If I have a user who's authenticated for a while, some of them will fail to reauthenticate to the hotspot if they've timed out. So they get the hotspot page and can't login, and the only fix I have is to remove them from the active host list. We aren't doing time based accounting, so my questions is, by removing my idle timeout, do I open myself upto problems ? I can test to see if removing my Idle will fix the problem, But I wanted to make sure that nothing else was really the problem. I will post my hotspot config at the bottom of the post, It will reflect the idle timeout change.
I know that the MT will send interim radius updates for bw accounting, so i'm not worried about not having the session end or anything.
I also have another question : Does the option in the useru profile for Transparent proxy only effect the way the Hotspot works if you are using the proxy packages on the Mikrotik ? Or is it related to the hotspots inner workings ? The manual on this just says :
I also know you can set http proxy info for the server profile, is that where its hooked on where its used ?transparent-proxy (yes | no; default: yes) - whether to use transparent HTTP proxy for the authorized users of this profile
So while its pretty scarce on info it kindof hints that its for use with the proxy package on the MT.
Thank you for all the help you can provide.
Hotspot Config's
[admin@Office-MT] > ip hotspot print detail
Flags: X - disabled, I - invalid, S - HTTPS
0 name="Office-MT" interface=ether2 profile=Office-MT idle-timeout=none keepalive-timeout=none
ip-of-dns-name=10.10.12.1
1 name="Wireless" interface=wlan1 address-pool=hotspot profile=Wireless idle-timeout=none
keepalive-timeout=none ip-of-dns-name=10.10.12.1
[admin@Office-MT] ip hotspot profile> print detail
Flags: * - default
0 * name="Office-MT" hotspot-address=10.10.11.1 dns-name="login.nebonet.com" html-directory=hotspot
rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=mac,cookie,http-chap,trial
http-cookie-lifetime=3d split-user-domain=no trial-uptime=30m/4w2d trial-user-profile=default
use-radius=yes radius-accounting=yes radius-interim-update=5m nas-port-type=ethernet
radius-default-domain="" radius-location-id="" radius-location-name=""
1 name="Wireless" hotspot-address=10.10.12.1 dns-name="login.nebonet.com" html-directory=hotspot
rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0/0 login-by=mac,cookie,http-chap,trial
http-cookie-lifetime=3d split-user-domain=no trial-uptime=30m/4w2d trial-user-profile=default
use-radius=yes radius-accounting=yes radius-interim-update=received
nas-port-type=wireless-802.11 radius-default-domain="" radius-location-id=""
radius-location-name=""
[admin@Office-MT] ip hotspot user profile> print detail
Flags: * - default
0 * name="default" session-timeout=3h idle-timeout=4m keepalive-timeout=none status-autorefresh=1m
shared-users=1 transparent-proxy=yes open-status-page=http-login advertise=no
1 name="TrialUser" session-timeout=15m idle-timeout=1m keepalive-timeout=2m status-autorefresh=1m
shared-users=1 rate-limit="512k" transparent-proxy=no
2 name="hotspot" address-pool=hotspot session-timeout=1h idle-timeout=5m keepalive-timeout=2m
status-autorefresh=1m shared-users=1 rate-limit="512k" transparent-proxy=no
Last Minute Reminder Notes:
Primary Authentication is off of a RADIUS server which controls the HotSpot as well as the DHCP Authentication. Reply's are Framed-IP-Address and Mikrotik-Rate-Limit. Both work as expected. Users in good account standing should not see the servlet pages as they are mac authenticated.
