Hi there, Im trying to configure a freeradius server on CentOS 5.3 and Im having some problems with the integration with Mikrotik and Auth methods on Freeradius. Im using RouterOS 3.26 license lvl6 and Im trying to use HotSpot and do the authentication on the external RADIUS server. I have two big problems at the moment. The first one is that the CHAP auth method returns always reject in the debug of the Radius because it claims the password must be in ClearText Type and I think its been stored encrypted in the SQL database(dont know why)!!! When I place a test user on the users file on freeradius the Auth goes sucessfully but the return to mikrotik dont go along. What I mean is that the HotSpot login page keeps saying this error: “RADIUS server is not responding”! Even if it authenticate right. I think the packets that freeradius send back to mikrotik telling the system that the authentication is accepted dont enter my RouterOS, maybe because of some firewall rule, or for some reason I dont know. So, What can be the problem about the MySQL + Freeradius integration to auth right and why my routeros dont receive the auth ok message from freeradius as it should? Any help will be welcome since I want My hotspot running as soon as possible. I also have a PPPoE running fully functional in the same system but I use UseManager to authenticate the users and its working fine!!! Thx in advance folks…
Did you enter the correct info in the RADIUS clients.conf file? There must be a setup for each client ip. Insure you are editing the correct clients.conf file. On all my setups, the radius setup files are NOT in “/etc/radiusd/”, just the radius.conf file. All the files are there, but they will not change the radius setup if you edit those (except radiusd.conf). The others (like clients.conf) in my setups are in “/usr/local/etc/raddb/”.
ADD: Also, if you can’t get the MySQL database to work, in the freeradius users file there is a line like this:
DEFAULT Auth-Type=System
Fall-Through=1
It needs to be changed to:
DEFAULT Auth-Type=Local
Fall-Through=1
or the SQL database will not work.
Also, in the radiusd.conf file, insure in the ‘authorize’ section that ‘sql’ is not remarked out. It should be
sql
not
#sql
And my user/password info in the MySQL database is not encrypted. They show as clear text in the radius database. What software are you using to enter your users?
Hi there, thx for your reply! Im using DialUP Admin to input user data on database, SQL isnt commented on radiusd.conf and the authenticate methods are set also. In the usr/local/etc isnt a raddb dir. Im using the CentOS 5.3 distro of Linux. The raddb dir is on /etc in my install setup! If you need more info just ask and I will gladly post here. Thx for your help 
Hi again, I got the password problem working now, just had to modify the encription method from crypt to clear on admin.conf in dialup_admin configuration files, but the problem now is that even accepting the authentication right in freeradius, the HotSpot login page on my client shows “RADIUS server is not responding”. So I think my freeradius isnt sending back or is blocked when it signal back the mikrotik with the sucessfull authentication request. Any clues? Do I need to free some ports ahead of the default 1812 port? The mikrotik is sending the request to the radius server because I can see it in the debug.
Did you enter the client info in your clients.conf file? The 127.0.0.1 entry is there by default. That is why it responds to local requests. Change the xxx.xxx.xxx.xxx to the ip of your MT router that will not authenticate, and the radius secret too, of course.
client 127.0.0.1 {
secret = radiussecret
shortname = local
nastype = other
}
client xxx.xxx.xxx.xxx {
secret = radiussecret2
shortname = router1
nastype = other
}
RADIUS servers will ignore authentication requests without that entry in clients.conf.
BTW, we are really pushing this topic on this forum. This is actually not a MikroTik issue, but since you are using it with MikroTik equipment, I will use that as a valid reason to respond.
Wow, this is my 1000th post on this forum. Seems like I joined just yesterday! 
Hi again. I just found out the problem why My HotSpot returned the message “RADIUS server is not responding”. Its because the address I placed on the RouterOS Radius config was an internal one in the second eth of the CentOS server of RADIUS, Dont know why it didnt worked because its linked directly on my MK by this eth with the IP 192.168.1.2(RADIUS) and 192.168.1.1(RouterOS). When I placed the real IP on the RADIUS server who goes in other eth, it worked fine. Now Im working on accounting and wanna ask some questions about it while I research by myself this subject. How can I define bandwidth limit to users inside MySQL database when they sign-in? I mean, limit the tx and rx rate of them dinamically when they log on… Like I do with my PPPoE and UserManager!!! I also dont see any accounting information being saved to the database, this is odd because I have setted the Accounting option and interim update to 30 seconds. Any help will be aprecciated, THX!!!
Now we are back in MikroTik territory!
I use the “/ip hotspot user profile” to assign bandwidth and shared-users to different groups. For this I will use “default” and “managers” group. Managers have 2 shared users and twice the bandwidth.
In my radius server, I enter in the radreply table under that UserName the attribute=Mikrotik-Group and the value=managers for those users I want to use the managers bandwidth/shared-users/etc.
You can do the same in radgroupreply if you want to save time. Then assign each user to the correct group in your radius server, and enter the same stuff (attribute and value) in radgroupreply under the desired GroupName(s).
If you want to continue this discussion, you should start another post, since this is a separate subject. I will watch for it.
ADD: Just to be clear…
/ip hotspot user profile name = Mikrotik-Group
Did You tried tried this tutorial?