Hello,
I have a RB951Ui-2HnD, and Hostspot & user-manager is configured on it.
When I am trying to connect to Router with IP address, I cannot login by user manager users (I see “RADIUS server is not responding.” message), But local users of Hotspot works.
Please help me.
Regards
Hamed
Please see the picture. Each time I am trying to connect, I see the message “RADIUS server is not responding.” and a number is added to the timeout field.
Did you define 127.0.0.1 as “router” in User Manager ?
Hi, Please see the pics:
Looks OK.
Router cannot talk to itself ? (try tools Ping, Telnet, SSH, …)
I would just try replacing 127.0.0.1 with 192.168.88.1, and also check firewall rules.
Other way to debug is add Radius and Manager to the system → logging.
replacing 127.0.0.1 with 192.168.88.1 did not work.
I have shared a log with you, please check.
Test your User manager RADIUS server
http://forum.mikrotik.com/t/new-user-manager-in-routeros-v7/135338/1
http://forum.mikrotik.com/t/new-user-manager-in-routeros-v7/135338/1
Don’t forget to add the test PC to the “Routers” table.
Unfortunately test result is:
Status: Timeout
OK. Problem area halved. It’s User Manager, or it is the firewall not allowing “input” access to UDP port 1812.
YES!
I added a line in the firewall about adding port 1812, and the problem was solved.
Thanks a lot.
Hello @Hamed5034. i am receiving Similar Issue. kindly share how to add port 1812 on the Firewall
I have same problem.
Just check your firewall for the rule that is blocking (drop) in the input chain.
For the default config it probably is the rule to drop input from every interface (or bridge) that is not in the LAN interface list.
So possibilities are
-) add explicit rule for UDP port 1812 that accepts input, and comes before that drop rule in the firewall
-) add interface or the bridge the interface is port of, to the “LAN” interface list
FW rules for input are limited by SRC IP address(-range), interface, interface list, UDP/TCP protocol, port number , or to any other filter you place in the rule.
The first rule that matches the filter is used.
In my case, at first i added LAN interface masquerade in Firewall/NAT without source network. For hotspot network , source network is add in NAT. Result is "Radius server is not responding.
I tried to add port 1812 in firewall but still not responding.
After adding source address in masquerade of LAN interface, radius server is working perfectly.
Radius Server is not responding for hospot configuration.
Please @bpwl How to sort out this issue definitly in routerOS 7 ?
Please help! Thanks. (WhatsApp : +226 05 28 42 65)
Hi All,
same problem… Radius Server not responding and I have a very simple config, RoS7.9, below my configuration, nothing to do for fix the issue.
Can anyone help ? Please MikroTik can you fix this issue ?
/interface bridge
add name=“CAPTIVE PORTAL BRIDGE”
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=“CAPTOVE PORTAL BRIDGE”
set [ find default-name=ether3 ] comment=“CAPTOVE PORTAL BRIDGE”
set [ find default-name=ether4 ] comment=“CAPTOVE PORTAL BRIDGE”
set [ find default-name=ether5 ] comment=MANAGEMENT
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce
comment=“CAPTOVE PORTAL BRIDGE” country=no_country_set disabled=no
frequency-mode=manual-txpower mode=ap-bridge ssid=“Free WiFi Here !”
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40mhz-Ce
comment=“CAPTOVE PORTAL BRIDGE” country=no_country_set disabled=no
frequency-mode=manual-txpower mode=ap-bridge ssid=“Free WiFi Here !”
/interface wireless nstreme
set wlan1 comment=“CAPTOVE PORTAL BRIDGE”
set wlan2 comment=“CAPTOVE PORTAL BRIDGE”
/interface wireless manual-tx-power-table
set wlan1 comment=“CAPTOVE PORTAL BRIDGE”
set wlan2 comment=“CAPTOVE PORTAL BRIDGE”
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
add dns-name=hotspot.daviderisi.com hotspot-address=10.0.0.1 html-directory=
flash/hotspot login-by=http-chap,https,mac-cookie name=hsprof1
ssl-certificate=certificate.crt_0 use-radius=yes
/ip pool
add name=hs-pool-8 ranges=10.0.0.20-10.0.0.200
/ip dhcp-server
add address-pool=hs-pool-8 interface=“CAPTIVE PORTAL BRIDGE” lease-time=1h
name=dhcp1
/ip hotspot
add address-pool=hs-pool-8 addresses-per-mac=1 disabled=no interface=
“CAPTIVE PORTAL BRIDGE” keepalive-timeout=6h login-timeout=1d name=
hotspot1 profile=hsprof1
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/user-manager user
add name=a
/interface bridge port
add bridge=“CAPTIVE PORTAL BRIDGE” ingress-filtering=no interface=ether2
add bridge=“CAPTIVE PORTAL BRIDGE” ingress-filtering=no interface=ether3
add bridge=“CAPTIVE PORTAL BRIDGE” ingress-filtering=no interface=ether4
add bridge=“CAPTIVE PORTAL BRIDGE” ingress-filtering=no interface=wlan1
add bridge=“CAPTIVE PORTAL BRIDGE” ingress-filtering=no interface=wlan2
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=10.0.0.1/24 interface=“CAPTIVE PORTAL BRIDGE” network=10.0.0.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=10.0.0.0/24 comment=“hotspot network” gateway=10.0.0.1
/ip dns
set allow-remote-requests=yes servers=10.0.0.1
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes
add action=masquerade chain=srcnat comment=“masquerade hotspot network”
src-address=10.0.0.0/24
/ip hotspot service-port
set ftp disabled=yes
/ip hotspot user
add name=admin
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set www-ssl certificate=certificate.crt_0 disabled=no
set api disabled=yes
set api-ssl disabled=yes
/radius
add address=127.0.0.1 service=ppp,login,hotspot
/radius incoming
set accept=yes
/system clock
set time-zone-name=Asia/Jerusalem
/system identity
set name=“CAPTIVE PORTAL SERVER”
/system note
set show-at-login=no
/user-manager router
add address=127.0.0.1 name=router1
I expected a common secret string defined for
/radius
add address=127.0.0.1 service=ppp,login,hotspot
and for
/user-manager router
add address=127.0.0.1 name=router1
Not specifying this “secret” may give it some common value, I don’t know if it does, and what this value would be.
The RADIUS server/client connection and authorisation doesn’t care if this is on the same ROS device or not.
Don’t forget to check firewall filter, if following is needed.
add action=accept chain=input comment="defconf: accept to local loopback (for RADIUS)" dst-address=127.0.0.1
.
Enable system logging topics “radius,packet,debug” and “manager”, to see what happens.
I had this problem before. Beside bpwl’s answer that added the rules to firewall, I was added NAT masquerade to log the traffic but did not specify out-interface. After I set it then it is working fine.
/ip firewall nat
add action=masquerade chain=srcnat comment="masquerade NAT" log=yes out-interface=ether1-gateway
Change ether1-gateway to your port name that going out to the internet.
mine not working, it stil has the radius server not responding
please refer to this image sir.. thank you very much, hoping for your response
