[GH-ISSUE #55] Pure External UAM Experiment #35

New issue

Closed

opened 2026-03-04 14:52:35 +03:00 by kerem · 1 comment

kerem commented

2026-03-04 14:52:35 +03:00

Owner

Originally created by @a13519 on GitHub (Dec 4, 2025).
Original GitHub issue: https://github.com/f00b4r0/uspot/issues/55

I am trying the pure external uam solution without radius. I have two questions:

I found even I have no radius server needed in pure uam mode, the uspot also asking for radius config, I get this error:

Thu Dec  4 17:29:04 2025 daemon.err uspot: wingles: missing auth_server, auth_secret, nasid or nasmac!
Thu Dec  4 17:29:04 2025 daemon.err uspot: failed to load config

after I set a dummy auth_server, auth_secret, nasid and nasmac, the uspot service starts without issue. Am I setting anything wrong? or this is expected?

config uspot 'wingles'
	option auth_mode 'uam'
	option idle_timeout '600'
	option session_timeout '0'
	option disconnect_delay '0'
	option interface 'captive'
	option setname 'uspot'
	option debug '1'
	option whitelist_set 'wlist'
	option whitelist_ipset 'wlist'
	list whitelist_domains 'captive.apple.com'
	list whitelist_domains 'connectivitycheck.gstatic.com'
	list whitelist_domains 'detectportal.firefox.com'
	list whitelist_domains 'www.msftconnecttest.com'
	option auth_server '10.10.50.93'
	option auth_secret '12345'
	option uam_server 'http://10.10.50.93:8183/'
    option uam_secret 'secret123'
	option nasid '123'
	option nasmac '099'

In a uam mode, which process redirects client to remote uam server in case client mac is not in uspot ipset (unauthed)? I guess it's firewall, but the uam server is config in uspot configuration file how firewall knows where it should redirect, please help to clarify.

Thanks. Currently my pure external uam experiment is still not success, could you share a working config example for external uam?

Thanks!

Originally created by @a13519 on GitHub (Dec 4, 2025). Original GitHub issue: https://github.com/f00b4r0/uspot/issues/55 I am trying the pure external uam solution without radius. I have two questions: 1. I found even I have no radius server needed in pure uam mode, the uspot also asking for radius config, I get this error: ``` Thu Dec 4 17:29:04 2025 daemon.err uspot: wingles: missing auth_server, auth_secret, nasid or nasmac! Thu Dec 4 17:29:04 2025 daemon.err uspot: failed to load config ``` after I set a dummy auth_server, auth_secret, nasid and nasmac, the uspot service starts without issue. Am I setting anything wrong? or this is expected? ``` config uspot 'wingles' option auth_mode 'uam' option idle_timeout '600' option session_timeout '0' option disconnect_delay '0' option interface 'captive' option setname 'uspot' option debug '1' option whitelist_set 'wlist' option whitelist_ipset 'wlist' list whitelist_domains 'captive.apple.com' list whitelist_domains 'connectivitycheck.gstatic.com' list whitelist_domains 'detectportal.firefox.com' list whitelist_domains 'www.msftconnecttest.com' option auth_server '10.10.50.93' option auth_secret '12345' option uam_server 'http://10.10.50.93:8183/' option uam_secret 'secret123' option nasid '123' option nasmac '099' ``` 2. In a uam mode, which process redirects client to remote uam server in case client mac is not in uspot ipset (unauthed)? I guess it's firewall, but the uam server is config in uspot configuration file how firewall knows where it should redirect, please help to clarify. Thanks. Currently my pure external uam experiment is still not success, could you share a working config example for external uam? Thanks!