Hi All,

I am having problem with radius timeout on usermanager, it did this when I first setup userman as well.

I setup radius manager the first time with ip addresses assigned to all my interfaces, and it came with error of radius time out, so I added another router in the setup, this registered two sessions per host, but the radius worked, all the accounting was double. I removed the second router a week later, and radius timeout error dissappeared. I had to replace a wireless card recently, and the radius timeout appeared again.

I add the second radius ip in /radius and it works, but now registering two sessions for every connection, thus doubleing accounting. If I remove the second radius it comes with radius timeout error again. If I remove the IP assigned to all other interfaces except for one, then it works again.

I have been using userman since 2.9.29 and have only experienced these issues on v3+


My Usermanager setup bellow:
[stephen@Stephen-433] /interface pppoe-server server> print
Flags: X - disabled
0 service-name="winagain" interface=ether1 max-mtu=1480 max-mru=1480
mrru=disabled authentication=pap,chap keepalive-timeout=10
one-session-per-host=yes max-sessions=0 default-profile=default

1 service-name="winagain" interface=ether2 max-mtu=1480 max-mru=1480
mrru=disabled authentication=pap,chap keepalive-timeout=10
one-session-per-host=no max-sessions=0 default-profile=default

2 service-name="winagain" interface=wlan1 max-mtu=1480 max-mru=1480
mrru=disabled authentication=pap,chap keepalive-timeout=10
one-session-per-host=yes max-sessions=0 default-profile=default

3 service-name="winagain" interface=wlan2 max-mtu=1480 max-mru=1480
mrru=disabled authentication=pap,chap keepalive-timeout=10
one-session-per-host=yes max-sessions=0 default-profile=default

4 service-name="winagain" interface=wlan3 max-mtu=1480 max-mru=1480
mrru=disabled authentication=pap,chap keepalive-timeout=10
one-session-per-host=yes max-sessions=0 default-profile=default

5 service-name="service1" interface=ether1 max-mtu=1480 max-mru=1480
mrru=disabled authentication=pap,chap,mschap1,mschap2 keepalive-timeout=10
one-session-per-host=no max-sessions=0 default-profile=profile1

6 service-name="service2" interface=wlan1 max-mtu=1480 max-mru=1480
mrru=disabled authentication=pap,chap,mschap1,mschap2 keepalive-timeout=10
one-session-per-host=no max-sessions=0 default-profile=profile1

7 service-name="service3" interface=wlan3 max-mtu=1480 max-mru=1480
mrru=disabled authentication=pap,chap,mschap1,mschap2 keepalive-timeout=10
one-session-per-host=no max-sessions=0 default-profile=default

[stephen@Stephen-433] /radius> print
Flags: X - disabled
# SERVICE CALLED-ID DOMAIN ADDRESS SECRET
0 ppp 192.168.30.221 testing123

[stephen@Stephen-433] /tool user-manager router> print
Flags: X - disabled
0 subscriber=admin name="router1" ip-address=192.168.30.221
shared-secret="testing123" log=auth-ok,auth-fail,acct-fail

[stephen@Stephen-433] /tool user-manager customer> print
Flags: X - disabled
0 subscriber=admin login="admin" password="admin" time-zone=+00:00
permissions=owner parent=admin signup-allowed=no paypal-allowed=no
paypal-secure-response=no paypal-accept-pending=no


[stephen@Stephen-433] /ppp profile> print
Flags: * - default
0 * name="default" local-address=192.168.30.221 remote-address=ppp-clients
use-compression=default use-vj-compression=default use-encryption=default
only-one=default change-tcp-mss=yes

1 name="pppoe-out" use-compression=no use-vj-compression=no use-encryption=no
only-one=default change-tcp-mss=yes

2 name="profile1" local-address=192.168.30.221 remote-address=ppp-clients
use-compression=no use-vj-compression=no use-encryption=no only-one=no
change-tcp-mss=yes incoming-filter=""

3 * name="default-encryption" use-compression=default use-vj-compression=default
use-encryption=yes only-one=default change-tcp-mss=yes

If I have missed any of the exports let me know, I will post them.

Hope someone will be able to make heads or tails on this!

what is your radius timeout value? Tried increasing it to 3000mS?

Ron

Radius timeout vallue is set to 3000

Edit

My Original post when the error occured the first time

forum.mikrotik.com/viewtopic.php?f=10&t=22658&p=148059#p148059

do you have radius configured to listen on IP 127.0.0.1?

Ron

If you mean do I have an entry for radius in /radius for 127.0.0.1, then the answer would be no.

I have set the /radius ip to the ether1 address, which is 192.168.30.221, Like I have done in other ROS versions.

I followed the wiki when initially learning how to set this up.

The reason I mentioned that post is I tried using the loopback interface but that too does not solve the issue, still times out when there are multiple interfaces assigned ip addresses.

Working setup when ip's bellow are disabled, when ip's are enabled then radius timesout!!!

ether1 - ip address 192.168.30.221
ether2 - not used
ether 3 - not used
wlan0 - pppoe server 192.168.1.1 (ip currently disabled)
wlan1 - pppoe client (ip not assigned, as it is assigned dynamically via ppp conection)
wlan2 - pppoe server 192.168.3.1 (ip currently disabled)

If you are using the radius server in MT ROS as part of Usermanager, then the IP address should be, and only be, 127.0.0.1. The internal radius server is listening on that interface, so it should work fine on 127.0.0.1. I cannot comment on why it worked before and not now!

Was this the wiki you followed?
http://wiki.mikrotik.com/wiki/User_Mana ... ame_router

If you are trying to connect to this Radius server from outside of the RB, then of course, you would use the appropriate external IP address as 127.0.0.1 is not routable.

Ron

Hi, the wiki that you posted is for hotspot, not pppoe.

The one that I used was

http://wiki.mikrotik.com/wiki/User_Manager/PPP_Example

The address might not be complete because it is from a print out that I made.

Yes I have multiple mikrotik's authenticating on this unit, so I have to use one of the interface addresses.

[EDIT]

So you mean I should use the 127.0.0.1, and when contacting the Radius Server from another unit use the ip address of the interface.

1 Problem with that.

I can't assign an address to the interface, then everything bombs out, have already tried the 127.0.0.1 and it too does not work if I have interface 1 with ip address 192.168.1.1 and interface 2 with ip address 192.168.2.1

OK on the wiki.

pm me with a complete extract of all settings and I will setup a RB here with the same setup as you. I will then happily play with the setup you have (on my RB) and quickly find where the issue is.

Leave all the IPs intact. If there are any usernames or passwords, feel free to edit them out of course!

Ron.

If I could pm you I would, don't think this forum allows pm.

Have the file ready for you.

[EDIT]

In the mean time I will try setting up another 433 with a simlar setup, if it works, then I will just put that up on the tower, and if I get the same, it must be a mikrotik bug, I doubt it is a setup issue, because I have done this many times with 100% success on all other routerboards, except this particular one. It is also the only 433 that I have with usermanager installed on it, but will install on another and see.

I have a 433 which I can use to simulate your setup. So if you are still having problems, I'm more than happy to help. If pm does not work, then my contact details are on http://www.mikrotik.com/consultants.html. Search for Nest. Should be right at the bottom.

Ron.

thanx