We are currently finalising our configuration of our guest network using the Clearpass captive portal functionality which we have configured using the excellent 2021 youtube guides.
Unfortunately after we complete registration and press login via the captive portal it pushes us to the clearpass server landing page and not the specified internet page the user should get once login is successful, it also does not allow internet access and the process effectively stops there.
We've been through all of our configuration and can't see what we are doing wrong ?
Any pointers on what to check would be helpful.
Under your page configuration, what do you have set as your Login Method and Address? If this is a redirect by the Aruba Mobility Gateway, you should have Controller Initiated as the Method and if you're leveraging a wildcard certificate on your Gateway, you can use "captiveportal-login.<your domain>.com". You can also control the post-login redirect via CPPM config or in the Gateway's L3 captive portal profile.
Hi Michael, thanks for answering we are using a wild card certificate and the address is configured as "captiveportal-login.<your domain>.com" where yourdomain is swapped for our domain of course.
The Login method is set to controller initiated as well.
We've tried building it from the ground up again but we got the same result.
Are they receiving the Guest admin portal at initial redirect or after they log in? If it's at initial redirect, make sure you verify the redirect URL in the L3 Captive Portal profile. If the URL is invalid, it may try to redirect you to CPPM and the default landing page can be changed to the admin login page as your describing.
The URL should be something like https://cppm.company.com/guest/web_page.php
OK So testing today I have set the default landing page on the clearpass server to the guest login page we use on the captive portal. Unfortunately all that happens is that when you login it just loops back to the login page again instead of the cppm admin page.
Also guest clients are no longer presented with the guest portal and it appears to be trying to load the portal from the APs rather than the Clearpass server.
I've been over DNS settings and the captive portal config and I cannot see where we are going wrong.
Are there any diagnostic tools or methods I can take to work out what is going on ?
I even tried working through the Youtube workshop guides again from scratch and got the same result.
My first guess would be that the login does not happen. You could have a look at the video about Controller vs Server initiated guest workflows, and use the browser developer tools as shown in that video to go through your deployment step by step to find at which point it doesn't work.
As mentioned already, many issues are caused by not having public trusted certificates on your ClearPass and/or Controller/Gateway/AP.
Hi Herman, thanks for your response on this, we have a wildcard certificate for our domain loaded to our Aruba Central tenant and applied it to the captive portal certificate option under the security tab.
Could this be an issue as I've seen a couple of people on reddit saying wildcards are not supported ?
Does the wildcard also need to be loaded onto the Clearpass server ?
We will run through Guest video 4 and see if this helps.
Wildcards are supported for captive portal, that's no issue. Make sure that you then in ClearPass point (the Address field) to captiveportal-login.your-wildcard.tld (if you have a wildcard *.your-wildcard.tld).
The ClearPass server should have a trusted HTTPS server certificate as well, which may be the same wildcard if your ClearPass has a fqdn that matches the wildcard.
Hi Herman, after working back through the changes we made it was just the certificate name and the clearpass DNS name.
During our troubleshooting of the certificate issues we changed the DNS records for the clearpass server to captiveportal-login.ourdomain.com and then we undid all of these changes. The problem was Aruba Central kept flipping the clearpass server name back to captiveportal-login which stopped it from loading on the client machine.
We have now resolved this by clearing the local override on the VC and everything now works great!
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.