Community discussions

just joined
Topic Author
Posts: 5
Joined: Tue Jul 18, 2017 10:17 pm

Multiple sessions with same user name/authentication

Tue Jul 18, 2017 10:26 pm

Greetings, I hope my first post is in the correct category! (Should probably be under Beginners LOL)

What I am hoping to archieve, is the following:

I have managed to set up a hotspot on my RB951, and sort of customized the login page. That part works well. Now, I don't want to go create a whole lot of users. What I want is a single username user by more than one person. For instance, a user named CoffeeShop might have one username and password, but multiple people using it. That in itself is not a problem, I have managed to get that working quite easily. The problem is once someone is logged in, nobody else gets prompted to log in. This is probably by design, but is there a way for the Mikrotik to launch the logon page for each connection?

Then, I'm guessing a session expiry time for each session using the same username is asking a bit much?

Thanks for any response!

User avatar
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Multiple sessions with same user name/authentication

Tue Jul 18, 2017 10:45 pm

This sounds like your individual users are all behind routers which perform NAT.
Are you using wireless routers instead of Wireless Access Points?

A quick way to test this would be to make a hidden input in your login page that doesn't actually do anything, but would be easy to read in the HTML source... make this hidden input and set the value to be the client IP address (I forget which token in Mikrotik's hotspot markup language to use, but it's there). Then get the login page w/o logging in - do this from two devices on that same network, and if the hidden input shows the same IP, then you've found your problem.

The fix for this case would be to use layer 2 for your WAPs instead of layer 3. If they're Mikrotik WAPs, then set them to bridge the wlanX interface(s) onto the "wan" interface instead of using srcnat / separate DHCP, etc. If they're not Mikrotik devices, you can make a "poor man's WAP" out of any wireless router by disabling DHCP server on it, and then connecting it to your network on a LAN port instead of the WAN port. (make SURE you've disabled DHCP on it, and changed its LAN IP to be something available in your main network).

The other solution would be to leave the wireless routers in place as routers, but to disable NAT on them - which requires that each one have a unique IP range behind it. e.g. 192.168.0.x on the main segment, 192.168.1.x behind router 1, 192.168.2.x behind router 2 - etc.... and then create static routes in the hotspot router via each wireless router.
The drawback to this method is that you cannot support seamless roaming.
When given a spoon,
you should not cling to your fork.
The soup will get cold.

Who is online

Users browsing this forum: No registered users and 3 guests