Is there any way or a script that I can look at that will create a random password for the wifi every week? We have a timeshare building where there is a routerboard in each unit, but they all have their own SSID. We would like them to change the password every week on their own. We thought about using user manager somehow with radius, but not sure how to handle assigning a user to an individual ssid or access point.
Have a look at this topic:
http://forum.mikrotik.com/t/automatic-wireless-password-on-tv-screen/66841/1
Still, I would like someone with better knowledge on RouterOS scripting, to do this within a routerboard, instead from a Windows machine.
RouterOS doesn’t have any sort of random function (or an otherwise “random” source), making this next to impossible internally.
The closest thing to a random function you can get internally is this MD5 function, which you can apply on the current clock, and then treat each character of the output as a “random” integer between 0 and 15. However, since the MD5 output is only 32 hex characters long, this means you can only get 32 random integers per second, each between 0 and 15… Perhaps if you add up two characters in order to ultimately get 16 random integers between 0 and 30. That should be a sufficient alphabet if you only use one (lower) case letters, and remove some ambiguous ones from the alphabet (e.g. 0 and o), though there’s a slight bias against the lower numbers in that case, due to the add up.
As mentioned in the topic linked above, one way to get a good random password is using the API. Coincidentally, I had written such a script just yesterday, using my PHP client. Here you go:
<?php
use PEAR2\Net\RouterOS;
require_once 'PEAR2_Net_RouterOS-1.0.0b5.phar';
try {
$util = new RouterOS\Util(
$client = new RouterOS\Client('192.168.88.1', 'admin', '')
);
$passAlphabet = 'abcdefghikmnpqrstuvxyz23456789';
$passLength = 8;
$passAlphabetLimit = strlen($passAlphabet)-1;
$pass = '';
for ($i = 0; $i < $passLength; ++$i) {
$pass .= $passAlphabet[mt_rand(0, $passAlphabetLimit)];
}
$util
->setMenu('/interface wireless security-profiles')
->set(
'default',
array(
'wpa-pre-shared-key' => $pass,
'wpa2-pre-shared-key' => $pass
)
);
echo 'New Wi-Fi password: ', $pass;
exit(0);
} catch (Exception $e) {
echo $e;
exit(1);
}
If placed inside a web server, it should be placed in an admin only area that is kept open for the admin to see, since every invocation will make a new password. Alternatively, a separate PHP page could be made to display the current password, without modifying it.
Thats an interesting script. Do you think I could do it with a script that could ask a php page and fill in the password. And have that php page query a database.
The script above does just that. If you use “/tool fetch” to access the URL of that script, it will modify the Wi-Fi password.
If you have several routers, and want each to have its own random Wi-Fi password, you can just replace 192.168.88.1 with $_SERVER[‘REMOTE_ADDR’].
If you mean you want the PHP script to just “suggest” a password, but have the script actually modify it, that’s possible too, but it’s a little more tricky. You need to save the result from “/tool fetch” (which would be reduced to just $pass), then get the contents of that file with “/file get” and finally fill it at the places you want it.
If you want the script to just be suggested a password, you can also use random.org, e.g.
/tool fetch url="http://www.random.org/strings/\?num=1&len=8&digits=on&loweralpha=on&unique=off&format=plain&rnd=new" keep-result=yes dst-path="pass.txt"
(the only problem with THAT is that ambiguous characters like 0 and o are not removed from the alphabet…)
EDIT: Wait… Random.org have a separate “random password” option too, where confusing characters are not part of the alphabet, so:
/tool fetch url="https://www.random.org/passwords/\?num=1&len=8&format=plain&rnd=new" keep-result=yes dst-path="pass.txt"
I built such a script for a customer that needed the WiFi password to change weekly. In my situation the router generates a password based on some variables and sets the new password. it then emails and also hooks into my SMS gateway via API and sends the employees the password for that week. All within the router itself. If you still need something like that hit me up.
Regards,
Josh
@jspool That will be great, can you post your solution to have a look at it?
In my situation a person that owned some Coffee shops wanted to make sure that people didn’t camp out all day and not buy anything as his locations were not very big. So he gives out the WiFi password for the week printed on the receipt. He preferred a weekly change vs daily and he also wanted the the password to start with coffee and have a variation of 3-4 numbers. Example: coffee1839
#######################################
###VoIP Squared WiFi Password Generator Script###
#######################################
:local toEmail youremail@domain.com
:local fromEmail router@yourdomain.com
:local prepend coffee
:local wifiprofile profile33
:local secr [/system resource get write-sect-since-reboot];
/log info message=“Sector Writes Since Reboot=$secr”
:local runc [/system script get WiFiPasswordGenerator run-count];
/log info message=“WiFiPasswordGenerator Run Count=$runc”
:local date1 [:pick [/system clock get date] 4 6];
/log info message=“Month=$date1”
:local time1 [:pick [/system clock get time] 6 8];
/log info message=“Seconds=$time1”
:local time2 [:pick [/system clock get time] 3 5];
/log info message=“Minute=$time2”
:if ($date1 < 02) do={
:set date1 (“03”);
};
:if ($time1 < 10) do={
:set time1 (“12”);
};
:if ($time2 < 10) do={
:set time2 (“15”);
};
:if ($runc < 10) do={
:set runc (“19”);
}
:if ($secr < 10) do={
:set secr (“25”);
}
###Remove if you want longer password###
:if ($secr > 99) do={
:set secr (“9”);
};
###Remove if you want longer password###
####Use commented line below instead of the one below if you desire a longer password####
#:local newPassword ($date1 * $time1 * $time2 * $secr);
:local newPassword ($date1 * $time1 * $secr);
/log info message=“Month x Seconds x Sector Writes Since Reboot=$newPassword”
:set newPassword ($prepend . $newPassword);
:interface wireless security-profiles set $wifiprofile wpa-pre-shared-key=“$newPassword”;
:interface wireless security-profiles set $wifiprofile wpa2-pre-shared-key=“$newPassword”;
:log info message=“New WiFi Password Set To=$newPassword”
:log info message=“Preparing To Email New WiFi Password”
delay 2
:tool e-mail send user=$fromEmail to=$toEmail subject=“$[/system identity get name] WiFi Password” body=“This Week’s Wireless Password Is: $newPassword”;
delay 2
:log info message=“New WiFi Password Has Been Emailed”
:log info message=“See You Next Week”
Very interesting @jspool. I would have given some karma if the option would have still been there 
.
Interesting how you have chosen to randomize the password. I will play a little bit when time will be available.
Thank you for sharing it.
Switch the forum theme and you will be able to. See below.
Thx jspool for the script, I have change it to Work on CAPsMAN to. 
Glad you were able to modify it to fit your needs.
Hi have messaged Jspool about this and he is helping, but is anyone else having issues with the script not working? i have tried it on 4.17, 5.26 and 6 and it just does not work. i am convinced its probably something i am doing wrong. is it just a matter of simply copying and pasting the script into a new script box and then editing the variables at the top?
Exactly what I needed - thank you !!!
can you post your config with the capsman?
Iam not not familiar with scripting , mayby a stupid questin but is this one script ?
I want to use a script like this but a want to change the key 2 times a year is this also posible ?
thanks you in advance
Hi bvt1977
Here is the modified script for Capsman, hope it helps…
#######################################
### WiFi Password Generator Script###
#######################################
# mail recipients
:local recipients { "user1@gmail.com "; "user2@gmail.com"; "user3@gmail.com"; "user5@gmail.com"; "user1@yahoo.com" }
:local fromEmail ************@gmail.com
:local prepend home
# :local wifiprofile WifiPass
:local wifiprofile 0
:local secr [/system resource get write-sect-since-reboot];
/log info message="Sector Writes Since Reboot=$secr"
:local runc [/system script get WiFiPasswordGenerator run-count];
/log info message="WiFiPasswordGenerator Run Count=$runc"
:local date1 [:pick [/system clock get date] 4 6];
/log info message="Month=$date1"
:local time1 [:pick [/system clock get time] 6 8];
/log info message="Seconds=$time1"
:local time2 [:pick [/system clock get time] 3 5];
/log info message="Minute=$time2"
:if ($date1 < 02) do={
:set date1 ("03");
};
:if ($time1 < 10) do={
:set time1 ("12");
};
:if ($time2 < 10) do={
:set time2 ("15");
};
:if ($runc < 10) do={
:set runc ("19");
}
:if ($secr < 10) do={
:set secr ("25");
}
###Remove if you want longer password###
:if ($secr > 99) do={
:set secr ("9");
};
###Remove if you want longer password###
####Use commented line below instead of the one below if you desire a longer password####
#:local newPassword ($date1 * $time1 * $time2 * $secr); or :local newPassword ($date1 * $time1 * $secr);
:local newPassword ($date1 * $time1 * $secr);
/log info message="Month x Seconds x Sector Writes Since Reboot=$newPassword"
:set newPassword ($prepend . $newPassword);
:log info message="Preparing To Email New WiFi Password to users"
:foreach r in=$recipients do={
:put ("Sending email to " . [:tostr $r])
/tool e-mail send from=***********@gmail.com to=[:tostr $r] subject="WiFi AP Password" body="This Week's Wireless Password Is: $newPassword " server=173.194.67.108 port=587 start-tls=yes user=*********@gmail.com password=*******
}
# The delay 300 is for the users that is on the WiFi to get the mail before it gets change.
delay 300
#
/caps-man security set $wifiprofile passphrase="$newPassword";
#
:log info message="New WiFi Password Set To=$newPassword"
:log info message="New WiFi Password Has Been Emailed"
:log info message="See You Next Week"
:set newPassword ($prepend . $newPassword);
#
:log info message="New WiFi Password Set To :$newPassword"
delay 2
/caps-man security print file=WifiPassword
Could anyone help with script, it doesnt work for me only thing i get is Sector writes since reboot in log, i copy pasted script as it is for test i just changed
:local wifiprofile homeguest
to match my security profile name, but it doesnt seam to work at all (6.38rc25)
I’ve tried different ways to reset the WiFi password in CapsMan, using the PHP API:
$API->write(‘/caps-man/security/set’,false);
$API->write(‘=name=“security-guest”=’,false);
$API->write(‘=passphrase=“mynewpass”=’);
$ARRAY = $API->read(false);
This does end with “true”, but there is no actual password changed.
Needless to say, in the terminal I can change it.
Anyone can please tell me what I’m doing wrong?
:local wifiprofile "You wireless security-profiles name"
# "len=" in the url it is the number of characters for in the generated password
/tool fetch url="https://www.random.org/passwords/\?num=1&len=10&format=plain&rnd=new" keep-result=yes dst-path="pass.txt"
delay 3
# The last digit before the closing square bracket must be "len=" from url
:local newPassword [put [pick ([/file get [/file find name=pass.txt] contents]) 0 10]];
:interface wireless security-profiles set $wifiprofile wpa-pre-shared-key="$newPassword";
:interface wireless security-profiles set $wifiprofile wpa2-pre-shared-key="$newPassword";
/file remove [find name="pass.txt"];
/log info message="New Wi-Fi Pass = $newPassword"
Instead of relay on an external service to get password, you can use this solution.
http://forum.mikrotik.com/t/one-line-password-generation-without-fetch-tool/141623/1