Community discussions

MikroTik App
 
User avatar
awacenter
Member Candidate
Member Candidate
Topic Author
Posts: 201
Joined: Thu Dec 09, 2004 12:58 pm
Location: Castellón
Contact:

Each realm has its own RADIUS server

Thu Nov 16, 2006 2:18 pm

Hi,

I have lot of MT in Europe. I do roaming with others roaming partners since more than 2 years ago. Now, I have a Virtual Operator who will have its own SSID in my MTs. This Virtual Oper. has its own RADIUS.
I do not want to use my own RADIUS.

I identied this operator with its domain and I put this info in the login pages that I have created for them.

I know the first RADIUS server of the list, it is the first who authenticates a user. In a RADIUS apropertiers of a MT I know REALM and domain attributes exists.

I want to know if I put the domain or write in the username attr. as "domain\username", how a certain radius servar can answer.

for example,
username= joe@VirtualDom ----> RADIUS_V with Domain=VirtualDom OR/AND Realm=VirtualDom
However,
username= joe ----> RADIUS_MY with Domain='' OR/AND Realm=''
The manual shows:
RADIUS client

domain (text; default: "") - Microsoft Windows domain of client passed to RADIUS servers that require domain validation

realm (text) - explicitly stated realm (user domain), so the users do not have to provide proper ISP domain name in user name
Thanks,

Santiago
 
freebird
Frequent Visitor
Frequent Visitor
Posts: 98
Joined: Sun Feb 20, 2005 1:16 pm

Thu Nov 16, 2006 4:34 pm

Can't you do the roaming on your RADIUS server?
We use freeradius as a RADIUS server and this server can act
as a proxy for other realms.
When a user with a different realm
than yours authenticates at your hotspot, the RADIUS server
can recognize the realm and proxies the request to the listed
RADIUS server of that realm.

Isn't that possible in your setup?


seandsl
--
 
savage
Forum Guru
Forum Guru
Posts: 1263
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Thu Nov 16, 2006 10:47 pm

You best and easiest to manage solution here is your own radius server, and proxy the various realms to the client's radius server.

This also means you have SOME form of control over what they can/cannot configure via the means of Attributes on your network (which can be very serious stuff)...
 
User avatar
awacenter
Member Candidate
Member Candidate
Topic Author
Posts: 201
Joined: Thu Dec 09, 2004 12:58 pm
Location: Castellón
Contact:

Mon Nov 20, 2006 11:32 am

You best and easiest to manage solution here is your own radius server, and proxy the various realms to the client's radius server.

This also means you have SOME form of control over what they can/cannot configure via the means of Attributes on your network (which can be very serious stuff)...
I do roaming with my romaing partners successfully in my freeradius server.
However, what I want to do is to do roaming in the MT because I do not wish this realm authentices against my RADIUS servers. I do not with this traffic.

Anyway, I achieved thanks to Uldis
Hello,

Enable in the hotpot profile 'split-user-domain'
Then create two radius client entries, each with differnet domain and then you can use your username together with domain name to send the request to specific radius server.

Regards,
Uldis
 
-headstrong-
Member
Member
Posts: 377
Joined: Thu Jun 05, 2008 8:04 pm
Location: South Africa

Re: Each realm has its own RADIUS server

Sat Dec 26, 2009 7:25 pm

Can this be done with pppoe clients aswell?
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: Each realm has its own RADIUS server

Sun Dec 27, 2009 3:20 am

Setup your radius server to proxy that radius to the other radius server. That is what proxying is for. Or create a metarouter.
 
-headstrong-
Member
Member
Posts: 377
Joined: Thu Jun 05, 2008 8:04 pm
Location: South Africa

Re: Each realm has its own RADIUS server

Sun Dec 27, 2009 10:19 am

Well i'm currently using Usermanager as my radius....don't think that it supports radius proxy.

How would metarouter help if I have multiple clients that connect to the same wireless AP, but belong to 2x providers?

Who is online

Users browsing this forum: A9691, Amazon [Bot], Bing [Bot], Kanzler, VinceKalloe and 84 guests