cancel
Showing results for 
Search instead for 
Did you mean: 

How does WiNG Captive Portal (RADIUS) authentication work with locally bridged (self) mode and external captive portal web pages?

How does WiNG Captive Portal (RADIUS) authentication work with locally bridged (self) mode and external captive portal web pages?

Jeff_Lanza
New Contributor
I'm operating a WiNG wireless controller to manage remote APs. I'm attempting to setup external captive portal pages, and in order to have the APs handle the captive portal capture and redirection process (and RADIUS authentication) without tunneling traffic through the controller.

So far, the setup works as expected, clients are getting redirected to the proper captive portal page by the AP.

The first question is, once the external pages perform their auth processes,
1) How does the authentication form submission work on the AP (or does it) in this configuration?

I'm currently testing form submission (POST) with these two endpoints:

https://1.1.1.1:444/cgi-bin/hslogin.cgi
http://1.1.1.1:880/cgi-bin/hslogin.cgi

and these parameters:
f_user =
f_pass =
f_Qv =
f_hs_server = 1.1.1.1

2) Is the script at 1.1.1.1 served by the AP, or is that supposed to supposed to be the controller?

3) Can I post to 880 when in http redirection mode and https mode or at all?

17 REPLIES 17

Cristiano_Bevil
New Contributor
Can you please explain me who is serving this page (http://1.1.1.1:880/cgi-bin/hslogin.cgi)?
what is exactly 1.1.1.1:880?
This must be my captive portal page server? Or is the ip and port of the AP controller?

Thanks!

Jeff_Lanza
New Contributor
Makes sense, given the contents of Qv aren't URL encoded. I switched the order, and it looks like the RADIUS Authentication request is going through now, it's just being blocked by a firewall. Thanks for all your help!

Hi Jeff,

if you consider this solved, please mark the question answered.

Thank you and good luck with your project!

Ondrej_Lepa
Extreme Employee
Jeff,

be careful - as I said above - hslogin.cgi is sensitive and you have f_Qv in front of f_hs_server. Annoying, but might be fatal. The current time attribute is there for database etc. so it could be really missing in older guides. Do not worry, thought, I think it is not necessary.

Question now is - is captive portal server recovering user / pass correctly and forwards that to RADIUS server to allow access.

You shall see this in debugs I mentioned before.

Regards,
Ondrej

Jeff_Lanza
New Contributor
Ondrej,

I am performing a simple authentication with my own web service on my external server, and from that we get the RADIUS credentials necessary to perform the login to the hs_server.

I am missing the 'f_curr_time' variable, my documentation must be a little bit old. I can add that one in if it's necessary. Also, regarding the order of parameters, I'm using a plain HTML form to submit those parameters to the hs_server, will that suffice? Here is what it looks like right now.


This looks like a correct form POST for server mod 'self' right? 1.1.1.1 should handle the RADIUS authentication using the credentials supplied, is that correct?

Still working on getting the debugging you requested.

Thanks,
Jeff


GTM-P2G8KFN