I’m trying to connect my RB2011 to a neighboring Access Point which uses radius authentication. It doesn’t use the mac address as the username. It uses the following check attributes. Can you recommend to me how to set up a security profile that sends the below info?
Username: User1 (string)
Password: User1Pw (string)
Supplicant Identity: User1 (string)
Thank you.
interesting topic
bump.
bump again.
I’m afraid that AP is using WPA2-PEAP authentication; RouterOS as client currently only supports EAP-TLS with certificates, not PEAP with user/password.
Thank you for letting me know.
Is there any chance this will be fixed? Where can we submit an enhancement request?
MikroTik supports EAP-TTLS and EAP-PEAP fine as an access point, we use it with a RADIUS server to validate
the users/passwords, but when used as a station there is only MAC authentication, not authentication with a user
entered username and password.
When using Ubiquiti devices as a client, it works OK. It should be possible to use MikroTik devices as a client as well.
i think its an important feature, mikrotik has to think beyond wisp scenario where a single entity implement security adopting equipment limitations, radius mac authentication its useless from security standpoint, its only useful to identify stations to apply certain policy.
in enterprise environment are security requirements to agree imposed by business third parties and many times mac authentication is not accepted as a valid security measure.
Chechito you can use WPA-PEAP with certificates. It’s just the user/password portion not supported as station.
thank you for the clarification