Hi all,
Dont know if anybody can help me with this but I dont know if I setup my router wrong or my RadiusManager 3.6.1
When I try to login to the WLAN I get this output via radiusd -x incl. "Authentication successful" at the end but now connection at:
Does anybody know has/had a similar problem and know where I should look for the problem?
On both the Mikrotik Log and the HTML Hotspot login Page it says at the first login "User not found" and the second try "already authenticated, retry later"
Thanks,
Chris
rad_recv: Access-Request packet from host 192.168.0.253:32774, id=23, length=191
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00:19:D2:37:D2:44"
Called-Station-Id = "hotspot1"
NAS-Port-Id = "wlan1"
User-Name = "user"
NAS-Port = 2152726542
Acct-Session-Id = "8050000e"
Framed-IP-Address = 10.0.0.253
Mikrotik-Host-IP = 10.0.0.253
CHAP-Challenge = 0x05e374ac1e7ebfab0b4bb33a2803209e
CHAP-Password = 0x37d1f0c79c3b0c06b4de59ffd237cba2d6
Service-Type = Login-User
WISPr-Logoff-URL = "http://10.0.0.1/logout"
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.0.253
rlm_chap: Setting 'Auth-Type := CHAP'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
rlm_chap: login attempt by "user" with CHAP password
rlm_chap: Using clear text password "1111" for user user authentication.
rlm_chap: chap user user authenticated succesfully
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
Exec-Program-Wait: value-pairs: Reply-Message="User not found!"
Exec-Program: returned: 1
rad_recv: Access-Request packet from host 192.168.0.253:32774, id=23, length=191
Sending Access-Reject of id 23 to 192.168.0.253 port 32774
Reply-Message = "User not found!"
when doing the same on the RadiusServer it works fine:
rad_recv: Access-Request packet from host 127.0.0.1:54327, id=126, length=56
User-Name = "user"
User-Password = "1111"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
Exec-Program-Wait: value-pairs: WISPr-Bandwidth-Max-Up=131072,WISPr-Bandwidth-Max-Down=524288,Acct-Interim-Interval=60
Exec-Program: returned: 0
Sending Access-Accept of id 126 to 127.0.0.1 port 54327
WISPr-Bandwidth-Max-Up = 131072
WISPr-Bandwidth-Max-Down = 524288
Acct-Interim-Interval = 60
Works From Radius Server >>>> radtest user 1111 localhost 1812 testing123
rad_recv: Access-Request packet from host 192.168.0.253:32779, id=32, length=185
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00:19:D2:37:D2:44"
Called-Station-Id = "hotspot1"
NAS-Port-Id = "wlan1"
User-Name = "00:19:D2:37:D2:44"
NAS-Port = 2152726552
Acct-Session-Id = "80500018"
Framed-IP-Address = 10.0.0.253
Mikrotik-Host-IP = 10.0.0.253
User-Password = ""
Service-Type = Login-User
WISPr-Logoff-URL = "http://10.0.0.1/logout"
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.0.253
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
Exec-Program-Wait: value-pairs: Reply-Message="User not found!"
Exec-Program: returned: 1
rad_recv: Access-Request packet from host 192.168.0.253:32779, id=32, length=185
Sending Access-Reject of id 32 to 192.168.0.253 port 32779
Reply-Message = "User not found!"
[admin@MikroTik] > export
jan/01/1970 00:53:25 by RouterOS 3.0rc13
software id = ALHL-FTT
/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes mac-address=00:0C:42:1D:A6:D6
mtu=1500 name="ether1" speed=100Mbps
set 1 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes mac-address=00:0C:42:1D:A6:D7
mtu=1500 name="ether2" speed=100Mbps
set 2 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes mac-address=00:0C:42:1D:A6:D8
mtu=1500 name="ether3" speed=100Mbps
/ip ipsec proposal
add auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m name="default" pfs-group=modp1024
/ppp profile
set default change-tcp-mss=yes comment="" name="default" only-one=default use-compression=default
use-encryption=default use-vj-compression=default
set default-encryption change-tcp-mss=yes comment="" name="default-encryption" only-one=default
use-compression=default use-encryption=yes use-vj-compression=default
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment="" disabled=no ignore-as-path-len=no name="default"
out-filter="" redistribute-connected=no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no
redistribute-static=no router-id=0.0.0.0
/routing ospf area
add area-id=0.0.0.0 authentication=none disabled=no name="backbone" type=default
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d
http-proxy=0.0.0.0:0 login-by=cookie,http-chap name="default" rate-limit="" smtp-server=0.0.0.0
split-user-domain=no use-radius=no
add dns-name="www.myISP.com" hotspot-address=10.0.0.1 html-directory=hotspot http-cookie-lifetime=3d
http-proxy=0.0.0.0:0 login-by=mac,cookie,http-chap,http-pap mac-auth-password="" name="hsprof1"
nas-port-type=wireless-802.11 radius-accounting=yes radius-default-domain="" radius-interim-update=received
radius-location-id="" radius-location-name="" rate-limit="" smtp-server=0.0.0.0 split-user-domain=no
use-radius=yes
/ip hotspot user profile
set default advertise=no idle-timeout=none keepalive-timeout=2m name="default" open-status-page=always
shared-users=1 status-autorefresh=1m transparent-proxy=yes
/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers="" group-key-update=5m
interim-update=0s mode=none name="default" radius-eap-accounting=no radius-mac-accounting=no
radius-mac-authentication=no radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX
radius-mac-mode=as-username static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=none
static-key-0="" static-key-1="" static-key-2="" static-key-3="" static-sta-private-algo=none
static-sta-private-key="" static-transmit-key=key-0 supplicant-identity="MikroTik" tls-certificate=none
tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" wpa2-pre-shared-key=""
/ip pool
add name="hs-pool-4" ranges=10.0.0.2-10.0.0.254
/port
set 0 baud-rate=115200 data-bits=8 flow-control=hardware name="serial0" parity=none stop-bits=1
/queue type
add kind=pfifo name="default" pfifo-limit=50
add kind=pfifo name="ethernet-default" pfifo-limit=50
add kind=sfq name="wireless-default" sfq-allot=1514 sfq-perturb=5
add kind=red name="synchronous-default" red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50
red-min-threshold=10
add kind=sfq name="hotspot-default" sfq-allot=1514 sfq-perturb=5
add kind=pfifo name="default-small" pfifo-limit=10
/snmp
set contact="" enabled=no engine-boots=0 engine-id="" location="" time-window=15 trap-sink=0.0.0.0
trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" authentication-protocol=MD5 encryption-password=""
encryption-protocol=DES name="public" read-access=yes security=none
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name="memory" target=memory
set disk disk-lines=100 disk-stop-on-full=no name="disk" target=disk
set echo name="echo" remember=yes target=echo
set remote name="remote" remote=0.0.0.0:514 target=remote
/user group
add name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,!ftp,!write,!policy
add name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,!ftp,!policy
add name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff
/interface wireless
set 0 ack-timeout=dynamic adaptive-noise-immunity=yes allow-sharedkey=no antenna-gain=0 antenna-mode=ant-a
area="" arp=enabled band=2.4ghz-b/g basic-rates-a/g=6Mbps basic-rates-b=1Mbps burst-time=disabled comment=""
compression=no country=no_country_set default-ap-tx-limit=0 default-authentication=yes
default-client-tx-limit=0 default-forwarding=yes dfs-mode=none disable-running-check=no disabled=no
disconnect-timeout=3s frame-lifetime=0 frequency=2412 frequency-mode=manual-txpower hide-ssid=no
hw-retries=4 mac-address=00:0C:42:1B:3D:34 max-station-count=2007 mode=ap-bridge mtu=1500 name="wlan1"
noise-floor-threshold=default on-fail-retry-time=100ms periodic-calibration=default
periodic-calibration-interval=60 preamble-mode=both proprietary-extensions=post-2.9.25
radio-name="000C421B3D34" rate-set=default scan-list=default security-profile=default ssid="test"
station-bridge-clone-mac=00:00:00:00:00:00
supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps tx-power-mode=default update-stats-interval=disabled
wds-cost-range=50-150 wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=no wds-mode=disabled
wmm-support=disabled
/ipv6 nd
add advertise-mac-address=yes disabled=no hop-limit=unspecified interface=all mtu=unspecified ra-delay=3s
ra-interval=3m20s-10m ra-lifetime=30m reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix default
set autoconfig=yes on-link=yes preferred-lifetime=1w valid-lifetime=4w2d
/routing ripng
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 metric-default=1 metric-ospf=1
metric-static=1 redistribute-bgp=no redistribute-connected=no redistribute-ospf=no redistribute-static=no
timeout-timer=3m update-timer=30s
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption enabled=no max-mru=1460
max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=default enabled=no
keepalive-timeout=60 mac-address=FE:F7:F0:58:E6:6A max-mtu=1500 mode=ip netmask=32 port=1194
require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30
max-mru=1460 max-mtu=1460 mrru=disabled
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m gateway-selection=no-gateway
origination-interval=5s preferred-gateway=0.0.0.0 timeout=1m ttl=50
/routing ospf
set distribute-default=never metric-bgp=20 metric-connected=20 metric-default=1 metric-rip=20 metric-static=20
redistribute-bgp=no redistribute-connected=no redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 metric-default=1 metric-ospf=1
metric-static=1 redistribute-bgp=no redistribute-connected=no redistribute-ospf=no redistribute-static=no
timeout-timer=3m update-timer=30s
/ip dhcp-client
add add-default-route=yes comment="" disabled=no interface=ether3 use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server
add address-pool=hs-pool-4 authoritative=after-2sec-delay bootp-support=static disabled=no interface=wlan1
lease-time=1h name="dhcp1"
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=10.0.0.0/24 comment="hotspot network" gateway=10.0.0.1
/ip hotspot
add address-pool=hs-pool-4 addresses-per-mac=2 disabled=no idle-timeout=5m interface=wlan1
keepalive-timeout=none name="hotspot1" profile=hsprof1
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=no name="admin" password="" profile=default
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00
frame-size=300 frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 multiple-channels=no only-headers=no
receive-errors=no streaming-enabled=no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet boot-protocol=bootp
enable-jumper-reset=yes enter-setup-on=any-key
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-vlan=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.88.1/24 broadcast=192.168.88.255 comment="default configuration" disabled=no
interface=ether1 network=192.168.88.0
add address=10.0.0.1/24 broadcast=10.0.0.255 comment="" disabled=no interface=wlan1 network=10.0.0.0
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB primary-dns=192.168.0.1 secondary-dns=0.0.0.0
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s
tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=no src-address=10.0.0.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no
set pptp disabled=no
/ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set wlan1 discover=no
/ip proxy
set always-from-cache=no cache-administrator="webmaster" cache-drive=system cache-hit-dscp=4 cache-on-disk=no
enabled=no max-cache-size=none max-client-connections=600 max-fresh-time=3d max-server-connections=600
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0
/ip service
set telnet address=0.0.0.0/0 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=no port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
set wlan1 queue=wireless-default
/radius
add accounting-backup=no accounting-port=1813 address=192.168.0.254 authentication-port=1812 called-id=""
comment="" disabled=no domain="" realm="" secret="testing123" service=ppp,login,hotspot,wireless timeout=2s
/radius incoming
set accept=yes port=1700
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start="jan/01/1970 00:00:00" time-zone=+00:00
/system console
add disabled=no port=serial0 term="vt102"
/system health
set fan-mode=manual use-fan=main
/system identity
set name="MikroTik"
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=10
/tool e-mail
set from="<>" server=0.0.0.0
/tool graphing
set store-every=5min
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sniffer
set file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535
filter-protocol=ip-only filter-stream=yes interface=all memory-limit=10 only-headers=no streaming-enabled=no
streaming-server=0.0.0.0
/user
add address=0.0.0.0/0 comment="system default user" disabled=no group=full name="admin"
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
[admin@MikroTik] >