Troubleshoot Hotspot External Guest Authentication
After the external web server and the Firebox are configured for external guest authentication, you can use log messages on your Firebox to see any errors that occur. This list shows log message examples for a few of the more common error types, as well as the possible cause and resolution for each.
Error type: missing a parameter in the decision URL
Log message example
Nov 2 18:20:32 2012 Firebox local3.err wgcgi[23924]: Hotspot auth failed, errcode=511
Possible cause
Missing parameter in the access decision URL.
Solution
Make sure the decision URL contains all the required parameters.
For information about required parameters, go to Configure a Web Server for Hotspot External Guest Authentication.
Error type: client request not found in the appliance
Log message example
Nov 2 18:28:14 2012 Firebox local3.err admd[1456]: Hotspot client request not found
Possible causes
Request timeout — The hotspot user must provide the authentication information within five minutes or the request times out and is deleted.
Timestamp (parameter ts in the decision URL) is invalid — The Firebox uses the timestamp and MAC address of the client to retrieve the client access request. If the ts parameter is invalid, it cannot find the request.
Request has been used — After an access request is retrieved by the Firebox, it is deleted. Do not send the same request multiple times.
Solution
Retype the original URL in the client web browser to get access to the Internet again in order to create a new access request on the Firebox.
Error type: hash checksum is invalid
Log message example
Nov 2 18:43:52 2012 Firebox local3.err admd[1456]: Hash is invalid for this hotspot client
Possible causes
Parameter success in the decision URL is not 1 — If parameter success does not equal to 1, authentication fails.
Parameter sig in the decision URL is invalid — If the checksum generated by the web server does not match the checksum generated by the Firebox, authentication fails.
Solution
Check the hash checksum calculation. It must be a hex encoded string in lower case.
For the formula to calculate the hash checksum, go to Configure a Web Server for Hotspot External Guest Authentication.
Configure a Web Server for Hotspot External Guest Authentication