Help how to -- External authentication server

hotspotsolutions · Mon Apr 24, 2006 5:39 am

Hi,

As per the manual I want to redirect login attempts to our external authentication server. So I set it up as manula below which works fine, goes to server and all that:

Modify login page of the HotSpot servlet to redirect to the external authentication server. The
external server should modify RADIUS database as needed
Here is an example of such a login page to put on the HotSpot router (it is redirecting to
https://auth.example.com/login.php, replace with the actual address of an external
authentication server):
<html> <title>...</title> <body> <form name="redirect"
action="https://auth.example.com/login.php" method="post"> <input type="hidden"
name="mac" value="$(mac)"> <input type="hidden" name="ip" value="$(ip)"> <input
type="hidden" name="user" value="$(username)"> <input type="hidden"
name="link-login" value="$(link-login)"> <input type="hidden" name="link-orig"
value="$(link-orig)"> <input type="hidden" name="error" value="$(error)"> </form>
<script language="JavaScript">  </script>
</body> </html>

That is fine, however I then need to point our server back to the mikrotik so it will do the radius login.

So as per the manual:

The external server can log in a HotSpot client by redirecting it back to the original HotSpot
servlet login page, specifying the correct username and password
Here is an example of such a page (it is redirecting to https://hotspot.example.com/login,
replace with the actual address of a HotSpot router; also, it is displaying http://www.mikrotik.com
after successful login, replace with what needed):
<html> <title>Hotspot login page</title> <body> <form name="login"
action="https://hotspot.example.com/login" method="post"> <input type="text"
name="username" value="demo"> <input type="password" name="password" value="none">
<input type="hidden" name="domain" value=""> <input type="hidden" name="dst"
value="http://www.mikrotik.com/"> <input type="submit" name="login" value="log in">
</form> </body> </html>

We dont have SSL enabled, so we replace https with http, but:
http://hotspot.example.com/login
just gives an error as the page cant be found. When you access that domain, it is the management interface, which is not what you want right. So I thought it was on a different port, couldnt work that out?

Am I missing something?

tneumann · Mon Apr 24, 2006 5:34 pm

http://hotspot.example.com/login
just gives an error as the page cant be found. When you access that domain, it is the management interface, which is not what you want right. So I thought it was on a different port, couldnt work that out?

The login page will only work for connections coming from within the hotspot network. Any other HTTP access to the router from a non-hotspot interface will either not work at all or bring up Webbox (depending on configuration).

So you're sure that you're doing your login tests from a client within the hotspot network?

--Tom

hotspotsolutions · Tue Apr 25, 2006 1:55 am

yes absolutely, but the problem is our server sits out on the internet, and has no way of pushing the login url back to the mikrotik because its not on the hotspot sid eof the network.

That doesnt seem to make any sense to me. 2.8 used to be accessible from the server as a hotspot and you could login from any interface (which wasnt really the best either but at least you could do it)

It seems illogical to not be able to do this, except f your server is inside the hotspot network?

tneumann · Tue Apr 25, 2006 9:22 am

The client (using the web browser) has to be inside the hotspot network. The webserver can be outside (but include the server in your walled-garden rules).

--Tom

Help how to -- External authentication server

Help how to -- External authentication server

Re: Help how to -- External authentication server

Who is online