V4.10 UM error.

RouterOS The User Manager
1

Hi,

I have decided to try UM and am now getting this error:

Aug/08/2010 17:13:36 wireless,debug wlan1: 00:0C:42:31:A1:F3 attempts to associate
Aug/08/2010 17:13:36 wireless,debug wlan1: 00:0C:42:31:A1:F3 not in local ACL, query RADIUS
Aug/08/2010 17:13:36 wireless,debug send RADIUS request for 00:0C:42:31:A1:F3 on wlan1
Aug/08/2010 17:13:36 wireless,debug got RADIUS failure for 00:0C:42:31:A1:F3 on wlan1

I am running Radius client and UM on same RB 433. All packages v4.10. Not running Hotspot.

I need UM to control access to the Wireless AP’s on the RB433. No login page required.

I do have other MAC addresses in the local ACL, as this is a live system, but have removed 00:0C:42:31:A1:F3, which promptly locked me out :frowning: Lucikily i have 00:0C:42:31:A1:F4 in the Access List, so chanegd the MAC on my CPE wireless card and re-connected.

My export of /tool user-manager gives:

/tool user-manager customer
add comment="" date-format=%d-%b-%Y disabled=no login=admin parent=admin password=snoopywasadog paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
    permissions=owner signup-allowed=no signup-email-body=\
    "Your authorization data:\
    \nlogin: %login%\
    \npassword: %password%\
    \n\
    \nTo check your status and buy extended time go to address  %link%\
    \n" signup-email-subject="Account info" subscriber=admin time-zone=+02:00
add comment="" date-format=%b/%d/%Y disabled=no login=00:0C:42:31:A1:F3 parent=admin password="" paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
    permissions=read-write signup-allowed=no signup-email-body=\
    "Your authorization data:\
    \nlogin: %login%\
    \npassword: %password%\
    \n\
    \nTo check your status and buy extended time go to address  %link%\
    \n" signup-email-subject="Account info" subscriber=admin time-zone=+00:00
/tool user-manager router
add comment="" disabled=no ip-address=10.254.253.254 log=auth-ok,auth-fail,acct-ok,acct-fail name="Hi Site" shared-secret=789456143 subscriber=admin
/tool user-manager user
disabled=no email=brian@bearwebb.com first-name=Brian ip-address=10.254.253.30  name=00:0C:42:31:A1:F3 password=snoopywasadog subscriber=admin
add comment="" disabled=no name=admin password=snoopywasadog subscriber=admin

How do I fix the problem…basically a simple mac authentication via Radius…

Thanks.

Brian

2

Hi,

Just curious…is this a complicated thing I am trying to achieve? No replies…no hints, no code, worst of all, no docs on 4.10…

Regards
Brian

3

all of this is v4.10 docs:
http://wiki.mikrotik.com/wiki/User_Manager

4

from the link above we get:

and then when we try this in v4.10, we get:

So I guess it’s not all 4.10 docs?

All I want to to do is have the mac address connecting to the wireless AP authenticated by the User manager.

So I have set the RADIUS tab wireless security profile as:

The Router in User Manager is set as below, the IP address is the same as the WLAN1 IP address, this is a RB433 with 3 wireless cards:

The User is as:

The Subscriber is as:

And the radius is setup as:

And I am still getting a “GOT RADIUS FAIL…” error…

Any pointers as to where I am going wrong?

Thanks.
Brian

5

show us what you see in “/system package print”

there are two user manager packages for v4, the old one, and the experimental one. the documentation has references to both, there are usually indications to which the commands apply.

seems like you have the old one, but command is for the new one.

the new one can be downloaded here:
http://forum.mikrotik.com/t/user-manager-v4-0-test-package/32132/1

6

Hi Normis,

Packages loaded on RB 433 are as below:

I assume I have an outdated v4.10 UM loaded?

Regards
Brian

7

yes

8

Normis,

I now have package list:

Will try again and see how it works.

Regards
Brian

9

looks good. you will see the improved web interface, and the new commands will work. let us know if you need more help

10

Still failing to authenticate.

Will message you and see if we work something out. [Edit: Not authorised to send PM’s]

Thanks
Brian

11

Customer info shows as:

User info shows as:

Anything obviously wrong here?

Just one niggle, the IP for the radius server is the same as the IP for the WLAN1 wireless card on the 433 board? Is this a problem?

Regards
Brian

12

What do you have at /radius export?

13

If I can get a private message to you, I can give you access to the Router via public IP…

Regards
Brian
Zimbabwe

14

Set timeout to default value, use 300ms instead.

15

Ok, have set timeout to 300ms…

What else can I show you? Please PM me your e-mail address, will send you login info/ip so you can look as see what i have done (wrong!)… :smiley:

Thanks
Brian

16

email support@mikrotik.com and sergejs will look at it

17

E-mail with access details sent :smiley:

18

briane, I’ve changed the address, 127.0.0.1 should be used, when User Manager is used on the same router.
You sent e-mail to support and reply-to is wrong, I believe reply won’t reach you.

19

Is it working now?

20

Hi Sergejs

I think I have an error in the user/customer/subscriber setup

In the first line I de-activate the ACL entry for the Mac-Address, forcing Radius connection, I re-activate near the end of the screen to allow the unit back online.

I notice two new lines in the radius status screen, showing accepts and rejects. Before the IP changes, it was No. of Requests= No of Timeouts. So at least we know the requests are being received now.

Could you possibly look at the ip/userman page and see if any obvious errors jump out at you.

Thanks
Brian