MikroTik

Following the examples at http://www.mikrotik.com/testdocs/ros/2.9/ip/hotspot.php
I have successfully redirected the authentication to another server but when I try to sent it back it the browser says page cannot be displayed.

The browser show https://10.5.48.1/login

<form name="login" action="https://10.5.48.1/login" method="post">
<font face="Arial"><font size="2">First Name </font> <input type="text" name="First Name" value="" /><font size="2"><br />
Last Name </font> <input type="text" name="Last Name" value="" /><font size="2"><br />
Email Address </font> <input type="text" name="email" value="" /><font size="2"><br />
<br />
By clicking on the I Agree! button below you signify you have read<br />
and agree to the terms and conditions for this hotspot.</font></font><br />
<input type="hidden" name="password" value="***" /><br />
<input type="hidden" name="username" value="***" />
<input type="hidden" name="dst" value="http://www.mikrotik.com/" /> <input type="submit" name="login" value="I Agree!" />
</form>

When I change the action to http://10.5.48.1/ it comes right back to the authentication server.


Here is my login.html page redirecting to the other server
<html>
<title>...</title>
<body>
<form name="redirect" action="http://69.28.32.6/?q=node/182" method="post">
<input type="hidden" name="mac" value="$(mac)">
<input type="hidden" name="ip" value="$(ip)">
<input type="hidden" name="user" value="$(username)">
<input type="hidden" name="link-login" value="$(link-login)">
<input type="hidden" name="link-orig" value="$(link-orig)">
<input type="hidden" name="error" value="$(error)">
</form>
<script language="JavaScript">
<!--
document.redirect.submit();
//-->
</script>
</body>
</html>

Was there something in the instructions that I missed or do not comprehend?
Was I supposed to use the redirect.html? If so how do I get the Hotspot to use it and not login.html?
Then what do I program in the login.html to authenticate the user without any more input?
Kinda pressed for time - Boss wants the Hotspot tested and in service Monday : )

Thanks in advance

Did you set up a secure certificate? If not, maybe you should try http for the protocol on the login page instead of https.
action="http://10.5.48.1/login"

Just adding to SurferTim: even with HTTPS enabled you'd have a problem since you can't use certs with IP addresses (certificates sign domain names, not IPs). So while the page could be displayed at that point users would get a certificate warning, and that doesn't inspire confidence in the Hotspot.

In my opinion protecting the login action with HTTPS isn't worth it since you're giving each user the credentials in plain text in the HTML form anyway.

Maybe I gave too much info...

The example says

The external server can log in a HotSpot client by redirecting it back to the original HotSpot servlet login page, specifying the correct username and password

<form name="login" action="https://hotspot.example.com/login" method="post">

when I do this it loops right back to the remote authentication page

Are the credentials invalid? Turn on hotspot debugging.
What does it say?

login failed: no chap for http-chap login method

<form method="post" action="http://10.5.48.1/login" name="login">
...
<input type="hidden" value="admin" name="password" /><br />
<input type="hidden" value="admin" name="username" />
<input type="hidden" value="http://www.mikrotik.com/" name="dst" /> <input type="submit" value="I Agree!" name="login" />
</form>

Now I get...

login failed: password is not chap encrypted

You're not doing CHAP, and the Hotspot server instance is expecting CHAP. CHAP is unnecessary since you have a clear text password stored that is automatically submitted. Go to IP > Hotspot > Server Profiles and edit the relevant profile, go to the Login tab and uncheck HTTP CHAP and check HTTP PAP. Then try again.

Ok I found it - turned on PAP

Am also having the same issue on on of my 3 interfaces running hotspot
I had turned on https and I had a cert but i want to revert to http-chap but I get "login failed: password is not chap encrypted"
What could be wrong since the other two interfaces running hotspot are working fine and http-chap is enabled on them.

Your login page isn't using the JavaScript md5 method that encrypts the credentials for CHAP. Build a second hotspot or restore the HTML and look at the original HTML source - clicking the login button doesn't submit a form, it calls a method that does the CHAP encryption and then submits the encrypted credentials. You'll have to do the same.

Why do you need fallback from HTTPS? It's preferable.

I will have a look at it. The reason I stopped to use https since the cert was self signed and it threw the untrusted error. Where can I purchase a signed cert for use for my hotspot for use with private IP addresses?

Certificates are for domain names, not for IP addresses. You cannot have a certificate for an IP address. The certificate doesn't care if the IP address the domain name resolves to is private or public.

Thanks for clearing that up. In the mean time i will use http-pap as i acquire a signed certificate..