LDAP integration

user8 · February 10, 2005, 3:19am

Has any thought been placed into LDAP integration with the Mikrotiks? I think it would be really slick to have NetReg type capabilities, or even better, the ability to store information like IP, MAC Address, and Purchased speed/shaped speed that would be pulled when a broadband user came online for dynamic provisioning and dynamic setup of the bandwidth shaping rules.

Anything like this on the burner? If not, could something like this be built into the system?

TYIA,

Brandon

cmit · February 10, 2005, 11:04am

You can already do this if you use RADIUS on the MikroTik and configure your RADIUS server to authenticate against an LDAP machine. Haven’t acutally used a setup like this, so can’t comment about the details…

You could for example look at FreeRadius (http://www.freeradius.org), which has an LDAP module as part of the distribution. Search the FreeRadius mailing list archives for “ldap” will yield a ton of posts - I suppose this could get you going.

kaushalsp · February 11, 2005, 10:05am

Hi there,

If u can pls tell us how to step-by-step intergate mikrotik with freeradius , it willl be a gr8 help to mikrotik community…

Regards
kaushal patel

cmit · February 11, 2005, 11:25am

Please take a look at the docs - it’s described there. If there are problems after reading this, I’l gladly try to help out…

RouterOS manual on setup as RADIUS client:
http://www.mikrotik.com/docs/ros/2.8/guide/aaa.content#13.4.14

Application example (this is for authenticating local users, but does also show Config excerpts from FreeRadius config files and the whole process to follow):
http://www.mikrotik.com/docs/ros/2.8/appex/user_rad.content

ojeysky · September 11, 2014, 9:29am

Hi,

I have been able to integrate ldap with freeradius what i need is how to set bandwidth limit on freradius that is using ldap as backend. Anyone got an idea?

Thanks

ruebenmaster · January 28, 2016, 12:57pm

Hallo ojeysky,
i’m searching for help binding a ldap server to freeradius. The MikroTik Router (CAPsMAN) is be connected at a freeradius server. Do you have any HowTo’s to bind the freeradius to a ldap server?

greetings
the ruebenmaster

ojeysky · January 28, 2016, 1:04pm

I did put some things together some time ago. You can find the guide at the following gdocs url:

https://docs.google.com/document/d/1IuWyeZhnmkY3zFOHUB9nw6gO3oQCQucvDewuju-m1bA/edit

Note: I was only able to get the authentication part done. However, i could not get through with rate limiting which was a very crticial feature for me.

Regards

ZeroByte · January 28, 2016, 3:26pm

The biggest challenge to LDAP integration is writing your translations from LDAP-speak into RADIUS attributes.
The best thing to do would be to configure your user groups in RADIUS as you see fit, and then use LDAP for password authentication and group membership. Basically, the RADIUS server retreives the user’s information and if they are the member of a certain group, then apply certain settings to the session.

Windows has a built-in RADIUS function for 802.1x deployment - it’s called NPS. Do some homework on NPS and you might just be able to do all of this right in the Windows environment without having to learn a 3rd party RADIUS application. FreeRADIUS is a popular choice, but in my experience, the documentation and support on it are terrible. It runs great, but you’d better be ready to tinker a lot and read a lot of “RTFM, loser!” posts on the forums.

serafin · January 28, 2016, 10:47pm

ZeroByte, you are very much correct - I have set up freeradius with mikrotik for ppp auth and it works pretty smooth, but for anything more sophisticated than just credentials I would recommend setting MySQL as radius backend rather than LDAP.

Ser@fin