Community discussions

MikroTik App
  4. RouterOS
  5. Wireless Networking

CAPsMAN + RADIUS + Package User-Manager - I cannot authenticate

Post Reply
 
Niffchen
newbie
Topic Author
Posts: 38
Joined: Thu Mar 22, 2018 1:36 pm

CAPsMAN + RADIUS + Package User-Manager - I cannot authenticate

Fri Aug 10, 2018 8:59 pm

Hello,

now I'm trying to reach the next level after getting CAPsMAN working without any strange behaviours.
I try to switch from WPA2-PSK to WPA2-EAP. But at the moment it seems that no authentication request is reaching reach the User-Manager. But at the beginning some informations what I have done.

As I already mentioned I have CAPsMAN with 3 CAPs. Everything is up and running, authentication is WPA2-PSK.
Now I installed the package "User-Manager" on the hEX which is my CAPsMAN (IP: 192.168.x.y) and configured it. That means I advised a new password to the default user. Then I configured my CAPsMAN at the "Router" chapter in "User-Manager". I gave the Router a name, gave it the IP 192.168.x.y and the secret "test123".
After this I configured different users with the MAC address of my clients as username with different password or with MAC address also as password. I configured different users with real names and passwords. All for testing different configurations. I configured a profile for this user without any limitations and a duration of "999w". This has been saved and if I advise this profile to the users I can see the countdown running.
For me everything seems fine.

The next step was to configure "IP - Raduis" as enabled. Than I gave it the IP of the CAPsMAN / User-Manager (192.168.x.y), told it the secret of "User-Manager" (test123) and activated it for "wireless".

After this I tried to configure my configuration profiles with WPA2-EAP, set "encryption" and "group encryption" to "aes-ccm" and set the "EAP method" to "passthrough". Connecting again I will be asked for username and password but no combination seems to be correct. I also tried to configure "CAPsMAN - AAA" with "as username" or "as username and password" but no success with authentication. I tried to activate "WPA-PSK" again, changed CAPsMAN configuration sets in different ways about encryption and EAP method and so on and so on.
Everything without success, I cannot connect to the wireless lan and I get "Wrong username or password" or "Connect connect to ...".

If I take a look at the statistics of "User-Manager" at "Log" nothing is written ... empty. If I take a look at the router statistics for authentication tries, failures etc. everything is 0.
It seems that the authentication requests doesn't reach the "User-Manger" or am I wrong?
I also set a "Access List" at CAPsMAN with "action=query-radius" but without success.

If I take a look at the log at my hex ("/log print") the is the following messages overtime I try to authenticate:
"..... disconnected, max key exchange retries"

Do I misunderstand the meaning of "IP- Radius" / "User-Manager"? Do I miss something? Am I doing completely wrong?
Does anybody of you has a configuration for this use-case up and running or know what to do?
Or maybe you can explain me what are the exact steps to do to get such a authentication running? I don't know what is going at my environment at the moment...

Regards,
Jens
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 44 guests
  4. RouterOS
  5. Wireless Networking