we have a few hotspots running on MT. And now we want to centralize user authorization with freeradius server.
Everything is working fine (in testing enviroment), but I was not able to find out how to set freeradius and hotspot to change rx/tx limits separatly for every user.
On radius server there is a file /usr/share/freeradius/dictionary.mikrotik (which is loaded - I test it) and in this file there is attribute Mikrotik-Rate-Limit (described here: http://wiki.mikrotik.com/wiki/Manual:RADIUS_Client).
I hoped that this attribute can be used to set rate limits for single user. But setting up this attribute do not do anything special on hotspot (user logs in, internet is accessible, Max-All-Session works fine, but speed is limited only by hotspot global limit - not limit of this user).
Here is output from table radcheck:
6 adam Password == xxx
2 adam NAS-Identifier == mikrotik
5 adam Max-All-Session := 7200
8 adam Mikrotik-Rate-Limit := 64k/64k
RouterOS is 5.14
Is this setting correct? Do I have to do any other settings on hotspot side?
I use freeradius and MT hotspot. I have per user rate limits using Mikrotik-Rate-Limit.
Turn radius logging on and verify that the rate limit makes it to your ROS device.
You should see the authentication request and reply in the log. The radius attributes sent from the server will all be shown in the log.
Are you using the default user profile? If not, then you have to specify the Mikrotik-Group attribute in your radius response. That tells the hotspot which user profile to apply.
I did log debug info as you sugested and there was no Mikrotik-Rate-Limit appeared. So I read some tutorials for freeradius again (http://wiki.freeradius.org/SQL-HOWTO) and here is solution:
table radcheck:
6 adam Cleartext-Password := xxx
2 adam NAS-Identifier == mikrotik
5 adam Max-All-Session := 21600
table radreply:
2 pokus Mikrotik-Group := test
3 adam Mikrotik-Rate-Limit := 64k/64k
I em not sure about its 100% correctness. I em still confused when to use operator == and when :=
But this works as I wanted.
If someone has any additional suggestion, I will be happy to receive one.
If this works then you should see a queue appear under Simple Queues with the right limiting on it.
If you just need group based speed limiting then create a user profile and then assign the Mikrotik-Group reply attribute to the users, then they will be limited by whatever is setup in that user profile.
I have a Daloradius system that intends to control a couple of hotspots, I would like the users to pya for a certain time, then get disconnected and have to pay another time to connect. Can anybody give me a clue? I know that I have to use max all session and I have followed a couple of posts, but it does not work, the user is simply not disconnected.
I am assuming that you are using Mikrotik for the hotspots ?
You can only set a maximum session time with usermanager, radius does not have an attribute that will support that feature, you have to run scripts and reset the remaining time yourself.
