Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass Guest Portal login sending users to Clearpass Admin portal

This thread has been viewed 32 times
  • 1.  Clearpass Guest Portal login sending users to Clearpass Admin portal

    Posted Nov 15, 2023 09:23 AM

    Hi all,

    We are currently finalising our configuration of our guest network using the Clearpass captive portal functionality which we have configured using the excellent 2021 youtube guides.

    Unfortunately after we complete registration and press login via the captive portal it  pushes us to the clearpass server landing page and not the specified internet page the user should get once login is successful, it also does not allow internet access and the process effectively stops there.

    We've been through all of our configuration and can't see what we are doing wrong ?

    Any pointers on what to check would be helpful.

    Many Thanks!



  • 2.  RE: Clearpass Guest Portal login sending users to Clearpass Admin portal

    MVP
    Posted Nov 16, 2023 11:27 AM

    Under your page configuration, what do you have set as your Login Method and Address? If this is a redirect by the Aruba Mobility Gateway, you should have Controller Initiated as the Method and if you're leveraging a wildcard certificate on your Gateway, you can use "captiveportal-login.<your domain>.com". You can also control the post-login redirect via CPPM config or in the Gateway's L3 captive portal profile. 



    ------------------------------
    Michael Haring
    Sr. Network and Communications Expert
    Lehigh Valley Health Network
    ------------------------------



  • 3.  RE: Clearpass Guest Portal login sending users to Clearpass Admin portal

    Posted Nov 28, 2023 08:22 AM

    Hi Michael, thanks for answering we are using a wild card certificate and the address is configured as "captiveportal-login.<your domain>.com" where yourdomain is swapped for our domain of course.

    The Login method is set to controller initiated as well.

    We've tried building it from the ground up again but we got the same result. 




  • 4.  RE: Clearpass Guest Portal login sending users to Clearpass Admin portal

    MVP
    Posted Nov 28, 2023 09:00 AM

    Are they receiving the Guest admin portal at initial redirect or after they log in? If it's at initial redirect, make sure you verify the redirect URL in the L3 Captive Portal profile. If the URL is invalid, it may try to redirect you to CPPM and the default landing page can be changed to the admin login page as your describing. 

    The URL should be something like https://cppm.company.com/guest/web_page.php



    ------------------------------
    Michael Haring
    ------------------------------



  • 5.  RE: Clearpass Guest Portal login sending users to Clearpass Admin portal

    Posted Nov 29, 2023 10:54 AM

    OK So testing today I have set the default landing page on the clearpass server to the guest login page we use on the captive portal. Unfortunately all that happens is that when you login it just loops back to the login page again instead of the cppm admin page.

    Also guest clients are no longer presented with the guest portal and it appears to be trying to load the portal from the APs rather than the Clearpass server.

    I've been over DNS settings and the captive portal config and I cannot see where we are going wrong.

    Are there any diagnostic tools or methods I can take to work out what is going on ?

    I even tried working through the Youtube workshop guides again from scratch and got the same result.




  • 6.  RE: Clearpass Guest Portal login sending users to Clearpass Admin portal

    Posted Dec 05, 2023 03:45 AM

    My first guess would be that the login does not happen. You could have a look at the video about Controller vs Server initiated guest workflows, and use the browser developer tools as shown in that video to go through your deployment step by step to find at which point it doesn't work.

    As mentioned already, many issues are caused by not having public trusted certificates on your ClearPass and/or Controller/Gateway/AP.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 7.  RE: Clearpass Guest Portal login sending users to Clearpass Admin portal

    Posted Dec 06, 2023 10:02 AM

    Hi Herman, thanks for your response on this, we have a wildcard certificate for our domain loaded to our Aruba Central tenant and applied it to the captive portal certificate option under the security tab.

    Could this be an issue as I've seen a couple of people on reddit saying wildcards are not supported ?

    Does the wildcard also need to be loaded onto the Clearpass server ?

    We will run through Guest video 4 and see if this helps.




  • 8.  RE: Clearpass Guest Portal login sending users to Clearpass Admin portal
    Best Answer

    Posted Dec 07, 2023 08:00 AM

    Wildcards are supported for captive portal, that's no issue. Make sure that you then in ClearPass point (the Address field) to captiveportal-login.your-wildcard.tld (if you have a wildcard *.your-wildcard.tld).

    The ClearPass server should have a trusted HTTPS server certificate as well, which may be the same wildcard if your ClearPass has a fqdn that matches the wildcard.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 9.  RE: Clearpass Guest Portal login sending users to Clearpass Admin portal

    Posted Dec 13, 2023 09:16 AM

    Hi Herman, after working back through the changes we made it was just the certificate name and the clearpass DNS name.

    During our troubleshooting of the certificate issues we changed the DNS records for the clearpass server to captiveportal-login.ourdomain.com and then we undid all of these changes. The problem was Aruba Central kept flipping the clearpass server name back to captiveportal-login which stopped it from loading on the client machine.

    We have now resolved this by clearing the local override on the VC and everything now works great!

    Thanks again!