This is an old revision of the document!
Table of Contents
Steps for a Clik-To-Connect Login Page
Create the Click-to-Connect Profile
Weather you want to limit your click-to-connect users for one hour or one day or 1 GB of data, something you have to add to the Profile Component you choose is an attribute set that will reset the limitation with every device. Otherwise the first customer to connect will use up the allowed data and no one else will be allowed access.
RADIUSdesk installs with two ready-to-use Click to connect Profiles. Select the CTC-1Hour Profile for one hour free access and CTC-100M for 100Mb free access.
If you build your own Profiles:
For a Profile Component that limits Time, the following attributes in red are important to include:
One Hour free access per device per day
| Attribute | Check or Reply | Operator | Value | Comment |
|---|---|---|---|---|
| Rd-Total-Time | Check | := | 3600 | This is in seconds |
| Rd-Reset-Type-Time | Check | := | daily | For each device to have this limit daily |
| Rd-Cap-Type-Time | Check | := | hard | Options are hard or soft. Soft will not cut the user off if they are over the limit |
| Rd-Mac-Counter-Time | Check | := | 1 | This counter will be enforced on each device connecting |
| Fall-Through | Reply | := | Yes | Required to group these components together |
For a Profile Component that limits Data, the following attributes in red are important to include:
500Mb Data free per device per day
| Attribute | Check or Reply | Operator | Value | Comment |
|---|---|---|---|---|
| Rd-Total-Data | Check | := | 50000000 | Multiply by 1024 if you want to be more technical  |
| Rd-Reset-Type-Data | Check | := | daily | For each device to have this limit daily |
| Rd-Cap-Type-Data | Check | := | hard | Options are hard or soft. Soft will not cut the user off if they are over the limit |
| Rd-Mac-Counter-Data | Check | := | 1 | This counter will be enforced on each device connecting |
| Fall-Through | Reply | := | Yes | Required to group these components together |
——–
Create the Click-to-Connect User
- Click on Permanent Users on the RADIUSdesk home screen
- Create a permanent user called click_to_connect@radiusdesk. (Radiusdesk is our NAS ID the default captive portal. Be sure to fill in YOUR NAS ID after the @ sign.)
- Give it the password of click_to_connect
- Select the Realm and the Profile you want to use. We suggest an uncapped type profile.
- Also ensure that the Cap type for Data says on Hard.
Whats in a name?
- You may wonder why we call the Click-to-Connect user click_to_connect@fbt-01.
- The name can be broken up in two parts.
- The first part is everything before the @.
- The last part is everything after the @.
- The user's password has to be the same as the first part e.g. click_to_connect.
- The second part will be automatically added by the login pages when the user clicks the Click-to-connect button and is determined by a the configuration of the Dynamic login pages.
Time to tackle the last bit which is the NAS device and Dynamic login pages and see how it all comes together.
Add the NAS device
- Click on Menu → NAS devices → NAS devices to open the NAS devices management applet.
- Since the Coova Chilli captive portal used by Funky Bean There comes from an unknown IP Address we will add a NAS device with connection type Dynamic client.
- We will use the value of nasid specified in the Coova Chilli set-up to uniquely identify the incoming connection.
- We assume that it was specified as fbt-01 (Short for Funky Been There - 01). The value of nasid will then be used by Coova-Chilli in the RADIUS requests which it sends out to the RADIUS server in the form of the NAS-Identifier attribute.
- After you selected Dynamic client you can specify Unique AVP combination as NAS-Identifier and the value fbt-01 in the Dynamic AVP detail sub-tab.
- On the NAS sub-tab you can specify the Name also as fbt-01 (It is a good convention to keep them the same) along with a shared secret. This shared secret is the same as the one defined in the Coova Chilli configuration.
- The realms should only show the Funky Been There realm.
When you do this action as the root user; the list of realms will change depending weather you decide to make a NAS device available to sub-providers or not.
- After you added the device; be sure to edit it again and ensure that the NAS → Optional info sub-tab also have the NAS-Identifier specified as fbt-01.
- Save you work and wait at least 10 minutes to allow the cron job to restart the FreeRADIUS server in order for this device to be added.
This cron entry runs a script to check if FreeRADIUS needs a restart
#Every 10 minutes to keep it stable */10 * * * * www-data /var/www/cake2/rd_cake/Console/cake -app /var/www/cake2/rd_cake Freeradius >> /dev/null 2>&1
Now that we have the NAS device added to RADIUSdesk; we can do the Dynamic Login page
Add a Dynamic login page
- Click on Menu → Dynamic login pages to open the Dynamic login pages management applet.
Hey!! There is already some login pages listed here
- If there happen to be login pages listed already which you did not intend to have listed, it is because that realm has the Make available to sub-providers option checked.
- To fix this you have to log out as the current Access Provider and log in as root.
- Now you can remove the unwanted login pages by un-checking that option.
- Log in again as the Access Provider for Funky Bean There.
- Click on the plus sign in the toolbar and add the new Dynamic login page.
- Add your own new Dynamic login page and make it NOT available to sub-providers.
- After you added the Dynamic Login page you can further edit it by uploading photos for the slideshow.