Community discussions

MikroTik App
 
Stiflerakos
newbie
Topic Author
Posts: 35
Joined: Sat Jan 14, 2017 1:28 pm

User Manager issues on v7.8

Tue Mar 28, 2023 4:45 pm

Dear all, good afternoon.

I have a problem with UserManager version 7.8
When I create a profile, the limit (transfer limit) is not applied to the user
And an error " Not yet implemented..." is also received in the user's web profile
How can I connect the limit profile to the user profile like it was in User Manager of OS version 6?

Maybe something with attributes?
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6694
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: User Manager issues on v7.8

Wed Mar 29, 2023 9:54 am

Please make sure that radius incoming is enabled,
/radius incoming
set accept=yes
As well for the fastest accounting update on your device,
set radius-interim-update=1m
for HotSpot profile.
 
Stiflerakos
newbie
Topic Author
Posts: 35
Joined: Sat Jan 14, 2017 1:28 pm

Re: User Manager issues on v7.8

Wed Mar 29, 2023 10:11 am

Also i see that even if i put attribute Mikrotik Total Limit, when the volume finish, client disconnected but if he try to reconnect start a new session and has again the same volume. You can repeat the same as many times and the result remains the same.
What they did on V7?
 
Stiflerakos
newbie
Topic Author
Posts: 35
Joined: Sat Jan 14, 2017 1:28 pm

Re: User Manager issues on v7.8

Wed Mar 29, 2023 10:25 am

Please make sure that radius incoming is enabled,
/radius incoming
set accept=yes
As well for the fastest accounting update on your device,
set radius-interim-update=1m
for HotSpot profile.
This is My setup :
# mar/29/2023 10:17:43 by RouterOS 7.8
# software id = NJ8A-VBA7
#
# model = RB951G-2HnD
# serial number = DE350FF0BA12
/interface bridge
add name=LOOPBACK
add admin-mac=6C:3B:6B:DB:56:96 auto-mac=no comment=\
    "created from master port" name=bridge1 protocol-mode=none
/interface ethernet
set [ find default-name=ether2 ] mac-address=6C:3B:6B:DB:56:96 name=\
    "FIREBOX 1 - LAN 2" speed=100Mbps
set [ find default-name=ether3 ] mac-address=6C:3B:6B:DB:56:97 name=\
    "FIREBOX 2 - LAN 3" speed=100Mbps
set [ find default-name=ether4 ] mac-address=6C:3B:6B:DB:56:98 name=\
    "FIREBOX 3 - LAN 4" speed=100Mbps
set [ find default-name=ether5 ] mac-address=6C:3B:6B:DB:56:99 name=\
    "SETUP - LAN 5" speed=100Mbps
set [ find default-name=ether1 ] mac-address=6C:3B:6B:DB:56:95 name=\
    "WAN FBB - PORT 1" speed=100Mbps
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    management-protection=allowed mode=dynamic-keys name=HotSpot \
    supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] name=wlan6 security-profile=HotSpot ssid=\
    FireBOX
/ip hotspot profile
add dns-name=FireBox.net hotspot-address=192.168.88.1 login-by=http-chap \
    name=HOTSPOT use-radius=yes
/ip pool
add name="dhcp HP" ranges=192.168.88.30-192.168.88.190
/ip dhcp-server
add address-pool="dhcp HP" bootp-support=dynamic interface=bridge1 \
    lease-time=30m name="HOTSPOT LAN"
/ip hotspot
add address-pool="dhcp HP" addresses-per-mac=1 disabled=no idle-timeout=15m \
    interface=bridge1 name=hotspot1 profile=HOTSPOT
/ip hotspot user profile
set [ find default=yes ] address-pool="dhcp HP" keepalive-timeout=15m \
    status-autorefresh=30s transparent-proxy=yes
add address-pool="dhcp HP" keepalive-timeout=15m name="Limit Free NET" \
    rate-limit=400k status-autorefresh=30s transparent-proxy=yes
/queue simple
add limit-at=124k/2M max-limit=124k/2M name="Entertainment Limitation 2M No1" \
    target=192.168.88.202/32
add limit-at=124k/2M max-limit=124k/2M name="Entertainment Limitation 2M No2" \
    target=192.168.88.203/32
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
set 0 memory-lines=10000
set 3 remote=192.168.88.200
add name=WebProxy remote=192.168.88.200 target=remote
/user-manager limitation
add name=LM200 transfer-limit=209715200B
/user-manager profile
add name=200MB name-for-users=UM2 price=18 validity=104w2d
/user-manager user
add name=admin shared-users=2
add attributes=Mikrotik-Total-Limit:209715200 name=UM104983
/user-manager user group
set [ find default-name=default ] attributes=Mikrotik-Total-Limit:209715200
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface="FIREBOX 2 - LAN 3"
add bridge=bridge1 ingress-filtering=no interface="FIREBOX 3 - LAN 4"
add bridge=bridge1 ingress-filtering=no interface="SETUP - LAN 5"
add bridge=bridge1 ingress-filtering=no interface="FIREBOX 1 - LAN 2"
/ip neighbor discovery-settings
set discover-interface-list=discover
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add comment="To HotSpot LAN" interface=bridge1 list=LAN
add comment="To FBB" interface="WAN FBB - PORT 1" list=WAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.88.1/24 comment="FIREBOX ADDRESSES" interface=bridge1 \
    network=192.168.88.0
add address=192.168.89.1 interface=LOOPBACK network=192.168.89.1
/ip dhcp-client
add comment="DHCP From FBB" interface="WAN FBB - PORT 1"
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1,192.168.88.1
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=input comment="drop all from wan" disabled=yes \
    in-interface="WAN FBB - PORT 1"
add action=fasttrack-connection chain=forward comment=fasttrack \
    connection-state=established,related disabled=yes hw-offload=yes
add action=accept chain=forward comment="accept established,related" \
    connection-state=established,related
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=drop chain=forward comment="drop all from wan not dstnated" \
    connection-nat-state=!dstnat connection-state=new in-interface=\
    "WAN FBB - PORT 1"
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established,related
add action=accept chain=input dst-port=443 protocol=tcp
add action=drop chain=input disabled=yes dst-port=8080 protocol=tcp \
    src-address=192.168.88.200
add action=drop chain=input disabled=yes dst-port=8080 protocol=tcp \
    src-address=192.168.88.201
add action=accept chain=input dst-port=8728 protocol=tcp
add action=accept chain=input protocol=tcp src-port=8728
add action=accept chain=input dst-port=3799 protocol=tcp
add action=accept chain=input protocol=tcp src-port=3799
add action=accept chain=input protocol=tcp src-address=127.0.0.1
add action=accept chain=input dst-address=192.168.89.1 protocol=tcp
add action=accept chain=input protocol=tcp src-address=192.168.89.1
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface="WAN FBB - PORT 1"
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.88.0/24
add action=redirect chain=dstnat dst-port=80 protocol=tcp to-ports=8080
/ip hotspot ip-binding
add address=192.168.88.200 type=bypassed
add address=192.168.88.201 type=bypassed
add address=192.168.88.202 type=bypassed
add address=192.168.88.203 type=bypassed
/ip hotspot user
add name=admin
add name=master profile="Limit Free NET"
/ip proxy
set cache-administrator=ikarantanis@gr09.gr cache-on-disk=yes cache-path=usb1 \
    enabled=yes max-cache-object-size=524288000KiB
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/16
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/ipv6 nd
set [ find default=yes ] advertise-dns=no
/radius
add address=192.168.89.1 comment=RADIUS service=hotspot
/radius incoming
set accept=yes
/system clock
set time-zone-name=Europe/Athens
/system identity
set name=DEMO_FIREBOX
/system logging
add action=WebProxy prefix=Proxy topics=web-proxy
/system scheduler
add interval=12h name=SendLogsViaMail on-event=SendLogsViaMail policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=aug/21/2017 start-time=12:00:00
add interval=10m name=readyVoucher on-event=readyVoucher policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=oct/25/2017 start-time=22:31:18
/system script
add dont-require-permissions=no name=SendLogsViaMail owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    log print file=([/system identity get name].\"Log\");\r\
    \n:delay 10;\r\
    \n/system logging action set memory memory-lines=1\r\
    \n/system logging action set memory memory-lines=10000\r\
    \n:log info (\"System log file created\")\r\
    \n:log info (\"System logs cleared\")\r\
    \n/tool e-mail send from=\"giannis.karantanis.82@gmail.com\" to=\"giannis.\
    karantanis.82@gmail.com\" subject=([/system identity get name].\" Log\") f\
    ile=([/system identity get name].\"Log\".\".txt\");\r\
    \n:delay 10;\r\
    \n:log info (\"System log email sent\")\r\
    \n/file rem ([/system identity get name].\"Log\".\".txt\");\r\
    \n:delay 10;\r\
    \n:log info (\"System log file removed\")"
add dont-require-permissions=no name=readyVoucher owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
    local thisDate\r\
    \n:local thisYear\r\
    \n:local thisDay\r\
    \n:local thisMonth\r\
    \n:local thisTime\r\
    \n:local thisTime1\r\
    \n:local thisTime2\r\
    \n:set thisDate [/ system clock get date]\r\
    \n:set thisTime [/ system clock get time]\r\
    \n:set thisYear [:pick \$thisDate 7 11]\r\
    \n :if (\$thisYear > \"2010\")  do={ \r\
    \n :set thisDay [:pick \$thisDate 4 6]\r\
    \n :set thisMonth [:pick \$thisDate 0 3]\r\
    \n :set thisTime1 [:pick \$thisTime 0 2]\r\
    \n :set thisTime2 [:pick \$thisTime 3 5]\r\
    \n :if (\$thisMonth = \"jan\") do={ :set thisMonth \"01\" }\r\
    \n :if (\$thisMonth = \"feb\") do={ :set thisMonth \"02\" }\r\
    \n :if (\$thisMonth = \"mar\") do={ :set thisMonth \"03\" }\r\
    \n :if (\$thisMonth = \"apr\") do={ :set thisMonth \"04\" }\r\
    \n :if (\$thisMonth = \"may\") do={ :set thisMonth \"05\" }\r\
    \n :if (\$thisMonth = \"jun\") do={ :set thisMonth \"06\" }\r\
    \n :if (\$thisMonth = \"jul\") do={ :set thisMonth \"07\" }\r\
    \n :if (\$thisMonth = \"aug\") do={ :set thisMonth \"08\" }\r\
    \n :if (\$thisMonth = \"sep\") do={ :set thisMonth \"09\" }\r\
    \n :if (\$thisMonth = \"oct\") do={ :set thisMonth \"10\" }\r\
    \n :if (\$thisMonth = \"nov\") do={ :set thisMonth \"11\" }\r\
    \n :if (\$thisMonth = \"dec\") do={ :set thisMonth \"12\" }\r\
    \n :set thisDate (\$thisYear.\$thisMonth.\$thisDay.\$thisTime1.\$thisTime2\
    )\r\
    \n :local users [/ip hotspot user find]\r\
    \n :local i\r\
    \n :local expirationDate\r\
    \n :foreach i in=\$users do={\r\
    \n  :set expirationDate [/ ip hotspot user get \$i comment]\r\
    \n  :if ([:len \$expirationDate] = 12) do={\r\
    \n   :local expNum [:tonum \$expirationDate]\r\
    \n   :local thisNum [:tonum \$thisDate]\r\
    \n   :if (([:typeof \$expNum] = \"num\") and(\$expNum < \$thisNum)) do={\r\
    \n    :local userName [/ip hotspot user get \$i name]\r\
    \n    :local activeUser [/ip hotspot active find where user=\$userName]\r\
    \n    /ip hotspot user remove \$i\r\
    \n    /ip hotspot active remove \$activeUser\r\
    \n    :log info \"Detected readyVoucher hotspot expired user\"\r\
    \n   }\r\
    \n  }\r\
    \n  :delay 0.5s\r\
    \n }\r\
    \n}\r\
    \n"
/tool e-mail
set address=64.233.166.108 from=giannis.karantanis.82@gmail.com port=587 tls=\
    starttls user=giannis.karantanis.82@gmail.com
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/user-manager
set certificate=*0 enabled=yes
/user-manager profile-limitation
add limitation=LM200 profile=200MB
/user-manager router
add address=192.168.89.1 name=DEMO_FIREBOX
/user-manager user-profile
add profile=200MB user=UM104983
 
User avatar
rumahnetmks
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Mon Dec 21, 2020 10:00 am

Re: User Manager issues on v7.8

Wed Mar 29, 2023 1:35 pm

Just doing simple fast checking at my hotspot, you right its not work to limit via UserManager>Limitation that works before (I ever mention this start working at 7.6 viewtopic.php?t=189222#p961384)

For now just use User-Manager>Attributes to limit maximum data you want for that user. Example attribute Mikrotik-Total-Limit = 10000000 to limit that user upload+download=10MB.

That attribute limitation works.
 
Stiflerakos
newbie
Topic Author
Posts: 35
Joined: Sat Jan 14, 2017 1:28 pm

Re: User Manager issues on v7.8

Wed Mar 29, 2023 1:43 pm

Just doing simple fast checking at my hotspot, you right its not work to limit via UserManager>Limitation that works before (I ever mention this start working at 7.6 viewtopic.php?t=189222#p961384)

For now just use User-Manager>Attributes to limit maximum data you want for that user. Example attribute Mikrotik-Total-Limit = 10000000 to limit that user upload+download=10MB.

That attribute limitation works.
Yes, correct but even if i put attribute Mikrotik Total Limit, when the volume finish, client disconnected but if he try to reconnect start a new session and has again the same volume. You can repeat the same as many times and the result remains the same.
 
User avatar
rumahnetmks
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Mon Dec 21, 2020 10:00 am

Re: User Manager issues on v7.8

Wed Mar 29, 2023 1:48 pm

For me it's not happen.
I test when that test user try connect again after his volume limit reached, it cant login with RADIUS server is not reponding error. Since his state at UserManager>UserProfiles is "USED"

If I want to use that test user again, I must set new Userprofiles for it, so can login with state "RUNNING ACTIVE".
Then again test volume limited reached, user disconnected, session closed, state change for 'running active' to 'used'.
Try to login, will never get connected since no active profile for it.

After I search in your setting not using use-profile=yes
/user-manager use-profile=yes, which is default=no
According to wiki
use-profiles (yes | no; Default: no) Whether to use Profiles and Limitations. When set to no, only User configuration is required to run User Manager.

CMIIW
 
Stiflerakos
newbie
Topic Author
Posts: 35
Joined: Sat Jan 14, 2017 1:28 pm

Re: User Manager issues on v7.8

Wed Mar 29, 2023 2:11 pm

For me it's not happen.
I test when that test user try connect again after his volume limit reached, it cant login with RADIUS server is not reponding error. Since his status at UserManager>UserProfiles is "USED"
In my case it's different and i cannot find the reason...
Are you running on v7.8 right?
On USER MANAGER i have configure :
1. Router (IP and CoA port 3799 enabled)
2. Users (I have a user with attributes Mikrotik-Total_Limit 209715200 to cut on 200MB)
3. User Groups (I change the default by adding again here attributes with same limit)
4. Profiles (Add a 200MB profile with validity 2Y, nmae for users UM2, starts when : assigned)
5. User profiles (on user i choose the same user as on above No2, with profile 200MB) The state here it's always running active.
I have delete limitation and profile limitation because wasn't work anyway and trying with attributes.

But when user reash 200MB, system logging him out but user can login again and start counting again 200MB. Status its always running active
 
User avatar
rumahnetmks
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Mon Dec 21, 2020 10:00 am

Re: User Manager issues on v7.8

Wed Mar 29, 2023 2:17 pm

your setting this line
/user-manager
set certificate=*6 enabled=yes

change to /user-manager
set certificate=*6 enabled=yes use-profiles=yes

Or via winbox just tick 'Use Profile"

Then try test again
 
Stiflerakos
newbie
Topic Author
Posts: 35
Joined: Sat Jan 14, 2017 1:28 pm

Re: User Manager issues on v7.8

Wed Mar 29, 2023 2:40 pm

your setting this line
/user-manager
set certificate=*6 enabled=yes

change to /user-manager
set certificate=*6 enabled=yes use-profiles=yes

Or via winbox just tick 'Use Profile"

Then try test again
Nothing changes.
Let's do it from 0.
I only have setup inside USER MANAGER the first tab "Routers". There i put the IP address , the CoA port 3799 and on setting i make it enabled on ports 1812&1813 and enable also use profiles. I left empty the certificate.
What should be my next moves to make users with 200MB total limitation?
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: User Manager issues on v7.8

Wed Mar 29, 2023 4:41 pm

2023-03-29_17-09-31.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
rumahnetmks
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Mon Dec 21, 2020 10:00 am

Re: User Manager issues on v7.8

Thu Mar 30, 2023 4:03 am

@Stiflerakos

Hmm ok, assume building from 0 like you said, and other settings at hotspot area and RADIUS all done. After setting that Router tab, next is Usergroup. Create an entry that contain that Mikrotik-Limit-Rate AND attribute "Mikrotik-Group" with value is your HotspotUserProfile name.
Next is UserManager>Profiles.
Then set an user with Group that you have made before.
Last make an entry for that user to be active at UserManager>UserProfiles...

After this should be works. Thats how I do it here.
 
Stiflerakos
newbie
Topic Author
Posts: 35
Joined: Sat Jan 14, 2017 1:28 pm

Re: User Manager issues on v7.8

Thu Mar 30, 2023 10:28 am

@Stiflerakos

Hmm ok, assume building from 0 like you said, and other settings at hotspot area and RADIUS all done. After setting that Router tab, next is Usergroup. Create an entry that contain that Mikrotik-Limit-Rate AND attribute "Mikrotik-Group" with value is your HotspotUserProfile name.
Next is UserManager>Profiles.
Then set an user with Group that you have made before.
Last make an entry for that user to be active at UserManager>UserProfiles...

After this should be works. Thats how I do it here.

Image
Image
Image
Image


Still same...
I dont understand what is the problem.
There is any chance to give you access TeamViewer and have a look or i am asking too much?
 
User avatar
rumahnetmks
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Mon Dec 21, 2020 10:00 am

Re: User Manager issues on v7.8

Thu Mar 30, 2023 1:42 pm

My sentence : "Then set an user with Group that you have made before."

Your last screenshot, that user UM490251 Group=default, should be "GROUP UM"
The logic there, all setting have been made but the last key is the user itself not referring any setting that you setting there...
The user is a member a group named default that have nno limitation.

pls try again
 
Stiflerakos
newbie
Topic Author
Posts: 35
Joined: Sat Jan 14, 2017 1:28 pm

Re: User Manager issues on v7.8

Thu Mar 30, 2023 3:29 pm

My sentence : "Then set an user with Group that you have made before."

Your last screenshot, that user UM490251 Group=default, should be "GROUP UM"
The logic there, all setting have been made but the last key is the user itself not referring any setting that you setting there...
The user is a member a group named default that have nno limitation.

pls try again
This was a wrong photo from before.
I have setup the user with group um.
No changes here...
# mar/30/2023 15:30:08 by RouterOS 7.8
# software id = NJ8A-VBA7
#
# model = RB951G-2HnD
# serial number = DE350FF0BA12
/interface bridge
add name=LOOPBACK
add admin-mac=6C:3B:6B:DB:56:96 auto-mac=no comment=\
    "created from master port" name=bridge1 protocol-mode=none
/interface ethernet
set [ find default-name=ether2 ] mac-address=6C:3B:6B:DB:56:96 name=\
    "FIREBOX 1 - LAN 2" speed=100Mbps
set [ find default-name=ether3 ] mac-address=6C:3B:6B:DB:56:97 name=\
    "FIREBOX 2 - LAN 3" speed=100Mbps
set [ find default-name=ether4 ] mac-address=6C:3B:6B:DB:56:98 name=\
    "FIREBOX 3 - LAN 4" speed=100Mbps
set [ find default-name=ether5 ] mac-address=6C:3B:6B:DB:56:99 name=\
    "SETUP - LAN 5" speed=100Mbps
set [ find default-name=ether1 ] mac-address=6C:3B:6B:DB:56:95 name=\
    "WAN FBB - PORT 1" speed=100Mbps
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    management-protection=allowed mode=dynamic-keys name=HotSpot \
    supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=ap-bridge \
    name=wlan6 security-profile=HotSpot ssid=FireBOX
/ip hotspot profile
add dns-name=FireBox.net hotspot-address=192.168.88.1 login-by=http-chap \
    name=HOTSPOT use-radius=yes
/ip pool
add name="dhcp HP" ranges=192.168.88.30-192.168.88.190
/ip dhcp-server
add address-pool="dhcp HP" bootp-support=dynamic interface=bridge1 \
    lease-time=30m name="HOTSPOT LAN"
/ip hotspot
add address-pool="dhcp HP" addresses-per-mac=1 disabled=no idle-timeout=15m \
    interface=bridge1 name=hotspot1 profile=HOTSPOT
/ip hotspot user profile
set [ find default=yes ] address-pool="dhcp HP" keepalive-timeout=15m name=\
    HOTSPOT status-autorefresh=30s transparent-proxy=yes
add address-pool="dhcp HP" keepalive-timeout=15m name="Limit Free NET" \
    rate-limit=400k status-autorefresh=30s transparent-proxy=yes
/queue simple
add limit-at=124k/2M max-limit=124k/2M name="Entertainment Limitation 2M No1" \
    target=192.168.88.202/32
add limit-at=124k/2M max-limit=124k/2M name="Entertainment Limitation 2M No2" \
    target=192.168.88.203/32
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
set 0 memory-lines=10000
set 3 remote=192.168.88.200
add name=WebProxy remote=192.168.88.200 target=remote
/user-manager profile
add name=200MB name-for-users=UM2 price=18
/user-manager user
add name=admin shared-users=2
/user-manager user group
add attributes="Mikrotik-Total-Limit:209715200 ,Mikrotik-Group:HOTSPOT" \
    inner-auths=ttls-pap,ttls-chap,ttls-mschap1,ttls-mschap2,peap-mschap2 \
    name="GROUP UM" outer-auths=\
    pap,chap,mschap1,mschap2,eap-tls,eap-ttls,eap-peap,eap-mschap2
/user-manager user
add group="GROUP UM" name=UM490251
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface="FIREBOX 2 - LAN 3"
add bridge=bridge1 ingress-filtering=no interface="FIREBOX 3 - LAN 4"
add bridge=bridge1 ingress-filtering=no interface="SETUP - LAN 5"
add bridge=bridge1 ingress-filtering=no interface="FIREBOX 1 - LAN 2"
add bridge=bridge1 interface=wlan6
/ip neighbor discovery-settings
set discover-interface-list=discover
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add comment="To HotSpot LAN" interface=bridge1 list=LAN
add comment="To FBB" interface="WAN FBB - PORT 1" list=WAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.88.1/24 comment="FIREBOX ADDRESSES" interface=bridge1 \
    network=192.168.88.0
add address=192.168.89.1 interface=LOOPBACK network=192.168.89.1
/ip dhcp-client
add comment="DHCP From FBB" interface="WAN FBB - PORT 1"
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1,192.168.88.1
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=input comment="drop all from wan" disabled=yes \
    in-interface="WAN FBB - PORT 1"
add action=fasttrack-connection chain=forward comment=fasttrack \
    connection-state=established,related disabled=yes hw-offload=yes
add action=accept chain=forward comment="accept established,related" \
    connection-state=established,related
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established,related
add action=accept chain=input dst-port=443 protocol=tcp
add action=drop chain=input disabled=yes dst-port=8080 protocol=tcp \
    src-address=192.168.88.200
add action=drop chain=input disabled=yes dst-port=8080 protocol=tcp \
    src-address=192.168.88.201
add action=accept chain=input dst-port=8728 protocol=tcp
add action=accept chain=input protocol=tcp src-port=8728
add action=accept chain=input dst-port=3799 protocol=tcp
add action=accept chain=input protocol=tcp src-port=3799
add action=accept chain=input protocol=tcp src-address=127.0.0.1
add action=accept chain=input dst-address=192.168.89.1 protocol=tcp
add action=accept chain=input protocol=tcp src-address=192.168.89.1
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=drop chain=forward comment="drop all from wan not dstnated" \
    connection-nat-state=!dstnat connection-state=new in-interface=\
    "WAN FBB - PORT 1"
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface="WAN FBB - PORT 1"
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.88.0/24
add action=redirect chain=dstnat dst-port=80 protocol=tcp to-ports=8080
/ip hotspot ip-binding
add address=192.168.88.200 type=bypassed
add address=192.168.88.201 type=bypassed
add address=192.168.88.202 type=bypassed
add address=192.168.88.203 type=bypassed
/ip hotspot user
add name=admin
add name=master profile="Limit Free NET"
/ip proxy
set cache-administrator=ikarantanis@gr09.gr cache-on-disk=yes cache-path=usb1 \
    enabled=yes max-cache-object-size=524288000KiB
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/16
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/ipv6 nd
set [ find default=yes ] advertise-dns=no
/radius
add address=192.168.89.1 comment=RADIUS service=hotspot
/radius incoming
set accept=yes
/system clock
set time-zone-name=Europe/Athens
/system identity
set name=DEMO_FIREBOX
/system logging
add action=WebProxy prefix=Proxy topics=web-proxy
/system scheduler
add interval=12h name=SendLogsViaMail on-event=SendLogsViaMail policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=aug/21/2017 start-time=12:00:00
add interval=10m name=readyVoucher on-event=readyVoucher policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=oct/25/2017 start-time=22:31:18
/system script
add dont-require-permissions=no name=SendLogsViaMail owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    log print file=([/system identity get name].\"Log\");\r\
    \n:delay 10;\r\
    \n/system logging action set memory memory-lines=1\r\
    \n/system logging action set memory memory-lines=10000\r\
    \n:log info (\"System log file created\")\r\
    \n:log info (\"System logs cleared\")\r\
    \n/tool e-mail send from=\"giannis.karantanis.82@gmail.com\" to=\"giannis.\
    karantanis.82@gmail.com\" subject=([/system identity get name].\" Log\") f\
    ile=([/system identity get name].\"Log\".\".txt\");\r\
    \n:delay 10;\r\
    \n:log info (\"System log email sent\")\r\
    \n/file rem ([/system identity get name].\"Log\".\".txt\");\r\
    \n:delay 10;\r\
    \n:log info (\"System log file removed\")"
add dont-require-permissions=no name=readyVoucher owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
    local thisDate\r\
    \n:local thisYear\r\
    \n:local thisDay\r\
    \n:local thisMonth\r\
    \n:local thisTime\r\
    \n:local thisTime1\r\
    \n:local thisTime2\r\
    \n:set thisDate [/ system clock get date]\r\
    \n:set thisTime [/ system clock get time]\r\
    \n:set thisYear [:pick \$thisDate 7 11]\r\
    \n :if (\$thisYear > \"2010\")  do={ \r\
    \n :set thisDay [:pick \$thisDate 4 6]\r\
    \n :set thisMonth [:pick \$thisDate 0 3]\r\
    \n :set thisTime1 [:pick \$thisTime 0 2]\r\
    \n :set thisTime2 [:pick \$thisTime 3 5]\r\
    \n :if (\$thisMonth = \"jan\") do={ :set thisMonth \"01\" }\r\
    \n :if (\$thisMonth = \"feb\") do={ :set thisMonth \"02\" }\r\
    \n :if (\$thisMonth = \"mar\") do={ :set thisMonth \"03\" }\r\
    \n :if (\$thisMonth = \"apr\") do={ :set thisMonth \"04\" }\r\
    \n :if (\$thisMonth = \"may\") do={ :set thisMonth \"05\" }\r\
    \n :if (\$thisMonth = \"jun\") do={ :set thisMonth \"06\" }\r\
    \n :if (\$thisMonth = \"jul\") do={ :set thisMonth \"07\" }\r\
    \n :if (\$thisMonth = \"aug\") do={ :set thisMonth \"08\" }\r\
    \n :if (\$thisMonth = \"sep\") do={ :set thisMonth \"09\" }\r\
    \n :if (\$thisMonth = \"oct\") do={ :set thisMonth \"10\" }\r\
    \n :if (\$thisMonth = \"nov\") do={ :set thisMonth \"11\" }\r\
    \n :if (\$thisMonth = \"dec\") do={ :set thisMonth \"12\" }\r\
    \n :set thisDate (\$thisYear.\$thisMonth.\$thisDay.\$thisTime1.\$thisTime2\
    )\r\
    \n :local users [/ip hotspot user find]\r\
    \n :local i\r\
    \n :local expirationDate\r\
    \n :foreach i in=\$users do={\r\
    \n  :set expirationDate [/ ip hotspot user get \$i comment]\r\
    \n  :if ([:len \$expirationDate] = 12) do={\r\
    \n   :local expNum [:tonum \$expirationDate]\r\
    \n   :local thisNum [:tonum \$thisDate]\r\
    \n   :if (([:typeof \$expNum] = \"num\") and(\$expNum < \$thisNum)) do={\r\
    \n    :local userName [/ip hotspot user get \$i name]\r\
    \n    :local activeUser [/ip hotspot active find where user=\$userName]\r\
    \n    /ip hotspot user remove \$i\r\
    \n    /ip hotspot active remove \$activeUser\r\
    \n    :log info \"Detected readyVoucher hotspot expired user\"\r\
    \n   }\r\
    \n  }\r\
    \n  :delay 0.5s\r\
    \n }\r\
    \n}\r\
    \n"
/tool e-mail
set address=64.233.166.108 from=giannis.karantanis.82@gmail.com port=587 tls=\
    starttls user=giannis.karantanis.82@gmail.com
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/user-manager
set certificate=*0 enabled=yes use-profiles=yes
/user-manager router
add address=192.168.89.1 name=DEMO_FIREBOX
/user-manager user-profile
add profile=200MB user=UM490251
 
User avatar
rumahnetmks
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Mon Dec 21, 2020 10:00 am

Re: User Manager issues on v7.8

Fri Mar 31, 2023 9:08 am

hmmm I dont know why, lastly maybe you should reboot or netinstal re-configure that mikrotik from scratch since sometime it works. Cant guarantee though. Maybe others pro here can look up your trouble.
Last edited by rumahnetmks on Tue Jul 25, 2023 1:58 pm, edited 1 time in total.
 
Stiflerakos
newbie
Topic Author
Posts: 35
Joined: Sat Jan 14, 2017 1:28 pm

Re: User Manager issues on v7.8

Sat Apr 01, 2023 9:27 pm

Anyone form support ?
 
Stiflerakos
newbie
Topic Author
Posts: 35
Joined: Sat Jan 14, 2017 1:28 pm

Re: User Manager issues on v7.8

Wed Apr 05, 2023 11:06 am

Anyone ? @support
 
baalwy
just joined
Posts: 2
Joined: Thu Oct 24, 2013 1:33 am

Re: User Manager issues on v7.8

Sun Apr 30, 2023 6:05 pm

this problem happen to me any fix please help
 
onyegbadocu
newbie
Posts: 25
Joined: Wed Nov 22, 2017 12:49 pm

Re: User Manager issues on v7.8

Tue Jul 25, 2023 8:34 am

Hello, i want to ask on the max sessions for user in mikrotik routeros version 7. I set the overide shared users to unlimited but each time you a user tried to login more than one device,an error"no more sessions for this user will " pop.
In version 6,when set up.shared-users in usermanager,you will still need to set up shared users in winbox under ip hotspot,copy the created shared user to ip pool in the usermanager. I cant find this settings in routeros 7.can anyone put me on the right track?

Who is online

Users browsing this forum: baragoon, BinaryTB, raphaps, rplant and 69 guests