Using UserManager as RADIUS for other AP

SkullKill · April 30, 2008, 3:11pm

hi,
i am running User-manager 3.7 with a license level 4

i have setup the user-manager and hotspot correctly and all that works fine,

now, i am trying to setup other AP to use the userManager for authentication of wireless clients using WPA,
setup the radius server ip as the ip of the mikrotik but once a user try to authenticate with the AP,
usermanager returns “unknown authentication algorithm”

tried with an D-link AP and a Cisco AP

this is the debug output from the user-manager

when trying to connect to the d-link AP
18:20:52 manager,debug,packet received Access-Request with id 2 from 192.168.5.253:1202
18:20:52 manager,debug,packet Signature = 0x84a49103cc815a8aeb3d9cb12b4137c4
18:20:52 manager,debug,packet User-Name = “blah”
18:20:52 manager,debug,packet NAS-IP-Address = 192.168.5.253
18:20:52 manager,debug,packet NAS-Port = 0
18:20:52 manager,debug,packet Called-Station-Id = “00-40-05-5E-FA-C7”
18:20:52 manager,debug,packet Calling-Station-Id = “00-19-D2-8F-0B-7A”
18:20:52 manager,debug,packet NAS-Identifier = “DI-624”
18:20:52 manager,debug,packet Framed-MTU = 1380
18:20:52 manager,debug,packet NAS-Port-Type = 19
18:20:52 manager,debug,packet EAP-Message = 0x0201000901626c6168
18:20:52 manager,debug,packet Message-Authenticator = 0x0a9f9dc298bf91b9dc6ff0910fb0d9c8
18:20:52 manager,debug received remote request 115 code=Access-Request from 192.168.5.253:1202
18:20:52 manager,debug sending Access-Reject to request 115
18:20:52 manager,debug,packet sending Access-Reject with id 2 to 192.168.5.253:1202
18:20:52 manager,debug,packet Signature = 0x7754294530c983190983071605ea0978
18:20:52 manager,debug,packet Reply-Message = “unknown authentication algorithm”
18:20:52 manager,debug unknown authentication algorithm for user in authentication request 115, rejecting

when trying to connect to the Cisco AP
21:21:06 manager,debug,packet received Access-Request with id 2 from 192.168.0.254:1645
21:21:06 manager,debug,packet Signature = 0x86f6743ef048f45b2d95ba18d826e2ce
21:21:06 manager,debug,packet User-Name = “blah”
21:21:06 manager,debug,packet Framed-MTU = 1400
21:21:06 manager,debug,packet Called-Station-Id = “001f.6cf4.d0e0”
21:21:06 manager,debug,packet Calling-Station-Id = “0019.d28f.0b7a”
21:21:06 manager,debug,packet Service-Type = 1
21:21:06 manager,debug,packet Message-Authenticator = 0x275e9d78d317bbcf4e150d9d0a3bfd2c
21:21:06 manager,debug,packet EAP-Message = 0x0202111e01536b756c6c4b696c6d
21:21:06 manager,debug,packet NAS-Port-Type = 19
21:21:06 manager,debug,packet NAS-Port = 259
21:21:06 manager,debug,packet NAS-Port-Id = “259”
21:21:06 manager,debug,packet NAS-IP-Address = 192.168.0.254
21:21:06 manager,debug,packet NAS-Identifier = “SkullKillR”
21:21:06 manager,debug received remote request 117 code=Access-Request from 192.168.0.254:1645
21:21:06 manager,debug sending Access-Reject to request 117
21:21:06 manager,debug,packet sending Access-Reject with id 2 to 192.168.0.254:1645
21:21:06 manager,debug,packet Signature = 0x8a04f8fffc18e107f6911c1acc0342df
21:21:06 manager,debug,packet Reply-Message = “unknown authentication algorithm”
21:21:06 manager,debug unknown authentication algorithm for user in authentication request 117, rejecting

any idea why???

note: try to connect to AP with windows vista / XP
trying to use PEAP

omega-00 · April 30, 2008, 3:14pm

What authentication method are you trying to use on the wireless?

sergejs · May 2, 2008, 11:15am

I believe that User-Manager is not able to provide with PEAP or similar authentication.
Currently you need to use Free RADIUS or similar product to get PEAP or other kind of authentication.

SkullKill · May 2, 2008, 1:47pm

ok then, snif snif, would be a GOOD option to have in the userManager though…

lagosta · June 7, 2008, 4:37pm

+1 vote

aizukanne · September 24, 2009, 9:46am

Very interesting. I have same issue here as well. using Open Radius means a new server right? Or is there a way to integrate that to Mikrotik perhaps running a Linux distro with Open Radius in xen.

Chilene · January 16, 2010, 11:54pm

Are there currently any plans to integrate EAP into User Manager or do we still have to use Freeradius in the Future?

sergejs · January 18, 2010, 10:02am

As far as I know there is no plans for near future, but it could be possible in future.

Chilene · January 18, 2010, 11:11am

Ok, thank you for the answer. Would be really a great option for the future!

+1 vote for EAP in UM!

jandafields · April 6, 2010, 12:42am

This would definitely be a nice feature. I assumed it could do that already until I read this. Please include in v4!

alex_rhys-hurn · April 26, 2010, 4:24pm

I Agree that this would be a very good addition:

+1 Vote

zervan · December 17, 2010, 9:14pm

Do I understand well that I can’t use the Mikrotik with User Manager as central RADIUS server for users connecting to AP? Is anything new in this area?

SurferTim · December 18, 2010, 10:47am

@zervan: This thread is about PEAP authentication. If you use the default http-chap, it does fine.

THG · January 20, 2011, 4:56am

I need it for IEEE 802.1X port-based authentication on my switches.

peterd · September 12, 2011, 1:08pm

+1 here

SunnyNL · March 4, 2012, 1:27am

+1

Missing EAP-TLS authentication with (user manager) RADIUS!

bweyrick · March 7, 2012, 7:29pm

1 looking to drop pppoe from network

miooodek · April 9, 2012, 10:09pm

+1 here

Seanny · August 2, 2012, 12:28am

+1 here

bax · January 8, 2013, 12:50pm

Im also have Userman on x86 Ros v5.22 and I want to give some other network usage to same users which is already in userman base …
Is it possible to the existing RADIUS server access to some external method?
For now, I’m trying to make a connection with NTRadPing … but no luck …
If anyone knows the settings with which you can connect, please help.
I always have errors like in this picture :