Security

I'm trying to work out how to configure the following (if it's even possible).

 

Currently we have a CP500 and a number of IAP105 and IAP135 APs.  CP is integrated into active directory and we have an open SSID for guest use via a captive portal.  Users self-register and get 8 hours of free access.

 

What we would like to do:

 

1. Set up a role on the IAP Virtual Controller that is for pre-provisioning to allow access to the CP500 (obviously) and also a corporate website that is internet based (but not allow click through beyond the corporate website).
2. Set up a guest role that is allowed 20 minutes of free WIFI access to the internet with a prompt at 5 minutes remaining (to inform the user that they need to register to continue).  When the 20 minutes is up, the role should drop back to pre-provisioned and the user should only be able to access the internet if they register/login.
3. Maintain a banner/header at the top of browsers with a logo/RSS for advertising that allows the user to close it and continue without the banner/header after a fixed time.
4. Extract guest registration details from the registration form to a csv file that is to be saved on a shared drive on the domain.

I guess some of this would be easier with the advertising module for ClearPass if it was released, but in the meantime is it achievable via a combination of Java/PHP and do you have a links/guides/advice?

 

Thanks for your time.

 

tharg.

So I've tried to do some digging and I'm not getting anywhere fast.

 

Looking at the CPPM Guest, I can manually export all user accounts to a .CSV manually, but I can't find anyway to dump user accounts plus other data that was filled out during the registration on a schedule.  What I'm trying to extract is first name, surname, post code, email address and 2 check box values.

 

I thought I might be able to do something with the CPPM Syslog Server and Export filters but not having any luck there either.

 

I'm still struggling with the injected content.  I know other captive portal solutions can brand the top of all pages visited by an end user but I just can't find anything for a CPPM/IAP virtual controller combintation.

 

tharg.

When you do a export client you can customize what fields are seen.

 

 

 

 

 

Hi Troy,

 

Thanks for the guidance with exporting.  I can export the CSV manually with the information we require but is there a way to do it automatically?

 

Looking at Insight, I can create HTML reports on a schedule but I can't add custom fields to the reports.

 

Thanks again for your time.

 

tharg

As of today that is the only way. There are changes coming in future releases the will give more flex abilities in insight so you can run custom reports and fields.

Hi Troy,

 

Thanks for clearing that up for me.  I've managed to get around the CSV download by using an AutoIT script for now.

 

You wouldn't happen to have any ideas on the 'injected header' by any chance?

 

I'm trying to get something like CoovaChill's (an open source captive portal) layer 3 injection to add a branded header to the top of every page that a user visits.

 

In an attempt to mimic this kind of behaviour, I'm trying to work out if I can force a redirect for all pages (even after registration/login) that goes to a Captive Portal consisting of Header (in this case, a logo, an rss feed and a close header button) and then a full page iframe that would display the original destination page.

 

With the IAP Virtual Controller and CPPM combination, is there a hidden field that would be the destination URL or is the URL stored in a cookie like in ArubaOS6 (the only place I've seen mention the redirection process)?

 

Thanks for your help.

 

tharg.

It looks like iframes won't cut it.  Too many pages are detecting the iframe and either breaking out or throwing up errors.

 

Would it be possible to use forced redirection to show an ad before each page load for the unregistered users as an alternative if there aren't any javascript work arounds for banner injection?

Following Troys advice, I've set up a report using the default fields available for first name, last name, email and zip code.

 

I've a couple of issues with the reporting.

 

1. I'd like to use custom fileds for the first name, last name, email and zip code to make sure that we only report the details for a particular registration form but when I try to use custom fields the end user sees the receipt page with correct details and click login but CPPM Access Tracker shows the user connected with a random username not the one in the receipt and the csv report is empty.

 

2. We need to include 2 boolean yes/no questions in the registration page.  I've created 2 boolean fields with yes/no and they display in the registration form ok but I'm unable to add these to the custom view for the report.  Do I need some IF/THEN logic to set a field variable that can be included in the report?

 

Thanks

 

tharg.

I'm not sure if your a partner but if you are and have access here is a How-To

https://afp.arubanetworks.com/afp/index.php/How-To:_Create_a_Self_Registration_Survey

Hi Troy,

Thanks for the link/guide for the self-registration survey. I've now got the reporting working as described in the PDF.

The last piece of the puzzle is the free browsing for 20 minutes followed by a redirect to a registration portal and if the user doesn't register a second time, redirecting them back every 5 minutes.

tharg

---

The last piece of the puzzle is the free browsing for 20 minutes followed by a redirect to a registration portal and if the user doesn't register a second time, redirecting them back every 5 minutes.

---

Hi tharg,

 

Were you able to get this working?  If so, can you provide some details on how you set it up?

 

Thanks,

Chad