Community discussions

MikroTik App
 
HomayounShokri
just joined
Topic Author
Posts: 3
Joined: Sat Sep 24, 2022 9:32 am

Mikrotik and FreerRadius and Active directory

Sat Sep 24, 2022 12:17 pm

Hi every one

in my company we are trying to use Mikrotik router hotspot and active directory and freeradius in order to allow access to internet.
the authentication is complete and active directory users can login via hotspot login page.

now our change is to restrict the each users bandwidth and internet volume monthly.

i wonder is it possible to do it with Mikrotik router and active directory and freeradius ? and if it's possible how can we do it.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Mikrotik and FreerRadius and Active directory

Sat Sep 24, 2022 1:57 pm

Provide network diagram, RouterOS version and RouterBOARD model.
 
HomayounShokri
just joined
Topic Author
Posts: 3
Joined: Sat Sep 24, 2022 9:32 am

Re: Mikrotik and FreerRadius and Active directory

Sat Sep 24, 2022 2:41 pm

for the network diagram
client <==(http)==> Mikrotik router (version : 7.5 running on esxi) <==(RADIUS using PaP)==> Ubuntu (free radius) <==(using samba and ntlm_auth)==> Active directory
 
binooetomo
just joined
Posts: 17
Joined: Sat Nov 12, 2016 7:08 am

Re: Mikrotik and FreerRadius and Active directory

Sat Mar 11, 2023 10:26 am

Hi every one

in my company we are trying to use Mikrotik router hotspot and active directory and freeradius in order to allow access to internet.
the authentication is complete and active directory users can login via hotspot login page.

now our change is to restrict the each users bandwidth and internet volume monthly.

i wonder is it possible to do it with Mikrotik router and active directory and freeradius ? and if it's possible how can we do it.
assumed you set the freeradius to talk directly to your AD.
Generaly you need to read https://wiki.mikrotik.com/wiki/Manual:R ... Attributes , and find the way to map AD user attribute to Radius Attribute.

But for 'internet volume monthly', I think it'll hard if you use AD only.
It's about accounting side of radius protocol, and I could not fine how to use AD as FreeRadius Accounting.

If I were you
I will set freeRadius to use rlm_rest, build a web application that serve :
1. Mikrotik remote centralized login page
2. Freeradius Authentication, Authorization, Accounting
3. Make that web app to use your AD as source of truth.

-bino-
 
ccmks
newbie
Posts: 27
Joined: Sun May 31, 2020 7:51 pm

Re: Mikrotik and FreerRadius and Active directory

Tue Mar 14, 2023 6:07 pm

In our school environment, we are also using AD as the authenticator for school wifi hotspot. However, we don't need to use freeradius in the middle. Your windows server should come with NPS which is built-in its own radius server and you can integrate that directly to Mikrotik hotspot

Who is online

Users browsing this forum: almdandi, Bing [Bot], mkx, mtkvvv, xstrid3rx and 82 guests