10857 questions

12933 answers


25479 members

0 votes
1,527 views 2 comments
How can I authenticate a user via an external landing page when using hotspot mode in RUT950?

1 Answer

+2 votes
The solution could be configuring hotspot authentication with internal radius. After having your external landing page you should also add PAP or CHAP method of authentication to post back to router for confirmation.


username - plain text user name
password - Encoded plain text password with challenge

$hexchal = pack ("H32", $_GET['challenge']);
$newpwd = pack("a32", $_GET['Password']);
$pappassword = implode ("", unpack("H32", ($newpwd ^ $hexchal)));

'http://' . $_GET['uamip'] . ':' . $_GET['uamport'] . '/logon?username=' . $_GET['UserName'] . '&password=' . $pappassword



username - plain text user name
response - Generated CHAP response with the password and the challenge

$hexchal = pack ("H32", $_GET['challenge']);
$response = md5("\0" . $_GET['password'] . $hexchal);

'http://' . $_GET['uamip'] . ':' . $_GET['uamport'] . '/' . 'logon?username=' . $_GET['username'] . '&response=' . $response . '&userurl=' .  $_GET['userurl']

Best answer
I've tried the solution and it is working. Thanks for the suggestion!
Good day,

I just have a couple of questions:

- Is the URL returned in the HTTP response header as Location: URL

- As for the username and password, is that the username and password that is configured on the internal radius server?

- If using external radius server, what is the username and password that is in the Radius access request? I see that it uses the username chillispot and a hex password (PAP) or is that configured somewhere on the UI page?

- if using both external radius and external landing page, then how does the RUT allow (e.g. res=success) even though it does not have view of users as users are configured externally? In that case, what needs to be sent but to RUT to allow authorization e.g. res=success?

Thanks in advance.