cakephp app not redirecting properly when trying to authenticate with Radius Server

Ask about general coding issues or problems here.

Moderators: egami, macek, gesf

Post Reply
romeowedwhatjulieate
New php-forum User
New php-forum User
Posts: 1
Joined: Wed Nov 15, 2017 12:30 pm

Wed Nov 15, 2017 1:14 pm

I've a cakephp app which I'm trying to build. It is to manage wifi hotspots which authenticate using FreeRadius. I'm trying to make it so that when the user tries to connect to the internet through a hotspot (NAS?) they get redirected to an external login page on eg www.example.com/connect. The code at that url will make sure that the user has paid, for example, or check they're not blacklisted. Once my code is happy, as I understand it I'm supposed to make some records in the radius database.

I make 8 records in total:

$sql = "INSERT INTO radcheck (`username`,`attribute`,`op`,`value`) VALUES ('$sid', 'Password','==','$password_encry')";
$sql = "INSERT INTO radusergroup (`username`,`groupname`,`priority`) VALUES ('$sid', 'TestGroup','1')";
$sql = "INSERT INTO radreply (`username`,`attribute`,`value`,`op`)
$sql = "INSERT INTO radreply (`username`,`attribute`,`value`,`op`)
$sql = "INSERT INTO radreply (`username`,`attribute`,`value`,`op`)
$sql = "INSERT INTO radreply (`username`,`attribute`,`value`,`op`)
$sql = "INSERT INTO radreply (`username`,`attribute`,`value`,`op`)
$sql = "INSERT INTO radreply (`username`,`attribute`,`value`,`op`)

and then as far as I understand I'm meant to redirect back to the hotspot controller with username and password in the url and it should make an attempt to authenticate with the radius server.

I know that the radius server is set up ok because I'm rewriting (in a cake app) some code of a deceased colleague and his code works fine. It seems to be possibly a problem with how cakephp redirects things perhaps? The following is what I'm using in my cakephp code. It's exactly the same as the version in the old code (the username and passwrd might be different!)

$link = $mikrotik_link_login_only . "?dst=" . $redirect ."&username=" . $sid . "&password=" .$pass;
header("Location: ".$link);

The above works with the old code. Automatically there will be two more records in the radius database. One of which is in the radacct table, the other in the radpostauth table. The $mikrotik_link_login_only is the IP address of the controller. It uses the username and password to authenticate with the radius server but in the case of my code, when the code hits that redirect it ends up on a different page in my application and if I check in the server logs there appears to have been no attempt made to authenticate. In my deceased colleagues code, after doing that redirect there will be a couple more entries in the radius database and the code will now allow the user to access the internet.

I can't see anything else that his code does which mine doesn't so assume it's cakephp somehow?

If anyone can give me any suggestions or pointers I'd really appreciate it. Banging my head here for days.

Post Reply