Hi there,
We are looking into using user login via radius, with a few local users on the routerboards, for obvious reasons.
We have the winbox login working, along with the groups.
Our problem comes in with bandwidth tests, and telnet& SSH, we can’t get the login to the work, I can see that it is sendin the request to the radius server, the server is recieving it, but the mikrotik is recieving reject.
has anyone else had this problem?
Yes. I did. What radius are you using? I had problems with FreeRADIUS. But not now! 
Jip Free Radius,
Please tell me how you fixed it, coze I got my bosses pushing me to get it to work.
Before we troubleshoot the challenge with Mikrotik, I want to insure your FreeRADIUS setup is working.
In the radius server, you should be able to use radtest. Try this with a valid user/password from a shell:
radtest user password 127.0.0.1 0 radiussecret
Substitute user and password (and radiussecret) for a valid entry. If you do not get a Access-Accept, let me know…
I use FreeRADIUS as a proxy to Windows 2008 RADIUS servers. Works for ftp, winbox, telnet, ssh. Dont use btest, so I cant comment there.
IIRC, winbox uses chap and telnet/ssh use PAP, might be the other way around. That is probably your problem.
But.. It works great for me!
Hi,
I get this:
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=210, length=20
Yet I can use the same username and password and login to winbox to a RB.
Those are two different user databases. The database “/user” is for router access. “/ip hotspot user” is for hotspot access.
If you can’t get the MySQL database to work, in the freeradius “users” file there is a line like this:
DEFAULT Auth-Type=System
It needs to be changed to:
DEFAULT Auth-Type=Local
or the SQL database will not work.
You must get radtest to work before you can proceed. Otherwise, the login will always fail for users in the FreeRADIUS user database.
EDIT: While you are in the user file, you should unremark a test user there. My default setups normally have a user “steve” with password “testing”. Remove the ‘#’ and try that user with radtest.
Instead of playings and wasting your time why don’t you use a out of box product now days radius auth and web GUI are in the market which starts from 150 USD onwards and you never face any issue i also try with many custom packages but have always missing something so we deployed out of box product and now more then one year we don’t have any issues.
if you need any info then let me know.
What you’re doing is starting to border on spam. Nearly every post you make on Hotspots and AAA focuses on a package your employer either sells directly, or that you get paid to advertise.
@fewi: Congrats on the first user with karma over 100! Nice job supporting the forum.
@Wesley: Don’t give up so quickly. Do the user in user file and test it.
ADD: Also check “clients.conf” and insure you are using the correct radius secret for 127.0.0.1. I restart the radius service after making any changes in the setup files. My OS uses this from a shell logged in as root:
radiusd restart
Been using FreeRADIUS for years and it has never failed me.
FreeRADIUS w/ daloradius UI works like a champ for most things.
Brilliant!!! Its working, Thank SurferTim:
If you can’t get the MySQL database to work, in the freeradius “users” file there is a line like this:
DEFAULT Auth-Type=System
It needs to be changed to:
DEFAULT Auth-Type=Local
or the SQL database will not work.
It worked. The Bandwidth test isn’t working, but we’ll just add a local account for bandwidth testing, thats not a problem.
Dear Fewi,
Nothing like that… if you think that a spam you can think but its just a support forum radius is my favourite subject.
Birender
Good to hear it is working. If you did unremark the test user “steve” in the user file, you should go back there and put the “#” back, or poor steve (if you ever have that user) will have a terrible time logging in!