Troubleshoot Hotspot External Guest Authentication

After the external web server and the XTM device are configured for external guest authentication, you can use log messages on the XTM device to look at any errors that occur. This list shows log message examples for a few of the more common error types and the possible cause and resolution for each.

Error type: missing a parameter in the decision URL

Log message example

Nov 2 18:20:32 2012 Firebox local3.err wgcgi[23924]: Hotspot auth failed, errcode=511

Possible cause

Missing parameter in the access decision URL.

Solution

Make sure the decision URL contains all the required parameters.

For information about required parameters, see Configure a Web Server for Hotspot External Guest Authentication.

Error type: client request not found in the appliance

Log message example

Nov 2 18:28:14 2012 Firebox local3.err admd[1456]: Hotspot client request not found

Possible causes

Request timeout — The hotspot user must provide the authentication information within five minutes. Otherwise, the request times out and is deleted.

Timestamp (parameter “ts” in the decision URL) is invalid — The XTM device uses the timestamp and MAC address of the client to retrieve the client access request. If the ts parameter is invalid, it cannot find the request.

Request has been used — After an access request is retrieved by the XTM device, it is deleted. Do not send the same request multiple times.

Solution

Retype the original URL in the client web browser to get access to the Internet again in order to create a new access request on the XTM device.

Error type: hash checksum is invalid

Log message example

Nov 2 18:43:52 2012 Firebox local3.err admd[1456]: Hash is invalid for this hotspot client

Possible causes

Parameter “success” in the decision URL is not 1 — If parameter success does not equal to 1, authentication fails.

Parameter “sig” in the decision URL is invalid — If the checksum generated by the web server does not match the checksum generated by the XTM device, authentication fails.

Solution

Check the hash checksum calculation. It must be a hex encoded string in lower case.

For the formula to calculate the hash checksum, see Configure a Web Server for Hotspot External Guest Authentication.

See Also

Configure a Web Server for Hotspot External Guest Authentication

Configure the Hotspot for External Guest Authentication

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base