Hello.

I'm trying to use my Radius Server to authenticate in a wireless network over a Mikrotik Router. But, when I try to connect with the correct credentials, I have the following logs:

16:21:20 wireless,debug Corp: YY-YY-YY-YY-YY-YY attempts to associate
16:21:20 wireless,debug Corp: YY-YY-YY-YY-YY-YY not in local ACL, by default accept
16:21:20 wireless,info YY-YY-YY-YY-YY-YY@Corp: connected
16:21:21 radius,debug new request 58:aa code=Access-Request service=wireless called-id=XX-XX-XX-XX-XX-XX:rx-01
16:21:21 radius,debug no radius server found for 58:aa
16:21:21 radius,debug timeout for 58:aa
16:21:21 radius,debug new request 58:ab code=Access-Request service=wireless called-id=XX-XX-XX-XX-XX-XX:rx-01
16:21:21 radius,debug no radius server found for 58:ab
16:21:21 radius,debug timeout for 58:ab
16:21:21 radius,debug new request 58:ac code=Access-Request service=wireless called-id=XX-XX-XX-XX-XX-XX:rx-01
16:21:21 radius,debug no radius server found for 58:ac
16:21:21 radius,debug timeout for 58:ac
16:21:21 wireless,info YY-YY-YY-YY-YY-YY@Corp: disconnected, 802.1x authentication timeout


Here are my settings:

[admin@MikroTik] /radius> print detail
Flags: X - disabled
0 service=hotspot,wireless called-id="" domain="domain.xyz" address=X.X.X.X secret="secret" authentication-port=1812 accounting-port=1813 timeout=2s accounting-backup=no realm=""


[admin@MikroTik] /interface wireless> print from 3
Flags: X - disabled, R - running
0 name="Corp" mtu=1500 mac-address=XX-XX-XX-XX-XX-XX arp=enabled interface-type=virtual-AP master-interface=wlan1 ssid="wifissid" wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no bridge-mode=enabled
default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=radius


[admin@MikroTik] /interface wireless security-profiles> print from 5
Flags: * - default
0 name="radius" mode=dynamic-keys authentication-types=wpa2-eap unicast-ciphers=tkip,aes-ccm group-ciphers=tkip,aes-ccm wpa-pre-shared-key="" wpa2-pre-shared-key="" supplicant-identity="" eap-methods=passthrough
tls-mode=no-certificates tls-certificate=none mschapv2-username="" mschapv2-password="" static-algo-0=none static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none static-key-2="" static-algo-3=none static-key-3=""
static-transmit-key=key-0 static-sta-private-algo=none static-sta-private-key="" radius-mac-authentication=no radius-mac-accounting=no radius-eap-accounting=no interim-update=0s radius-mac-format=XX:XX:XX:XX:XX:XX
radius-mac-mode=as-username radius-mac-caching=disabled group-key-update=5m management-protection=allowed management-protection-key=""

PS: The Radius Client configured in this router works with the HotSpots in the same. So, my Radius Client and server are working correctly.

I'm not understanding what's going on.

Someone can help me, please?

Thanks in advance.

Problem Solved.

I just had to set domain="" into Radius Client configuration, ie leave it blank.

[admin@MikroTik] > /radius print detail
Flags: X - disabled
0 service="" called-id="" domain="" address=X.X.X.X secret="secret" authentication-port=1812 accounting-port=1813 timeout=2s accounting-backup=no realm=""

The HotSpots work because they use a "radius-default-domain" attribute where I set my domain. I thought that I should to set domain in Radius Client to HotSpots work, but NOT.

I hope this can help others.

you need to get on-board the Dynamic VLAN Assignment bandwagon.. Vote here for it : http://forum.mikrotik.com/viewtopic.php?f=1&t=86461

you need to get on-board the Dynamic VLAN Assignment bandwagon.. Vote here for it : http://forum.mikrotik.com/viewtopic.php?f=1&t=86461

Thread jacking.