I changed the secrets and passwords in this example.
Code: Select all
# Enabling User Manager
/user-manager
set enabled=yes
# Adding access points
/user-manager router
add name=Router address=192.168.99.8 shared-secret=1234
# Adding user
/user-manager user
add name=test password=pasword1234
Code: Select all
# Connect to RADIUS server
/radius add address=192.168.99.8 secret=1234 service=login timeout=1s
# Enable RADIUS authentication on Mikrotik
/user aaa
set default-group=full use-radius=yes
I am going to provide what I added. I did not add a client certificate since I do not believe that this is necessary for this exercise (FYI adding the client certificate does not fix any problems)
Code: Select all
#Enable CRL
/certificate settings
# Generating a Certificate Authority
/certificate
add name=RouterCA common-name=Router subject-alt-name=IP:192.168.99.8 key-size=secp384r1 digest-algorithm=sha384 days-valid=1825 key-usage=key-cert-sign,crl-sign
sign RouterCA ca-crl-host=192.168.99.8 name=RouterCA
# Generating a server certificate for User Manager
add name=EAP_AP common-name=EAP_AP subject-alt-name=IP:192.168.99.8 key-size=secp384r1 digest-algorithm=sha384 days-valid=730 key-usage=tls-server
sign EAP_AP ca=RouterCA name=EAP_AP
set EAP_AP trusted=yes
set crl-use=yes
Code: Select all
/user-manager
set enabled=yes certificate=EAP_AP
# Adding access points
/user-manager router
add name=Router address=192.168.99.8 shared-secret=1234
# Limiting allowed authentication methods
/user-manager user group
set [find where name=default] outer-auths=eap-peap inner-auths=peap-mschap2
add name=certificate-authenticated outer-auths=eap-tls
# Adding users
/user-manager user
add name=test2 group=default password=password1234 shared-users=2