I have been trying to test the hotspot functionality of STAR and cant get past the login page. It keep saying "invalid username or password". I have had Lonnie log in to the box many times, but still no go. His last suggestion was to upgrade to the latest version of STAR, which I did (starutil is pretty cool!). But still the same thing.

I have two hard drives in the machine. STAR is on the first one (havent switched over to a DOM or Flash yet, but will eventually). I put a second drive in the machine, set up the partition, radius server. Created a new user "JohnHuszar" and a password, no other parms.

What should the Access Control list editor page say? Does that have anything to do with the Hotspot functionality?

Dare I say, without a manual I really feel like I am shooting in the dark with this system. And I have been a programmer for 25 years! I would hate to see a newbie to the computer world try to work with this [undocumented] system. I have so many questions about how this system works, beyond just the hotspot functionality, like how all the pieces interact.

A flowchart of the decision making process would be really, really, helpful.

How would one put a hotspot into a public place, and set it up to where a user can be presented with a page (to enter their cc number) and then automatically get CC authorization through a cc gateway, then put them into a Radius server somewhere so they can log on after that? Has anyone set up that kind of sophistication with Star/Hotspot yet?

I also tried turning off the hotspot functionality and just tried putting my Mac address of my laptop into the ACL Editor. That seemed to work ok. But when I tried telling it to use the Radius server it wont let me on with the browser. No prompt, nothing. Just a 404 page. How is STAR supposed to authenticate you against the Radius server without prompting you for anything?

I have tons more questions, but will try to put them in the appropriate place on this BBS. BTW, I heartily suggest using a mailing list for this product! BBSs are ok, but they are a black hole for time in my opinion. A mailing list is much faster to get feedback from other people.

John

Turn on remote syslog and watch the log entries. It logs a lot more information that way I believe and even better, you can watch it real time as the events are occurring. Kiwi has a nice windows syslogd that works well for troubleshooting.

I also noticed a new checkbox in the setup for the formatting of the mac address, one with the ":" and one without. That one bit me for quite a while before I found it.

I'd be willing to take a look at it if you want to give me access.

OK, I will try that. This is very good to know. I have been a programmer for many years, and a debugger is your best friend! Next best thing is print statements or some sort of logging (for real time systems like these).

I hate to take up your valuable time, but I very much appreciate the offer to log into my system. Let me give this logging a try and I will post a message here to let people know about my results.

I still need to know if anyone on this list has successfully set up a system with hotspots and credit card authorization web pages (so users can set up their own account after providing cc info)? Anyone??

thanks!
John

Well I went through the effort of figuring out how to download a syslog server from Kiwi, installed it, and tried to login to the hotspot login page from my laptop. There arent ANY debug messages sent to the syslog server for the hotspot login page, or the radius server. I can turn off the radius service, and see an error message about that on the syslog server (as well as many other messages from the dhcp server), but nothing having to do with hotspot authentication web pages or radius authentication. So I am back to square one with getting hotspots to work I am afraid.

So I might have to take up the offer from Steve to login to my box. I will send him a private message and give him my login info.

hrrmph.
John

John I am entering my comments inside your topic, set out by *** LNLN Lonnie
************************************************** ****
I am posting this reply here in the topic because there are general questions I have about Hotspots and Radius. (BTW I am still getting "invalid username or password" when I try to log into the hotspot web page).

:? I dont understand all these screens (which talk about radius), and why they are spread out throughout this user interface (I would think this would all be in one place). I dont see the logic behind how its organized, much less how it all interacts. Its soooooo confusing.

Under Wireless, there's Radius Server Setup. *** LNLN Read the first sentence - this is a Global to configure the AP Access Control Lists
Under Wireless, WLAN1, there is Radius Authentication Setup. *** LNLN This one sets certain things specific to each AP, and is accessed through each device
Under Services, there's Radius Server Setup. *** LNLN Only available on Server edition. This is the actual Server, whereas the other units are all Client settings
Finally under Hotspot, there's Radius Setup. *** LNLN This one is for Hotspot radius.

Lets see, have I left out any other screens which talk about Radius? I think I have them all listed here. *** LNLN How exactly would you see radius per device, Hotspot and server all in one page? Just curious and I'd consider your proposals.

Isnt there a way to test the Radius server without using the hotspot functionality? Like just to authenticate a fixed point wireless customer, instead of a roving customer (which would probably use the hotspot functionality)? *** LNLN Sure you can use the ACL part and do it based on MAC.

Also what is the difference between DHCP-Auto Auth and plain old DHCP? *** LNLN and here we thought the name would give it away. Plain old DHCP is plain old DHCP. It dishes out an IP from its config files. Auto-Auth is special in that it involves radius and can authenticate, provide the IP, and set the bandwidth. You choose the one you want to use.

I also dont quite understand why there is a differentiation between Wireless and the Interfaces (why there are two different menus). *** LNLN Did you look at the screens? The wireless one sets all things wireless. The Interfaces sets all things IP oriented. They seem to be different tasks to us.

:?: Another question I have is this:
For our customers which already have an account with us I would still like to show them a web page (actually, the ideal situation would be to direct them to an actual web site on my main web server). I want to build a local community web site. *** LNLN If you have the latest code this is called a splash page.

For those that dont, I want to show them a screen which prompts them to setup an account with us, and take them through an automated process which authenticates their credit card, allows them to setup an account, and then log on to the system. How can I set this up/Can this be setup? *** LNLN Sure it can be setup, but by you. You simply redirect the auth page to your own website and go to work. Or if that is too much work, contact the guys at HotSpotzz and they will happily do that part for you

John

Lonnie, that was John's post not mine.

Lonnie, that was John's post not mine.

:oops: Sorry. :oops:

Isnt there a way to test the Radius server without using the hotspot functionality? Like just to authenticate a fixed point wireless customer, instead of a roving customer (which would probably use the hotspot functionality)? *** LNLN Sure you can use the ACL part and do it based on MAC.


ok. Can you be much more specific please? :?: I didnt see an example in the Radius Users Database screen where I would put a Mac address. Can you provide an example of the entry in the radius customer database?

Please remember I am a newbie to this system, and without a manual or some other form of documentation I need specific examples of things.

I would like to test the Radius Server (to see if its working) since I am having so much trouble getting Hotspots to work (and the syslog wasnt much help since it didnt log ANY messages whatsoever during the login web page process).

Steve has been trying to help me get the hotspot functionality to work. I think he mentioned something to the effect that if you try to authenticate against an external radius server (instead of the built in server) that we might see more messages in the syslog. Is that correct? We have a radius server (Radiator) that we use for dial up customers. Should we set up an account on that server and try to authenticate against it? Would I see more debug messages in the syslog?

thanks!
John

An example of authenticating the MAC of a user:

00301a00f528 User-Password == "00301a00f528", Expiration == "Dec 31 2003"
Service-Type = Framed-User,
Framed-IP-Address = 255.255.255.254,
VNC-PPPoE-CBQ-TX = 64000,
VNC-PPPoE-CBQ-RX = 384000,
# AirBridge
Framed-Routing = None,
Framed-MTU = 1500,
Framed-Compression = None

I said I am using the Radius Server on a different StarOS box than the one I am running Hotspot on and all Radius info gets logged to another box via remote syslog. I don't know if it logs more info configured this way (don't know why it would) but I see every authentication attempt and whether or not it was successful. If you aren't seeing Radius entries then either it doesn't log via remote syslog (which doesn't make sense) or your main Radius config is not correct. (NAS / Users or Hotspot Radius).

I agree with the idea of changing your ACL type to Radius and adding appropriate MAC/MAC username/password entries to your Radius configs and seeing if that is working. I would have tried it last night but you didn't leave anything associated to the AP.

If you'd like, leave something associated and I'll log in again this evening and see what's working and what's not.

See this thread for a little more info on mac ACL's. The Search button at the top is about as close to a manual as you are going to find.

http://forums.star-os.com/viewtopic.php?t=1159&highlight=mac+radius+password

ok, now we are getting somewhere (I think). :D This other thread which Steve pointed me to had a snippet talking about a program called NTRadPing (what a nifty program!!) which I found a copy of (isnt the net great?) and ran it. It tells me that my Radius server is NOT responding, but yet when I log into the Star box it says the service is running. hmmm now what I wonder? :cry:

John

Are you running it to the port 1812?

Have you added your workstation (running NTRadPing) to the list of
clients in your radius server and restarted the radius service?

Best Regards
Oleb

I was using port 1812, but I did not know that the client machine had to be in the radius server. I just added it, and restarted the service. Had a typo in the IP, tried it again. Now I get a hearbeat at least! :lol:

But it says:
Response: Access-Reject
:roll:

hmmm..
John

Hi!

Any error messages reported by the syslog that gives you a clue of what's going wrong?

Best Regards

Oleb

No, thats one of the problems. I see other messages in the syslog (on my remote syslog server) but nothing having to do with Radius Authentication. At least now NTRadPing tells me something is happening, but the radius server doesnt seem to like me. I tried several different username/password combos too, and spelling them exactly as they appear in the radius users database screen.

I will send you a private message and give you the IP of my Star Box next. Maybe you can see something that Steve and I have overlooked?!

John

Man making progress with this is slooooowwwwww! But I have made soooommmeee progress.

Here is where I stand (after hours of fighting this)..

Olebno helped me by logging into the box and putting an entry into my Radius Users Configuration screen:

00055d943f8c Auth-Type := Local, User-Password == "00055d943f8c"
Framed-IP-Address = 80.254.45.5,
VNC-PPPoE-CBQ-RX = 384000,
VNC-PPPoE-CBQ-TX = 64000

I did an NTRadPing and it authorized it.

I tried NTRadPing with my username and password (which didnt have any other parms), and it rejects it.

I tried putting in the Mac address of my ZCOMAX CPE (which I am testing, nice little unit, albeit expensive) into the Users screen with similar parms to the above parms which Olebno put in, except for the IP address which I put 192.168.2.100. Restarted the radius service. NTRadPing says OK.

Went over to that computer (the one with the ZCOMAX) and tried to bring up a web page. It gives me the login screen. (isnt it supposed to either bypass the login screen, or simply show me the splash screen?). Tried my username and password, which of course didnt work.

So on a lark I tried typing in the Mac address in the username and password fields and viola! :shock: I saw it authorize me and I was taken to MSN, where I wanted to go. I also saw a status web page pop up that told me some stats on the connection. I closed both browsers and re-opened the browser, and it took me right to MSN (I assume its going to let me do this for some period of time).

So bottom line, I dont understand the following:
1) Why cant I login using my username/password? The radius server does not acknowledge that account, even though the parms are similar to those that I have in with the mac address username/password.
2) Why doesnt it automatically log my system in based on its mac address, when the mac address is in the radius users list as a username/password? I want to simulate a fixed point wireless customer in this case, all I want him to see is a splash page/web site, not a login screen.
3) What the heck is a "Framed IP Address"? I assumed its the address that should be assigned to the station that the guy is sitting on (the guy that logged in)? But when I did an "ipconfig" on the windows machine which I used to login, it still had the 192.168.2.2 address, which is the first address that that DHCP-Auto-Auth server assigned to it?

At least it was a real pleasure to see it go past the login page, after weeks of fighting this thing!

John

Hi again!

If you now try to add a username and password from the web management interface, you should be able to authenticate it from the radius server. Remember to restart the radius after adding the user to the database.

Radius is rather picky on the content of the users file, and if you add users and MAC adresses from the web interface it is supposed to be stored correctly in the users file.

The framed IP address is the address to supply to the authenticated user, but here you also have a couple of possible problems. Most wireless bridges are not really bridging but fooling around with proxy arp and couse some iplications to the authentication based on MAC address.

The first thing you can test is to use the WEB interface and add one user with the MAC address of you ZCOMAX CPE and also one user with the MAC address of the ethernet card in your computer.

It might be that the ZCOMAX gets authenticated, but that your computers MAC address is also visible to the star-os??

With the Framed-addrss you should be able to assign an IP number to both the CPE and to the client behind the CPE, (depending on how the CPE mangles with you packets) , but the tradition is to keep the CPE's at static adresses and the clients on DHCP.

Hope this gives some clues to where to dig further?

Best Regards
Oleb

More progress. I told a friend what was happening and he suggested putting in my username and password with all lower case, which I did. Now I can get a connection with NTRadPing.

:?: Why cant we have usernames with mixed upper/lower case?

I see that someone logged into my box and made my Mac address entry all upper case (possibly Steve or Olebno). But NTRadPing says NO GO! When I go to that computer (with the ZCOMAX attached) and bring up the browser I get a 404, no login page, nothing.

Lonnie: What is going on here? I am really getting tired of beating my head against this proverbial wall.

Whats the deal with this built in radius server and upper case? Why wont it accept it?

I will try to put the mac address of the NIC card of that computer into radius and see what that does. But its going to have to be lower case in order for the radius server to authenticate against it. What is STAR doing with the mac address? Does it upper case it before it tries to authenticate it against radius?

John

By the way I put the web address of http://192.168.0.12:10000 into my client computer (not the one with the zcomax but one that is at the same level behind my router as the star box). I get Page cannot be displayed.

I also tried http://205.238.41.12:10000, same thing.

What settings have to be in the star box in order for THIS client computer to connect via ethernet to the web interface?

John

Looks like its going from here. I see Hotspot entries with cbq assignments logging in Kiwi. Congratulations.

Hi!

One comment on getting to the web interface!!

In the default firewall rules you have an ldeny line for port 10000 and an other line where you define the "admin" station. Try putting in the ip address of your computer as the admin address, and reload the scripts. Then the web interface should be avaiable to you.

Best Regards
Oleb

Use the Search Key Luke....

http://forums.star-os.com/viewtopic.php?t=1441&highlight=hotspot+client+brid ge


Try it with a laptop and an Orinoco Silver/Gold or similar. Get that working and then work from there.

:?: Why cant we have usernames with mixed upper/lower case?

The user names are case-insensitive to the end user, and must be entered in lower-case in the radius server. At the moment the web interface does not enforce the lower-case username, however this will change in subsequent releases.

The passwords are case sensitive.

Thanks!

I wish I would have known this two weeks ago. I have been fighting this thing for that long. Lonnie didnt mention that, even though he looked at my system probably 3-4 times.

As I mentioned before, a flow chart (inside a user manual) would be extremely helpful here guys. This is [what appears to be] a great system functionality wise, but if newbies like me cant figure it out fairly quickly they will likely get tired and go to another system which is better documented.

Believe me, I have been a programmer for 25 years and I know how tough it is to take time out from development, which is a lot of fun :D and write documentation :( (or spend time educating a technical writer so they can document the system) but it is time well spent.

My $.02 worth.
John

PS Thanks to those on this BB that took time to help me. I is really appreciated.

Here is a snippet from an email from Steve. I found it to be one of the best pieces of documentation on this part of the system that I have read/seen:

> John:
> I am still unclear as to how to allow a computer to connect via its mac
> address, and only show that user a splash page.

Steve:

That's what the "Auth via MAC before login page" setting is for in your Hotspot Setup. Check it and select whichever MAC Auth Format (colons or
not) you want to use.

If you use the no colon format, your radius entries will be the same as the one I put in for the Radius ACL entry.

When a client tries to surf for the first time, it will try to log him into the Hotspot using the MAC address of his wireless card as both username and password. If it finds a match in the Radius Users database, he is automatically authenticated and if you have the "Splash Screen" option
checked, he will see that.

If his mac isn't found in the Radius Database, he'll get the Hotspot login screen. If he logs in successfully, (you have to have a username & password line in the main Radius Users file) he'll get the splash screen.

DHCP Auto Auth is just a simple DHCP server that can automatically create a hotspot session when a client gets an ip from it if the clients mac is in the Radius db.

If you do not have the "Radius" and "Create Hotspot" buttons checked, it will not create the Hotspot session when a client gets an IP, it will create it when the user tries to access a web page for the first time.

John,

I can appreciate your frustration. I did not know of the lower case limits. Typically we follow the standard convention of lowercase for usernames , so we did not test what we would not use.

As to the lack of documentation......come on, if you have been a programmer for 25 years, which is longer than I have been, surely you would be skilled at obtaining man pages and other documents. It is actually pretty easy, as pretty much all the standard Linux programs have usable documentation. And it is online.

Tony and I have better things to do than write another version of a Linux manual so we can put our name on it and say we did it.

We do have another manual coming. The first release was given to me about 2 weeks ago and we are going over it for accuracy (in our spare time).

What would a flow chart do? Do you relaize how long it would take to document Linux and the system tools with some flow charts? Sorry, but we do not have that kind of time.

Tony and I have better things to do than write another version of a Linux manual so we can put our name on it and say we did it.
Response: If its just Linux, then why do I need your program??

I dont want to get into a debate here Lonnie. Nor am I trying to put you on the defensive. I think you have put together a great system here! This is (from what I can see) a highly customized and sophisticated system!

But I dont see where telling folks that they should go look at the documentation for Linux is the answer. Or telling them to go peruse a bulletin board in order to figure this system out. (Do you know how many hours I have spent reading postings on this BB?)

What would a flow chart do? Do you relaize how long it would take to document Linux and the system tools with some flow charts? Sorry, but we do not have that kind of time.

I am not asking you to flowchart Linux, Lonnie. I am referring to a functional flow chart, similar to Steve's email above (did you read it?). Even a simple flow diagram would be better than nothing. How long would that take? It probably took him a few minutes to write that description above, and it really turned the light on for me. Thats what I am asking for.

Tell me, for instance, what these check boxes on the Hotspot Configuration page do, each one. Thats just one example.

Another example. How does the hotspot functionality work in conjunction with the rest of the system, like the ACL?

I hate to mention competitors on this BB, but I stumbled across Mikrotik's web site the other day, and I was flat out astounded by the level of documentation on their site. Now from what I hear, their user interface is not as nice as yours (I dont know, I havent played with their system) but if their documentation gets me up and running quickly, it doesnt really matter if their user interface sucks, they will get customers.

Mark my words, without good documentation, this system is not going to gain significant market share. And isnt that what this is all about (at least for you and your staff?)

We do have another manual coming. The first release was given to me about 2 weeks ago and we are going over it for accuracy (in our spare time).

Great! Post it on your web site somewhere.. get feedback from your users.. (a lot of them seem to know this system almost as good as you guys, they have been educated by the School of Hard Knocks)..let us/them help you edit it. Heck, I would even be willing to help. Make it a community effort.

Best regards (and I mean it)
John

I guess the problem is that you are coming into this system when it is quite large and full of features. A large number of my users have been using this stuff since it only had routing and bandwidth control.

They had the benefit of trying to use ACL with other AP units and they then understood what we were doing. They also requested radius so mostly they knew how to make it go.

From what I can tell, you come into this system with little or no wireless experience. I am not trying to put you down, I am just realizeing that we have a whole new class of user that we must deal with. We will get the documentation beefed up.

There is a new site at http://wiki.star-os.com/ that will be the lead in the online documentation, thanks to Matthew Asham.

Yes I am coming into this system recently. And it looks to be really full featured, which is great. And yes I am new to wireless, but arent a lot of people? Wireless is the next big thing to happen to computers.

Now I have some more questions about authenticating client machines. (Eventually we will use our central radius server for authenticating users, but for now I will use the built in radius server for testing). Can I use radius authentication to control access, and throttle bandwidth, on an individual user basis?

I have a user set up in the radius users list, with Framed IP Address set and speed limitations. If I go into the interfaces, wlan1, interface features and disable hotspot, also go into hotspot, configuration, and turn it off there, then go into wireless, access control list and tell it "default = radius", I can connect with my laptop to the wireless, but ipconfig says DNS suffix = hotspot, and the IP address that my laptop is assigned still looks like a DHCP Auto Auth IP, not the IP address I told it to use in the radius user account. Also a speed test on cnet's web site tells me that I am getting 1 mbit download, and I told it 300K in the radius settings. I dont understand why its not using the settings I told it to use.

As you can see I am still struggling a bit with the hotspot versus no-hotspot scenarios. If I have fixed point wireless customers (which the first ones probably will be, with us installing CPE) then I may or may not use the hotspot functionality. It depends. I still may want to present the user with a splash page of my own design, without them having to log in. Still havent decided. But I need to know what the various options are.

Still need that manual.. but in the meantime can someone tell me what the pros/cons are of using the hotspot functionality, versus just plain old radius authentication, versus just putting mac addresses into the ACL? I am still foggy on the differences of these different methods.

John

Plain old radius just lets a user on or keeps them off, nothing more. The ACL system you are now trying is the original way of doing things. The user gets their info from whatever and the ACL & Radius combo simply determines if they can associate.

Hotspot lets the user on and sets the IP, gateway, DNS, and speed. The splash page requires hotspot, so you must be using it.

I have begun moving Hotspot topics to the Hotspot area so you can read them a bit easier. That is what you must do until we release the new manual.

How many users are you expecting to be connecting? How many AP units will you have?

I am working on 2 locations for us initially, using Star. One is our tower located in Oregon City. Its in the middle of a residential neighborhood, with lots of houses around it. I plan on marketing to those homes hot and heavy, just as soon as I can get this thing figured out. Thats part of my frustration is the pressure of trying to bring this to market. We have invested a lot of time, money, and effort and I need to see it start to pay off soon.

I dont know what you mean by "moving hotspot topics to the hotspot area", so I guess I will continue to post to this same topic since it still has to do with hotspots in a way.

I am still a little unclear about bandwidth management. Is it possible to throttle bandwidth on a user by user basis? If so, do I need to use hotspot functionality? I thought Star was able to throttle bandwidth before hotspots came along, but I dont know for sure since I did not own it before that time.

Addendum: If not on an individual basis, then can "classes" of bandwidth speed be set up, and associate a given user with a certain class?

John

The syntax of the pasrser is at the top of the cbq file, plus some examples. More examples are available on the download page.

I am gathering Hotspot topics and moving them under a Hotspot General heading.

Bandwidth can be set at each AP per customer, group of customers, or network segment. The Hotspot gives you the ability to do this all in the radius database, as opposed to changing the cbq file, dhcp file and MAC ACL. This is the way it was done before Hotspot and you can still f\do it that way if you wish. It will still work.

Well I took a peek at the cbq page, and it appears to be extremely complicated.. I could probably spend (or need to spend) the better part of my days learning about how to use it, if I was so inclined. But I dont think I have the luxury of doing that.. I have a business to run.

So I guess using the hotspot functionality is it, at least for now. It appears that if we want to use centralized radius authentication, and do bandwidth shaping, on a case by case basis, that is the way to go. So that said, if we enable hotspot, we can put parms in the radius server (either the built in one or another one somewhere else) to control the speed. I am still a little foggy on the assignment of a specific IP address to each user, for one thing. The other thing that I am not too clear on yet is the splash page(s). :?: "to splash, or not to splash". But I guess I am going to have to just futz around (trial and error) with it until it works the way I would like.

I will be waiting with bated breath for that user manual..

John

I am trying one last ditch effort to use the ACL/Radius authentication method. I tested my radius account with NTRadPing, and that works (using the mac address of my radio in my laptop). My laptop tells me its connected to the AP, but IPCONFIG doesnt show me a valid IP address. What controls the IP address given to the client when you are using ACL/Radius?? I tried turning on the DHCP Auto Auth, that didnt do anything, then I tried turning on the DHCP server, that didnt do anything either. What am I doing wrong?

Update: rebooted the laptop and it now gets an IP. But I still need to know how its getting its IP?
When is DHCP Auto Auth used, versus regular DHCP?

John

If you are using standard Wireless ACL / Radius ACL, then the client gets their configuration from a static, or DHCP assigned IP. The Wireless ACLs are not part of Hotspot and therefor do not assign any settings to the user once they associate.

Still more questions about hotspots etc..

We set up a couple of accounts on a remote radius server. 1 for manual logging in (throught hotspot login page) the other for mac address auto login. Got it working with the manual login ok. Then my associate put in the record with the mac address to test the auto login, ie:

0004236a5e9b Password = "0004236a5e9b"
Framed-Protocol = PPP,
Framed-Address = 255.255.255.254
Framed-Netmask = 255.255.255.0
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
Framed-Compression = Van-Jacobsen-TCP-IP

When I try to connect with my laptop (the above mac belongs to my laptop) I am getting an IP assigned to my machine of 255.255.255.254. I assume thats coming from the above record (is this true :?: ), and I am going to get that IP changed to something more normal. But the gateway address is blank?! How is the gateway assigned?

In the meantime I wanted to see if I could switch back to logging in with the login page. So I unchecked the box that says "Auth via MAC before login page". But it still assigns me that same IP address. I thought that checkbox controls whether or not STAR attempts to do a auto login based on Mac address? But it doesnt seem to behave that way.

Here is the radius record for the manual login account:

username Password = "password"
Framed-Protocol = PPP,
Framed-Address = 255.255.255.254
Framed-Netmask = 255.255.255.0
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
Framed-Compression = Van-Jacobsen-TCP-IP

When I login with the above (using a different radio in my laptop), it doesnt assign me an IP of 255.255.255.254. It assigns me a 192.168.2.2 IP (which looks like its coming from DCHP Auto Auth). Also the gateway is assigned as 192.168.2.1, which looks like its coming from the DHCP Auto Auth config screen as well.

So I dont quite understand some of the behaviour. Does it use the radius parms for IP address when doing auto login with Mac, but not when using manual login?

Also if I dont check the box that says "Assign a default CBQ rate", it doesnt seem to authenticate me with manual login or auto login. I guess it wants to see a specific rate of some sort, eh? (we dont have any speed parms in the radius records yet, but we will).

John

Freeradius page with links to the RFC section http://www.freeradius.org/features.html at the bottom of the page.

http://www.freeradius.org/rfc/rfc2865.html Read this about FRAMED-ROUTE

Manual login uses a browser and thus you already have an IP/gateway from static or dhcp. The radius attribute will not change your IP but can check and make sure you are at the IP you are supposed to be. This prevents users from playing IP games.

The default CBQ is not required and you probably have something else checked or unchecked.

Proceed one feature at a time. The RFC pages will answer everything you ever wanted to know about radius. There is also a book listed in our library section and I have advised everybody doing radius to get that book.

Proceed one feature at a time.

I kinda thought that I am proceeding with one feature at a time, Hotspots. But maybe auto login is different. But you need to remember that I am looking at this from a user's perspective. All I see is a bunch of screens in a user interface, and they are spread out throughout this program.

You see it from a totally different perspective (ie the programmer). You have intimate knowledge about the inner workings of this thing. I dont. Thats why I keep harping about the manual..

One thing I could really use is a checkbox by checkbox writeup of the checkboxes on the Hotspot Config screen.

Thanks for the pointer to the radius documentation. I will check it out.

John