Community discussions

 
Krisken
Member Candidate
Member Candidate
Topic Author
Posts: 132
Joined: Thu Oct 25, 2012 11:35 am

Add users to multiple Mikrotik Gateways

Tue Sep 08, 2015 1:55 pm

Hello,

At this point we have multiple mikrotik devices (omnitik, 2011's, CCR, CRS, ...) in our network (about 1200 devices). So every time that an employee or volunteer comes to help us managing this network, we have to add the username to all these devices. Or we have to change the password for all these devices. Or disable the user on all of them.

Is there somebody here that can write a small script where we can add the IP's of the Mikrotik gear, and is able to add users, change passwords and disable users on all these devices using the API, eg using PHP?

Best regards,
Kris
 
marrold
Member
Member
Posts: 406
Joined: Wed Sep 04, 2013 10:45 am

Re: Add users to multiple Mikrotik Gateways

Tue Sep 08, 2015 2:16 pm

I'm a SIP / VoIP engineer. Feel free to ask questions...
 
Krisken
Member Candidate
Member Candidate
Topic Author
Posts: 132
Joined: Thu Oct 25, 2012 11:35 am

Re: Add users to multiple Mikrotik Gateways

Tue Sep 08, 2015 3:13 pm

That is one way, but we just want to use the Mikrotik API, not Radius.
 
User avatar
JJCinAZ
Member
Member
Posts: 473
Joined: Fri Oct 22, 2004 8:03 am
Location: Tucson, AZ
Contact:

Re: Add users to multiple Mikrotik Gateways

Tue Sep 08, 2015 7:45 pm

Kris,

I have to echo marrold -- use Radius. It's not that hard to setup (FreeRadius on a VM) and changes to users are instantaneous. With code to walk through 1200 routers and change users, it will take a lot of time and you have to deal with errors along the way. Also, you need a database of routers through which to loop, whereas with Radius you don't. All that being said, you do likely need a script to go change other things on the routers. Attached is some sample code I threw together. It uses the PHP API available through the Wiki and it's untested.
You do not have the required permissions to view the files attached to this post.
 
Krisken
Member Candidate
Member Candidate
Topic Author
Posts: 132
Joined: Thu Oct 25, 2012 11:35 am

Re: Add users to multiple Mikrotik Gateways

Wed Sep 09, 2015 12:07 pm

I tried radius using this tutorial : http://www.mikrotik.com/testdocs/ros/2. ... er_rad.php
In this tutorial the radiusserver has ip 1.1.1.1 and the routerboard has ip 1.1.1.3. Just a few questions about this...
1. Is it possible to have more than one radiusserver, so that if the radiusserver is down for some reason, the other one takes over all the actions (other network, other datacenter, ...)?
2. Is Belgium we don't have fixed IP addresses for our local lines. The IP changes every x hours (between 24 and 96 hours). Of course the VPS have static IP's. So the line "client 1.1.1.3" in the /etc/freeradius/clients.conf line won't work. Can i leave it blank?

Best regards, and thanks for all the answers!
@JJCinAZ : thanks for the script, i'll try it out soon!
 
User avatar
JJCinAZ
Member
Member
Posts: 473
Joined: Fri Oct 22, 2004 8:03 am
Location: Tucson, AZ
Contact:

Re: Add users to multiple Mikrotik Gateways

Thu Sep 10, 2015 8:01 pm

It is possible to have more than one radius server, but they both have to be operating from the same database. Usually this is accomplished by tying the radius servers into a database backend, but for simple authentication-only it could also be done by keeping static files synchronized via something like rsync. If you're worried about keeping the radius server available and you run it on a VM, just let the hypervisor take care of failover on host hardware failure for now. The database connectivity with radius makes it more complex so get the simple file config working first.

As for the client IP's you can just use a subnet in the client configuration to match all clients. For example, in clients.conf:
client 0.0.0.0/0 {
        secret = mysupersecret
        shortname = myrouters
}

Who is online

Users browsing this forum: No registered users and 2 guests