Integration with external login page for guess access

Hi everybody.


I have successfully set a guest access using a External Hotspot. When the user connects to the WLAN, and try to surf the internet using a browser, the E500 intercepts the traffic and redirect it to my web server.


I have successfully set Radius authentication. When I test it using the internal portal, I can authenticate the users successfully.


In my web server I have a standar HTML form in order to get the username and password, but I need to know how do I have to send that information (username and password) to the Access Point?  I  mean, usually I have to send that information using some format like:


http://AccessPointIP:port/?username=user&password=changeme

Sniffing the traffic when I use the internal portal login, I can see that the format is something like this:

http://192.168.72.252:880/cgi-bin/hotspot_login.cgi

and is sent by POST:

ga_user=USERNAME

ga_pass=CHANGEME

But It doesnt work.

This is the URL where is redirected the user's traffic:


http://my.webserver.com/portal?ga_ssid=dhcp&ga_ap_mac=00-04-56-B1-64-D8&ga_nas_id=cosoeste&ga_srvr=192.168.72.252&ga_cmac=B8-86-87-5E-22-0F&ga_Qv=xDN%05%


I can see that ga_srvr=192.168.72.252 is the IP Address of Access Point, so I Know it. Now I need TCP port and rest of que format.



Help me, please!!


Regards

Hi ,

I am glad that you have almost successfully integrated external captive portal and it is just matter of sending HTTP Post

in right format to AP.


This will be redirection URL:
http://1.1.1.1:880/1/login.html?ga_ap_mac=xx-xx-xx-xx&ga_nas_id=XXXX&...


POST script should read the query string part of the above URL which is everything after '?' and add to post URL:
http://1.1.1.1:880/cgi-bin/hotspot_login.cgi?ga_ap_mac=xx-xx-xx-xx-xx&ga_nas_id=XXXX&....

the login page is required to send the user name and password to AP .

I am attaching here a packet capture as refrence which has all required format and user information in HTTP Post packet . (Please refer packet number 70 )

Thanks.

Hi, 

Im trying to use the External Hotspot of cnPilot E400 by using a radius. But the problem is i dont have a radius server.
can help me on what kind of radius server do i need to install and on how to configure it to be able to use in the cnpilot E400. Please !!!

Thanks

Hi,

We have a document "Guest Access Portal Integration" which you can download from:

https://support.cambiumnetworks.com/files/e400/

This document has all the details on the POST format and the port details.

Best Regards,

Kunal

Hi. You need a Radius server like Freeradius in Linux systems, or the Radius server included in the windows servers systems.

If you don't want to build your own server, my company can provide you a full customized captive portal server with Radius included.

REgards

Hi Kunal,

We have a similar setup with an external login page for guest access.

The client connects to the ssid, gets radius authenticated, receives his IP address from DHCP, and can browse to the external captive portal url page.

Here the client can login through LDAP or local token configured on captive portal server.

So we configured to redirect everything through https (and our external captive portal server has a valid Let's encrypt certificate).

But what we are observing is that after the client introduces his credentials (which give a succesfull authentication in the captive portal server logs), the final POST comes as http and not as https, and thus the redirection changes from https to http, and yield a timeout and an invalid certificate (this time the Cambium WLAN AP certificate).

Could you advice please,

Regards,

Diedrik

Hi, have your issue resolved? I am encountering a similar issue and still cant get it work.

Dear,
We solved this issue through support case with Cambium by setting the redirect mode to http.
Cambium garanteed us that this http traffic exchange is essentialy only for the initial post.

Dear Om, can you please help me too I have an external Hotspot designed to capture username and password and pass them to cnPilot e700 then to external radius server for authentication but I don’t know how to capture the user inputs and pass them to this APs please help

Thanks.