Page 1 of 1

need help setting up best authentication method

Posted: Fri Aug 22, 2008 5:03 pm
by lctn
I have never set up authentication on my radios, and am now looking into a couple methods. I have a school with 4 radios that I would like to authenticate users to, but need management to be centralized. I was looking into freeradius, but had another wireless tech advise I go with using the hotspot feature. Is it possible to do this on one box that would act as a gateway for all the radios? I need management to be fairly easy, since I am sure the person who will work with this will not be very techie.

I am running Routerboard 532s indoors, using cm9s ad OS v3.0rc13

Re: need help setting up best authentication method

Posted: Fri Aug 22, 2008 6:46 pm
by eneimi
Sure.

You could either use the routeros hotspot feature or user manager. The user manager is probably a tad bit more advanced but really straightforward.

Look up the mikrotik wiki: http://wiki.mikrotik.com/wiki/User_Manager

Regards.

Re: need help setting up best authentication method

Posted: Mon Aug 25, 2008 4:08 pm
by lctn
I was able to get the User Manager working, per the docs, but it seems to be authentication per radio, rather than central management if all radios. Is that accurate, or is there something I am missing in the docs? I prefer to use mac address authentication, if possible.

Re: need help setting up best authentication method

Posted: Tue Aug 26, 2008 2:48 am
by parrini
Be careful. MAC can be **easily** cloned.

Re: need help setting up best authentication method

Posted: Tue Aug 26, 2008 4:19 am
by lctn
I guess I am open to user/pass, just need it to be centralized, so I don't have to update every radio.

Re: need help setting up best authentication method

Posted: Wed Aug 27, 2008 10:24 pm
by eneimi
I assume all the radios have some form of link to the central server.

1. Enable radius under /ip hotspot profile (for each hotspot server profile) on each of the radios.
2. Enable radius under /radius on all the radios, making sure to specify 'hotspot' as the service and the ip address of the server running user manager as well as a common 'secret'.
3. Make sure to disable (safer) or delete all users under /ip hotspot user to ensure that only users entered into the user manager are authenticated. Ensure you've backed up all necessary databases first!
4. All this is under the assumption that you've properly setup radius and user manager on the server.

Hope that helps.