Internally-Hosted Splash Page with RADIUS Authentication

Follow

Overview

This article describes the process for creating an internally-hosted splash page on an Access Point and configuring an external RADIUS server to handle authentication.

Background

You can use Datto Networking Cloud Management to create and upload a custom splash page to an Access Point. The splash page will be presented to users when authentication is required. Datto Networking Cloud Management uses RADIUS technology to manage authentication.

Configure the RADIUS Server

You will need to configure a RADIUS server that can be reached by the Access Points on your network. The following steps are required; additional setup details will be specific to the type of RADIUS server you are using.

If you already have a configured RADIUS server, you may use it without configuring another server. 
  1. Set up the RADIUS server. RADIUS servers are available from the FreeRADIUS project. Microsoft Windows Server includes RADIUS technology.
  2. Configure the RADIUS server to provide access for the users that you need to authenticate. You must provide a Username and Password for each.
    • You can also configure maximum upload and download bandwidth throttles for each user, as well a session timeout, by modifying the attributes WISPr-Bandwidth-Max-UpWISPr-Bandwidth-Max-Down, and SESSION_TIMEOUT.
  3. Note the IP address (or hostname) and the server secret of the RADIUS server. You will need them in the following steps.

Configure Datto Networking Cloud Management

The splash page and authentication are specified separately in Datto Networking Cloud Management for each SSID.

  1. Select Configure → SSID 1 (or specify a different SSID number if you want to use a different SSID).
  2. Select Custom for the Splash Page type.
  3. Select Edit Splash Page and edit the splash page as needed. Be sure to include the existing form for RADIUS Access. You may change the form heading and prompt, but you must leave the form controls unchanged.

Figure 1: Radius Access login

  1. Save the Splash Page
  2. Select RADIUS for Splash Page Authentication.
  3. Enter the IP Address or Hostname of your RADIUS server under Server Address 1. If you have a secondary/backup RADIUS server you may enter it for Server Address 2.
  4. Enter the server secret for your RADIUS server under Server Secret. A RADIUS server limits access to only those knowing its secret.
  5. If a NAS ID is required in your usage, enter it as well. A NAS ID may be used to pass additional information about an authentication request to the RADIUS server.
  6. Normally, after a user is successfully authenticated they will be taken to the we-page that triggered the splash page. If you prefer for them to be taken to a common completion page, you may enter an explicit Redirect URL.
  7. Save changes to the SSID configuration. 

Figure 2: RADIUS configuration 

Test the Configuration

At this stage, the splash page and RADIUS configuration are complete. Unauthenticated users should be presented with the splash page. The Username and Password they enter into the splash page form will be authenticated for the RADIUS server. Only those users successfully authenticated by the RADIUS server will be allowed access to the Internet.

Fail-Safe Behavior

Note that in the case of a server configuration or runtime error, Datto Networking Cloud Management is designed to be fail-safe: if the specified RADIUS server cannot be reached, or is not configured correctly, the user will be given access for a period of time.


Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Head on over to our Community Forum!