Hi guys. i searched through the forum but couldn't quite find the answer.
I have a php server with a login page that users log in to that to access our local resources. now what I want to do is to use the same server to redirect the users after they've logged in, to the Hotspot login page that will redirect them to another php page for external login ( base on http://wiki.mikrotik.com/wiki/HotSpot_e ... login_page ). that php page will decide if whether the user is allowed to access the Internet or not and if it is, it does the MD5 hash itself (with a pass that is unknown to the user) and gives the hash to the user so it could do a POST and logs in.
as It's quite obvious, i wanna do some sort of external authentication, without RADIUS server. and the actual pass for the Hotspot is unknown even for the user. because of the nature of what i want to do, the only solution seems to be HTTP CHAP. now i have 2 questions:
1- I think what i want to achieve is doable but i would love some expert's opinion on that.
2- how exactly chap-id and chap-challenge are generated? are they different every time? and are they destroyed after one use? basically user should not have a way to login again with the same MD5 hash. and only php server should be able to generate another one for him.
Thanks in advance