Help how to -- External authentication server

hotspotsolutions · April 24, 2006, 2:39am

Hi,

As per the manual I want to redirect login attempts to our external authentication server. So I set it up as manula below which works fine, goes to server and all that:

Modify login page of the HotSpot servlet to redirect to the external authentication server. The
external server should modify RADIUS database as needed
Here is an example of such a login page to put on the HotSpot router (it is redirecting to
https://auth.example.com/login.php> , replace with the actual address of an external
authentication server):
...

That is fine, however I then need to point our server back to the mikrotik so it will do the radius login.

So as per the manual:

The external server can log in a HotSpot client by redirecting it back to the original HotSpot
servlet login page, specifying the correct username and password
Here is an example of such a page (it is redirecting to > https://hotspot.example.com/login> ,
replace with the actual address of a HotSpot router; also, it is displaying > http://www.mikrotik.com
after successful login, replace with what needed):
Hotspot login page

We dont have SSL enabled, so we replace https with http, but:
http://hotspot.example.com/login
just gives an error as the page cant be found. When you access that domain, it is the management interface, which is not what you want right. So I thought it was on a different port, couldnt work that out?

Am I missing something?

tneumann · April 24, 2006, 2:34pm

The login page will only work for connections coming from within the hotspot network. Any other HTTP access to the router from a non-hotspot interface will either not work at all or bring up Webbox (depending on configuration).

So you’re sure that you’re doing your login tests from a client within the hotspot network?

–Tom

hotspotsolutions · April 24, 2006, 10:55pm

yes absolutely, but the problem is our server sits out on the internet, and has no way of pushing the login url back to the mikrotik because its not on the hotspot sid eof the network.

That doesnt seem to make any sense to me. 2.8 used to be accessible from the server as a hotspot and you could login from any interface (which wasnt really the best either but at least you could do it)

It seems illogical to not be able to do this, except f your server is inside the hotspot network?

tneumann · April 25, 2006, 6:22am

The client (using the web browser) has to be inside the hotspot network. The webserver can be outside (but include the server in your walled-garden rules).

–Tom