RADIUS authentication not working

RouterOS General
1

I’m trying to set up my RB1100 for login using Freeradius. I followed the steps outlined on Wiki but it’s not working. Here’s some of the configs. Hopefully someone can help me figure out where I went wrong. RB1100 and RADIUS server on same LAN segment. Thanks!

from clients.conf

#
# added clients
client 192.168.1.1 {
        secret = xxxx
}

from users.conf

#
ex Cleartext-Password := "1234"
#
#
ex2 Cleartext-Password := "5678"
	Group = "full"

from dictionary

#
#	This is the master dictionary file, which references the
#	pre-defined dictionary files included with the server.
#
#	Any new/changed attributes MUST be placed in this file, as
#	the pre-defined dictionaries SHOULD NOT be edited.
#
#	$Id$
#

#
#  The DHCP dictionary is used only when the server is built with
#  "configure --with-dhcp".  It is not (and should not) be used in
#  other situations.  If you are running just a RADIUS server, this
#  line can be deleted.  If you are using DHCP, the following line
#  should be uncommented.
#
#  Ideally, the "configure" process should automatically enable this
#  dictionary, but we don't yet do that.
#
#$INCLUDE	/usr/dictionary.dhcp

#
#	The filename given here should be an absolute path. 
#
$INCLUDE	/usr/share/freeradius/dictionary

#
#	Place additional attributes or $INCLUDEs here.  They will
#	over-ride the definitions in the pre-defined dictionaries.
VENDOR               Mikrotik           14988

ATTRIBUTE            Recv-Limit                   1     interger          Mikrotik
ATTRIBUTE            Xmit-Limit                   2     interger          Mikrotik
ATTRIBUTE            Group                        3     string            Mikrotik
ATTRIBUTE            Wireless-Forward             4     interger          Mikrotik
ATTRIBUTE            Wireless-Skip_Dot1x          5     interger          Mikrotik
ATTRIBUTE            Wireless-Enc-Algo            6     interger          Mikrotik
ATTRIBUTE            Wireless-Enc-Key             7     string            Mikrotik
ATTRIBUTE            Rate-Limit                   8     string            Mikrotik


#
#	See the 'man' page for 'dictionary' for information on
#	the format of the dictionary files.

#
#	If you want to add entries to the dictionary file,
#	which are NOT going to be placed in a RADIUS packet,
#	add them here.  The numbers you pick should be between
#	3000 and 4000.
#

#ATTRIBUTE	My-Local-String		3000	string
#ATTRIBUTE	My-Local-IPAddr		3001	ipaddr
#ATTRIBUTE	My-Local-Integer	3002	integer

RB110

[admin@RouterOS] /user aaa> print
      use-radius: yes
      accounting: yes
  interim-update: 0s
   default-group: read
  exclude-groups:




[admin@RouterOS] > radius print
Flags: X - disabled 
 #   SERVICE                             CALLED-ID                             DOMAIN                             ADDRESS                                                             SECRET                            
 0   login                                                                                                                             192.168.1.101                                                         xxxx

Let me know if more detail is needed and if so what you’d like to see. Thanks again!

2

I got it working with just one UN/PW but when I add a second it doesn’t work. I’m sure it’s how I’m adding the second one. Can someone send me an example of adding more than one login? Thanks.

3

more updates.

in the freeradius users.conf file if I indicate user is in group = “full” I still go in as default profile which is read only.

if I update the dictionary to include the mikrotik attributes I can’t get in at all.

I got it working by deleting the attributes int eh dictionary.conf. Not the end of the world for now I can make the default full as typically admins are the only ones that log in to the routers however it would be nice to get it working fully.

4

can add multiple users now. Last thing is the ability to assign group other than default.