[isf-wifidog] Wifidog, portal page and Apple auto-login

Geneviève Bastien gbastien at versatic.net
Jeu 25 Aou 18:33:52 EDT 2011 

If I can get my hands on a Apple product I'll make some further tests 
and outputs...  I'll keep you posted.

Thanks,
Geneviève


On 11-08-25 06:03 PM, Alexandre Carmel-Veilleux wrote:
> The problem is that the best place to put this is in the URL handler 
> on the ap. Then it's a basically no-op as far as the firewall rules 
> are concerned.
>
> The issue is that I don't believe it will follow an http redirect and 
> even if it did, the login page entry point on the auth server would 
> need to identify and respond.
>
> Maybe if you can get me verbose httpd logs from an apple device? Or 
> better yet a fell packet capture of the authentication transaction?
>
> Alex
>
>
>
> On 2011-08-25, at 16:47, Geneviève Bastien <gbastien at versatic.net 
> <mailto:gbastien at versatic.net>> wrote:
>
>> Thanks Alex for this fast patch!
>>
>> But I think I'd prefer the server side solution if possible, as it 
>> does not involve reflashing our few hundreds access points and the 
>> day android thinks this feature is so great and decide to implement 
>> it as well, it would be easier to modify...
>>
>> Unless there is a reason to favor a client-side solution?  Maybe 
>> Apple will not like the url redirect to login page...
>>
>> Geneviève
>>
>>
>> On 11-08-25 02:44 PM, acv wrote:
>>> And of course I screw up the URL. Forgot the leading /. Please use this instead.
>>>
>>> Alex
>>>
>>> On Thu, Aug 25, 2011 at 01:40:40PM -0400, Genevive Bastien wrote:
>>>> Date: Thu, 25 Aug 2011 13:40:40 -0400
>>>> From: Geneviève Bastien<gbastien at versatic.net  <mailto:gbastien at versatic.net>>
>>>> To:wifidog at listes.ilesansfil.org  <mailto:wifidog at listes.ilesansfil.org>
>>>> Subject: Re: [isf-wifidog] Wifidog, portal page and Apple auto-login
>>>>
>>>> Thanks for the answer, but that is not the issue.  It is more Apple
>>>> products bypassing the portal page, the whole login process is all fine.
>>>>
>>>> I found this:
>>>> http://blogs.oucs.ox.ac.uk/networks/2009/10/12/fixing-the-iphone-os-wifi-auto-login-problem/
>>>> Which may suggest that we could bypass the auto-login feature from the
>>>> server side by answering the request with the expected output.  The user
>>>> will then have to open a browser page to see the actual login and portal
>>>> pages.
>>>>
>>>> Geneviève
>>>>
>>>>
>>>> On 11-08-25 01:12 PM, acv wrote:
>>>>> Marcos' comments below are not completely accurate, the ping was not a
>>>>> test itself,
>>>>> in fact the gateway never bothered reading the response... The idea was to
>>>>> cause
>>>>> the client to generate activity. Then activity (measured in bytes received
>>>>> from
>>>>> client since last polling) was used.
>>>>>
>>>>> In src/firewall.c, fw_sync_with_authserver() implements the timeout logic,
>>>>> it includes
>>>>> this tidbit:
>>>>>
>>>>>          /* Ping the client, if he responds it'll keep activity on the
>>>>>          link.
>>>>> 	* However, if the firewall blocks it, it will not help. The suggested
>>>>> 	* way to deal witht his is to keep the DHCP lease time extremely
>>>>> 	* short: Shorter than config->checkinterval * config->clienttimeout
>>>>> 	*/
>>>>>
>>>>> ping was to be a BACKUP way of generating activity but using DHCP as
>>>>> suggested here is
>>>>> much more reliable.
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Alexandre
>>>>>
>>>>> On Thu, Aug 25, 2011 at 01:06:29PM -0300, Marcos Tadeu wrote:
>>>>>> Date: Thu, 25 Aug 2011 13:06:29 -0300
>>>>>> From: Marcos Tadeu<marcos at v2r.com.br  <mailto:marcos at v2r.com.br>>
>>>>>> To:wifidog at listes.ilesansfil.org  <mailto:wifidog at listes.ilesansfil.org>
>>>>>> Subject: Re: [isf-wifidog] Wifidog, portal page and Apple auto-login
>>>>>>
>>>>>> Can you ping the Apple products from wifidog captive portal machine,
>>>>>> after login?
>>>>>> If not, it is the problema: wifidog need to ping client to know that it
>>>>>> is alive. If an firewall drop the ping, wifidog consider it dead. And...
>>>>>> pouf.
>>>>>>
>>>>>> On 08/25/2011 12:38 PM, Geneviève Bastien wrote:
>>>>>>> Hello all,
>>>>>>>
>>>>>>> We have a problem with the portal page and Apple products and their
>>>>>>> auto-login feature.  Right now, when any iOs product and now Lion
>>>>>>> connects to a wifidog router, they are shown the login page right
>>>>>>> away, and the minute they have access to the internet (apple.com  <http://apple.com>
>>>>>>> site), pouf! it's gone, so they never see the portal page.
>>>>>>>
>>>>>>> But the portal page is really important to us and this situation is
>>>>>>> really annoying (40 to 50% of our users use Apple products!).
>>>>>>>
>>>>>>> Did anyone come up with a solution to this?  Or do you know any
>>>>>>> captive portal solution that did?  Any ideas on the topic? (putting
>>>>>>> apple.com  <http://apple.com>  in the walled garden is not a viable option)
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Geneviève
>>>>>>> _______________________________________________
>>>>>>> WiFiDog mailing list
>>>>>>> WiFiDog at listes.ilesansfil.org  <mailto:WiFiDog at listes.ilesansfil.org>
>>>>>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>>>>> _______________________________________________
>>>>>> WiFiDog mailing list
>>>>>> WiFiDog at listes.ilesansfil.org  <mailto:WiFiDog at listes.ilesansfil.org>
>>>>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> WiFiDog mailing list
>>>>>> WiFiDog at listes.ilesansfil.org  <mailto:WiFiDog at listes.ilesansfil.org>
>>>>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>>> _______________________________________________
>>>> WiFiDog mailing list
>>>> WiFiDog at listes.ilesansfil.org  <mailto:WiFiDog at listes.ilesansfil.org>
>>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>>>
>>>>
>>>> _______________________________________________
>>>> WiFiDog mailing list
>>>> WiFiDog at listes.ilesansfil.org  <mailto:WiFiDog at listes.ilesansfil.org>
>>>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>>
>> _______________________________________________
>> WiFiDog mailing list
>> WiFiDog at listes.ilesansfil.org <mailto:WiFiDog at listes.ilesansfil.org>
>> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog

-------------- section suivante --------------
Une pièce jointe HTML a été nettoyée...
URL: <http://listes.ilesansfil.org/pipermail/wifidog/attachments/20110825/4c45b32d/attachment-0001.html>

Plus d'informations sur la liste de diffusion WiFiDog