I am trying to enable RADIUS on CAPsMAN using the new User-Management in version 7. I understand the concepts and I have been using RADIUS to "login" into the routers. The process is very straightforward and easy to understand with the new User-Management. The problem is trying to enable the same RADIUS server found in user-management v. 7 and CAPsMAN.

All I want to do is use RADIUS to use the attributes saved on the RADIUS user to do dynamic VLAN allocation. I watched the following video https://www.youtube.com/watch?v=Q0-7yVnRq9U and it was helpful. But I do not want to use the bridge as the Guest VLAN but use the Guest VLAN we use in our installation. It also uses something different, but it helped me to understand how RADIUS can do the dynamic VLAN allocation.

I tried the following link after reading all I could find in the forums.

https://github.com/multiduplikator/mikrotik_EAP

Here is my problem. I do not understand how the certificates are supposed to work. Trying to search for topics is also not very helpful because I lack a basic understanding of the purpose of the certificates and how that relates to my particular need. I do not need to do EAP-TLS. I do not need the extra layer of security. Specially since when doing that one goes down a path of making sure the certificates are compatible (we use a lot of apple products) with everything and installing certificates and incompatibilities galore. Here are my questions.

1. Are certificates necessary to accomplish this or can I do something where certificates do not have to be installed in the computers that want to connect just using an username and password?
2. Why after I try following the instructions in the GitHub above, my RADIUS login setup stops working? I need to reset my router in order to make RADIUS login work again. I have tried deleting certificates, removing all traces of the configuration changes, but it seems as if the RADIUS server in user-management v.7 becomes tainted after trying certificates and it will not work for anything else.

I will appreciate any help.

key topics to understand certificates thing:

symmetric encryption
asymmetric encryption
PKI Public key infrastructure

you dont need to deep dive but is useful to understand the basics behind this

Thank you Chechito. I think I get the idea. What I should be asking now would be the following then.

Can I do RADIUS in CAPsMAN using simple symmetric encryption without having to deal with certificates? Something like EAP-PEAP (If I understood correctly by reading for 15 min)? Like I said. This is not for a bank or anything.

If that is a possibility, can someone share how would that look in RouterOS?

Okay. This is what you need to do.

1. Read what Chechito asked me to read.
2. Understand that when you are trying to use those certificates, depending encryptions you have available is what your connection will do. For example, if you have EAP-TLS and EAP-PEAP and you cannot connect using EAP-TLS, it will try to do it using PEAP. So all those tutorials make sense now.

If you are using the new Radius server found in the User Manager of ROS7, here is where you add of modify what you need.
Anyway. Hope this helps someone.