Wireless Access

 View Only
last person joined: 13 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

External Captive Portal - RADIUS Authentication

This thread has been viewed 16 times

  • 1.  External Captive Portal - RADIUS Authentication

    Posted Jul 17, 2017 10:19 AM

    I'm relatively new to Aruba, but have a requirement for an external captive portal (splash page), authenticated via a RADIUS.

     

    I initially set this up almost a month ago and has worked perfectly since - until the end of last week. Now, it just won't authenticate. The form submits to the Aruba authentication URL - but there is no response from that URL - I can't even ping it. Has it changed, or am I missing something?

     

    I've changed nothing within Aruba Central, and the captive portal displays - it's only the authentication that's not working. For reference, the RADIUS is being used to authenticate a different network with Meraki APs, and works fine, so don't believe that it's RADIUS related.

     

    This is the form I am using:
    <form method="post" ACTION="https://securelogin.arubanetworks.com/cgi-bin/login">
    <input type="hidden" name="user" value="">
    <input type="hidden" name="password" value="">
    <input type="hidden" name="cmd" value="authenticate">
    <input id="device_mac" type="hidden" name="mac" value="<?php echo $_REQUEST['mac']; ?>">
    <input id="ap_mac" type="hidden" name="apmac" value="<?php echo $_REQUEST['apmac']; ?>">
    <input id="ip_address" type="hidden" name="ip" value="<?php echo $_REQUEST['ip']; ?>">
    <input type="hidden" name="url" value="<?php echo $_REQUEST['url']; ?>">
    <button class="button" type="submit">Continue</button>
    </form>

     

    Look forward to any suggestions anyone may have?



  • 2.  RE: External Captive Portal - RADIUS Authentication
    Best Answer

    EMPLOYEE
    Posted Jul 18, 2017 04:16 AM

    As a quick check, please change securelogin.arubanetworks.com to securelogin.hpe.com in your HTML code.

     

    Explanation: In the past, all Aruba APs and controllers came with a pre-installed trusted certificate for securelogin.arubanetworks.com. Since last summer it is no longer possible to ship APs with such a certificate (https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/ta-p/275814). Customers are expected to install their own certificate, and all references that pointed to securelogin.arubanetworks.com now have to be changed to the common-name.

    Users of Aruba Central cloud management platform, more specific the Guest module, will receive a trusted certificate pushed from the platform with the name securelogin.hpe.com to make deployment easier.  This only happens if there is no customer specific certificate installed.

     

    The captive portal login will only respond to the common name in the certificate that is installed to the Instant AP.

     

    If you are unsure what certificate is installed, you can check it on the AP with the CLI: show cpcert, or in the GUI under Maintenance, the Certificates. Scroll a bit down to the Current CP Server Certificate.



  • 3.  RE: External Captive Portal - RADIUS Authentication

    Posted Jul 19, 2017 05:50 AM

    Thanks for your help - that's exactly what it was. Strange it did work for the first few week though.