Community discussions

MikroTik App
  4. RouterOS
  5. Scripting

API Hotspot Login with multiple RADIUS

Post Reply
 
AndreuRamos
just joined
Topic Author
Posts: 3
Joined: Wed Feb 22, 2017 12:32 pm

API Hotspot Login with multiple RADIUS

Wed Feb 22, 2017 12:45 pm

Hi, I'm having troubles logging in users to the hotspot which has 3 RADIUS servers, two remotes and one local.

With my application, I create users in the local RADIUS and then try to authenticate (via `ip hotspot active login`) them in the hotspot. The command allways returns the Code 100 error (not found in RADIUS server). It seems that the login requests do not reach the correct RADIUS as the status do not reflect any request, accepted nor rejected.

I have also tried to use the domain approach (creating users with username@domain in the local RADIUS, activating the Split user domain in the hotspot configuration and defining the domain in the local RADIUS configuration) but didn't work anyway.

Can someone help me?

Thanks in advance.
Top
 
User avatar
scotthammersley
Member Candidate
Member Candidate
Posts: 230
Joined: Fri Feb 22, 2013 7:16 pm
Location: Jackson, MS
Contact:
Contact scotthammersley

Re: API Hotspot Login with multiple RADIUS

Wed Feb 22, 2017 5:39 pm

If you have more than one RADIUS server defined in the configuration, LAC's will always try to authenticate to the first in the list. Only if the RADIUS request timesout will it attempt the next server. So, you need to make sure that the server you are querying is the one you need to test against.

Do you have any more information as to the process you are trying and wanting?
Top
 
AndreuRamos
just joined
Topic Author
Posts: 3
Joined: Wed Feb 22, 2017 12:32 pm

Re: API Hotspot Login with multiple RADIUS

Wed Feb 22, 2017 7:30 pm

Thanks for your reply. I add some configuration details:

RouterOS version: 6.38.1

Hotspot Server Profile
Code: Select all
name="hsprof1" hotspot-address=10.5.50.1 dns-name="info.wifi" html-directory=hotspot html-directory-override="" rate-limit="" http-proxy=0.0.0.0:0 
     smtp-server=0.0.0.0 login-by=mac,http-chap,https,http-pap,mac-cookie mac-auth-mode=mac-as-username mac-auth-password="" ssl-certificate=none 
     split-user-domain=yes use-radius=yes radius-accounting=yes radius-interim-update=received nas-port-type=wireless-802.11 radius-default-domain="default" 
     radius-location-id="" radius-location-name="" radius-mac-format=XX:XX:XX:XX:XX:XX
Radius configured in the router
Code: Select all
 #   SERVICE                    CALLED-ID                  DOMAIN                  ADDRESS                   
 0   hotspot                                               default                 aaa.bbb.ccc.ddd            <- remote radius 1
 1   hotspot                                               default                 eee.fff.111.222             <- remote radius 2
 2   hotspot                                               mydomain             127.0.0.1                    <- local radius
The users I create in the local radius look like this:
Code: Select all
customer=admin actual-profile="unlimited 30d" username="USERCP58VUZ" password="58adb62045d1a" shared-users=1 wireless-psk="" wireless-enc-key="" 
       wireless-enc-algo=none last-seen=never
Finally, i use this code to login the user in the hotspot through an API command:
Code: Select all
$usr = "USERCP58VUZ@mydomain";
$pwd = "58adb62045d1a";
$arp_ip = // the ip i found this user's mac addres have assigned in the ARP
$login_rq = new RouterOSRequest('/ip/hotspot/active/login');
        $login_rq->setArgument('ip',$arp_ip);
        $login_rq->setArgument('user',$usr);
        $login_rq->setArgument('password',$pwd);

        $res = $mikrotik->sendSync($login_rq);
The response to the previous api call is an error code 100, and the number of requests (accepted, rejecter or timedout) in the local radius do not change.

In another router with a similar configuration introducing USERCP58VUZ@mydomain as username and 58adb62045d1a as password results in a successful login, i.e. in the correct radius server, so maybe the api call is not correctly formatted, maybe the domain must be in another argument but I have found no docummentation supporting this theory.

Thanks for the help!
Top
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2400
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: API Hotspot Login with multiple RADIUS

Wed Feb 22, 2017 10:25 pm

I've never even attempted to use the "login" command with a RADIUS server in the mix, but I see that there is a separate argument called "domain". Maybe try to specify the domain there?

So either
Code: Select all
$usr = "USERCP58VUZ";
$domain = "mydomain";
$pwd = "58adb62045d1a";
$arp_ip = // the ip i found this user's mac addres have assigned in the ARP
$login_rq = new RouterOSRequest('/ip/hotspot/active/login');
        $login_rq->setArgument('ip',$arp_ip);
        $login_rq->setArgument('user',$usr);
        $login_rq->setArgument('domain',$domain);
        $login_rq->setArgument('password',$pwd); 
or perhaps
Code: Select all
$usr = "USERCP58VUZ@mydomain";
$domain = "mydomain";
$pwd = "58adb62045d1a";
$arp_ip = // the ip i found this user's mac addres have assigned in the ARP
$login_rq = new RouterOSRequest('/ip/hotspot/active/login');
        $login_rq->setArgument('ip',$arp_ip);
        $login_rq->setArgument('user',$usr);
        $login_rq->setArgument('domain',$domain);
        $login_rq->setArgument('password',$pwd); 
Top
 
AndreuRamos
just joined
Topic Author
Posts: 3
Joined: Wed Feb 22, 2017 12:32 pm

Re: API Hotspot Login with multiple RADIUS

Wed Feb 22, 2017 10:27 pm

Thanks that seemed to work, now authenticates to the right radius server. Thanks.
Top
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2400
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: API Hotspot Login with multiple RADIUS

Wed Feb 22, 2017 10:39 pm

For future reference's sake... Which one of the two?
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 28 guests
  4. RouterOS
  5. Scripting