I need to configure hotspot authentication via domain controller Active directory windows server 2003 as a Radius server (Internet Authentication Service), do any one have any idea to do so??
Thanks in advance
Set use-radius use for the HotSpot profile, configure /radius client and point it to your RADIUS server set shared-secret and service=hotspot.
Other configuration should be done on RADIUS server.
Do not forget /ip hotspot user is used at the first point and only then RouterOS contacts RADIUS about the user.
Do you Know what I should do @ the radius server if i’m using windows server 2003 domain controller, and the last line “/ip hotspot user is used at the first point and only then RouterOS contacts RADIUS about the user”, I did not understant it can you please explain more in details,
Thanks for your time
and the last line “/ip hotspot user is used at the first point and only then RouterOS contacts RADIUS about the user”, I did not understant it can you please explain more in details,
Client wants to authenticate in HotSpot, web-browser shows login page and user types login/password;
- authentication request is send to the HotSpot;
- firstly /ip hotspot user (local HotSpot user database) is checked, whether user exists or not;
- then if there is no such user, HotSpot sends request to the RADIUS server.
I’m not an expert in 2003 as RADIUS server, if you want to solve the problem quickly, you should look for the consultant, who can help you.
you’ll want to setup connection policies.
it’s best to put the users you want to connect into a particular group in AD, then set the policy to allow memebers of that group to connect when connecting from the hotspot.
if you want to get more detailed and only allow users access to connect to a particular hotspot and not all radius clients, you can set other filters in the connection policy such as “Client Friendly Name” which is the name you give the radius client in theclient section of IAS, or the “Called Station Name” which is the name of the hotspot or PPPoE server that the client is connecting to on the MikroTik.
Are you successfully install IAS service on Domain controller yet?
- Make sure service is up and running.
- add IP address of Mikrotik as RADIUS Client,
- also add IP address of your notebook/PC as client too (for test)
- add/edit proper policy
- Test RADIUS functional by using NTRadPing software (google it)
Which interface that Mikrotik connected to RADIUS?
- this is very important, I dont know howto config firewall rule by myself.
so I add routing table / IP interface exclusive for RADIUS server
connection. so Mikrotik can talk to RADIUS server by using another interface,
not Hotspot interface.
I can give more detail, sample screen,
but please upload your network diagram pic?
Dear Trixster,
See the attached WirelessDrawing, and for more details please reply
Thanks in advance
