Discussion:
wireless hints: AP, username, password - does not work
(too old to reply)
Ben Woods
2016-08-02 22:41:32 UTC
Permalink
I need to use my FreeBSD 11-current laptop
in a new environment where all I'm given is
the access point (AP) name, the username and the password.
The local help is not great.
I'm told my browser should "automatically" point me
to a page where I enter the username and the password.
For starters I'm not familiar with username/password
for wireless authentication.
My /etc/wpa_supplicant.conf* files either
point to a cert file, and use identity/password,
network={
ssid="..."
psk="..."
}
How can this work with a username/password pair?
When I use ifconfig_wlan0="DHCP WPA" I cannot connect.
If I use just ifconfig_wlan0="DHCP" I can connect to the AP,
and get the ip address, but cannot connect anywhere else.
I guess they are using some weird MS only setup?
Anything else I can try to get connected?
Thanks
Anton
Hi Anton,

This sounds like it may be an open (unsecured) wifi, with adaptive portal
to redirect your initial web traffic to a web page requesting a username
and password.
https://en.m.wikipedia.org/wiki/Captive_portal


This is often used in airports / large coffee retail chains and is most
easily recognisable by the way it is presented in many mobile phones. When
they scan for wifi networks, there is one available to connect to which
does not have a padlock next to it. Once they connect to the wifi, they
will be associated to the AP and have an IP address, but network traffic
initially doesn't work. Shortly after connecting, many phones automatically
pop-up a website prompting for the username and password to enter.

On FreeBSD, it is as you said. Assuming you have atheros, put the following
in your /etc/rc.conf (replacing your_ssid_here with the wifi SSID):

wlans_ath0="wlan0"
ifconfig_wlan0="ssid *your_ssid_here* DHCP"


Run:
# service netif restart

Once you are connected and have an IP address, open your browser and
navigate to any webpage which DOESNT USE HTTPS. I commonly use
www.distrowatch.com, but any others you know which don't use https will
work. This is the part that tricks many people, as the captive portal will
redirect all web traffic to the portal until authenticated, but https
traffic will detect the server is not who they are supposed to be and fail.

Once authenticated, you should get a connection. Note that if can be easier
to connect with a mobile phone to confirm how it should work, and what the
SSID is etc, and then replicate on your FreeBSD laptop.

Good luck!
-Ben
--
--
From: Benjamin Woods
***@gmail.com
Jon Radel
2016-08-02 22:43:40 UTC
Permalink
I need to use my FreeBSD 11-current laptop
in a new environment where all I'm given is
the access point (AP) name, the username and the password.
The local help is not great.
I'm told my browser should "automatically" point me
to a page where I enter the username and the password.
Try treating it as an open AP and fire up a browser. What they're
probably describing is the ability for many APs to redirect / discard
all traffic from a new MAC, where HTTP/HTTPS is redirected to an HTTP
authentication page on the AP itself. After you authenticate, it
actually routes your traffic.
--
--Jon Radel
***@radel.com
Anton Shterenlikht
2016-08-03 09:06:38 UTC
Permalink
Post by Ben Woods
ifconfig_wlan0="ssid *your_ssid_here* DHCP"
Thank you, that did it.
My bad, I should've read the manual:
Sec. 30.3.4.1.2.1. Selecting an Access Point.
Post by Ben Woods
Once you are connected and have an IP address, open your browser and
navigate to any webpage which DOESNT USE HTTPS. I commonly use
www.distrowatch.com, but any others you know which don't use https will
Thanks

Anton
Warren Block
2016-08-03 23:47:31 UTC
Permalink
Post by Ben Woods
On FreeBSD, it is as you said. Assuming you have atheros, put the following
wlans_ath0="wlan0"
ifconfig_wlan0="ssid *your_ssid_here* DHCP"
# service netif restart
Once you are connected and have an IP address, open your browser and
navigate to any webpage which DOESNT USE HTTPS. I commonly use
www.distrowatch.com, but any others you know which don't use https will
work. This is the part that tricks many people, as the captive portal will
redirect all web traffic to the portal until authenticated, but https
traffic will detect the server is not who they are supposed to be and fail.
Once authenticated, you should get a connection. Note that if can be easier
to connect with a mobile phone to confirm how it should work, and what the
SSID is etc, and then replicate on your FreeBSD laptop.
This can be done in /etc/wpa_supplicant.conf with just:

network={
ssid="horriblecaptiveportal"
key_mgmt="NONE"
}

Then it is not necessary to change /etc/rc.conf.
Ben Woods
2016-08-04 05:44:48 UTC
Permalink
Post by Ben Woods
On FreeBSD, it is as you said. Assuming you have atheros, put the following
Post by Ben Woods
wlans_ath0="wlan0"
ifconfig_wlan0="ssid *your_ssid_here* DHCP"
# service netif restart
Once you are connected and have an IP address, open your browser and
navigate to any webpage which DOESNT USE HTTPS. I commonly use
www.distrowatch.com, but any others you know which don't use https will
work. This is the part that tricks many people, as the captive portal will
redirect all web traffic to the portal until authenticated, but https
traffic will detect the server is not who they are supposed to be and
fail.
Once authenticated, you should get a connection. Note that if can be
easier
to connect with a mobile phone to confirm how it should work, and what the
SSID is etc, and then replicate on your FreeBSD laptop.
network={
ssid="horriblecaptiveportal"
key_mgmt="NONE"
}
Then it is not necessary to change /etc/rc.conf.
TIL - thanks! Is it in the handbook!? :)

--
From: Benjamin Woods
***@gmail.com
Warren Block
2016-08-04 14:59:01 UTC
Permalink
Post by Ben Woods
On FreeBSD, it is as you said. Assuming you have atheros, put the following
wlans_ath0="wlan0"
ifconfig_wlan0="ssid *your_ssid_here* DHCP"
# service netif restart
Once you are connected and have an IP address, open your browser and
navigate to any webpage which DOESNT USE HTTPS. I commonly use
www.distrowatch.com, but any others you know which don't use https will
work. This is the part that tricks many people, as the captive portal will
redirect all web traffic to the portal until authenticated, but https
traffic will detect the server is not who they are supposed to be and fail.
Once authenticated, you should get a connection. Note that if can be easier
to connect with a mobile phone to confirm how it should work, and what the
SSID is etc, and then replicate on your FreeBSD laptop.
  network={
          ssid="horriblecaptiveportal"
          key_mgmt="NONE"
  }
Then it is not necessary to change /etc/rc.conf.
TIL - thanks! Is it in the handbook!? :)
It's shown in passing in the WEP section:
https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-wireless.html#network-wireless-wep

WEP is sadly, still in use in the wild, so we can't repurpose that
section and stop mentioning it.

The whole wireless section badly needs a rewrite and reorganization. It
occurs to me that we need a "WiFi for Travel" section after the quick
start. That would have sections on how to deal with identifying which
obsolete, insecure protocol is being used and configuring the system to
use it.

I will add that to my ever-growing list of doc things that need to be
done.
Anton Shterenlikht
2016-08-04 15:33:51 UTC
Permalink
Post by Warren Block
occurs to me that we need a "WiFi for Travel" section after the quick
I'd appreciate such section very much!

Anton

Loading...