New User Manager in RouterOS v7

selamet · December 13, 2021, 4:23am

Hallo
feature request Generate voucher from all the add batch voucher that was just added
sorry for my english
Thanks

rumahnetmks · December 26, 2021, 1:11pm

My client using hAP-AC3 connected via pppoe to RB4011 (pppoe server), all with v7.1 stable, using RADIUS.
Before upgrading to v7, at ROSv6 usermanager, Limitation Transfer Limit works. I can set an user to disconnect after reaching Transfer Limitation value and works fine.
I upgrade my RB4011 and at v7 UserManager I set Limitations ‘Transfer Limit’, but the client/user do not disconnect with that limitation. All section I think I set it right, since it seems familiar form to fill like ROSv6 Usermanager. The only new one I see is ‘UserProfiles’ that I’ve been fill with right profile and status ‘running active’.
Then I read about Attributes things and try set it via UserManagers>Users and fill in “Attributes Mikrotik-Total-Limit” with how many Bytes. Now this methode can limit my pppoe or hotspot user to exactly value of Transfer-Limit Limitations.
Is this how usermanager for routeros v7 works now or maybe I miss some setting? For temporary that attributes help but to apply for like hotspot user really something.

Note : I found workaround just to simplify it, by make attributes Transfer-Limit entry at ‘UserGroups’ then later apply at ‘Users’, rather than fill in at each users attributes form.
So for now I re-write all limitation and fill the info into UserManager ‘UserGroups’ setting.

tommycwiratama · December 28, 2021, 8:02am

feature request :

administration web portal http://mikrotk-ip-addr/userman
create batch user : user = password
create batch user only digit (no alphabetic)

thanks

xenuc · January 2, 2022, 11:45am

Hello guys. Can someone please direct me to documentation for migrating my user database to the new manager?

PackElend · January 3, 2022, 1:53pm

ANOTHER FEATURE REQUEST
can User Manager be used to create DPSK/DPSK based VLAN assignments, so that users can manage their own BYOD devices which are not EAP capable?
So an access list could look like as shown below but PPSKs are managed by the respective user itself.

/caps-man access-list
add action=accept private-passphrase= PPSK_User1 vlan-id=VLAN_User1 vlan-mode=use-tag comment=User1
add action=accept private-passphrase= PPSK_User1 vlan-id=VLAN_User1 vlan-mode=use-tag comment=User1
add action=accept private-passphrase= PPSK_User2a vlan-id=VLAN_User2a vlan-mode=use-tag comment=User2_trusted_devices
add action=accept private-passphrase= PPSK_User2b vlan-id=VLAN_User2b vlan-mode=use-tag comment=User2_untrusted_devices

multiduplikator · January 4, 2022, 11:39pm

Hey folks,

just wanted to let you know that I have written up a light howto on setting up EAP-TLS and EAP-PEAP wireless auth via CAPsMAN using RouterOS 6 and RouterOS 7 with UM 5.
https://github.com/multiduplikator/mikrotik_EAP

It is far from perfect, I know, but maybe it will come in handy for someone.

Happy to improve this, if you have comments…

Cheers,
multiduplikator

bpwl · January 6, 2022, 4:19pm

Thank you @multiduplikator !

millenium7 · February 10, 2022, 1:35am

I have a request: please add optional circuit ID and remote ID fields for user accounts, without needing to specify MAC address or any other options
We really need DHCP option 82 functionality to authenticate guests by port/location, not by voucher code which is pointless in our case

Use cases are to activate by entire room/sector, not per device. I.e. guest checks into room 85. Guest doesn’t have to do anything except go into room and join the wifi, ‘all’ devices that are connecting to the wireless access point in that room should immediately be granted internet access and share the assigned user profile (that includes smart TV’s, chromecast, etc etc, these devices can’t utilize voucher codes anyway)

jolly · February 10, 2022, 6:43pm

https://help.mikrotik.com/docs/display/ROS/User+Manager#UserManager-Database

malobert · February 14, 2022, 12:36pm

As a new Mikrotik user with a RB5009 you have no idea how happy I was with your howto
Now migrated from a little freeradius server to user-manager on my RB5009, with EAP-TLS and EAP-PEAP.
Sadly I am still using my “old” Unifi AP’s
Keep up the good work! Thank you @multiduplikator

pe1chl · February 14, 2022, 2:23pm

Old Unifi APs are much better than current MikroTik offerings!
With new Unifi APs I am not sure, I have not studied them in detail but I think they can only operate from a cloud service these days.
(we host our Unifi controller on a local VM)

malobert · February 15, 2022, 7:10am

I also have a Unifi controller on-prem, quite happy with the AP’s, but also bought an Aruba Instant because I was running into some issues when everybody was working at home in Corona lockdown time.
In the near future I will buy an Mikrotik AP, in my work as a EMM IT Designer I work with a lot of different mobile devices, and I want to try out different Wi-Fi security levels across multiple brands.

pe1chl · February 15, 2022, 9:07am

The point is that all the competing manufacturers are YEARS ahead of MikroTik w.r.t. enterprise WiFi. Wave2, 802.11k/r/v, etc.

syadnom · February 15, 2022, 3:45pm

it’s really hard to be ‘years’ behind in WiFi considering standards. If you use a hAP ac3 or audience with the wave2 drivers it’s great, just as good as any comparably spec’d WiFi5 radio. I think routeros 6’s very old kernel was a major hurdle to that and then the 16MB of flash on a lot of wave2 capable hardware keeps us from good wifi performance on today’s cAPs and hAP ac2. routeros7’s modern kernel sweeps away the ‘old’ WiFi limitations with modern drivers and kernel.

Crossing fingers that the next newsletter has some new 60Ghz and WiFi6 gear…

malobert · February 16, 2022, 5:06pm

In this thread but also in other parts of the forum people are asking for disabling old ciphers and/or deprecated or legacy TLS versions, but I can not find a answer.
I am using user-manager as a replacement for my freeradius server, in Freeradius I can enforce a minimal version with "tls_min_version = “1.2”
When using user-manager I can use TLSv1.0 and 1.1
Is there a way in user-manager to enforce minimal TLSv1.2 version when using EAP-TLS or PEAP-MSCHAPv2 ?

mtz · March 14, 2022, 7:01pm

Has anyone managed to put a time limit on vouchers?

rumahnetmks · March 19, 2022, 2:34pm

Time limit?
“Validity” at User-Manager>Profiles works for me.
But “Session Limit” at User-Manager>Limitation not works.

CMIIW

UPDATE : Session Limit for UserManager>Limititation works since 7.6 (kinda forget exactly at what version). Sorry forget to update this.

cbrown · March 24, 2022, 11:41am

Is there plans for the new UM to have sign up?

benlg · March 31, 2022, 9:38pm

Someone knows in which format are the .umb database backups / exports ?
Are they encrypted ? With which key ?

As they contain sensitive information, would be good to know, before exporting them out of the MikroTik device…
@emils ?

Many thanks !

Benington · April 6, 2022, 1:49pm

Hi, I’ve just upgraded my router from 6.49.5 to 7.2 and added user-manager. On the previous version I realise I can no longer setup the os7 version using http, as the router now has the additional option for User Manager in Winbox. I’ve gone through the configuration by comparing the old setup to whats shown inside the new User Manager TAB and have been able to transition the following - Router, Profiles, Limitations, and Profile Limitations. However, I’m unable to see where I can setup the old tabs for - Customer (where I can specify Public ID, Public host, Signup allowed, and Format for GBP); Also for Settings (where I can specify Payment Gateway, Business ID email, secure response, and return URL); Also where I can enter the Signup Body that was under settings on the previous version. Please could you advise where these changes can be applied?

Thanks in advance