Hi!
It’s possible to send a request to a freradius server and get the result returned by the radius server?
RouterOs is working fine with the radius server. What I need is a script that sends a fake or real user/pass to the server and if it possible read or log the result (radius server is not responding or whatever..).
Perhaps a button in /radius configuration to test the radius server? Now I need to connect a customer to my hotspot and make a request. I’m trying to make the test from remote, only connecting with winbox, telnet or ssh.
Thanks!
I know it is not as clean or easy as a program on the router, but I use the radtest program that comes with freeradius. I use a Linux box with radtest installed behind the router on a localnet masqueraded to the public ip the Freeradius server is set to respond to in clients.conf. This requires being logged in as root for me. From a shell:
radtest user password xx.xx.xx.xx 0 radiussecret
xx.xx.xx.xx is the ip of the FreeRADIUS server.
yes.. this is what I do in my server.
The problem is that my networks usually has the radius server and the APs with routerOS. I don’t have nothing else. My radius servers are One per installation. I don’t use one in my company because each customer has it’s own server. Then.. I don’t have any linux distribution box there. Only RouterOS boxes ; )
Now we are having problems in a project with the radius server validations. Some hotspots work and some not. We have to delete the radius server NAS reboot freeradius, create the NAS again and reboot freeradius. It’s the first time I have to reboot freeradius server for something like that. This reboots fixed the problems.
Each time I have to test the hotspot validation with the server, my customer has to go to the network (physically) and test with a nanostation or something…
How can I make the test directly with routeros?
Hi!
I found something to test the radius server via routerOS, simply login to the AP.
You need to:
/radius
add accounting-backup=no accounting-port=1813 address=your_ip_radius_server \
authentication-port=1812 called-id="" comment="" disabled=no domain="" \
realm="" secret=mysecret service=login timeout=1s
and:
/user aaa set use-radius=yes
Now,
when you login, the system will use first the local users database and later will try to login by radius user.
For security reasons, you can enable and disable this, only for testing the radius connectivity. That’s exactly what we need, send a request to the radius server : D!
Notice that the user will be only in read mode because we don’t played with /user groups
I can’t give me a Karma vote x((