Ask a question

2756 questions

3336 answers

4221 comments

2785 members

Ask a question
0 votes
561 views
asked in Networks by
How can I authenticate a user via an external landing page when using hotspot mode in RUT950?

1 Answer

+2 votes
answered by
The solution could be configuring hotspot authentication with internal radius. After having your external landing page you should also add PAP or CHAP method of authentication to post back to router for confirmation.

PAP:

username - plain text user name
password - Encoded plain text password with challenge

$hexchal = pack ("H32", $_GET['challenge']);
$newpwd = pack("a32", $_GET['Password']);
$pappassword = implode ("", unpack("H32", ($newpwd ^ $hexchal)));

'http://' . $_GET['uamip'] . ':' . $_GET['uamport'] . '/logon?username=' . $_GET['UserName'] . '&password=' . $pappassword

e.g: http://192.168.2.254:3990/logon?username=test&password=95b51ec1ee49aa7a2d02b814fef6c730

CHAP:

username - plain text user name
response - Generated CHAP response with the password and the challenge

$hexchal = pack ("H32", $_GET['challenge']);
$response = md5("\0" . $_GET['password'] . $hexchal);

'http://' . $_GET['uamip'] . ':' . $_GET['uamport'] . '/' . 'logon?username=' . $_GET['username'] . '&response=' . $response . '&userurl=' .  $_GET['userurl']

e.g: http://192.168.2.254:3990/logon?username=test&response=95b51ec1ee49aa7a2d02b814fef6c730adsafadfdaf&userurl=www.teltonika.com
Best answer
commented by
I've tried the solution and it is working. Thanks for the suggestion!
commented by
Good day,

I just have a couple of questions:

- Is the URL returned in the HTTP response header as Location: URL

- As for the username and password, is that the username and password that is configured on the internal radius server?

- If using external radius server, what is the username and password that is in the Radius access request? I see that it uses the username chillispot and a hex password (PAP) or is that configured somewhere on the UI page?

- if using both external radius and external landing page, then how does the RUT allow (e.g. res=success) even though it does not have view of users as users are configured externally? In that case, what needs to be sent but to RUT to allow authorization e.g. res=success?

Thanks in advance.