radius server not responding

someuser · May 4, 2010, 6:29am

Hi,
I’ve configured my RB750G to authenticate with Usermanager.
I can’t get it to work. HotSpot works fine, Yet I can’t seem to get Radius Server (usermanager) to take over.
If I create users in usermanager and and use a created account, I’m able to get on internet, only after
logging in with “trial” account or admin account via HotSpot, Not a big surprise there.
I’ve enabled UserManager Router IP in Walled Garden etc..

I cannot get user manager to work.
Keep getting " radius server not responding.
There’s not problem pinging it.
Any help greatly appreciated.
BTW, using Beta2

export of /radius

/radius
add accounting-backup=no accounting-port=1813 address=192.168.88.1
authentication-port=1812 called-id=uptown disabled=no domain=
“mydomain”.com realm=“” secret=123456 service=login,hotspot timeout=300ms
/radius incoming
set accept=yes port=3799

export of /hotspot

/ip hotspot profile
set default dns-name=“” hotspot-address=0.0.0.0 html-directory=hotspot
http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap
name=default rate-limit=“” smtp-server=0.0.0.0 split-user-domain=no
use-radius=no
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=
1 status-autorefresh=1m transparent-proxy=no
/ip hotspot profile
add dns-name=login.uptown.com hotspot-address=192.168.88.1 html-directory=
hotspot http-proxy=0.0.0.0:0 login-by=http-chap,trial name=hsprof1
nas-port-type=wireless-802.11 radius-accounting=yes
radius-default-domain=“mydomain”.com radius-interim-update=received
radius-location-id=uptown radius-location-name=uptown radius-mac-format=
XX:XX:XX:XX:XX:XX rate-limit=“” smtp-server=0.0.0.0 split-user-domain=no
trial-uptime=1d/1d trial-user-profile=default use-radius=yes
add dns-name=login.hotspot.com hotspot-address=192.168.88.1 html-directory=
hotspot2 http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=
cookie,http-chap,trial name=hsprof2 nas-port-type=wireless-802.11
radius-accounting=yes radius-default-domain=“mydomain”.com
radius-interim-update=received radius-location-id=uptown
radius-location-name=uptown1 radius-mac-format=XX:XX:XX:XX:XX:XX
rate-limit=“” smtp-server=0.0.0.0 split-user-domain=no trial-uptime=
30m/1d trial-user-profile=default use-radius=yes
/ip hotspot
add address-pool=default-dhcp addresses-per-mac=2 disabled=no idle-timeout=5m
interface=ether2-local-master keepalive-timeout=none name=hotspot1
profile=hsprof2
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add disabled=no name=admin password=1234 profile=default
/ip hotspot walled-garden
add action=allow comment=“place hotspot rules here” disabled=yes
add action=allow disabled=no dst-host=http://“mydomain”.com dst-port=3799
path=“/user?signup=uptown”
add action=allow disabled=no dst-host=http://“mydomain”.com dst-port=3799
path=/ server=hotspot1
/ip hotspot walled-garden ip
add action=accept disabled=no dst-address=192.168.88.1 dst-host=
http://“mydomain”.com dst-port=3799
[admin@RB750G] /ip hotspot>

Chupaka · May 4, 2010, 9:22am

/radius monitor 0

also, if it’s on your local router, maybe use 127.0.0.1 instead of 192.168.88.1?..

someuser · May 4, 2010, 7:28pm

[/attachment]

Hi,
I’ve changed IP to 127.0.0.1.
Still nothing new.
Here’s an export (/radius monitor 0) from a different but similar setup with RouterOS (box not RB750G).

[admin@MikroTik] /radius> monitor 0
pending: 0
requests: 3
accepts: 0
rejects: 0
resends: 0
timeouts: 3
bad-replies: 0
last-request-rtt: 0s

So, might it be something in firewall?.
Here’s pics of user profile.
I"ve actually purchase credits from my own paypal account and shows the user good to go.
But again, when I’m presented with the intial login (hotspot) page, and I enter the usermanager generated (“prefix09juy”) username,
I can’t login on that login page.
Also, if I go to the http://routerIP/user?signup=uptown page and use that username, it shows the above user paid and good to go.
I have setup the NTP client since then so the time is up to date.
To get past all this. Can I create a user in usermanager (say unlimited) that doesn’t need to “credits”. Similar to “bypass” in HotSpot database?

Chupaka · May 5, 2010, 11:10am

do you have any blocking rules in input and output firewall filter chains?

bigguns · May 30, 2010, 7:44pm

Is there any information on this issue because I’m having the same issues.

sergejs · May 31, 2010, 11:28am

Set 127.0.0.1 for /radius and /tool user-manager router.
Do you have /ip firewall nat rules for masquerade?

ahooper · September 20, 2013, 3:09am

I am having the same issue.
Has anyone found a resolve this this yet?

It appears that the usermanager radius is not working at all, I am seeing the hand off in the status but they just time out then get the message radius server not responding.

I also tried to us NTRadPing and reconfigured UserManager to accept messages from my machine but again no response.

I am using the latest version v6.4 on an RB750G

ahooper · September 20, 2013, 3:13am

Correction, I have managed to get a response from NTRadPing Test Util so the radius is working just not for requests sent via the localhost.

ahooper · September 20, 2013, 3:38am

Well a quick and nasty fix.. It appears that the reason this happens is that when you have a hotspot in the new version the radius seems to not work for 172.0.0.1 but will work for the IP of the hotspot but if you do this the firewall MASQ will fire the request out the gateway.

Fix for me was to add an IP /32 to the hotspot interface then use that instead. Seems to be working.

onlysuraj · December 4, 2013, 2:44pm

dear sir, i have the same problem ?

yes i have done this /ip firewall nat rules for masquerade

i have done all the setting well but i can log in through usermanager users but i can log in by the users that are created in winbox

error :protocol is not working and radius is not responding

please help mikrotik i have been working to configure usermanager last one month but not luck

thanks
suraj