive portal page.

First of all, I have no idea what Im doing, but some threads on this community brought me here.

<form method="post" ACTION="https://securelogin.arubanetworks.com/cgi-bin/login">
    <input type="hidden" name="user" value="">
    <input type="hidden" name="password" value="">
    <input type="hidden" name="cmd" value="authenticate">
    <input id="device_mac" type="hidden" name="mac" value="4e:a3:31:c1:b8:3a">
    <input id="ap_mac" type="hidden" name="apmac" value="b8:3a:5a:5a:63:5a">
    <input id="ip_address" type="hidden" name="ip" value="">
    <input type="hidden" name="url" value="http://captive.apple.com/hotspot-detect.html">
    <button class="button" type="submit">Continue</button>
</form>

My questions are:
1 - Whats the default user and password set, that I can use here? (InternalRadius)
2 - Is it possible to add a different user/password? How to do this from CLI?
3 - Is there some tutorials covering this topic? I could not find.

Thanks in advance

------------------------------
Thiago Matsuno
------------------------------

3: I think this is a nice write-up: https://www.flomain.de/2016/12/aruba-instant-with-external-captive-portal/ with the exception that you need to install an SSL server certificate on your Instant AP in order to fix the certificate warnings. If you have Aruba Central management, you can use the aruba_default certificate from there, otherwise you need to install your own certificate. If you have Aruba Central management, there is Cloud Guest in there as well, and you could use that as well.
1&2: Yes, create an account in the Instant local users with a username and password of your choice and the type of Guest.

You will need to change the URL from https://securelogin.arubanetworks.com/cgi-bin/login to your own domain that you requested the certificate on, like https://guest.your-own-domain.tld/cgi-bin/login

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 07, 2021 12:21 PM
From: Thiago Matsuno
Subject: Radius authentication request from External Captive Portal

Hi, Im totally newby and Im having some problems trying to authenticate an user from External Captive Portal using the internal Radius.
The goal is to let the user use the wifi after pressing a button on my external captive portal page.

First of all, I have no idea what Im doing, but some threads on this community brought me here.

<form method="post" ACTION="https://securelogin.arubanetworks.com/cgi-bin/login">
    <input type="hidden" name="user" value="">
    <input type="hidden" name="password" value="">
    <input type="hidden" name="cmd" value="authenticate">
    <input id="device_mac" type="hidden" name="mac" value="4e:a3:31:c1:b8:3a">
    <input id="ap_mac" type="hidden" name="apmac" value="b8:3a:5a:5a:63:5a">
    <input id="ip_address" type="hidden" name="ip" value="">
    <input type="hidden" name="url" value="http://captive.apple.com/hotspot-detect.html">
    <button class="button" type="submit">Continue</button>
</form>

My questions are:
1 - Whats the default user and password set, that I can use here? (InternalRadius)
2 - Is it possible to add a different user/password? How to do this from CLI?
3 - Is there some tutorials covering this topic? I could not find.

Thanks in advance

------------------------------
Thiago Matsuno
------------------------------

Thanks for your reply!

Based on your information I was able to achive what I was trying to do. Thanks a lot!

For those who are having the same problem I will write down what was need to make it work:

1- Make sure that you have at least one account registered to login as guest (info that will be send to Radius server)
2- If you don't register the certificate correctly, you will not be able to send the FORM POST, so make sure that its working

------------------------------
Thiago Matsuno
------------------------------

Original Message:
Sent: Nov 11, 2021 05:33 AM
From: Herman Robers
Subject: Radius authentication request from External Captive Portal

3: I think this is a nice write-up: https://www.flomain.de/2016/12/aruba-instant-with-external-captive-portal/ with the exception that you need to install an SSL server certificate on your Instant AP in order to fix the certificate warnings. If you have Aruba Central management, you can use the aruba_default certificate from there, otherwise you need to install your own certificate. If you have Aruba Central management, there is Cloud Guest in there as well, and you could use that as well.
1&2: Yes, create an account in the Instant local users with a username and password of your choice and the type of Guest.

You will need to change the URL from https://securelogin.arubanetworks.com/cgi-bin/login to your own domain that you requested the certificate on, like https://guest.your-own-domain.tld/cgi-bin/login

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 07, 2021 12:21 PM
From: Thiago Matsuno
Subject: Radius authentication request from External Captive Portal

Hi, Im totally newby and Im having some problems trying to authenticate an user from External Captive Portal using the internal Radius.
The goal is to let the user use the wifi after pressing a button on my external captive portal page.

First of all, I have no idea what Im doing, but some threads on this community brought me here.

<form method="post" ACTION="https://securelogin.arubanetworks.com/cgi-bin/login">
    <input type="hidden" name="user" value="">
    <input type="hidden" name="password" value="">
    <input type="hidden" name="cmd" value="authenticate">
    <input id="device_mac" type="hidden" name="mac" value="4e:a3:31:c1:b8:3a">
    <input id="ap_mac" type="hidden" name="apmac" value="b8:3a:5a:5a:63:5a">
    <input id="ip_address" type="hidden" name="ip" value="">
    <input type="hidden" name="url" value="http://captive.apple.com/hotspot-detect.html">
    <button class="button" type="submit">Continue</button>
</form>

My questions are:
1 - Whats the default user and password set, that I can use here? (InternalRadius)
2 - Is it possible to add a different user/password? How to do this from CLI?
3 - Is there some tutorials covering this topic? I could not find.

Thanks in advance

------------------------------
Thiago Matsuno
------------------------------