Community discussions

MikroTik App
  4. Other topics
  5. The User Manager

radius not responding

Post Reply
 
nikolaz
just joined
Topic Author
Posts: 12
Joined: Sun Oct 15, 2006 1:18 pm
Location: Belgrade
Contact:
Contact nikolaz

radius not responding

Sat Feb 24, 2007 3:31 pm

Hi all,

I have problem with geting more than one router (hotspot server) to work with user manager

I tryed radius with ntradping and it works.

In user manager we added routers and secrets, and on hotspot routers we addes radius ip adress and secret.

Use radius is enabled in hotspot profile.

here is the export from user manager

/ tool user-manager customer
add subscriber=admin login="admin" password="password" time-zone=+00:00 \
permissions=owner parent=admin comment="" disabled=no
/ tool user-manager user
add subscriber=admin name="test1" password="test1" comment="" disabled=no
/ tool user-manager router
add subscriber=admin name="router1" ip-address=10.100.1.2 \
shared-secret="secret" log=auth-ok,auth-fail,acct-fail comment="" \
disabled=no

and export from hotspot

/ ip hotspot
add name="server1" interface=GLAVNI profile=default idle-timeout=none \
keepalive-timeout=none disabled=no
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name="default" hotspot-address=0.0.0.0 dns-name="" \
html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 \
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d \
split-user-domain=no use-radius=no
add name="hsprof1" hotspot-address=10.100.1.2 \
dns-name="router1.kmwireless.net" html-directory=hotspot rate-limit="" \
http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=cookie,http-chap \
http-cookie-lifetime=3d split-user-domain=no use-radius=yes \
radius-accounting=yes radius-interim-update=received \
nas-port-type=wireless-802.11 radius-default-domain="" \
radius-location-id="" radius-location-name=""
/ ip hotspot user profile
set default name="default" idle-timeout=none keepalive-timeout=2m \
status-autorefresh=1m shared-users=1 transparent-proxy=yes \
open-status-page=always advertise=no

/ radius
add service=hotspot called-id="" domain="" address=10.100.2.33 secret="secret" \
authentication-port=1812 accounting-port=1813 timeout=300ms \
accounting-backup=no realm="" comment="" disabled=no
/ radius incoming
set accept=no port=1700

what ever we try we get radius server not responding

Help please

Regards,
Nikola
Top
 
User avatar
skillful
Trainer
Trainer
Posts: 552
Joined: Wed Sep 06, 2006 1:42 pm
Location: Abuja, Nigeria
Contact:
Contact skillful

Sat Feb 24, 2007 3:44 pm

make sure your secret code is not more than four digits. i.e. secret="secr"
Top
 
nikolaz
just joined
Topic Author
Posts: 12
Joined: Sun Oct 15, 2006 1:18 pm
Location: Belgrade
Contact:
Contact nikolaz

Sat Feb 24, 2007 4:49 pm

i just lookup the logs on routers and as i can see radius authentificate user but during response it timed out, i also tryed to increase timeout interval but no luck

there is no firewall at all and radius is sending respose to port 1024

also we tryed with short secret but that wont help

:roll:
Top
 
User avatar
balimore
Forum Veteran
Forum Veteran
Posts: 884
Joined: Mon Apr 10, 2006 3:38 am

Sat Feb 24, 2007 5:25 pm

----
Hai Nik...

first,
I am not sure your hotspot server will running, cos you used hotspot server profile=default, but your config as profile=hsprof1 at '/ip hotspot' submenu

scond,
set radius incoming must be accept request and set by command:
/rad inco set accept=yes

third,
so sorry i must weekend, try it.....!!!!


regards
Hasbullah.com
----
Top
 
nikolaz
just joined
Topic Author
Posts: 12
Joined: Sun Oct 15, 2006 1:18 pm
Location: Belgrade
Contact:
Contact nikolaz

Sat Feb 24, 2007 5:53 pm

no luck

here's log from user manager router

01:17:23 manager,debug,packet received Access-Request with id 11 from 10.100.1.237:1025
01:17:23 manager,debug,packet Signature = 0xa9c3f0177c0acc10419a7d916850b8e9
01:17:23 manager,debug,packet NAS-Port-Type = 19
01:17:23 manager,debug,packet Calling-Station-Id = "00:02:6F:21:72:EF"
01:17:23 manager,debug,packet Called-Station-Id = "server1"
01:17:23 manager,debug,packet NAS-Port-Id = "GLAVNI"
01:17:23 manager,debug,packet User-Name = "test1"
01:17:23 manager,debug,packet MS-CHAP-Domain = "router1.kmwireless.net"
01:17:23 manager,debug,packet NAS-Port = 2160066560
01:17:23 manager,debug,packet Acct-Session-Id = "80c00000"
01:17:23 manager,debug,packet Framed-IP-Address = 10.100.1.11
01:17:23 manager,debug,packet MT-Host-IP = 10.100.1.11
01:17:23 manager,debug,packet CHAP-Challenge = 0x5ce7a16d5593e4a8a95650eeb059e6a6
01:17:23 manager,debug,packet CHAP-Password = 0xddc14851aef67666326dee0192ec1d4c
01:17:23 manager,debug,packet 6a
01:17:23 manager,debug,packet Service-Type = 1
01:17:23 manager,debug,packet WISPr-Logoff-URL = "http://10.100.1.2/logout"
01:17:23 manager,debug,packet NAS-Identifier = "MikroTik"
01:17:23 manager,debug,packet NAS-IP-Address = 10.100.1.237
01:17:23 manager,debug,packet MT-Realm = 0x726f75746572312e6b6d776972656c65
01:17:23 manager,debug,packet 73732e6e6574
01:17:23 manager,debug received remote request 24 code=Access-Request from 10.100.1.237:1025
01:17:23 manager,debug sending Access-Accept to request 24
01:17:23 manager,debug,packet sending Access-Accept with id 11 to 10.100.1.237:1025
01:17:23 manager,debug,packet Signature = 0xe35efdb90690bb03b5636c3943284e1f
01:17:23 manager,debug,packet Acct-Interim-Interval = 600
01:17:23 manager,debug,packet Framed-IP-Address = 10.100.1.11

and log on hotspot router

01:26:52 radius,debug,packet sending Access-Request with id 11 to
10.100.2.33:1812
01:26:52 radius,debug,packet Signature = 0xa9c3f0177c0acc10419a7d916850b8e
9
01:26:52 radius,debug,packet NAS-Port-Type = 19
01:26:52 radius,debug,packet Calling-Station-Id = "00:02:6F:21:72:EF"
01:26:52 radius,debug,packet Called-Station-Id = "server1"
01:26:52 radius,debug,packet NAS-Port-Id = "GLAVNI"
01:26:52 radius,debug,packet User-Name = "test1"
01:26:52 radius,debug,packet MS-CHAP-Domain = "router1.kmwireless.net"
01:26:52 radius,debug,packet NAS-Port = 2160066560
01:26:52 radius,debug,packet Acct-Session-Id = "80c00000"
01:26:52 radius,debug,packet Framed-IP-Address = 10.100.1.11
01:26:52 radius,debug,packet MT-Host-IP = 10.100.1.11
01:26:52 radius,debug,packet CHAP-Challenge = 0x5ce7a16d5593e4a8a95650eeb0
59e6a6
01:26:52 radius,debug,packet CHAP-Password = 0xddc14851aef67666326dee0192e
c1d4c
01:26:52 radius,debug,packet 6a
01:26:52 radius,debug,packet Service-Type = 1
01:26:52 radius,debug,packet WISPr-Logoff-URL = "http://10.100.1.2/logout"

01:26:52 radius,debug,packet NAS-Identifier = "MikroTik"
01:26:52 radius,debug,packet NAS-IP-Address = 10.100.1.237
01:26:52 radius,debug,packet MT-Realm = 0x726f75746572312e6b6d776972656c65

01:26:52 radius,debug,packet 73732e6e6574
01:26:52 radius,debug timeout for 3f:22
01:26:53 hotspot,info,debug test1 (10.100.1.11): login failed: RADIUS server


Thanks in advance
Top
 
dawam
Trainer
Trainer
Posts: 134
Joined: Wed May 31, 2006 1:40 pm
Location: Malaysia

Sat Feb 24, 2007 8:47 pm

Nikolaz,
I had once the same mesage 'Radius not responding'.

my IP for remote Radius was at 10.1.2.254.

Hotspot server was at 10.1.1.11 routed thru 10.1.2.250 PtP link

if I put Router Hotspot ip as 10.1.1.11 - Radius will not respond. but when Router Ip is set to 10.1.2.250 will work.

Don't know your setup, maybe can give it a try..
Top
 
nikolaz
just joined
Topic Author
Posts: 12
Joined: Sun Oct 15, 2006 1:18 pm
Location: Belgrade
Contact:
Contact nikolaz

Sat Feb 24, 2007 9:09 pm

Hi dawam,

Finaly we solved problem following your advice.

Thanks!!!
Top
Post Reply

Who is online

Users browsing this forum: GoogleOther [Bot] and 32 guests
  4. Other topics
  5. The User Manager