Hello!
I am looking to create my own web based radius server and user management application (I'm a web developer not a network person) for a wifi network. I think I've figured out most of this but mainly am confused re: session management between the router, radius server and / or user management application. Let's call the external application 'mangoapp'.
Here is what I've come up with so far:
1. User attempts to access the wifi network. They are not authenticated. The mikrotik router is set up with hotspot and external, web based radius server. The 'login.html' file on the router is a redirect to a web page hosted by mangoapp.
2. The user creates an account / logs in through mangoapp. This creates an entry for them in the mangoapp db. This db is accessible to the radius server.
** This is where things get hazy **
3. The user now tries to access another url, e.g. google.com
4. To the router the user is still not authenticated. This triggers a request from the router to the radius server.
5. The radius server looks up the user's info which is now correct. The radius server replies with 'Access-Accept' and the user is free to use the wifi.
What I'm struggling with is how, in step 3 and 4, the router maps the user making the request to google.com with the user who is authenticated to mangoapp? When the router makes the request to the radius server for authentication how does it know which user it's talking about?
As I understand there are a few alternatives:
1. The router has a network resolvable DNS name, e.g. 'login.mangoapp.com'. When the user completes the authentication with Mangoapp they are redirected to this url with queryparams / payload of username and some sort of token / shared key that the router can read?
2. Router and mangoapp share a cookie? I have been looking at mac cookie, is there an identifier in the mac cookie that is accessible to mangoapp?
3. When the user logs in through mangoapp / the captive portal , somehow the router is aware of the username and password?
Any help is greatly appreciated!