how to make local user work only if RADIUS fails?

agshekeloh · March 9, 2012, 4:42pm

Hi,

I have several RouterOS 5.10-5.12 devices authenticating via RADIUS. All works as per the documentation. This lets me log who has configured the devices. I wish to keep the local user account for disaster purposes – if I lose both RADIUS servers but still have working routers, I want to be able to log in as admin. I don’t want the local accounts to work if the RADIUS servers are answering, however.

Is there some way to configure “disable local accounts until RADIUS is broken”?

Thanks for any guidance!
==ml

Ibersystems · March 9, 2012, 5:07pm

Hello,

yes, use tool/netwatch

fill the radius IP.

You have to know that you need almost 1 user in the hotspot for keep it working.. then, it will be better to have (example)

user “admin” with password “safg323lasldkop2kmdn4lwkelkn2” enabled and in netwatch, configure the instructions to modify the password for your real password.

Also, you can do it better modifying scripts like this one: http://wiki.mikrotik.com/wiki/Improved_Netwatch (your instruction will be change password instead of route..)

agshekeloh · March 9, 2012, 5:18pm

Thank you!