I'm relatively new to Aruba, but have a requirement for an external captive portal (splash page), authenticated via a RADIUS.
I initially set this up almost a month ago and has worked perfectly since - until the end of last week. Now, it just won't authenticate. The form submits to the Aruba authentication URL - but there is no response from that URL - I can't even ping it. Has it changed, or am I missing something?
I've changed nothing within Aruba Central, and the captive portal displays - it's only the authentication that's not working. For reference, the RADIUS is being used to authenticate a different network with Meraki APs, and works fine, so don't believe that it's RADIUS related.
This is the form I am using:<form method="post" ACTION="https://securelogin.arubanetworks.com/cgi-bin/login"><input type="hidden" name="user" value=""><input type="hidden" name="password" value=""><input type="hidden" name="cmd" value="authenticate"><input id="device_mac" type="hidden" name="mac" value="<?php echo $_REQUEST['mac']; ?>"><input id="ap_mac" type="hidden" name="apmac" value="<?php echo $_REQUEST['apmac']; ?>"><input id="ip_address" type="hidden" name="ip" value="<?php echo $_REQUEST['ip']; ?>"><input type="hidden" name="url" value="<?php echo $_REQUEST['url']; ?>"><button class="button" type="submit">Continue</button></form>
Look forward to any suggestions anyone may have?
As a quick check, please change securelogin.arubanetworks.com to securelogin.hpe.com in your HTML code.
Explanation: In the past, all Aruba APs and controllers came with a pre-installed trusted certificate for securelogin.arubanetworks.com. Since last summer it is no longer possible to ship APs with such a certificate (https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/ta-p/275814). Customers are expected to install their own certificate, and all references that pointed to securelogin.arubanetworks.com now have to be changed to the common-name.
Users of Aruba Central cloud management platform, more specific the Guest module, will receive a trusted certificate pushed from the platform with the name securelogin.hpe.com to make deployment easier. This only happens if there is no customer specific certificate installed.
The captive portal login will only respond to the common name in the certificate that is installed to the Instant AP.
If you are unsure what certificate is installed, you can check it on the AP with the CLI: show cpcert, or in the GUI under Maintenance, the Certificates. Scroll a bit down to the Current CP Server Certificate.
Thanks for your help - that's exactly what it was. Strange it did work for the first few week though.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.