We’re trying to centralize access control of our Mikrotik routers at work (it’s becoming a logistical challenge to create user accounts by hand as the number of routers grow and employees come and go).
It seems that Mikrotik has both a RADIUS client and server implementations, but from the documentation it’s only meant to perform AAA for end users (who use hotspot, VPN, etc.) and not for administrative access via SSH or Winbox?
I’d love to be wrong, but if I were right, what is the ideal way to solve this particular problem? We already have a Single-Sign On setup using FreeIPA (Kerberos+LDAP) for our Linux machines.
Thanks in advance!