Hi every one
in my company we are trying to use Mikrotik router hotspot and active directory and freeradius in order to allow access to internet.
the authentication is complete and active directory users can login via hotspot login page.
now our change is to restrict the each users bandwidth and internet volume monthly.
i wonder is it possible to do it with Mikrotik router and active directory and freeradius ? and if it’s possible how can we do it.
Provide network diagram, RouterOS version and RouterBOARD model.
for the network diagram
client <==(http)==> Mikrotik router (version : 7.5 running on esxi) <==(RADIUS using PaP)==> Ubuntu (free radius) <==(using samba and ntlm_auth)==> Active directory
assumed you set the freeradius to talk directly to your AD.
Generaly you need to read https://wiki.mikrotik.com/wiki/Manual:RADIUS_Client#Supported_RADIUS_Attributes , and find the way to map AD user attribute to Radius Attribute.
But for ‘internet volume monthly’, I think it’ll hard if you use AD only.
It’s about accounting side of radius protocol, and I could not fine how to use AD as FreeRadius Accounting.
If I were you
I will set freeRadius to use rlm_rest, build a web application that serve :
-bino-
In our school environment, we are also using AD as the authenticator for school wifi hotspot. However, we don’t need to use freeradius in the middle. Your windows server should come with NPS which is built-in its own radius server and you can integrate that directly to Mikrotik hotspot
hello, can share new link documents radios_client..?
I can't accses this url https://wiki.mikrotik.com/wiki/Manual:RADIUS_Client#Supported_RADIUS_Attributes
