{"id":958,"date":"2018-05-31T15:21:45","date_gmt":"2018-05-31T12:21:45","guid":{"rendered":"https:\/\/helia.ee\/koolitus\/?page_id=958"},"modified":"2018-05-31T15:21:45","modified_gmt":"2018-05-31T12:21:45","slug":"mikrotik-user-manager-and-radius-server-on-miktorik","status":"publish","type":"page","link":"https:\/\/helia.ee\/koolitus\/?page_id=958","title":{"rendered":"Mikrotik &#8211; User manager and Radius Server on Miktorik"},"content":{"rendered":"<h1 id=\"firstHeading\" class=\"firstHeading\" lang=\"en\">User Manager\/Hotspot Example<\/h1>\n<div id=\"bodyContent\" class=\"mw-body-content\">\n<div id=\"contentSub\"><span class=\"subpages\">&lt; <a class=\"mw-redirect\" title=\"User Manager\" href=\"https:\/\/wiki.mikrotik.com\/wiki\/User_Manager\">User Manager<\/a><\/span><\/div>\n<\/div>\n<p><b>Bold text<\/b>== Introduction == To make this setup, you should have running <a class=\"new\" title=\"How to make a HotSpot gateway (page does not exist)\" href=\"https:\/\/wiki.mikrotik.com\/index.php?title=How_to_make_a_HotSpot_gateway&amp;action=edit&amp;redlink=1\"> Hotspot<\/a> server on the router. Let us consider configuration steps for HotSpot and User Manager routers, in order to use User Manager for HotSpot users.<\/p>\n<h2><span id=\"HotSpot_configuration\" class=\"mw-headline\">HotSpot configuration<\/span><\/h2>\n<ul>\n<li>Set HotSpot to use User Manager for HotSpot server users,<\/li>\n<\/ul>\n<pre> \/ <strong>ip hotspot profile set hsprof1 use-radius=yes\r\n<\/strong><\/pre>\n<ul>\n<li>Add radius client to consult User Manager for HotSpot service.<\/li>\n<\/ul>\n<pre> \/ <strong>radius add service=hotspot address=y.y.y.y secret=123456\r\n<\/strong><\/pre>\n<p>&#8216;secret&#8217; is equal to User Manager router secret. &#8216;y.y.y.y&#8217; is the User Manager router address. By default this is 127.0.0.1. If using a remotely located Router (perhaps via a VPN) then the IP address entered is the IP address of that remote Router. The router could be a Radius Server, or another ROS with User Manager installed.<\/p>\n<ul>\n<li>Note, first local HotSpot Users database is consulted, then User Manager database.<\/li>\n<\/ul>\n<p>It means that if you have configuration in &#8216;\/ ip hotspot user print&#8217;, users will be able to authenticate in HotSpot using this locally held data.<\/p>\n<p>Delete users configuration from &#8216;\/ ip hotspot print&#8217; to stop using local HotSpot User database for authentication. To move batch of local HotSpot users to the User Manager database use <a class=\"mw-redirect\" title=\"Configuration Management\" href=\"https:\/\/wiki.mikrotik.com\/wiki\/Configuration_Management#Exporting_Configuration\">export and import<\/a> . Use text editor program to create appropriate file to import local users to the User Manager database.<\/p>\n<p>If you have multiple Radius entries, then connections are attempted from top to bottom and the first Radius Server that responds (with ANY response, authenticated or not) aborts any further radius lookups. Therefore this is intended for the Hotspot to try to obtain a connection to a working Radius Server usually with the same identical database contents, e.g. a main server and an identical backup. Adding multiple entries is not intended for the scenario of using different Radius Servers where you wish the Radius Client to attempt to obtain authentication for a user login from multiple and completely different databases, trying each one in turn, obtaining failures to authenticate on each (wrong) one until eventually one obtains a valid authenticated response from the one single database that does contain their Radius record.<\/p>\n<h2><span id=\"User_Manager_configuration\" class=\"mw-headline\">User Manager configuration<\/span><\/h2>\n<ul>\n<li>First, you need to <a title=\"User Manager\/Getting started\" href=\"https:\/\/wiki.mikrotik.com\/wiki\/User_Manager\/Getting_started#Download\"> download<\/a> and <a title=\"User Manager\/Getting started\" href=\"https:\/\/wiki.mikrotik.com\/wiki\/User_Manager\/Getting_started#Install\"> install<\/a> User Manager <a class=\"external text\" href=\"http:\/\/www.mikrotik.com\/download.html\" rel=\"nofollow\">package<\/a>;<\/li>\n<li>Create User Manager <a title=\"User Manager\/Subscribers\" href=\"https:\/\/wiki.mikrotik.com\/wiki\/User_Manager\/Subscribers\"> subscriber<\/a> (root customer). Note that when using a version 3.0 or newer, a subscriber called &#8216;admin&#8217; is created automatically &#8211; you can skip the following stage and change &#8216;MikroTik&#8217; to &#8216;admin&#8217; in subsequent steps;<\/li>\n<\/ul>\n<pre>\/ tool user-manager customer add login=\"MikroTik\" password=\"qwerty\" permissions=owner\r\n<\/pre>\n<ul>\n<li>Add HotSpot router information to <a class=\"new\" title=\"User Manager\/Routers (page does not exist)\" href=\"https:\/\/wiki.mikrotik.com\/index.php?title=User_Manager\/Routers&amp;action=edit&amp;redlink=1\"> router<\/a> list,<\/li>\n<\/ul>\n<pre> \/ tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456\r\n<\/pre>\n<p>&#8216;x.x.x.x&#8217; is the address of the HotSpot router, &#8216;shared-secret&#8217; should match on both User Manager and HotSpot routers. Adding &#8216;x.x.x.x&#8217; as a router allows Radius requests from &#8216;x.x.x.x&#8217; to be passed to the Radius Server built into User Manager. Therefore if you have any remote ROS Hotspots that require access to this Radius Server, then all their IP addresses must be added to this list.<\/p>\n<ul>\n<li>Add HotSpot user information, it is equal to &#8217;ip hotspot user&#8217; when local HotSpot is used for clients<\/li>\n<\/ul>\n<p>In version 3:<\/p>\n<pre> \/ <strong>tool user-manager user add name=demo password=demo subscriber=MikroTik\r\n<\/strong><\/pre>\n<p>In version 4:<\/p>\n<pre> \/ <strong>tool user-manager user add name=demo password=demo customer=MikroTik\r\n<\/strong><\/pre>\n<p>We discuss only basic configuration example, detailed information about <a title=\"User Manager\/Users\" href=\"https:\/\/wiki.mikrotik.com\/wiki\/User_Manager\/Users\"> &#8216;user&#8217;<\/a> menu configuration.<\/p>\n<ul>\n<li>You can use User Manager <a title=\"User Manager\/Customer page\" href=\"https:\/\/wiki.mikrotik.com\/wiki\/User_Manager\/Customer_page\"> web interface<\/a> after first <a title=\"User Manager\/Getting started\" href=\"https:\/\/wiki.mikrotik.com\/wiki\/User_Manager\/Getting_started#Create_first_subscriber\">subscriber<\/a> created.<\/li>\n<\/ul>\n<ul>\n<li>To make sure, that client is using User Manager for AAA,<\/li>\n<\/ul>\n<pre> \/ ip hotspot active print\r\n Flags: R - radius, B - blocked\r\n  #    USER          ADDRESS         UPTIME       SESSION-TIME-LEFT IDLE-TIMEOUT\r\n  0 R  00:01:29:2... 192.168.100.2   1m29s\r\n<\/pre>\n<p>&#8216;R&#8217; means that client uses User Manager server for AAA services.<\/p>\n<p>Video: https:\/\/youtu.be\/Geid7ugU_Cs<\/p>\n","protected":false},"excerpt":{"rendered":"<p>User Manager\/Hotspot Example &lt; User Manager Bold text== Introduction == To make this setup, you should have running Hotspot server on the router. Let us consider configuration steps for HotSpot and User Manager routers, in order to use User Manager for HotSpot users. HotSpot configuration Set HotSpot to use User Manager for HotSpot server users, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":612,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-958","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/958","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=958"}],"version-history":[{"count":1,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/958\/revisions"}],"predecessor-version":[{"id":959,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/958\/revisions\/959"}],"up":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/612"}],"wp:attachment":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=958"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}