I have been trying to get RADIUS to work under the using the new user manager on ROS7 (7.2.3). It is very easy to use add RADIUS to authenticate into Mikrotik. I will add the configuration here just in case I am missing something. For the sake of simplicity I am using the same router to provide the RADIUS server and authenticate into.

I changed the secrets and passwords in this example.
Now. Remember that I am using the same device to test the RADIUS server and client.
This configuration works. But I will also like to use RADIUS to authenticate "wireless." I tried following the documentation multiduplikator provided here. https://github.com/multiduplikator/mikrotik_EAP

I am going to provide what I added. I did not add a client certificate since I do not believe that this is necessary for this exercise (FYI adding the client certificate does not fix any problems)
So far, so good. But when I try to setup user manager to add WiFi Ent, this brakes the login authentication that was working before. This is what I add to the user manager
Any ideas? Ideally I would like to add RADIUS +WiFi Ent but I am stuck here.

Hi own3r1138,

I was actually hoping you or fritzme read my post since I had read and re-read the post you linked before. I am not sure why the instructions didn't work for me. And I am not sure why trying them broke the login in Mikrotik that was already working. Maybe I made a mistake somewhere, but I couldn't find anything in what I typed that could be the problem.

Any clue would be greatly appreciated.

@tuxtlequino

What you posted ( config aspect ) is different from what we discussed on that topic.
The certificate you have created is self-signed, I used the Let's Encrypt certificate.
Please post your latest config and ensure your export includes the user-man, wireless interface, certificates, and radius sections.

@own3r1138

I had shown all of my configurations in the first post. I figured out that I couldn't login authenticate because I didn't have the right inner and outer-auths in my '/user-manager/user/group' groups. But if I modify my configuration to the following,
I now can authenticate into MikroTik using RADIUS. I didn't have enough time to play with the CAPsMAN configuration and see if that makes a difference. I also added this to my configuration (although it was authenticating to login) just in case,
I do think that it is a bug that if I delete the certificates and restore the configurations to how things were before I modified anything, RADIUS and the new user manager does not work at all. I needed to restart the router and reset the user manager database (although maybe just a reset was all that was needed.)

I also noticed that in your radius client, you also used certificates. I think that I may be able to use that, but since I am signing my own, that may cause a problem since it is self-signed. This is what I have, I will go back now and try to see if I can get WiFi Ent using "Let's Encrypt." This is where I need help.

1. I created a certificate for the main router, but I do not want to do any testing on that router since it is a "production router." My question is, Can you transfer that certificate into a test router? I you can, how?
2. A lot of the instructions also try to create client certificates and use those. I see that fritzme did that, but did you do that too?
3. Could you share what is your `/radius` client's configurations and what you `/user-manager/user/group` defaults are? That could help me to get my wireless set up working.
3. I want to use CAPsMAN. I saw in the other post what you do for AP's and the security profiles. Have you ever done CAPsMAN? If you do, would you mind sharing your `/caps-man security
`setup?

@tuxtlequino
Again we are not on the same page and as your previous config was with the self-signed I asked for a new config.

1. I created a certificate for the main router, but I do not want to do any testing on that router since it is a "production router." My question is, Can you transfer that certificate into a test router? I you can, how?

You can export and import the certificate but working properly is a different matter depending on your CRL, Common name, etc.

2. A lot of the instructions also try to create client certificates and use those. I see that fritzme did that, but did you do that too?

You don't need to as let's encrypt is a valid certificate.

3. Could you share what is your `/radius` client's configurations and what you `/user-manager/user/group` defaults are? That could help me to get my wireless set up working.

4. I want to use CAPsMAN. I saw in the other post what you do for AP's and the security profiles. Have you ever done CAPsMAN? If you do, would you mind sharing your `/caps-man security
`setup?

Personally, I don't use CAPsMAN one AP is more than enough for my home but I did use it in production so I can't share any details about that.

@own3r1138

Thank you very much for that help. Okay, this is what I figured out.

1. I needed to modify some of the inner-auths and other-auths in order to get login to work. THIS WAS THE TRUE PROBLEM.
2. I was trying to get my CAPsMAN router to connect to a working RADIUS server, but my firewall was blocking that. If you are looking at this as reference to know how to get your RADIUS server to work, figure out how to get your firewall working out before doing this.

So. Using certificates didn't brake anything. It was my firewall and trying to connect to a new router. Hope this helps someone.