Using the new Mikrotik radius dictionary with Ubuntu

CristianDeluxe · December 2, 2011, 8:48am

Hi, i’m using Freeradius in a Ubuntu Server, the default package for Freeradius have an old Mikrotik diccionary that don’t have even (relatively old) wireless comments.

They try to warn you that, if you modify the dictionary with the one offered by Mikrotik will not work.

#	Do NOT follow their instructions and replace the dictionary
#	in /etc/raddb with the one that they supply.  It is NOT necessary.
#
#	On top of that, the sample dictionary file they provide
#	DOES NOT WORK.  Do NOT use it.

Well, this is correct, but if we make some minor modifications we can use it without problems.

Here the modified dictionary file for Debian, you must place it in /usr/share/freeradius/dictionary.mikrotik (backup the old dictionary for more security)

# MikroTik vendor specific dictionary
# Copyright (C) MikroTikls, SIA
#
# You may freely redistribute and use this software or any part of it in source
# and/or binary forms, with or without modification for any purposes without
# limitations, provided that you respect the following statement:
#
# This software is provided 'AS IS' without a warranty of any kind, expressed or
# implied, including, but not limited to, the implied warranty of
# merchantability and fitness for a particular purpose. In no event shall
# MikroTikls SIA be liable for direct or indirect, incidental, consequential or
# other damages that may result from the use of this software, including, but
# not limited to, loss of data, time and (or) profits.
#
# $Id: dictionary.mikrotik,v 1.7 2011/11/25 08:00:00 normis Exp $
#
# MikroTik Attributes

VENDOR          Mikrotik        14988

BEGIN-VENDOR	Mikrotik

ATTRIBUTE       Mikrotik-Recv-Limit          1    integer
ATTRIBUTE       Mikrotik-Xmit-Limit          2    integer
ATTRIBUTE       Mikrotik-Group               3    string
ATTRIBUTE       Mikrotik-Wireless-Forward    4    integer
ATTRIBUTE       Mikrotik-Wireless-Skip-Dot1x 5    integer
ATTRIBUTE       Mikrotik-Wireless-Enc-Algo   6    integer
ATTRIBUTE       Mikrotik-Wireless-Enc-Key    7    string
ATTRIBUTE       Mikrotik-Rate-Limit          8    string
ATTRIBUTE       Mikrotik-Realm               9    string
ATTRIBUTE       Mikrotik-Host-IP             10   ipaddr
ATTRIBUTE       Mikrotik-Mark-Id             11   string
ATTRIBUTE       Mikrotik-Advertise-URL       12   string
ATTRIBUTE       Mikrotik-Advertise-Interval  13   integer
ATTRIBUTE       Mikrotik-Recv-Limit-Gigawords 14  integer
ATTRIBUTE       Mikrotik-Xmit-Limit-Gigawords 15  integer
ATTRIBUTE       Mikrotik-Wireless-PSK         16  string
ATTRIBUTE       Mikrotik-Total-Limit          17  integer
ATTRIBUTE       Mikrotik-Total-Limit-Gigawords 18 integer
ATTRIBUTE       Mikrotik-Address-List          19 string
ATTRIBUTE       Mikrotik-Wireless-MPKey        20 string
ATTRIBUTE       Mikrotik-Wireless-Comment      21 string
ATTRIBUTE       Mikrotik-Delegated-IPv6-Pool    22 string

# MikroTik Values

VALUE           Mikrotik-Wireless-Enc-Algo            No-encryption                  0
VALUE           Mikrotik-Wireless-Enc-Algo            40-bit-WEP                     1
VALUE           Mikrotik-Wireless-Enc-Algo            104-bit-WEP                    2
VALUE           Mikrotik-Wireless-Enc-Algo            AES-CCM                        3
VALUE           Mikrotik-Wireless-Enc-Algo            TKIP                           4

END-VENDOR      Mikrotik

I hope this can help someone and too save the time that I have wasted for make it work

normis · December 2, 2011, 8:51am

how exactly is your modified version:

ATTRIBUTE       Mikrotik-Recv-Limit          1    integer
ATTRIBUTE       Mikrotik-Xmit-Limit          2    integer
ATTRIBUTE       Mikrotik-Group               3    string
ATTRIBUTE       Mikrotik-Wireless-Forward    4    integer
ATTRIBUTE       Mikrotik-Wireless-Skip-Dot1x 5    integer
ATTRIBUTE       Mikrotik-Wireless-Enc-Algo   6    integer
ATTRIBUTE       Mikrotik-Wireless-Enc-Key    7    string
ATTRIBUTE       Mikrotik-Rate-Limit          8    string
ATTRIBUTE       Mikrotik-Realm               9    string
ATTRIBUTE       Mikrotik-Host-IP             10   ipaddr
ATTRIBUTE       Mikrotik-Mark-Id             11   string
ATTRIBUTE       Mikrotik-Advertise-URL       12   string
ATTRIBUTE       Mikrotik-Advertise-Interval  13   integer
ATTRIBUTE       Mikrotik-Recv-Limit-Gigawords 14  integer
ATTRIBUTE       Mikrotik-Xmit-Limit-Gigawords 15  integer
ATTRIBUTE       Mikrotik-Wireless-PSK         16  string
ATTRIBUTE       Mikrotik-Total-Limit          17  integer
ATTRIBUTE       Mikrotik-Total-Limit-Gigawords 18 integer
ATTRIBUTE       Mikrotik-Address-List          19 string
ATTRIBUTE       Mikrotik-Wireless-MPKey        20 string
ATTRIBUTE       Mikrotik-Wireless-Comment      21 string
ATTRIBUTE       Mikrotik-Delegated-IPv6-Pool    22 string

different from the one in our manual:

ATTRIBUTE       Mikrotik-Recv-Limit          1    integer             Mikrotik
ATTRIBUTE       Mikrotik-Xmit-Limit          2    integer             Mikrotik
ATTRIBUTE       Mikrotik-Group               3    string              Mikrotik
ATTRIBUTE       Mikrotik-Wireless-Forward    4    integer             Mikrotik
ATTRIBUTE       Mikrotik-Wireless-Skip-Dot1x 5    integer             Mikrotik
ATTRIBUTE       Mikrotik-Wireless-Enc-Algo   6    integer             Mikrotik
ATTRIBUTE       Mikrotik-Wireless-Enc-Key    7    string              Mikrotik
ATTRIBUTE       Mikrotik-Rate-Limit          8    string              Mikrotik
ATTRIBUTE       Mikrotik-Realm               9    string              Mikrotik
ATTRIBUTE       Mikrotik-Host-IP             10   ipaddr              Mikrotik
ATTRIBUTE       Mikrotik-Mark-Id             11   string              Mikrotik
ATTRIBUTE       Mikrotik-Advertise-URL       12   string              Mikrotik
ATTRIBUTE       Mikrotik-Advertise-Interval  13   integer             Mikrotik
ATTRIBUTE       Mikrotik-Recv-Limit-Gigawords 14  integer             Mikrotik
ATTRIBUTE       Mikrotik-Xmit-Limit-Gigawords 15  integer             Mikrotik
ATTRIBUTE       Mikrotik-Wireless-PSK         16  string              Mikrotik
ATTRIBUTE       Mikrotik-Total-Limit          17  integer             Mikrotik
ATTRIBUTE       Mikrotik-Total-Limit-Gigawords 18 integer             Mikrotik
ATTRIBUTE       Mikrotik-Address-List          19 string              Mikrotik
ATTRIBUTE       Mikrotik-Wireless-MPKey        20 string              Mikrotik 
ATTRIBUTE       Mikrotik-Wireless-Comment      21 string              Mikrotik
ATTRIBUTE       Mikrotik-Delegated-IPv6-Pool    22 string    Mikrotik

Ie. you just removed “mikrotik” at the end of each line?

CristianDeluxe · December 2, 2011, 8:54am

Yep and also in Wireless encryption

Original file:

# MikroTik Values

VALUE           Wireless-Enc-Algo            No-encryption                  0
VALUE           Wireless-Enc-Algo            40-bit-WEP                     1
VALUE           Wireless-Enc-Algo            104-bit-WEP                    2
VALUE           Wireless-Enc-Algo            AES-CCM                        3
VALUE           Wireless-Enc-Algo            TKIP                           4

Modified for debian (note “Mikrotik-” before “Wireless”)

VALUE           Mikrotik-Wireless-Enc-Algo            No-encryption                  0
VALUE           Mikrotik-Wireless-Enc-Algo            40-bit-WEP                     1
VALUE           Mikrotik-Wireless-Enc-Algo            104-bit-WEP                    2
VALUE           Mikrotik-Wireless-Enc-Algo            AES-CCM                        3
VALUE           Mikrotik-Wireless-Enc-Algo            TKIP                           4

EDIT:

Also you have to add:

BEGIN-VENDOR   Mikrotik

After vendor info and before attributes

mrz · December 2, 2011, 9:45am

Thanks, documentation updated to new freeradius syntax
http://wiki.mikrotik.com/wiki/Manual:RADIUS_Client/vendor_dictionary

CristianDeluxe · December 2, 2011, 10:01am

NP : ) i like to help

CristianDeluxe · December 2, 2011, 10:12am

I also suggest that when the Mikrotik team updates the dictionary again it would be nice if you
can send the updated file to: dictionary@freeradius.org as specified here: http://freeradius.org/features/vendors.html

So it will be included in repositories of linux distributions, making easier have an updated dictionary without have to check it in MK site.

I can send the email by myself but i think that this action should be made by the own vendor

Keep up the good work!