FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
2,118 views 3 comments
by
How can I authenticate a user via an external landing page when using hotspot mode in RUT950?

1 Answer

+2 votes
by
The solution could be configuring hotspot authentication with internal radius. After having your external landing page you should also add PAP or CHAP method of authentication to post back to router for confirmation.

PAP:

username - plain text user name
password - Encoded plain text password with challenge

$hexchal = pack ("H32", $_GET['challenge']);
$newpwd = pack("a32", $_GET['Password']);
$pappassword = implode ("", unpack("H32", ($newpwd ^ $hexchal)));

'http://' . $_GET['uamip'] . ':' . $_GET['uamport'] . '/logon?username=' . $_GET['UserName'] . '&password=' . $pappassword

e.g: http://192.168.2.254:3990/logon?username=test&password=95b51ec1ee49aa7a2d02b814fef6c730

CHAP:

username - plain text user name
response - Generated CHAP response with the password and the challenge

$hexchal = pack ("H32", $_GET['challenge']);
$response = md5("\0" . $_GET['password'] . $hexchal);

'http://' . $_GET['uamip'] . ':' . $_GET['uamport'] . '/' . 'logon?username=' . $_GET['username'] . '&response=' . $response . '&userurl=' .  $_GET['userurl']

e.g: http://192.168.2.254:3990/logon?username=test&response=95b51ec1ee49aa7a2d02b814fef6c730adsafadfdaf&userurl=www.teltonika.com
Best answer
by
I've tried the solution and it is working. Thanks for the suggestion!
by
Good day,

I just have a couple of questions:

- Is the URL returned in the HTTP response header as Location: URL

- As for the username and password, is that the username and password that is configured on the internal radius server?

- If using external radius server, what is the username and password that is in the Radius access request? I see that it uses the username chillispot and a hex password (PAP) or is that configured somewhere on the UI page?

- if using both external radius and external landing page, then how does the RUT allow (e.g. res=success) even though it does not have view of users as users are configured externally? In that case, what needs to be sent but to RUT to allow authorization e.g. res=success?

Thanks in advance.
by anonymous
Hi,

I want to use the login page externally. The parameters in the link address are as follows. The challenge parameter is missing. What should I do?

{ "res": "notyet", "uamip": "192.168.2.254", "uamport": "3990", "called": "02-1e-42-46-13-9c", "mac": " F8-FF-C2-22-D6-58", "ip": "192.168.2.5", "nasid": "nas01", "sessionid": "633ea6ec00000001", "userurl": "http://10.0. 0.1/" }