Troubleshoot Hotspot External Guest Authentication

After the external web server and the Firebox are configured for external guest authentication, you can use log messages on your Firebox to see any errors that occur. This list shows log message examples for a few of the more common error types, as well as the possible cause and resolution for each.

Error type: missing a parameter in the decision URL

Log message example

Nov 2 18:20:32 2012 Firebox local3.err wgcgi[23924]: Hotspot auth failed, errcode=511

Possible cause

Missing parameter in the access decision URL.

Solution

Make sure the decision URL contains all the required parameters.

For information about required parameters, go to Configure a Web Server for Hotspot External Guest Authentication.

Error type: client request not found in the appliance

Log message example

Nov 2 18:28:14 2012 Firebox local3.err admd[1456]: Hotspot client request not found

Possible causes

Request timeout — The hotspot user must provide the authentication information within five minutes or the request times out and is deleted.

Timestamp (parameter ts in the decision URL) is invalid — The Firebox uses the timestamp and MAC address of the client to retrieve the client access request. If the ts parameter is invalid, it cannot find the request.

Request has been used — After an access request is retrieved by the Firebox, it is deleted. Do not send the same request multiple times.

Solution

Retype the original URL in the client web browser to get access to the Internet again in order to create a new access request on the Firebox.

Error type: hash checksum is invalid

Log message example

Nov 2 18:43:52 2012 Firebox local3.err admd[1456]: Hash is invalid for this hotspot client

Possible causes

Parameter success in the decision URL is not 1 — If parameter success does not equal to 1, authentication fails.

Parameter sig in the decision URL is invalid — If the checksum generated by the web server does not match the checksum generated by the Firebox, authentication fails.

Solution

Check the hash checksum calculation. It must be a hex encoded string in lower case.

For the formula to calculate the hash checksum, go to Configure a Web Server for Hotspot External Guest Authentication.

Related Topics

Configure a Web Server for Hotspot External Guest Authentication

Configure an External Guest Authentication Hotspot