Hello,
I successfully configured a network infrastructure with a Mikrotik Router acting as a Radius server (thanks to the user-manager package) and an OpenWRT Wifi AP with EAP-TLS authentification.
The Mikrotik router is acting as a DHCP server for the whole network.
Once the authentication has been made on the Wifi AP, I would like to automatically set a couple of rules linked to the user. This allow me to fine-tune the access of each user on different resources of the network (server, web services, internet access etc.)
I’ve seen in user-manager documentation that there is a “Mikrotik-Address-List” field.
Ideally, after the session has been opened on the radius server, I would like to:
- Retrieve the IP address of the freshly connected user
- (optional) Deliver a specific IP address for some users
- Add this IP to multiple addresses list in the firewall (let’s say: list-internet-access and list-streaming-access). The firewall already have a specific list of rule for this address list
As I’m not using the hotspot feature of Mikrotik, I would like to know how I can make this setup to work.
So basically, I’m trying to do an ACL system using EAP/Radius auth. Maybe there is another way to achieve that?
Thanks
