I've setup a RB433 for use as a 802.11g hotspot with RADIUS user/pass authentication. To test, I set the security profile to have no encryption. This all works fine.

I now would like to encrypt the signal between the client and Mikrotik using WPA or WPA2. Is there any way to add this WITHOUT some type of preshared key? I would like the authentication to happen on the web form only if possible.

How can the client _get_ to a webform if he can't associate with the access point yet because he doesn't know what WPA/WPA2 credentials to use?

That is really my question. I don't have a full understanding of WPA/WPA2 and what types of authentication/encryption methods it supports. I was hoping that there were some type of wireless encryption that will permit anyone to associate to it without a preshared key and simply encrypt the data. All authentication would then happen at the http login page. Does this exist? Is this not possible with 802.11 specs? It seemed to me that this type of thing would be quite common for Hotspot setups.