First of all - what I want to have at the end:
Users, connecting to RB box must be authentificated by theirs MAC address via external RADIUS server. No login pages etc.
And after authentification for every connected user there must be rate limit, specified by RADIUS attributes.
What equipment I have:
RB 800 with ROS v5.2 as access point
NanoStation 2 as clients
Every client has static ip address configuration
What I’ve tried:
- Hotspot with MAC auth.
My RADIUS tied up to billing system that does not allow to use colons in username. And despite value of radius-mac-format. It keep send access-request packets whith user-name in format XX:XX:XX:XX:XX:XX and changing only Caller-Station Id.
- Wireless auth via radius
Authentification works great. But I can’t create rate limit. As said in wiki page, I use Ascend-Data-Rate attribute to specify rate limit. But it seems that it does not work. I tried to use Ascend-Data-Rate, Ascend-Xmit-Rate, Mikrotik-Rate-Limit attributes, but none of them worked.
(Litle remark. Previously I user RB box as pppoe server. And there rate limiting via RADIUS attributes worked pretty easy - automatically created queue. I am expecting same behavior here)
So the question is:
How to force hotspot to change user login format?
OR
How to use RADIUS attributes with wireless auth?
OR
May be there is another, more appopriate way to achieve same goal?
You are correct about the hotspot profile. Changing the radius-mac-format has no effect on the username. This is a bug, no? However, that is not correct for wireless. I checked with User Manager, since my RADIUS/MySQL interface is not set to accept blank passwords.
/interface wireless security-profiles
set 0 radius-mac-authentication=yes
set 0 radius-mac-format=XXXXXXXXXXXX
Set radius
/radius
add service=wireless address=x.x.x.x secret=radiussecret
This does use the mac address with no punctuation at all, just the 12 characters. Password is blank. I cannot connect unless my mac address is entered in the radius database.
This does not provide for any bandwidth throttling. You will probably need to do that in the router using queues. That is not my specialty tho. 
ADD: I did a bit of experimenting. I can use the mac address as the username and password in the wireless.
/interface wireless security-profiles
set 0 radius-mac-mode=as-username-and-password
Yes, as I wrote before, wireless mac auth works well.
Purpoise for all of this - to create working accounting system for our clients. Now we use PPPoE connection but if link is not well stable (city size wireless providing) it becomes real headache. So we looking for way not to use any tunneling protocols but plain TCP/IP.
Hotspot, I think, is a bit “overkill”. And with wireless auth I can’t find a way to limit clients data rate but manualy create queue for every connected station. I think it does not look like very bright idea. May be somebody used radius attributes with wireless auth?