I have setup an external hotspot login page and everything works nicely until I send login information back to mikrotik.

After the login information is sent back I keep getting redirected back to the login page. Only way to 're-authenticate' agianst radius - is to release and renew IP address on client.

I have tried two methods of sending login username and password back to the mikrotik after the account has been added via the external login page.

Method 1: post
(I hard coded the mac for testing)
<html>
<title>Hotspot login page</title>
<body>
<form name="login" action="http://host/login" method="post">
<input type="text" name="username" value="xx:xx:xx:xx:xx:xx">
<input type="password" name="password" value="">
<input type="submit" name="login" value="log in">
</form>
</body>
</html>

Method 2: url redirect
After account is added redirect back to mikrotik specifying username and password.
http://host/login?user=xx:xx:xx:xx:xx:xx&password=

When looking at radius debug logs on mikrotik, I dont see any request generated when using either method.

Any help and direction is appreciated.

Thanks,
-dan

This will not work with most browsers. They will need an ip or valid domain name. "host" is not a fully qualified domain name.

Here is a wiki on the external login procedure. Maybe this will help.
http://wiki.mikrotik.com/wiki/HotSpot_e ... login_page

I removed the ip, host is just intended as a place holder for the real ip or fqdn for example purposes.

That is probably not the only problem, just the first one I noticed. Read the wiki. That should help.

If you are not going to encrypt the password, then set the login type to pap. Also, set a more verbose logging mode for radius Try the login again and check the log.

Thanks for the reply! My issue was the login-type ( i had only specified mac)

After specifing the type as mac,http-pap it worked.

Which method is a better way of performing the login, url redirect or post method?

My next step is to add encryption. I have not been able to locate information on doing this, can any direction be given here?

Thanks again!

-dan

Both the internal and external login page is designed for a post form method. The MD5 encryption is set for that.

The router will send a chap-challenge with the login page that the MD5 routine will use to encrypt the password. That is why you need to forward several of those variables to external login.php page.

Besides, the error message is always good to have. That way you know why you didn't log in.

Im not using the php page, my external app uses ASP/VB. I wasnt sure what needed done at the router level to enable https. I will take a look at the php example and try to implement the same into my app. Any other suggestions are welcome.

Thanks again for the direction!