Community discussions

MikroTik App
 
User avatar
Deantwo
Member
Member
Topic Author
Posts: 314
Joined: Tue Sep 30, 2014 4:07 pm

Upgrade to MS-CHAPv2 RADIUS for >6.43

Wed Jan 30, 2019 5:13 pm

I am attempting to figure out the best way to upgrade from my old RADIUS server to a new MS-CHAPv2 RADIUS server. I would prefer a backward compatible solution, so routers running <6.43 can use the same configuration as >6.43.

Googling for the answer seem to most of all just point me to a post I wrote myself about not knowing how to do it.

Using an ActiveDirectory RADIUS server, but I am not the one in charge of it so I don't know the specifics.
I wish my FTP was FTL.
 
Cvan
Member Candidate
Member Candidate
Posts: 123
Joined: Sat Jun 09, 2018 3:32 am

Re: Upgrade to MS-CHAPv2 RADIUS for >6.43

Thu Jan 31, 2019 12:43 am

I am using Active directory RADIUS server and mAP lite as the radius client and it works fine with AD/Radius Authentication (MS-CHAPv2).
 
User avatar
Deantwo
Member
Member
Topic Author
Posts: 314
Joined: Tue Sep 30, 2014 4:07 pm

Re: Upgrade to MS-CHAPv2 RADIUS for >6.43

Mon Feb 04, 2019 3:51 pm

I am told that the guide on the wiki/manual aren't much help anymore.
This: https://wiki.mikrotik.com/wiki/AAA_with ... _Directory

I sendt an e-mail to support about getting the guide updated and possibly some help with this.
I wish my FTP was FTL.
 
User avatar
Deantwo
Member
Member
Topic Author
Posts: 314
Joined: Tue Sep 30, 2014 4:07 pm

Re: Upgrade to MS-CHAPv2 RADIUS for >6.43

Tue Feb 05, 2019 11:36 am

We got the new RADIUS server to work with MS-CHAPv2 and RouterOS v6.43.
I'll bug my server guy to find out what he did on the server to make it work.

I have one fun fact with backward compatibility, a router running <6.43 can still use a MS-CHAPv2 RADIUS, but only for WinBox login. Trying to open the terminal window in WinBox will give a login failure.
But if we can login with WinBox we can upgrade the router to >6.43, so this should be more than enough.
I wish my FTP was FTL.
 
gerarivero
just joined
Posts: 2
Joined: Fri Jan 26, 2018 12:23 am

Re: Upgrade to MS-CHAPv2 RADIUS for >6.43

Tue Jan 28, 2020 4:11 pm

We got the new RADIUS server to work with MS-CHAPv2 and RouterOS v6.43.
I'll bug my server guy to find out what he did on the server to make it work.

I have one fun fact with backward compatibility, a router running <6.43 can still use a MS-CHAPv2 RADIUS, but only for WinBox login. Trying to open the terminal window in WinBox will give a login failure.
But if we can login with WinBox we can upgrade the router to >6.43, so this should be more than enough.
What do you mean with ..."router running <6.43 can still use a MS-CHAPv2 RADIUS", do you have any setup working with routerOS versions < 6.43 and mschapv2?

We have acomplish an authentication system with RouterOS > 6.43 with freeradius and Active Directory integration, but the problem is to get this work with routerOS version prior to 6.43.

Have you any advice?

Thanks in advance
 
jerryroy1
Member Candidate
Member Candidate
Posts: 122
Joined: Sat Mar 17, 2007 4:55 am
Location: LA and OC USA
Contact:

Re: Upgrade to MS-CHAPv2 RADIUS for >6.43

Thu Feb 06, 2020 10:06 pm

Can you export your config so we can see what you have set?
 
jerryroy1
Member Candidate
Member Candidate
Posts: 122
Joined: Sat Mar 17, 2007 4:55 am
Location: LA and OC USA
Contact:

Re: Upgrade to MS-CHAPv2 RADIUS for >6.43

Thu Feb 06, 2020 10:21 pm

I am using Active directory RADIUS server and mAP lite as the radius client and it works fine with AD/Radius Authentication (MS-CHAPv2).
Can you export your radius config portions?
 
Cvan
Member Candidate
Member Candidate
Posts: 123
Joined: Sat Jun 09, 2018 3:32 am

Re: Upgrade to MS-CHAPv2 RADIUS for >6.43

Fri Feb 07, 2020 1:28 am

Service: ppp,dot1x
Called ID:
Domain:
Address: AD Radius server IP address
Protocol: UDP
Secret: *******
Auth Port: 1812
Acct port: 1813
Timeout: 300
Account Backup:
Realm: my_domain
Certificate: none
Src. Address: MT router (Radius Client) IP address

The AD configuration for the Radius Server is more complex then the MT side.

Who is online

Users browsing this forum: No registered users and 100 guests