NJIT ResNet Authentication

Periodically, NJIT requires users of the network to "authenticate" by entering the user's UCID and password either via a web browser or telnet before any other network activity is allowed. (For information from telecom, click here.) Essentially, this is to make sure you're that allowed to use network resources, and if you mess with stuff that they know who you are.

In the residence halls, authentication used to expire every morning at 5:00 am. Now, they seem to last for a week or so from when you last authenticated. It can be proven from log files that the time authentication is valid is very inconsistent now. This can get very annoying, especially if you have peripheral devices such as a Microsoft XBOX 360 or Nintendo Wii that can't really authenticate.

But, there is a solution. By using alternate firmware on a supported router, you can basically run linux and set up a script and a CRON job that runs periodically to make sure you're authenticated.

Disclaimer: I accept no responsibility for your actions. You possibly could turn your router into an expensive paperweight by doing this, it will definately void your warranty, and you might make telecom mad, so essentially you're on your own. This is for educational purposes only, blah, blah, blah.

Right. So here are the instructions in ten easy steps:

1. Install the DD-WRT firmware found here. Before you do, though, make sure you READ THE INSTRUCTIONS THOROUGHLY so you do it right and to confirm your router is supported, unless you want to brick your router. Make sure to use the "mini" version; the others take up too much space and you won't be able to set up the NJIT authentication script. Even the mini version is a very versatile package and has some very interesting and helpful features beyond the scope of this document that are worth investigating. As of this writing, I am using the current stable release, which is DD-WRT v23 SP2 mini. If you have the original Linksys firmware on a WRT54G and you want to install v23 SP2, for example, you need dd-wrt.v23_mini_generic.bin. Again, READ THE INSTRUCTIONS BEFORE INSTALLING. If you brick your router, that stinks, but I can't help you; try the DD-WRT Wiki.
 

2. Everything's working? Good. Now log in to the web GUI via http://192.168.1.1/ and go to "Administration->Management" and make sure JFFS2 support is enabled. The default username is 'root' and password is 'admin' sans quotes. You should probably change that password eventually.
 

3. Now you need to telnet to the router to install the script. Use your favorite client such as PuTTY, or enter "telnet 192.168.1.1" sans quotes in the Windows command prompt, then log in.
 

4. Now you need to write the script. If you're familiar with linux and shell scripting, this should be easy for you. DD-WRT comes with a version of the VI Text Editor. If you're not familiar with it, I highly suggest you Google a tutorial such as this one, as it's a little different than your typical text editor. Enter "vi /jffs/njit-auth.sh" sans quotes and hit enter. To type in VI, hit the "I" key for insert. Then enter the following (depending on your telnet client, you might be able to copy & paste):

   #!/bin/sh
   
   # Variables
   UCID=my-ucid
   PASS=my-password
   host=auth.njit.edu
   port=23
   logfile=/jffs/tmp/auth-log.txt
   
   # You shouldn't need to change anything below
   date >> ${logfile}
   
   (
   sleep 2
   echo "${UCID}"
   sleep 2
   echo "${PASS}"
   sleep 2
   ) | nc ${host} ${port} >> ${logfile}
   
   echo "
   ----------" >> 	${logfile}
   

   Enter your UCID and password instead of "my-ucid" and "my-password", of course. When you're finished, hit the ESC key, then :wq (yes, colon, w, q) to save and quit. I chose to use netcat in this script because that's really the only option available on DD-WRT, even if not the best for telnet scripting.
 

5. Now, you need to make it executable. Enter "chmod 755 /jffs/njit-auth.sh" sans quotes and hit enter.
 

6. It's a good idea to make sure it runs. Enter "/jffs/njit-auth.sh" sans quotes and hit enter. If all goes well, nothing appears on the screen until the command prompt again; this will take a few seconds. Then enter "cat /jffs/tmp/auth-log.txt" and hit enter to view the log. If you were already authenticated, you'll see the log just displays the date and a dashed line. If you weren't, you'll see that the authentication server prompted for your username and password, and that it was accepted (hopefully). If there were any problems, go back and make sure you entered the script properly.
 

7. Finally, you need to set up the cron job so it runs every so often. I set mine up to run every hour at five minutes past the hour, but if you want a different time period you can just Google crontab and set one up with your own parameters. Otherwise, enter "echo '5 * * * * root /jffs/njit-auth.sh' > /tmp/cron.d/authenticate" sans double quotes and hit enter.
 

8. We're done with the telnet connection, so close it by typing "exit" and pressing enter.
 

9. You're almost done. The "/tmp" folder is erased when the router reboots. We don't want to lose our new crontab every time the router reboots. So, go back to the Web GUI and go to Administration -> Commands. enter "echo '5 * * * * root /jffs/njit-auth.sh' > /tmp/cron.d/authenticate" sans double quotes into the text box and push the "Save Startup" button to save it to the startup script.
 

10. Voila! Your router will check if you are authenticated every hour, and if not, will authenticate for you. You'll never have to authenticate yourself again, unless you happen to catch it inbetween when it expired and the next routine check or your router was disconnected for a while. If you want to try to authenticate manually, you only need to enter "/jffs/njit-auth.sh" sans quotes in the command window in the GUI and press "Run Commands". If you want to see the last ten lines in the log, enter "tail /jffs/tmp/auth-log.txt" sans quotes in the command window in the GUI and press "Run Commands".