Ticket #557 (new Bug report)

Opened 9 years ago

Last modified 9 years ago

Redirection and possible authentication issue

Reported by: chris.chester1@… Owned by:
Priority: high Milestone: Not yet assigned to a Milestone
Component: Gateway and Auth server Version:
Keywords: Cc:

Description

Hello to the Wifidog community

We are setting up a captive portal for our University library as part of our project for our Bachelor of IT, we have got Wifidog to redirect a wireless user to the login page, after a user is logged in and they try to go to web site they are then redirected back to the login page, Any ideas? We are not sure if we are missing a module or if we've setup a line in the config wrong.

Auth Server gives this output during the authenticating and redirection: [6][Sun Apr 26 16:32:24 2009][4336](gateway.c:474) Received connection from 192.168.31.34, spawning worker thread [7][Sun Apr 26 16:32:24 2009][4336](httpd_thread.c:65) Processing request from 192.168.31.34 [7][Sun Apr 26 16:32:24 2009][4336](httpd_thread.c:66) Calling httpdProcessRequest() for 192.168.31.34 [6][Sun Apr 26 16:32:24 2009][4336](http.c:108) Captured 192.168.31.34 requesting [http%3A //www.google.co.nz/] and re-directing them to login page

[7][Sun Apr 26 16:32:24 2009][4336](http.c:182) Redirecting client browser to  http://192.168.31.1:80/login/?gw_address=192.168.31.1&gw_port=2060&gw_id=000C296A3C03&url=http%3A//www.google.co.nz/ [7][Sun Apr 26 16:32:24 2009][4336](httpd_thread.c:68) Returned from httpdProcessRequest() for 192.168.31.34 [7][Sun Apr 26 16:32:24 2009][4336](httpd_thread.c:73) Closing connection with 192.168.31.34

Our setup: Linux dist: Debian Router: Setup on Debian AP: Linksys WRT54G with OpenWRT White Russian RC5 Our Gateway and auth server are setup on the same box.

any help would be appreciated

Also if needed our config file:

# $Id: wifidog.conf 1243 2007-06-28 01:48:01Z benoitg $ # WiFiDog Configuration file

# Parameter: GatewayID # Default: default # Optional # # Set this to the node ID on the auth server # this is used to give a customized login page to the clients and for # monitoring/statistics purpose # If none is supplied, the mac address of the GatewayInterface? interface will be used, # without the : separators

GatewayID 000C296A3C03

# Parameter: ExternalInterface? # Default: NONE # Optional # # Set this to the external interface (the one going out to the Inernet or your larger LAN). # Typically vlan1 for OpenWrt?, and eth0 or ppp0 otherwise, # Normally autodetected

#ExternalInterface? eth1

# Parameter: GatewayInterface? # Default: NONE # Mandatory # # Set this to the internal interface (typically your wifi interface). # Typically br0 for OpenWrt?, and eth1, wlan0, ath0, etc. otherwise

GatewayInterface? eth0

# Parameter: GatewayAddress? # Default: Find it from GatewayInterface? # Optional # # Set this to the internal IP address of the gateway. Not normally required.

#GatewayAddress? 192.168.31.1

# Parameter: AuthServer? # Default: NONE # Mandatory, repeatable # # This allows you to configure your auth server(s). Each one will be tried in order, untill one responds. # Set this to the hostname or IP of your auth server(s), the path where # WiFiDog-auth resides in and the port it listens on. #AuthServer? { # Hostname (Mandatory; Default: NONE) # SSLAvailable (Optional; Default: no; Possible values: yes, no) # SSLPort (Optional; Default: 443) # HTTPPort (Optional; Default: 80) # Path (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use$ # LoginScriptPathFragment? (Optional; Default: login/? Note: This is the script the user will be sent to for login.) # PortalScriptPathFragment? (Optional; Default: portal/? Note: This is the script the user will be sent to after a success$ # MsgScriptPathFragment? (Optional; Default: gw_message.php? Note: This is the script the user will be sent to upon err$ # PingScriptPathFragment? (Optional; Default: ping/? Note: This is the script the user will be sent to upon error to re$ # AuthScriptPathFragment? (Optional; Default: auth/? Note: This is the script the user will be sent to upon error to re$ #}

AuthServer? {

Hostname 192.168.31.1 SSLAvailable no Path /

}

#AuthServer? { # Hostname auth2.ilesansfil.org # SSLAvailable yes # Path / #}

# Parameter: Daemon # Default: 1 # Optional # # Set this to true if you want to run as a daemon # Daemon 1

# Parameter: GatewayPort? # Default: 2060 # Optional # # Listen on this port # GatewayPort? 2060

# Parameter: HTTPDName # Default: WiFiDog # Optional # # Define what name the HTTPD server will respond # HTTPDName WiFiDog

# Parameter: HTTPDMaxConn # Default: 10 # Optional # # How many sockets to listen to # HTTPDMaxConn 10

# Parameter: CheckInterval? # Default: 60 # Optional # # How many seconds should we wait between timeout checks. This is also # how often the gateway will ping the auth server and how often it will # update the traffic counters on the auth server. Setting this too low # wastes bandwidth, setting this too high will cause the gateway to take # a long time to switch to it's backup auth server(s).

CheckInterval? 600

# Parameter: ClientTimeout # Default: 5 # Optional # # Set this to the desired of number of CheckInterval? of inactivity before a client is logged out # The timeout will be INTERVAL * TIMEOUT ClientTimeout 1

# Parameter: TrustedMACList # Default: none # Optional # # Comma separated list of MAC addresses who are allowed to pass # through without authentication #TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D

# Parameter: FirewallRuleSet? # Default: none # Mandatory # # Groups a number of FirewallRule? statements together.

# Parameter: FirewallRule? # Default: none # # Define one firewall rule in a rule set.

# Rule Set: global # # Used for rules to be applied to all other rulesets except locked. FirewallRuleSet? global {

## To block SMTP out, as it's a tech support nightmare, and a legal liability #FirewallRule? block tcp port 25

## Use the following if you don't want clients to be able to access machines on ## the private LAN that gives internet access to wifidog. Note that this is not ## client isolation; The laptops will still be able to talk to one another, as ## well as to any machine bridged to the wifi of the router. # FirewallRule? block to 192.168.0.0/16 # FirewallRule? block to 172.16.0.0/12 # FirewallRule? block to 10.0.0.0/8

## This is an example ruleset for the Teliphone service. #FirewallRule? allow udp to 69.90.89.192/27 #FirewallRule? allow udp to 69.90.85.0/27 #FirewallRule? allow tcp port 80 to 69.90.89.205

}

# Rule Set: validating-users # # Used for new users validating their account FirewallRuleSet? validating-users {

FirewallRule? allow to 0.0.0.0/0

}

# Rule Set: known-users # # Used for normal validated users. FirewallRuleSet? known-users {

FirewallRule? allow to 0.0.0.0/0

}

# Rule Set: unknown-users # # Used for unvalidated users, this is the ruleset that gets redirected. # # XXX The redirect code adds the Default DROP clause. FirewallRuleSet? unknown-users {

FirewallRule? allow udp port 53 FirewallRule? allow tcp port 53 FirewallRule? allow udp port 67 FirewallRule? allow tcp port 67

}

# Rule Set: locked-users # # Not currently used FirewallRuleSet? locked-users {

FirewallRule? block to 0.0.0.0/0

}

Change History

Changed 9 years ago by Mac Jones

Try using the simple auth server, basically static php files, that should help you decide if its the auth server or the wrt54g.

http://dev.wifidog.org/browser/trunk/wifidog-auth-lite

Also put your wifidog.conf file in a code block so that it's readable.

#like this
#and this

Changed 9 years ago by Mac Jones

It's not this is it?

http://dev.wifidog.org/ticket/551

Mac Whanagrei

Note: See TracTickets for help on using tickets.