This is a hostel network, if i connect to the access point, and login the hotspot, it will come out this “web browser did not send challenge response (try again, enable JavaScript)”, I tried at many computer also have this problem.
If I directly connect it thru the cable without going thru the access point, it will not show this “web browser did not send challenge response (try again, enable JavaScript)”.
The hotspot is set to use http-chap in your case. If the client computer does not return the chap challenge with an encrypted password, that is the error you get. Normally that is due to JavaScript disabled. That is required to use the chap challenge sent by the hotspot to encrypt the password.
The “login-by=http-chap” is a double encryption scheme. There is no way to decrypt the password. The radius server must retrieve the plain text password for that user from its user database, and use the chap challenge you sent with your encrypted password to encrypt the valid password from the database. Then the radius server compares the two encrypted passwords. If they match, you get Access-Accept. If they don’t, you get Access-Reject.
You can test the login by using “login-by=http-pap”. That does not require JavaScript or the chap challenge, but it does not encrypt the password, so the password is sent clear text.
it is do like this?
Yes, change the login by to http-pap. That does not require the chap challenge, nor does it encrypt the password.
The “split user domain” is for using multiple radius servers, each defined by a domain name. That way “myuser” and “myuser@defaultdomain.com” can use one radius server for auth/accounting, and “myuser@newdomain.com” will use another radius server.
but i have no problem if connect thru cable. i just will have this problem when i connect to Access point and try to access the network.
but i have no problem if connect thru cable. i just will have this problem when i connect to Access point and try to access the network.
What does this mean? You have two separate physical interfaces involved here? Both are on the same hotspot? wlan and ether bridged? Two different hotspots on separate interfaces? One on a hotspot and the other direct?
i just have one interface when i connect.
When i am using LAN cable connect to my pc, this will not happened.
But when i connect thru wireless access point, it will appear this problem.
Both are under the same network and hotspot, just the connect method is different. One is using LAN cable and one is using wireless.
When i am using LAN cable connect to my pc, this will not happened.
But when i connect thru wireless access point, it will appear this problem.
Both are under the same network and hotspot, just the connect method is different. > One is using LAN cable and one is using wireless> .
That is two physical interfaces. Please post “/ip hotspot print”.That will show what interface the hotspot is actually assigned to.
here is all my setting:
[admin@MikroTik] > /export compact
may/18/2013 03:57:13 by RouterOS 6.0rc14
software id = Y7XA-J0NQ
/ip hotspot profile
add dns-name=tpwifi.tk hotspot-address=172.16.0.1 login-by=cookie,http-pap
name=hsprof1 use-radius=yes
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=hs-pool-1 ranges=172.16.0.2-172.16.3.254
add name=dhcp-pool-1 ranges=172.16.0.2-172.16.3.254
/ip dhcp-server
add address-pool=hs-pool-1 disabled=no interface=ether1 lease-time=1h name=
dhcp1
/ip hotspot
add address-pool=hs-pool-1 disabled=no interface=ether1 name=hotspot1 profile=
hsprof1
/port
set 0 name=serial0
/tool user-manager customer
add backup-allowed=yes disabled=no login=nelson6069 password=0204
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no
permissions=owner signup-allowed=no time-zone=-00:00
add backup-allowed=no disabled=no login=pometia parent=nelson6069 password=
hashim paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no
permissions=read-write signup-allowed=no time-zone=-00:00
/tool user-manager profile
add name=Foundation317 name-for-users="" override-shared-users=1 owner=pometia
price=0 starts-at=now validity=11w
/ip address
add address=172.16.0.1/22 comment="hotspot network" interface=ether1 network=
172.16.0.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether2
/ip dhcp-server network
add address=172.16.0.0/22 comment="hotspot network" gateway=172.16.0.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here"
disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here"
disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network"
src-address=172.16.0.0/22 to-addresses=0.0.0.0
/ip hotspot user
add name=nelson6069 password=0204
/ip service
set www port=6069
/radius
add address=127.0.0.1 secret=0204 service=hotspot
/radius incoming
set accept=yes
/system clock manual
set time-zone=+08:00
/system ntp client
set enabled=yes primary-ntp=82.165.36.179
/system routerboard settings
set cpu-frequency=1200MHz memory-frequency=1066DDR
/tool user-manager router
add coa-port=1700 customer=pometia disabled=no ip-address=127.0.0.1 log=
auth-ok,auth-fail,acct-ok,acct-fail name=TPWiFi shared-secret=0204
use-coa=no
/tool user-manager user
add customer=pometia disabled=no name=f317zz35 password=f317zz35 shared-users=1
wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=pometia disabled=no name=f317b3zg password=f317b3zg shared-users=1
wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=pometia disabled=no name=f317pea2 password=f317pea2 shared-users=1
wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=pometia disabled=no name=f317e29u password=f317e29u shared-users=1
wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=pometia disabled=no name=f317z9d6 password=f317z9d6 shared-users=1
wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
[admin@MikroTik] >
Here is my log:
it still happened after i change Login by to HTTP PAP.
I am using username "f317zz35" to login to hotspot.
What is wrong with my setting?
How does the wireless device fit in here? I see no wireless settings there. Is the wireless router (access point) connected to ether1 somehow? Maybe a separate piece of equipment?
If so, you can increase the number of ips assigned to one mac address (wireless router?).
/ip hotspot
set hotspot1 addresses-per-mac=250
the router not come with wireless function. so i connect from port ether1 to 6 switches and 28 Access point.
I put the address per mac to 500 then solved.
But now some more problem come again.
this morning when i connect to the network, it will redirect to the hotspot login page, but now i will not redirect to the login page.
even i type my hotspot login page url also cannot. what is the problem?
this morning when i connect to the network, it will redirect to the hotspot login page, but now i will not redirect to the login page.
even i type my hotspot login page url also cannot. what is the problem?
Can you access the internet? If you still have “login-by=cookie,http-pap”, then you will not need to login for about 3 days. The cookie will do that for you.
Can you access the login page by ip address?
My router actually is access to internet, but i cannot access to login page even i type ip address.
If I am already logged in, I can’t get a login page either, but that is how it is supposed to work. I get a status page instead with a logout button.
ya.. I can’t get a login page.
do you know what this message mean?
“simultaneous session limit reached”
Are you talking about attempting to login with the same user/password more than once? If so, you need to increase the value for shared-users.
/ip hotspot user profile
set X shared-users=2
If not, then you may have a problem with your license on that Mikrotik device. If you have a level 4 license, it allows only 200 users logged in simultaneously.
http://wiki.mikrotik.com/wiki/Manual:License#License_Levels
I am using CCR1016-12G router which is RouterOS v6 (64bit) and RouterOS License L6.
I just set each user only valid for one device at the same time.
Between i want to do some qos, for example Web suffer (Priority 1), Skype (Priority2), P2P and bit torrent (Priority3).. any idea how to do it?