Community discussions

MikroTik App
 
rae
newbie
Topic Author
Posts: 33
Joined: Fri Jul 04, 2014 5:17 pm

RADIUS Opinions

Thu Aug 14, 2014 9:07 pm

Please post which RADIUS you use and why, thanks.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: RADIUS Opinions

Thu Aug 14, 2014 10:27 pm

I originally used the radius settings in my Mikrotik APs to permit what MAC address (clients) could connect. It did work, however there was a secondary problem - I would have customers call in thinking the network was broken.

I have since switch to something else - here is what I use...
- None of my Mikrotiks use any radius settings
- All of my customer Mikrotiks connect up and gateway to one of my PfSense servers.
- My PfSense servers use Captive Portal (Walled Garden) which is configured to check my FreeRadius servers running on Ubuntu Linux.

What I now have is the following:
- Customers who have a MAC address in the FreeRadius servers connect up and can access anything
- PfSense via the CaptivePortal settings also rate limit what speeds each client may upload and download at. Each client may have different different setting for up/down rates in my PfSense Captive Portal.
- When a client customer MAC address is NOT in my FreeRadus server, then PfSense CaptivePortal will block the customer traffic and also redirect any http traffic to a specific URL one of my web servers. In my case, the redirected web page states the customer is connected but service has been suspended and they need to call our office and make arangements to pay their bill.

Also, with CaptivePortal in PfSense, you can do other things such as simply show rules to use the Internet and force the customer to click an "I Agree" button. You can also set up a temporary credit where a suspended customer can mouse click a credit and get a temporay extension to continue using the Internet.

Also, PfSense has a great selection of optional features such as firewall, router, traffic shaper, nat, packet inspection protocol analyzer bandwidth hog locator.

And the best thing is that Ubuntu & FreeRadius and PfSense are all free.

I run thousands of customer connections through only 5 PfSense servers and it has worked well for many years now.

North Idaho Tom Jones
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: RADIUS Opinions

Thu Aug 14, 2014 11:07 pm

FreeRADIUS with perl module. There is no substitute.
 
rae
newbie
Topic Author
Posts: 33
Joined: Fri Jul 04, 2014 5:17 pm

Re: RADIUS Opinions

Fri Aug 15, 2014 9:33 am

I looked at Access Manager (accessmanager.in) and Radius Manager (dmasoftlab.com) which look promising, I don't mind paying if I have to as I want it to be stable. Can anyone shed some light on their experience with either (or alternatives) on how well it works and what you're limited to?
 
jaykay2342
Member
Member
Posts: 336
Joined: Tue Dec 04, 2012 2:49 pm
Location: /Vigor/LocalGroup/Milky Way/Earth/Europe/Germany

Re: RADIUS Opinions

Sat Aug 16, 2014 11:56 am

FreeRadius with MySQL backend. We also have a module for YubiKeys which authenticates against an internal yubikey server. We build the yubikey setup for a (open)VPN which requires 2 factors for login.
 
User avatar
arjuneu
Member Candidate
Member Candidate
Posts: 173
Joined: Fri Oct 07, 2011 10:24 am

Re: RADIUS Opinions

Sun Aug 17, 2014 1:40 pm

I use DMA Softlab Radius Manager. Its a good radius server.
 
net365
newbie
Posts: 40
Joined: Sun Feb 14, 2010 5:17 pm

Re: RADIUS Opinions

Tue Aug 19, 2014 3:27 pm

We also use RadiusManager by DMA Softlab. Would recommend 100%
 
rae
newbie
Topic Author
Posts: 33
Joined: Fri Jul 04, 2014 5:17 pm

Re: RADIUS Opinions

Wed Oct 22, 2014 11:38 am

I'll be getting DMA Radius Manager. Are there some good tutorials to get it setup and with Mikrotik?

Thanks.
 
rae
newbie
Topic Author
Posts: 33
Joined: Fri Jul 04, 2014 5:17 pm

Re: RADIUS Opinions

Thu Nov 06, 2014 8:30 pm

Nevermind, got the manual with it.

I've got a 60GB SSD floating around, will that be sufficient for CentOS and Radius Manager?
 
User avatar
slackR
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Sat May 23, 2009 1:46 pm
Location: Buffalo, New York, USA

Re: RADIUS Opinions

Fri Nov 07, 2014 1:09 pm

We have a MS Server 2012 radius server connected to CAPsMAN using
WPA2-Enterprise so our users can authenticate with their Windows Domain user/password.

Works Great!
 
coberas
just joined
Posts: 8
Joined: Fri Nov 28, 2014 11:57 am

Re: Odp: RADIUS Opinions

Sat Nov 29, 2014 11:04 am

We have a MS Server 2012 radius server connected to CAPsMAN using
WPA2-Enterprise so our users can authenticate with their Windows Domain user/password.

Works Great!
Could you put some config to do that or some links with tutorial. I had try to setup but without good results
 
coberas
just joined
Posts: 8
Joined: Fri Nov 28, 2014 11:57 am

Re: Odp: RADIUS Opinions

Sun Nov 30, 2014 8:43 pm

We have a MS Server 2012 radius server connected to CAPsMAN using
WPA2-Enterprise so our users can authenticate with their Windows Domain user/password.

Works Great!
Could you put your configs or links with tutorial how to do that. I've try to connect windows 2012 nap with capsman but without succes :(
 
coberas
just joined
Posts: 8
Joined: Fri Nov 28, 2014 11:57 am

Re: RADIUS Opinions

Mon Dec 01, 2014 11:05 pm

Could you put your config or some link to tutorial how to connect windows 2012 nap with mikrotik ?
I've try to do that but without succes :(
 
lysy1033
just joined
Posts: 11
Joined: Tue May 07, 2013 2:08 pm

Re: RADIUS Opinions

Mon Dec 01, 2014 11:39 pm

Can You provide some examples or partial export? We are tryin to get WPA2 ENT running with W2012 NPS without success.

Who is online

Users browsing this forum: Ahrefs [Bot], BinaryTB, Bing [Bot], raphaps, rplant and 80 guests