Community discussions

MikroTik App
 
migmac
just joined
Topic Author
Posts: 5
Joined: Sat Nov 17, 2012 4:33 pm

Mikrotik and Freeradius

Fri Mar 15, 2013 4:49 pm

Hello,

I was able to connect the Mikrotik to a Freeradius server, it works fine with PPTP but it does not work with SSTP and L2TP. Is there anyway I can make it work with SSTP and L2TP?

thnak you
 
telepro
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Sun Apr 03, 2011 7:50 pm

Re: Mikrotik and Freeradius

Sat May 18, 2013 8:08 pm

i have been successful (as I believe you have) in implementing PPTP VPN authentication using a FreeRadius. However, I have not been able to successfully use the response from FreeRadius to authenticate a WinBox login. For Winbox I needed to implement a Mikrotik User Manager, which was certainly not my preference. Have you been successful in authenticating Winbox Logins using FreeRadius?

I have not had reason yet to attempt SSTP or L2TP authentication.

thanks
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1162
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: Mikrotik and Freeradius

Sat May 18, 2013 9:52 pm

We authenticate users for WinBox login and L2TP from FreeRadius with MySQL.

For Winbox, you have to send back a group name as an attribute.
 
telepro
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Sun Apr 03, 2011 7:50 pm

Re: Mikrotik and Freeradius

Sat May 18, 2013 10:34 pm

Thanks much for the info that it can be made to work. We'll give it a try. Since there are about 90+ standard attributes, do you remember in which attribute you sent the group name? The only standard Attribute with 'group' in its name that I find is "Tunnel-Private-Group-ID", which does not seem appropriate. Perhaps it is a vendor specific type value? If so, did you find the attribute type number defined some place?
thanks again, and have a great day
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1162
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: Mikrotik and Freeradius

Sat May 18, 2013 11:03 pm

Include this as a dictionary in FreeRadius.
http://wiki.mikrotik.com/wiki/Manual:RA ... dictionary

Send Mikrotik-Group back as an attribute with the name of the group you want the user to be in for winbox.
Also, winbox uses CHAP, but console, ssh, telnet, use PAP.
 
motaba
just joined
Posts: 5
Joined: Thu Apr 27, 2006 9:01 pm

Re: Mikrotik and Freeradius

Tue Sep 17, 2019 11:16 am

And what about L2TP Mikrotik server and FreeRadius
What attribute should be sent as replay to the mikrotik in order to work?

Who is online

Users browsing this forum: NxtGen [Bot] and 93 guests