How does WiNG Captive Portal (RADIUS) authentication work with locally bridged (self) mode and external captive portal web pages?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-02-2017 06:57 PM
I'm operating a WiNG wireless controller to manage remote APs. I'm attempting to setup external captive portal pages, and in order to have the APs handle the captive portal capture and redirection process (and RADIUS authentication) without tunneling traffic through the controller.
So far, the setup works as expected, clients are getting redirected to the proper captive portal page by the AP.
The first question is, once the external pages perform their auth processes,
1) How does the authentication form submission work on the AP (or does it) in this configuration?
I'm currently testing form submission (POST) with these two endpoints:
https://1.1.1.1:444/cgi-bin/hslogin.cgi
http://1.1.1.1:880/cgi-bin/hslogin.cgi
and these parameters:
f_user =
f_pass =
f_Qv =
f_hs_server = 1.1.1.1
2) Is the script at 1.1.1.1 served by the AP, or is that supposed to supposed to be the controller?
3) Can I post to 880 when in http redirection mode and https mode or at all?
So far, the setup works as expected, clients are getting redirected to the proper captive portal page by the AP.
The first question is, once the external pages perform their auth processes,
1) How does the authentication form submission work on the AP (or does it) in this configuration?
I'm currently testing form submission (POST) with these two endpoints:
https://1.1.1.1:444/cgi-bin/hslogin.cgi
http://1.1.1.1:880/cgi-bin/hslogin.cgi
and these parameters:
f_user =
f_pass =
f_Qv =
f_hs_server = 1.1.1.1
2) Is the script at 1.1.1.1 served by the AP, or is that supposed to supposed to be the controller?
3) Can I post to 880 when in http redirection mode and https mode or at all?
17 REPLIES 17
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-18-2018 05:03 PM
Can you please explain me who is serving this page (http://1.1.1.1:880/cgi-bin/hslogin.cgi)?
what is exactly 1.1.1.1:880?
This must be my captive portal page server? Or is the ip and port of the AP controller?
Thanks!
what is exactly 1.1.1.1:880?
This must be my captive portal page server? Or is the ip and port of the AP controller?
Thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-07-2017 04:28 PM
Makes sense, given the contents of Qv aren't URL encoded. I switched the order, and it looks like the RADIUS Authentication request is going through now, it's just being blocked by a firewall. Thanks for all your help!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-07-2017 04:28 PM
Hi Jeff,
if you consider this solved, please mark the question answered.
Thank you and good luck with your project!
if you consider this solved, please mark the question answered.
Thank you and good luck with your project!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-07-2017 11:08 AM
Jeff,
be careful - as I said above - hslogin.cgi is sensitive and you have f_Qv in front of f_hs_server. Annoying, but might be fatal. The current time attribute is there for database etc. so it could be really missing in older guides. Do not worry, thought, I think it is not necessary.
Question now is - is captive portal server recovering user / pass correctly and forwards that to RADIUS server to allow access.
You shall see this in debugs I mentioned before.
Regards,
Ondrej
be careful - as I said above - hslogin.cgi is sensitive and you have f_Qv in front of f_hs_server. Annoying, but might be fatal. The current time attribute is there for database etc. so it could be really missing in older guides. Do not worry, thought, I think it is not necessary.
Question now is - is captive portal server recovering user / pass correctly and forwards that to RADIUS server to allow access.
You shall see this in debugs I mentioned before.
Regards,
Ondrej
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-06-2017 04:43 PM
Ondrej,
I am performing a simple authentication with my own web service on my external server, and from that we get the RADIUS credentials necessary to perform the login to the hs_server.
I am missing the 'f_curr_time' variable, my documentation must be a little bit old. I can add that one in if it's necessary. Also, regarding the order of parameters, I'm using a plain HTML form to submit those parameters to the hs_server, will that suffice? Here is what it looks like right now.
This looks like a correct form POST for server mod 'self' right? 1.1.1.1 should handle the RADIUS authentication using the credentials supplied, is that correct?
Still working on getting the debugging you requested.
Thanks,
Jeff
I am performing a simple authentication with my own web service on my external server, and from that we get the RADIUS credentials necessary to perform the login to the hs_server.
I am missing the 'f_curr_time' variable, my documentation must be a little bit old. I can add that one in if it's necessary. Also, regarding the order of parameters, I'm using a plain HTML form to submit those parameters to the hs_server, will that suffice? Here is what it looks like right now.
This looks like a correct form POST for server mod 'self' right? 1.1.1.1 should handle the RADIUS authentication using the credentials supplied, is that correct?
Still working on getting the debugging you requested.
Thanks,
Jeff