Community discussions

MikroTik App
 
OlivierMorf
just joined
Topic Author
Posts: 2
Joined: Thu Nov 21, 2019 11:39 pm

userman: identified by the wrong Customer! bug or wrong setting?

Fri Feb 25, 2022 11:00 am

Hi,

I have a very simple setup. 2 RouterOS with L2tp server (access). A 3rd RouterOS running Userman to authenticate access to the L2tp servers.

The idea is to set users to have a set number of possible simultaneous L2tp connections per router. (unlimited time, no "accounting")
So user1 would be able to open only one l2tp session on router1 and one on router2 (but not 0 on router1 and 2 on router2)

I created 2 Customers in userman. Customer1 authenticating for router1 / Customer2 authenticating for router2
Those 2 Customers do not share users. They have Full permission, and admin as parent. (access=own-routers,own-users,own-profiles,own-limits,config-payment-gw,parent-payment).

Customer1: ip-address= IP from router1
Customer2: ip-address= IP from router2


I created userA (same username and password) twice. One in customer1 and one in customer2. Both set with Shared users: 1

Problem: When userA access via router1 first session, no issue. When userA add access via router2 it gets "simultaneous session limit reached for user".
Increasing "Shared user" to 2, for userA in Customer1 allow userA to access lt2tp on router2 "belonging" to Customer2.
That means when userA access via router2 belonging to Customer2 it gets authenticated by Customer1. Why ? Anything I should check? Anything I am doing is incorrect ?


Note: it was half working on a previous routerOS version (now not sure which of the 6.48.x) but sometime showed similar log message. Had to reboot rooterOS / rebuild database in userman and sometime it seemed to fix it (not sure which action really solved it). Sometime had to increase "Shared users" to make it work.
Now on 6.49.2 and seems to not work anymore at all unless Shared users on Customer 1 is set to 2.

Who is online

Users browsing this forum: No registered users and 14 guests