Page 1 of 1

user using multiple PCs

Posted: Mon Oct 04, 2010 7:04 pm
by benmikrotik
Will user manager prevents a user (single username) from logging/using multiple PCs at the same time?

He could put his own router to share wifi connection with multiple PCs.

Re: user using multiple PCs

Posted: Mon Oct 04, 2010 7:07 pm
by fewi
Introducing a router isn't something RADIUS/PPPoE/Hotspots can prevent. A NAT'ing router makes everything behind it appear as if all traffic is sourced from the router, so from your router's perspective there is only one client. You can use the firewall mangle facility to change the TTL of all packets going back to the customer to 1, if the customer is using a router that router will decrease the TTL to 0 and discard the packet. If the customer isn't using a router the packet will make it to the directly connected machine with a TTL of 1 and be processed just fine.

As far as I know User Manager does have an option for how many simultaneous logins an account can have, but that doesn't address routers masquerading devices behind it as explained above.

Re: user using multiple PCs

Posted: Mon Oct 04, 2010 7:17 pm
by benmikrotik
Do you have a sample code?

Re: user using multiple PCs

Posted: Mon Oct 04, 2010 7:30 pm
by fewi
For decreasing the TTL? It'd look something like this, assuming customers are behind an interface named ether1. You'll have to adjust it to match traffic going out to your clients:
/ip firewall mangle
add chain=postrouting out-interface=ether1 action=change-ttl new-ttl=set:1
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle

Re: user using multiple PCs

Posted: Fri Oct 08, 2010 7:51 am
by multipath
Do you see the login coming from many different macs? If more than one pc is logging in with the same login. This can be set in userman test. Click a user, under constraints set shared users to number of logins allowed at one time. If trying to block client from using a router and "sharing" connection, in winbox, under ip -> hotspot -> servers, set addresses per mac to number allowed will also help.