Get MAC address of an IP Bindings user

RouterOS Wireless Networking
1

Hi folks!

Our system use multiple capsmans to authenticate users on different locations.
The login server running on debian with apache2, logged in user’s MACs are stored in every capsman’s IP Bindings by API.
So the users are getting inside bypassed, that means they have no access to the hotspot login page to gather their data (for example MAC address, hotspot name) and give them rights to use special services.
(This is not the last security line in the system.)

The question:
Is there any way to gather this data from clientside or perhaps serverside ?

2

Update:

I can not connect to the router by API until I get informations about the name or wan IP of the active router.
At last how can I recognize which router has the client from browser or other way ?

3

Do you mean userman instead of CAPSMAN?

If you do indeed mean userman, you would be able to define the client LAC identifier responding to the authentication requests (that forwards it to your AAA Server). This would allow you to know which client was authenticating to which system.

If not, you are possibly looking at some type of script to run on the router that gathers the attached clients.

Really need a better understanding of what you mean and are looking for though.

4

Hi Scott!

Thanks for your time and effort.

For your information:

  • We not using radius, AD nor userman. The debian serves the login process. Users and devices are stored in debian’s database, IP bindings are refreshing daily in capsman controllers by API.
  • Registerd users have multiple devices.
  • Every user can use every controller.
  • Every capsman controller has its own local network: 192.168.50.0/16

Long story short:
Registered users devices are in IP bindings, they are bypassing the hotspot and their local web on 192.168.50.1 is not reachable for them to ask their details. From server side we dont know which controller to ask.
The only port open from devices subnet direction is the API port on the controller.
The debian has no information about the devices to recognize them for logging and other purposes:

  • which hotspot to connect for their data,
  • real IP,
  • mac address.

Local websrevers for storing local controllers data (for example on 192.168.50.2 on every controller):

  • Not possible to create a webserver on mikrotik. Metarouter is not an alternative.
    -Not possible to place external local webserver to every controller.

Connect from client side to controller by API:

  • There is no client side (js) API for router os to connect from device’s browser, so need a way to get them somehow from serverside (php).

What kind of scripts can we use here ?
Can you provide an example?

5

If everyone has the same problem I got the solution:
First get the real IP of the user’s device based on $_SERVER variables:

use PEAR2\Net\RouterOS; 

function get_real_ip(){
	$client = new RouterOS\Client($_SERVER['REMOTE_ADDR'], 'username', 'password');
	$request = new RouterOS\Request('/ip/firewall/connection/print');

	$query = RouterOS\Query::where('reply-dst-address', $_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT']);
	$request->setArgument('.proplist', 'src-address');

	$request->setQuery($query);
	$responses = $client->sendSync($request);

	foreach ($responses as $response) {
	    foreach ($response as $name => $value) {	       
	    	$parts = explode(":", $value);
	        $real_ip = $parts[0];
	    }
	  
	}
	
	   if ($real_ip) {
	 	return $real_ip;
	 } else {
	 	return false;
	 }

}

And then get its mac address:

function get_mac($real_ip){

		$client = new RouterOS\Client($_SERVER['REMOTE_ADDR'], 'username', 'password');
		$request = new RouterOS\Request('/ip/arp/print');

		
		$query = RouterOS\Query::where('address', $real_ip);
		$request->setArgument('.proplist', 'mac-address');

		$request->setQuery($query);
		$responses = $client->sendSync($request);

		foreach ($responses as $response) {
		    foreach ($response as $name => $value) {
		        //echo "{$value}\n";
		        $mac = $value;
		    }
		   
		}
		
		if ($mac) {
		 	return $mac;
		 } else {
		 	return false;
		 }
		
	}

You can get it in one step:

$mac = get_mac(get_real_ip());

If you need the router name:

function get_router_name(){
	$util = new RouterOS\Util(
	    $client = new RouterOS\Client($_SERVER['REMOTE_ADDR'], 'username', 'password')
	);
	$util->setMenu('/system identity');
	
	$router_name = $util->get(null, 'name');
	return $router_name;

}

I hope this helps someone.
Dont forget to change username and password in connection parameters :smiley:

6

How get wifi router mac address using mikrotik rest api ?