Has any thought been placed into LDAP integration with the Mikrotiks? I think it would be really slick to have NetReg type capabilities, or even better, the ability to store information like IP, MAC Address, and Purchased speed/shaped speed that would be pulled when a broadband user came online for dynamic provisioning and dynamic setup of the bandwidth shaping rules.
Anything like this on the burner? If not, could something like this be built into the system?
TYIA,
Brandon
You can already do this if you use RADIUS on the MikroTik and configure your RADIUS server to authenticate against an LDAP machine. Haven't acutally used a setup like this, so can't comment about the details...
You could for example look at FreeRadius (http://www.freeradius.org), which has an LDAP module as part of the distribution. Search the FreeRadius mailing list archives for "ldap" will yield a ton of posts - I suppose this could get you going.
You could for example look at FreeRadius (http://www.freeradius.org), which has an LDAP module as part of the distribution. Search the FreeRadius mailing list archives for "ldap" will yield a ton of posts - I suppose this could get you going.
Steps for integration of mikrotik with Radius
You can already do this if you use RADIUS on the MikroTik and configure your RADIUS server to authenticate against an LDAP machine. Haven't acutally used a setup like this, so can't comment about the details...
You could for example look at FreeRadius (http://www.freeradius.org), which has an LDAP module as part of the distribution. Search the FreeRadius mailing list archives for "ldap" will yield a ton of posts - I suppose this could get you going.
Hi there,
If u can pls tell us how to step-by-step intergate mikrotik with freeradius , it willl be a gr8 help to mikrotik community.....
Regards
kaushal patel
Please take a look at the docs - it's described there. If there are problems after reading this, I'l gladly try to help out...
RouterOS manual on setup as RADIUS client:
http://www.mikrotik.com/docs/ros/2.8/gu ... nt#13.4.14
Application example (this is for authenticating local users, but does also show Config excerpts from FreeRadius config files and the whole process to follow):
http://www.mikrotik.com/docs/ros/2.8/ap ... ad.content
RouterOS manual on setup as RADIUS client:
http://www.mikrotik.com/docs/ros/2.8/gu ... nt#13.4.14
Application example (this is for authenticating local users, but does also show Config excerpts from FreeRadius config files and the whole process to follow):
http://www.mikrotik.com/docs/ros/2.8/ap ... ad.content
Re: LDAP integration
Hi,
I have been able to integrate ldap with freeradius what i need is how to set bandwidth limit on freradius that is using ldap as backend. Anyone got an idea?
Thanks
I have been able to integrate ldap with freeradius what i need is how to set bandwidth limit on freradius that is using ldap as backend. Anyone got an idea?
Thanks
-
-
ruebenmaster
newbie
- Posts: 28
- Joined:
- Location: Mannheim, Germany
Re: LDAP integration
Hallo ojeysky,
i'm searching for help binding a ldap server to freeradius. The MikroTik Router (CAPsMAN) is be connected at a freeradius server. Do you have any HowTo's to bind the freeradius to a ldap server?
greetings
the ruebenmaster
i'm searching for help binding a ldap server to freeradius. The MikroTik Router (CAPsMAN) is be connected at a freeradius server. Do you have any HowTo's to bind the freeradius to a ldap server?
greetings
the ruebenmaster
Re: LDAP integration
I did put some things together some time ago. You can find the guide at the following gdocs url:Hallo ojeysky,
i'm searching for help binding a ldap server to freeradius. The MikroTik Router (CAPsMAN) is be connected at a freeradius server. Do you have any HowTo's to bind the freeradius to a ldap server?
greetings
the ruebenmaster
https://docs.google.com/document/d/1IuW ... -m1bA/edit
Note: I was only able to get the authentication part done. However, i could not get through with rate limiting which was a very crticial feature for me.
Regards
Re: LDAP integration
The biggest challenge to LDAP integration is writing your translations from LDAP-speak into RADIUS attributes.
The best thing to do would be to configure your user groups in RADIUS as you see fit, and then use LDAP for password authentication and group membership. Basically, the RADIUS server retreives the user's information and if they are the member of a certain group, then apply certain settings to the session.
Windows has a built-in RADIUS function for 802.1x deployment - it's called NPS. Do some homework on NPS and you might just be able to do all of this right in the Windows environment without having to learn a 3rd party RADIUS application. FreeRADIUS is a popular choice, but in my experience, the documentation and support on it are terrible. It runs great, but you'd better be ready to tinker a lot and read a lot of "RTFM, loser!" posts on the forums.
The best thing to do would be to configure your user groups in RADIUS as you see fit, and then use LDAP for password authentication and group membership. Basically, the RADIUS server retreives the user's information and if they are the member of a certain group, then apply certain settings to the session.
Windows has a built-in RADIUS function for 802.1x deployment - it's called NPS. Do some homework on NPS and you might just be able to do all of this right in the Windows environment without having to learn a 3rd party RADIUS application. FreeRADIUS is a popular choice, but in my experience, the documentation and support on it are terrible. It runs great, but you'd better be ready to tinker a lot and read a lot of "RTFM, loser!" posts on the forums.
Re: LDAP integration
ZeroByte, you are very much correct - I have set up freeradius with mikrotik for ppp auth and it works pretty smooth, but for anything more sophisticated than just credentials I would recommend setting MySQL as radius backend rather than LDAP.The biggest challenge to LDAP integration is writing your translations from LDAP-speak into RADIUS attributes.
The best thing to do would be to configure your user groups in RADIUS as you see fit, and then use LDAP for password authentication and group membership. Basically, the RADIUS server retreives the user's information and if they are the member of a certain group, then apply certain settings to the session.
Ser@fin
Who is online
Users browsing this forum: Bing [Bot] and 101 guests