We are trying to setup MAC based only authentication for the Hotspot using a signup server located on a secure web server on our NOC. When a new client first logs in the Mikrotic does send the RADIUS authentication to our server. This of course fails as they are not in the server yet. When they we browse they are taken to our external SSL server and can signup using a credit card for service. After that we add the MAC address to the RADIUS server and forward them back to the Mikrotik login.html page. We are thinking this would force another RADIUS authentication and now their MAC address would be valid. However, the server does not seem to try to authenticate again as there is a hosts entry for this user. Removing the hosts entry does get it to authenticate again, but we are looking for a more automoated method. Any suggestions what we are doing wrong?
After you add the mac-address, don’t redirect the user to the login page, but redirect the user to the page they want to browse before the payment process.
That does not work either. The problem is that once the Mikrotik tries to authenticate against the RADIUS server by MAC address it does not seem to every try authenticating again. The only “hack” we have found so far is removing the MAC address from /ip hostpot host list and then it will authenticate again.
I see, I didn’t tought about it.
Maybe you can try to make a script on your payment web, after you add the the mac address on radius, the script will do telnet/ssh to the router, and delete the mac-address. So it will authenticate again. Not very easy, but I’m sure it’s do able.
That is what we are doing, however this seems more like a “hack” than working in the parameters of the box. It works though so we will live with it.
First I change login.html on the hotspot. Make a link to your signup page. Capture some useful information when you redirect to your credit card signup screen like this:
<a href="http://domain.tld/signup/status.php?dst=$(link-orig-esc)&mac=$(mac-esc)&ip=$(ip)&hostname=$(hostname)&id=$(identity)">Click Here</a>
Then after success credit card charge, redirect to http://($ip)/login
This will log them into hotspot and redirect them to status.html on the hotspot. Replace status.html with a page that says “Thank you for signing up, Your account has been activated” or something like that.