Wireless Access

last person joined: 22 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

External login (splash) page and RADIUS

This thread has been viewed 1 times

  • 1.  External login (splash) page and RADIUS

    Posted Dec 01, 2016 07:01 PM

    Hi guys!

     

    I've just started using Aruba APs, I'm using an external login (splash) page for my captive portal setup - at the moment Aruba just looks for a 'success' confirmation text in the output to grant wi-fi access. 

     

    I noticed that many people use RADIUS together with external login pages and I can't figure out why? Could anybody clarify please?

     

    I mean, if users credentials are stored elsewhere (presumably in the same application that provides login pages), why add extra complexity? Why would somebody choose RADIUS auth over success text auth? 

     

    Also, what credentials would Aruba AP even send to RADIUS? The login page is external so Aruba doesn't get the username/password pair (unless you point external form back to APs built-in web-server?)

     

    Thanks in advance!



  • 2.  RE: External login (splash) page and RADIUS

    EMPLOYEE
    Posted Dec 01, 2016 07:03 PM
    The RADIUS server handles communication to the identity store and can also provide additional features like profiling, advanced policy control, device caching, etc.


  • 3.  RE: External login (splash) page and RADIUS

    Posted Dec 01, 2016 07:23 PM

    Ok I see, but what credentials would Aruba send to RADIUS for verification? Since it's an external page, I assume the credentials entered weren't captured by Aruba (unless, as I mentioned earlier, you somehow direct the form to AP itself)



  • 4.  RE: External login (splash) page and RADIUS

    EMPLOYEE
    Posted Dec 01, 2016 07:27 PM
    Many times the external login page also lives on the RADIUS server. If you were using the controller's splash page, the controller would send the credentials off to the RADIUS server which will process the request and check against the identity store.


  • 5.  RE: External login (splash) page and RADIUS

    Posted Dec 01, 2016 07:32 PM

    If the external page is hosted on the same machine as RADIUS, where would the login form (I mean HTML <form>) point to - back to Aruba AP so that it receives the credentials?

     

    Otherwise, I don't see how Aruba would finalise RADIUS authentication?



  • 6.  RE: External login (splash) page and RADIUS

    EMPLOYEE
    Posted Dec 01, 2016 07:53 PM
    The credentials are submitted through the controller and then a RADIUS
    request is crafted. The RADIUS server will then send back a response to the
    controller.


  • 7.  RE: External login (splash) page and RADIUS

    Posted Dec 01, 2016 08:05 PM

    I'm sorry, but how can credentials be submitted through the controller in case of an external login page? User enters his details on that external page, controller doesn't have them? 



  • 8.  RE: External login (splash) page and RADIUS

    EMPLOYEE
    Posted Dec 01, 2016 08:06 PM
    The POST is made to the controller.