Getting closer. When adding the user in user-manager under Attributes set Mikrotik-Group to full to give the radius user full permissions to the router.
Next problem is I am unable to disable the admin user because it says ‘the user is last one with full access permissions’.
If anyone has any other ideas let me know.
Thank you for clearing things up. Adding the 6 digit code to the end of the password does the trick.
Now if I can figure out how to give the user-manager user full permissions to the router I will have a viable solution to secure mikrotik device logins.
Hi,
Pick your top secret otc-code, for example “WowOtpSecret” (without quotes),
Convert the otc-code to base32 format, in our case it will be “K5XXOT3UOBJWKY3SMV2A====” (without quotes),
Set the otc-code for the target user in User-Manager
set [find name=user1] otp-secret="K5XXOT3UOBJWKY3SMV2A===="
Start Google Authenticator on your phone and add a new “Time Dependent Code”. When entering the code note that you have to enter the base32 value from above: “K5XXOT3UOBJWKY3SMV2A====” (without quotes).
You are now ready to login, however, the user1 password is now the combination of the original password and the six-digit number from the Google Authenticator. Therefore, the new password is +.
Note: the six-digit code is valid for only 30 seconds and the clocks on your mobile phone and mikroTik have to be in sync for having the correct process.