Very New Hotspot Question

RaymondMeg · August 26, 2013, 6:46pm

HI,all

we setup an hotspot server on RB751G successfully with external login server. But …It’s not perfect.

By now ,the workflow of our hotspot like this:

1/ we embeded an username/password into router ,i.e demouser/demopass;
2/ following the manuall ,we redirect user login page to external server (http://myserver/login.php). The customer input their username and password to complete the Authentication.
but ,the customer username and password is completely different with embed one. AND,we didn’t use RADIUS solution.
3/ If customer input right information ,our server will send POST to http://router/login with username = demouser, password = demopass ( embed user in router) .

This is work ,but we think it’s not perfect and will cause security issue.

In future ,we will manage hundreds APs in our network,but needn’t billing .So ,we don’t want radius server for Authentication.

So, we want to " Authentication once ,Access everywhere" (but only one internet gateway , we know it’s not possible with multi gateway situation).
And also means , we don’t want store any user information on any Device, even “demouser”.

Is there any solution for that? If there’s a solution just tell Router " i’m the super user , the customer is Ok. "

Any help will be appreciate .

Raymond Meg

KoenDeMol · September 25, 2013, 5:44pm

Hmmm .. looking for the same thing. (http://forum.mikrotik.com/t/add-active-users-with-session-limit-to-hotspot-through-api/69972/1)

I sent a mail to MKTK support and they advised me to use the API, but can’t find the complete command set for the API. Until now, no luck …

omega-00 · September 27, 2013, 12:15am

RADIUS is made to be used for AAA (Authorization, Accounting, Authentication) but doesn’t have to be used to bill the end user; in fact you don’t even need to keep the accounting data if you’re not interested in it.

That said, RADIUS is also going to be the best option if you’re wanting to keep track of multiple user/passwords across multiple devices.. point them all back at one central RADIUS server.

If you’re not sure about how RADIUS works and don’t want to maintain your own FreeRADIUS installation or similar, why not just give the MikroTik Usermanager a try instead? It seems like you have the basic understanding of how the login process works for the hotspot so there’s no reason you couldn’t either:

a) Use your remote server + a RADIUS server for all your devices to authenticate via
b) Use the MikroTik usermanager as the RADIUS server for all your devices to authenticate via