Hello everyone,
Im trying to setup a hotspot using external login page.

When the user gets to the external login page, a php script checks if its mac address is registered in a database(if its not, the user can register), and if the user can have access, the script returns to the router username and password that I have set-up.
So basically, I have "1 user" in the hotspot config, and all connections that can have access, go through that user.(not sure if that's a good approach)

The thing that's bugging me is the possibility to use RADIUS server, but Im not quite sure do I need it, since I authenticate using my php script.

It seems like a lot of people are using RADIUS with their hotspots, most of the commercial hotspot solutions use radius, but can't understand why use it and where, since the mikrotik router needs only username and password to grand access through the login page.

Will be happy if someone is willing to help me understand what I should do best.

Thank you in advance

Hi Snade,
Radius is a standard protocol which provides AAA (Authentication, Authorization and Accounting) functionalities and can "talk" to your Radius clients (e.g. AceessPoints), basically you can decide who will access, what this guy can do, when this guy had access to your system and it can set properties on the AP, e.g. session time limits, bandwidth shaping

You are right, Mikrorik needs only username and password to connect but what is underground is a different story, commercial solutions offer the possibility to set session time limits, bandwidth limits, data transfer limits and to see who connected, when and how much data he/she transferred.

About your setup you have only Authentication functionality in place and each user access with same username and password, this leads to some potential issues:
#1: Once the user and the password is known everybody can connect without registering in your database
#2: If you need to change the password or the user you need to communicate it to all people connected in that particular time
#3: You don't know who is currently accessing your hotspot therefore you cannot kick an user off if he is doing something wrong

Hope this helps

@DigitalBlueBiz
Thank you very much for the detailed explanation.
We got it working without RADIUS, all users go trough single username/password, and we are planing to integrate radius as well.

Thanks again

I setup freeradius along with daloradius to manage users on my Hotspot network, it allowed new users to make a payment and create their own accounts then login into the network. Made life alot easier for me as all I had to do was make sure the internet stayed working.

New user scans and finds Wi-Fi then selects tariff plan, gets redirected to paypal.
Paypal redirects to Webserver to collect new user username and password via a form,
completed form then redirects user back to the login page for user to input created username and password.

Paypal (accepting payments)
Webserver (hosting user signup page)
Digital Ocean VPS (ubuntu with freeradius + daloradius installed)

The only thing I found about this using this setup was that, if the people using the wifi just went to the external page that had the form located on it, they could just create a new username and password for a friend, but I never had that problem happen