Each realm has its own RADIUS server

RouterOS General
1

Hi,

I have lot of MT in Europe. I do roaming with others roaming partners since more than 2 years ago. Now, I have a Virtual Operator who will have its own SSID in my MTs. This Virtual Oper. has its own RADIUS.
I do not want to use my own RADIUS.

I identied this operator with its domain and I put this info in the login pages that I have created for them.

I know the first RADIUS server of the list, it is the first who authenticates a user. In a RADIUS apropertiers of a MT I know REALM and domain attributes exists.

I want to know if I put the domain or write in the username attr. as “domain\username”, how a certain radius servar can answer.

for example,

username= joe@VirtualDom ----> RADIUS_V with Domain=VirtualDom OR/AND Realm=VirtualDom

However,

username= joe ----> RADIUS_MY with Domain=‘’ OR/AND Realm=‘’

The manual shows:

RADIUS client

domain (text; default: “”) - Microsoft Windows domain of client passed to RADIUS servers that require domain validation

realm (text) - explicitly stated realm (user domain), so the users do not have to provide proper ISP domain name in user name

Thanks,

Santiago

2

Can't you do the roaming on your RADIUS server?
We use freeradius as a RADIUS server and this server can act
as a proxy for other realms.
When a user with a different realm
than yours authenticates at your hotspot, the RADIUS server
can recognize the realm and proxies the request to the listed
RADIUS server of that realm.

Isn't that possible in your setup?


seandsl

3

You best and easiest to manage solution here is your own radius server, and proxy the various realms to the client’s radius server.

This also means you have SOME form of control over what they can/cannot configure via the means of Attributes on your network (which can be very serious stuff)…

4

I do roaming with my romaing partners successfully in my freeradius server.
However, what I want to do is to do roaming in the MT because I do not wish this realm authentices against my RADIUS servers. I do not with this traffic.

Anyway, I achieved thanks to Uldis

Hello,

Enable in the hotpot profile ‘split-user-domain’
Then create two radius client entries, each with differnet domain and then you can use your username together with domain name to send the request to specific radius server.

Regards,
Uldis

5

Can this be done with pppoe clients aswell?

6

Setup your radius server to proxy that radius to the other radius server. That is what proxying is for. Or create a metarouter.

7

Well i’m currently using Usermanager as my radius…don’t think that it supports radius proxy.

How would metarouter help if I have multiple clients that connect to the same wireless AP, but belong to 2x providers?