Community discussions

MUM Europe 2020
 
benmikrotik
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 64
Joined: Mon Apr 26, 2010 5:12 am

user using multiple PCs

Mon Oct 04, 2010 7:04 pm

Will user manager prevents a user (single username) from logging/using multiple PCs at the same time?

He could put his own router to share wifi connection with multiple PCs.
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: user using multiple PCs

Mon Oct 04, 2010 7:07 pm

Introducing a router isn't something RADIUS/PPPoE/Hotspots can prevent. A NAT'ing router makes everything behind it appear as if all traffic is sourced from the router, so from your router's perspective there is only one client. You can use the firewall mangle facility to change the TTL of all packets going back to the customer to 1, if the customer is using a router that router will decrease the TTL to 0 and discard the packet. If the customer isn't using a router the packet will make it to the directly connected machine with a TTL of 1 and be processed just fine.

As far as I know User Manager does have an option for how many simultaneous logins an account can have, but that doesn't address routers masquerading devices behind it as explained above.
 
benmikrotik
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 64
Joined: Mon Apr 26, 2010 5:12 am

Re: user using multiple PCs

Mon Oct 04, 2010 7:17 pm

Do you have a sample code?
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: user using multiple PCs

Mon Oct 04, 2010 7:30 pm

For decreasing the TTL? It'd look something like this, assuming customers are behind an interface named ether1. You'll have to adjust it to match traffic going out to your clients:
/ip firewall mangle
add chain=postrouting out-interface=ether1 action=change-ttl new-ttl=set:1
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle
 
multipath
newbie
Posts: 43
Joined: Fri Sep 17, 2010 4:42 pm

Re: user using multiple PCs

Fri Oct 08, 2010 7:51 am

Do you see the login coming from many different macs? If more than one pc is logging in with the same login. This can be set in userman test. Click a user, under constraints set shared users to number of logins allowed at one time. If trying to block client from using a router and "sharing" connection, in winbox, under ip -> hotspot -> servers, set addresses per mac to number allowed will also help.

Who is online

Users browsing this forum: No registered users and 5 guests