WIKIABOUT

10925 questions

13028 answers

20309 comments

27381 members

Most popular tags

rut955 rut240 rut950 rutx11 vpn rms openvpn wifi to sms trb140 rutx09 ipsec not rutx12 firmware modbus - firewall on

how to authenticate from an external landing page in hotspot mode?

0 votes
1,536 views 2 comments
by
How can I authenticate a user via an external landing page when using hotspot mode in RUT950?

1 Answer

+2 votes
by
The solution could be configuring hotspot authentication with internal radius. After having your external landing page you should also add PAP or CHAP method of authentication to post back to router for confirmation.

PAP:

username - plain text user name
password - Encoded plain text password with challenge

$hexchal = pack ("H32", $_GET['challenge']);
$newpwd = pack("a32", $_GET['Password']);
$pappassword = implode ("", unpack("H32", ($newpwd ^ $hexchal)));

'http://' . $_GET['uamip'] . ':' . $_GET['uamport'] . '/logon?username=' . $_GET['UserName'] . '&password=' . $pappassword

e.g: http://192.168.2.254:3990/logon?username=test&password=95b51ec1ee49aa7a2d02b814fef6c730

CHAP:

username - plain text user name
response - Generated CHAP response with the password and the challenge

$hexchal = pack ("H32", $_GET['challenge']);
$response = md5("\0" . $_GET['password'] . $hexchal);

'http://' . $_GET['uamip'] . ':' . $_GET['uamport'] . '/' . 'logon?username=' . $_GET['username'] . '&response=' . $response . '&userurl=' .  $_GET['userurl']

e.g: http://192.168.2.254:3990/logon?username=test&response=95b51ec1ee49aa7a2d02b814fef6c730adsafadfdaf&userurl=www.teltonika.com
Best answer
by
I've tried the solution and it is working. Thanks for the suggestion!
by
Good day,

I just have a couple of questions:

- Is the URL returned in the HTTP response header as Location: URL

- As for the username and password, is that the username and password that is configured on the internal radius server?

- If using external radius server, what is the username and password that is in the Radius access request? I see that it uses the username chillispot and a hex password (PAP) or is that configured somewhere on the UI page?

- if using both external radius and external landing page, then how does the RUT allow (e.g. res=success) even though it does not have view of users as users are configured externally? In that case, what needs to be sent but to RUT to allow authorization e.g. res=success?

Thanks in advance.