Usermanager + Hotspot on local machine

RouterOS The User Manager
1

Hey all I’m running MikroTik v3.3 and trying to setup user manager with hotspot on the same machine.

I’ve done the following in the wiki given online, and setup and installed usermanager correctly ( i can login and add users )

 / radius add service=hotspot address=127.0.0.1 secret=123456
 / ip hotspot profile set hsprof1 use-radius=yes
/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
/ tool user-manager router add subscriber=MikroTik ip-address=127.0.0.1 shared-secret=123456

The main problem I am having is when a user tries to login I keep getting an error stating the RADIUS server is not responding. I’ve recheck my secret key, and change it from both the RADIUS client in MikroTik and in the router list in User Manger but I’ve been getting the same error. I’ve downloaded some RADIUS server testers and they report that the RADIUS server is working (got auth-accept) . If I add the user under the Hotspot user account, it works there. Is there any config Im missing?

Any clue? Oh, does the user manager run on port 1812?

2

There will be two Interface with To IP <LAN & WAN>

Try with WAN IP , I mean the Internet IP instead on LOCAL IP <127.0.0.1>

3

You can try the timeout time in a radius of,
for example 3000/5000 ms increase.

/radius
add accounting-backup=no accounting-port=1813 address=127.0.0.1
authentication-port=1812 called-id=“” comment=“Local Radius (Usermanager)”
disabled=no domain=“” realm=“” secret=“xxxx123” service=hotspot
timeout=3s

4

Hey guys, I’ve tried both of your suggestions but to no avail.

I’ve set up free radius on another linux system and set the MikroTik radius client to the free radius server, and that works fine. So its not a problem with the MikroTik Radius Client nor the User Manager itself, its just getting them to communicate with each other.

Any other ideas?

5

HI

I had the same problem. The solution for me was to change my src-nat masquerading to use a specific out interface. In 2.9 this didn’t matter but in 3.0 it does.

dolf

6

I realy Need to Understand what is the benefits to use this radius server???
:laughing:

7

Hai,
yes, with radius server you will easy to make control/manage your user, same as Centralized AAA roaming networks for. . . .nice :wink:

regards
Hasbullah.com

quote="eebng_1422"]I realy Need to Understand what is the benefits to use this radius server???
:laughing:[/quote]

8
9

Xeta, you have to look for Dolf’s suggestion, that could be the case.

eebng_1422, the benefit of the RADIUS server is the following, that you have one centralized server, that is responsible for multiple HotSpot, PPP users.
So, let’s say you have one server, which is responsible for 5 HotSpot servers. All information about AAA (authorization and accounting) is stored on the one server, so user can change location without problem, you have more power over multiple HotSpot routers management, etc.

10

Hey Excellent!

Thanks Dolf! That did the trick!

RECAP:
Using MikroTik v3.3 with User Manager on the same system.

SOLUTION:
Follow the instructions in the wiki:

/ radius add service=hotspot address=127.0.0.1 secret=123456
/ ip hotspot profile set hsprof1 use-radius=yes
/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
/ tool user-manager router add subscriber=MikroTik ip-address=127.0.0.1 shared-secret=123456

and next, make sure you use SRC-NAT MASQUERADING to a specific out interface. (Thanks to Dolf!)

11

“make sure you use SRC-NAT MASQUERADING to a specific out interface”

would you mind giving a real “example” of how to do what you are suggesting or is this something that only network engineers can understand some of us are trying to learn and examples can make it a lot less frustrating



I wonder why if this is a “known” issue it does not get added to the WIKI setup?

12

ip firewall nat add action=masquerade out-interface=

13

Thanks Sergejs…dolf…i was stuck with hotspot+usermanager for last two months …finally arrived at this forum and thank god you gave the right solution dude…VERY VERY VERY VERY MULTIPLIED 100000000000000000000000000000000000000000000000000000000000 AND AGAIN THANKS…


GO TO /IP FIREWALL NAT then select the OUT INTERFACE to your wan interface…that may be ether1 or ether2…and enjoy…