I want to authenticate each connected user using wired connection. So i use Freeradius server along with mikrotik.
I want to make a simple change. I don’t want to use default authentication page provided by mikrotik, apart from it i want to use my own mechanism that request to authenticate to mikrotik.
Example of scenario
My application to authenticate ==> Mikrotik ==> Radius server
Kindly guide me that is it possible or not??
If you think it is a simple change, it is not a problem. What is your planned mechanism?
Are you using the hotspot to regulate access to the internet?
i m also facing the same problem.
Let me make it clear.
i have created my authentication module in “JAVA” and its a desktop based application. So now i want to send a authentication request to mikrotik. So is it possible? i don’t want to use default browser based authentication script provided by mikrotik when we are using hotspot.
In short i want to provide internet access after authentication using my desktop based Login module.
If the Java app works like a web client, it should be possible. I’m not saying it would be easy.
hey SurferTim
let me tell you my configuration,
i connect a laptop with my authentication application installed to mikrotik on ether1 and on ether9 i connect my freeradius server.
now my authentication module works fine when i request from my laptop to freeradius server.
But my question is how to notify mikrotik about rejection or acceptance of authentication request made by client so that it client can access internet??
You must authenticate through the Mikrotik router. The router must connect to the radius server, get the authentication and return that result to your Java app through a port 80 connection.
@SurferTim : so you mean its possible to authenticate using desktop based application to mikrotik??
Of course! Internet Explorer is a desktop app. Chrome is a desktop app. Firefox is a desktop app. Your Java app must emulate those apps to login.
@SurferTim : another question is that, mikrotik provides faclility to change look and feel of browser based authentication page.. ri8?
Your app need not respond to the “look and feel” stuff. Just the forms. All those web browsers are not returning the “look and feel” stuff to the router, just to you so the display will be pretty. I recommend using http-pap as a login-by setting to start. That way your app doesn’t need to do the javascript challenge processing.
@SurferTim : do you have any idea that what short of code i should make to send authentication request from my java application??
I’m not sure. I haven’t tried it. If you are not using the login-by=http-chap setting, it shouldn’t be too bad. Open a port 80 connection to the router, then send a form with the user/password to the correct “page” and wait for a response.
@SurferTim : thnx for the help.. If you can tell me the procedure of browser based authentication which is used mikrotik in detail then it can help me a lot..
I enabled my hotspot and tried to login. Then I did a “view source” of the login page (login.html). Here is mine shortened to just the stuff you need. If you are using login-by=http-pap, then this is the form you must submit to the router:
<form name=login action="http://192.168.1.1/login" method="post">
<input type="hidden" name="dst" value="">
<input type="hidden" name="popup" value="false">
<input name="username" type="text" value="myusername">
<input name="password" type="password" value="mypassword">
<input type="submit" value="Login">
</form>
The 192.168.1.1 is the router hotspot interface ip in my case. The page is “/login”. I entered values for the username and password in the code above. Then wait for the response and see if it worked.
ok. let me check that it works for me or not. Do you think that by providing simply username and password using a form we can authenticate our self to mikrotik?
It appears so. That is what that form does if using login-by=http-pap.
If you use login-by=http-chap, all bets are off. The chap challenge must be a current value sent by the router embedded in the login page, and the password encrypted with it using MD5. Then the username, encrypted password, and the chap challenge must be sent to the router for authentication.
can you please send whole code of your mikrotik login page? it will help me lot. i mean i want whole code of login page itself so that i can modify my login page accordingly.
@SurferTim : i have tried your suggestion in my local wifi connection and it works great, But if you can provide me full source code which is available when we right click on login page and click on “view page source” then i can make sure that your suggested approach can work work in mikrotik or not.
That code was produced by the standard login.html page from my router. I removed the stuff that applied to the login-by=http-chap and the formatting part. Look in your router under /file. It should be in a directory called hotspot/login.html.
The code I posted above was taken from a “view source” to get the ip and page.
ya you are ri8. But currently i don’t have mikrotik router. So i did my testing on D-link router. it works well. But i want to check make sure for mikrotik it will work as well. So if you can provide me that kind of stuff then it will be better for me.