Question

How can I authenticate a user via an external landing page when using hotspot mode in RUT950?

Answer 1

The solution could be configuring hotspot authentication with internal radius. After having your external landing page you should also add PAP or CHAP method of authentication to post back to router for confirmation.

PAP:

username - plain text user name
password - Encoded plain text password with challenge

$hexchal = pack ("H32", $_GET['challenge']);
$newpwd = pack("a32", $_GET['Password']);
$pappassword = implode ("", unpack("H32", ($newpwd ^ $hexchal)));

'http://' . $_GET['uamip'] . ':' . $_GET['uamport'] . '/logon?username=' . $_GET['UserName'] . '&password=' . $pappassword

e.g: http://192.168.2.254:3990/logon?username=test&password=95b51ec1ee49aa7a2d02b814fef6c730

CHAP:

username - plain text user name
response - Generated CHAP response with the password and the challenge

$hexchal = pack ("H32", $_GET['challenge']);
$response = md5("\0" . $_GET['password'] . $hexchal);

'http://' . $_GET['uamip'] . ':' . $_GET['uamport'] . '/' . 'logon?username=' . $_GET['username'] . '&response=' . $response . '&userurl=' .  $_GET['userurl']

e.g: http://192.168.2.254:3990/logon?username=test&response=95b51ec1ee49aa7a2d02b814fef6c730adsafadfdaf&userurl=www.teltonika.com

Comments

I've tried the solution and it is working. Thanks for the suggestion!

---

Good day,

I just have a couple of questions:

- Is the URL returned in the HTTP response header as Location: URL

- As for the username and password, is that the username and password that is configured on the internal radius server?

- If using external radius server, what is the username and password that is in the Radius access request? I see that it uses the username chillispot and a hex password (PAP) or is that configured somewhere on the UI page?

- if using both external radius and external landing page, then how does the RUT allow (e.g. res=success) even though it does not have view of users as users are configured externally? In that case, what needs to be sent but to RUT to allow authorization e.g. res=success?

Thanks in advance.

---

Hi,

I want to use the login page externally. The parameters in the link address are as follows. The challenge parameter is missing. What should I do?

{ "res": "notyet", "uamip": "192.168.2.254", "uamport": "3990", "called": "02-1e-42-46-13-9c", "mac": " F8-FF-C2-22-D6-58", "ip": "192.168.2.5", "nasid": "nas01", "sessionid": "633ea6ec00000001", "userurl": "http://10.0. 0.1/" }