Managing local accounts
During authentication, requests are forwarded to mbox RADIUS/UAM server from NAS (either hotspot access controller or external wireless controller), mbox validates user credentials, and informs NAS to accept or reject accesses, and if it's ACCEPT, mbox
When an authentication request comes in, mbox RADIUS first checks its local user database.
- If the username exists, it will check if the password is valid based on local user database record:
- If password is valid; RADIUS returns Access-Accept message to NAS (therefore permit access), at the same time mbox informs NAS about the user access rights (eg. how long he/she can use, at what speed etc.).
- If password is not valide, it will reply Access-Reject (deny access) to NAS, which will deny user access.
- If the username does not exist locally, RADIUS will check if external integration is configured:
- if external integration is configured, mbox will forward to external servers and wait for response from from upstream integration server to accept or reject user access (see next section on external user integration)
- if no external integration is configured, user access is denied immediately.
An overview of the workflow is explained in this section.
Local accounts can be created using various methods:
- manual creation by administrator. Administrators can access to RADIUS portal to create user accounts manually and assign access profile for each user.
- mass import from csv file (with auto assign access profile/groups). For large/massive manual input of accounts, we can import from csv file exported out from other databases.
- guest management console. Particularly for hotel applications, front-desk can access to a guest management console to create vouchers for guests. This is also commonly used for creating visitor accounts for some enterprise WiFi.
- self-registration with SMS notification. Users are given a sign-up portal at login page, after input their particulars (especially mobile no.), a random pass-code will be generated and SMSed to given mobile no. for login. This is typically used by public WiFi setups.
1. Manual creation by administrator. Administrator can login to RADIUS portal to create both guest user accounts and operator account. Refer to this link on how to access to RADIUS portal. Guest accounts are accounts for authenticating to mbox captive portal before granting Internet access. Operator accounts are used to create guest accounts from Guest Management Console (GMC).
- To create a normal guest account, go to Management --> User --> New User. Enter "username", "password" and select "Group" for this user. Group profile specifies the rights of the user (eg. how long she/he can use, the speed and account expiry date etc). More details on group profiles are discussed in next section.
- To create an operator account, go to Config --> Operators --> New Operator. Enter "username", "password" and leave other options as default.
2. Mass import of user accounts through csv.
Administrator can login to RADIUS portal to perform mass accounts import. Management --> User --> Import User.
Select the desired profile, copy and past csv-formatted data into the table. (see attached sample file for csv-formatted data).
3. Guest management console (GMC). GMC is a user-friendly web GUI portal for non-administrator to quickly create guest accounts (or access vouchers) for guest Internet access. GMC is only available when using mbox HSG or cloud vUAM.
It is widely used for below scenarios:
- hotel front-officers to create accounts/vouchers upon their check-in.
- shopping center Information officer to issue WiFi access voucher for visitors
- office receptionist to issue temp guest accounts for visitor for temp staff
- F&B outlets to offer controlled WiFi access to genuine customers only.
Refer to this link for details on using "Guest Management Console".
4. User self-registration through SMS. Another automated way of issuing guest accounts is through self-registration.
- Once user device is connected to an open WiFi network and is trying to browse Internet, a customizable self-registration form appears on the login page.
- After registration details are submitted, a random passcode will be SMSed to the provided mobile, and user can login with the given code.
Refer to next section on using external accounts for authentication.