Hello
First I want to know if I get this right -
The radius server help me menage the users of my hotspot - is it true?
in the end of the configuration every user I will add to the radius will be able to enter the hotspot and go on-line?
Re: trying to make a radius server for my hotspot-basic ques
o.k
now - I have try to config radius server (I have also install the user manage)
did everything like it said
but I can only enter the hotspot with the admin user and pass
I want to have one router with hotspot and be able to manage 10 users that I enter into the radius (for start....)
** is there a guide that explain all is need to be done from start till end?
this is what I have :
now - I have try to config radius server (I have also install the user manage)
did everything like it said
but I can only enter the hotspot with the admin user and pass
I want to have one router with hotspot and be able to manage 10 users that I enter into the radius (for start....)
** is there a guide that explain all is need to be done from start till end?
this is what I have :
You do not have the required permissions to view the files attached to this post.
Re: trying to make a radius server for my hotspot-basic ques
You must set up User Manager also. You must enter a client in the "Routers" section. The IP address should be 127.0.0.1 and the radius secret must match the entry in the radius section.
Enable radius logging. Try a login, then check the log.
Enable radius logging. Try a login, then check the log.
Code: Select all
/system logging
add topics=radius,debug action=memory
Re: trying to make a radius server for my hotspot-basic ques
now I get radius server not responding
Code: Select all
09:48:44 wireless,info C8:AA:21:15:3F:55@wlan1: connected
09:48:44 dhcp,info dhcp3 deassigned 10.10.10.250 from C8:AA:21:15:3F:55
09:48:44 dhcp,info dhcp3 assigned 10.10.10.250 to C8:AA:21:15:3F:55
09:48:45 system,info,account user admin logged out via winbox
09:48:45 system,info,account user admin logged out via local
09:49:00 system,info,account user admin logged in from 10.0.0.200 via winbox
09:49:03 radius,debug sending 05:00 to 127.0.0.1:1813
09:49:03 radius,debug,packet sending Accounting-Request with id 6 to 127.0.0.1:181
3
09:49:03 radius,debug,packet Signature = 0x1c3c800f5d4ddc3b3b2577f0d1ceeaf8
09:49:03 radius,debug,packet Acct-Status-Type = 7
09:49:03 radius,debug,packet NAS-Identifier = "3GRouter"
09:49:03 radius,debug,packet Acct-Delay-Time = 0
09:49:03 radius,debug,packet NAS-IP-Address = 127.0.0.1
09:49:03 radius,debug,packet received bad Accounting-Response with id 6 from 127.0
.0.1:1813
09:49:03 radius,debug,packet Signature = bad 0x0cd733e71354ccff65fa52df17943fd
4
09:49:03 radius,debug received packet for 05:00 with bad signature, dropping
09:49:27 hotspot,info,debug \D7\9B\D7\9B\D7\93\D7\92\D7\9B (10.10.10.250): trying
to log in by http-chap
09:49:27 radius,debug new request 3f:26 code=Access-Request service=hotspot called
-id=hotspot1
09:49:27 radius,debug sending 3f:26 to 127.0.0.1:1812
09:49:27 radius,debug,packet sending Access-Request with id 7 to 127.0.0.1:1812
09:49:27 radius,debug,packet Signature = 0x1f3099974476a9e28ea8e7ea467b9720
09:49:27 radius,debug,packet NAS-Port-Type = 19
09:49:27 radius,debug,packet Calling-Station-Id = "C8:AA:21:15:3F:55"
09:49:27 radius,debug,packet Called-Station-Id = "hotspot1"
09:49:27 radius,debug,packet NAS-Port-Id = "wlan1"
09:49:27 radius,debug,packet User-Name = 0xd79bd79bd793d792d79b
09:49:27 radius,debug,packet NAS-Port = 2151677952
09:49:27 radius,debug,packet Acct-Session-Id = "80400000"
09:49:27 radius,debug,packet Framed-IP-Address = 10.10.10.250
09:49:27 radius,debug,packet MT-Host-IP = 10.10.10.250
09:49:27 radius,debug,packet CHAP-Challenge = 0x181fa13061d12d96c430dfea542f21
d0
09:49:27 radius,debug,packet CHAP-Password = 0xae6dcf4fc16b314e215822a3f60f375
e
09:49:27 radius,debug,packet bb
09:49:27 radius,debug,packet Service-Type = 1
09:49:27 radius,debug,packet WISPr-Logoff-URL = "http://10.10.10.254/logout"
09:49:27 radius,debug,packet NAS-Identifier = "3GRouter"
09:49:27 radius,debug,packet NAS-IP-Address = 127.0.0.1
09:49:27 radius,debug,packet received bad Access-Reject with id 7 from 127.0.0.1:1
812
09:49:27 radius,debug,packet Signature = bad 0xf1e7b4279364cc06aab7b9f0266768c
8
09:49:27 radius,debug,packet Reply-Message = 0x75736572203cd79bd79bd793d792d79
b
09:49:27 radius,debug,packet 3e206e6f7420666f756e64
09:49:27 radius,debug received packet for 3f:26 with bad signature, dropping
09:49:27 radius,debug resending 3f:26
09:49:27 radius,debug,packet sending Access-Request with id 7 to 127.0.0.1:1812
09:49:27 radius,debug,packet Signature = 0x1f3099974476a9e28ea8e7ea467b9720
09:49:27 radius,debug,packet NAS-Port-Type = 19
09:49:27 radius,debug,packet Calling-Station-Id = "C8:AA:21:15:3F:55"
09:49:27 radius,debug,packet Called-Station-Id = "hotspot1"
09:49:27 radius,debug,packet NAS-Port-Id = "wlan1"
09:49:27 radius,debug,packet User-Name = 0xd79bd79bd793d792d79b
09:49:27 radius,debug,packet NAS-Port = 2151677952
09:49:27 radius,debug,packet Acct-Session-Id = "80400000"
09:49:27 radius,debug,packet Framed-IP-Address = 10.10.10.250
09:49:27 radius,debug,packet MT-Host-IP = 10.10.10.250
09:49:27 radius,debug,packet CHAP-Challenge = 0x181fa13061d12d96c430dfea542f21
d0
09:49:27 radius,debug,packet CHAP-Password = 0xae6dcf4fc16b314e215822a3f60f375
e
09:49:27 radius,debug,packet bb
09:49:27 radius,debug,packet Service-Type = 1
09:49:27 radius,debug,packet WISPr-Logoff-URL = "http://10.10.10.254/logout"
09:49:27 radius,debug,packet NAS-Identifier = "3GRouter"
09:49:27 radius,debug,packet NAS-IP-Address = 127.0.0.1
09:49:27 radius,debug,packet received bad Access-Reject with id 7 from 127.0.0.1:1
812
09:49:27 radius,debug,packet Signature = bad 0xf1e7b4279364cc06aab7b9f0266768c
8
09:49:27 radius,debug,packet Reply-Message = 0x75736572203cd79bd79bd793d792d79
b
09:49:27 radius,debug,packet 3e206e6f7420666f756e64
09:49:27 radius,debug received packet for 3f:26 with bad signature, dropping
09:49:28 radius,debug resending 3f:26
09:49:28 radius,debug,packet sending Access-Request with id 7 to 127.0.0.1:1812
09:49:28 radius,debug,packet Signature = 0x1f3099974476a9e28ea8e7ea467b9720
09:49:28 radius,debug,packet NAS-Port-Type = 19
09:49:28 radius,debug,packet Calling-Station-Id = "C8:AA:21:15:3F:55"
09:49:28 radius,debug,packet Called-Station-Id = "hotspot1"
09:49:28 radius,debug,packet NAS-Port-Id = "wlan1"
09:49:28 radius,debug,packet User-Name = 0xd79bd79bd793d792d79b
09:49:28 radius,debug,packet NAS-Port = 2151677952
09:49:28 radius,debug,packet Acct-Session-Id = "80400000"
09:49:28 radius,debug,packet Framed-IP-Address = 10.10.10.250
09:49:28 radius,debug,packet MT-Host-IP = 10.10.10.250
09:49:28 radius,debug,packet CHAP-Challenge = 0x181fa13061d12d96c430dfea542f21
d0
09:49:28 radius,debug,packet CHAP-Password = 0xae6dcf4fc16b314e215822a3f60f375
e
09:49:28 radius,debug,packet bb
09:49:28 radius,debug,packet Service-Type = 1
09:49:28 radius,debug,packet WISPr-Logoff-URL = "http://10.10.10.254/logout"
09:49:28 radius,debug,packet NAS-Identifier = "3GRouter"
09:49:28 radius,debug,packet NAS-IP-Address = 127.0.0.1
09:49:28 radius,debug,packet received bad Access-Reject with id 7 from 127.0.0.1:1
812
09:49:28 radius,debug,packet Signature = bad 0xf1e7b4279364cc06aab7b9f0266768c
8
09:49:28 radius,debug,packet Reply-Message = 0x75736572203cd79bd79bd793d792d79
b
09:49:28 radius,debug,packet 3e206e6f7420666f756e64
09:49:28 radius,debug received packet for 3f:26 with bad signature, dropping
09:49:28 radius,debug timeout for 3f:26
09:49:29 hotspot,info,debug \D7\9B\D7\9B\D7\93\D7\92\D7\9B (10.10.10.250): login f
ailed: RADIUS server is not responding
Re: trying to make a radius server for my hotspot-basic ques
Are you certain the radius secret is the same in the router's radius section and the User Manager Routers section?
Re: trying to make a radius server for my hotspot-basic ques
yes
I have reset the router and this is what I did:
* IP of the router ethernet -10.0.0.254
IP of the ppp - 91.135.109.3
IP of the wlan (hotspot) 10.10.10.254
1. create hotspot --> hotspot setup (I have check it and it's working with user=admin pass=123)
2. / ip hotspot profile set hsprof1 use-radius=yes
3. / radius add service=hotspot address=127.0.0.1 secret=123
4.tool user-manager customer add login="admin" password=123 --error
5./tool user-manager router add ip-address=10.0.0.254 shared-secret=123 customer=admin
6./tool user-manager user add name=demo password=demo customer=admin
7. I have enter the user-manager with the explorer and I generate a voucher to username=demo
I still get "not responding
this is all right? or that I forgot to do something?
I have reset the router and this is what I did:
* IP of the router ethernet -10.0.0.254
IP of the ppp - 91.135.109.3
IP of the wlan (hotspot) 10.10.10.254
1. create hotspot --> hotspot setup (I have check it and it's working with user=admin pass=123)
2. / ip hotspot profile set hsprof1 use-radius=yes
3. / radius add service=hotspot address=127.0.0.1 secret=123
4.tool user-manager customer add login="admin" password=123 --error
Code: Select all
failure: such login name already exists6./tool user-manager user add name=demo password=demo customer=admin
7. I have enter the user-manager with the explorer and I generate a voucher to username=demo
I still get "not responding
Code: Select all
13:30:09 radius,debug,packet sending Access-Request with id 10 to 127.0.0.1:1812
13:30:09 radius,debug,packet Signature = 0x204779bfad19bc4cffbe2280bd9fd636
13:30:09 radius,debug,packet NAS-Port-Type = 19
13:30:09 radius,debug,packet Calling-Station-Id = "C8:AA:21:15:3F:55"
13:30:09 radius,debug,packet Called-Station-Id = "hotspot1"
13:30:09 radius,debug,packet NAS-Port-Id = "wlan1"
13:30:09 radius,debug,packet User-Name = "demo"
13:30:09 radius,debug,packet NAS-Port = 2149580802
13:30:09 radius,debug,packet Acct-Session-Id = "80200002"
13:30:09 radius,debug,packet Framed-IP-Address = 10.10.10.250
13:30:09 radius,debug,packet MT-Host-IP = 10.10.10.250
13:30:09 radius,debug,packet CHAP-Challenge = 0x7f00fdbec998c1960977a91d0a5a12
25
13:30:09 radius,debug,packet CHAP-Password = 0xa8d59d7392edb306601db0fd2e43a93
4
13:30:09 radius,debug,packet 7e
13:30:09 radius,debug,packet Service-Type = 1
13:30:09 radius,debug,packet WISPr-Logoff-URL = "http://10.10.10.254/logout"
13:30:09 radius,debug,packet NAS-Identifier = "Hotspottest"
13:30:09 radius,debug,packet NAS-IP-Address = 127.0.0.1
13:30:09 radius,debug resending 3f:29
13:30:09 radius,debug,packet sending Access-Request with id 10 to 127.0.0.1:1812
13:30:09 radius,debug,packet Signature = 0x204779bfad19bc4cffbe2280bd9fd636
13:30:09 radius,debug,packet NAS-Port-Type = 19
13:30:09 radius,debug,packet Calling-Station-Id = "C8:AA:21:15:3F:55"
13:30:09 radius,debug,packet Called-Station-Id = "hotspot1"
13:30:09 radius,debug,packet NAS-Port-Id = "wlan1"
13:30:09 radius,debug,packet User-Name = "demo"
13:30:09 radius,debug,packet NAS-Port = 2149580802
13:30:09 radius,debug,packet Acct-Session-Id = "80200002"
13:30:09 radius,debug,packet Framed-IP-Address = 10.10.10.250
13:30:09 radius,debug,packet MT-Host-IP = 10.10.10.250
13:30:09 radius,debug,packet CHAP-Challenge = 0x7f00fdbec998c1960977a91d0a5a12
25
13:30:09 radius,debug,packet CHAP-Password = 0xa8d59d7392edb306601db0fd2e43a93
4
13:30:09 radius,debug,packet 7e
13:30:09 radius,debug,packet Service-Type = 1
13:30:09 radius,debug,packet WISPr-Logoff-URL = "http://10.10.10.254/logout"
13:30:09 radius,debug,packet NAS-Identifier = "Hotspottest"
13:30:09 radius,debug,packet NAS-IP-Address = 127.0.0.1
13:30:09 radius,debug timeout for 3f:29
13:30:10 hotspot,info,debug demo (10.10.10.250): login failed: RADIUS server is no
t responding
Re: trying to make a radius server for my hotspot-basic ques
That ip-address in User Manager must be the localnet interface also.
Code: Select all
/tool user-manager router add ip-address=127.0.0.1 shared-secret=123 customer=adminRe: trying to make a radius server for my hotspot-basic ques
Thank you!
now its working!
now 2 more questions: (if I can.....)
1. I understand I need to do a profile(unlimited,max time....) and then enter the user to the profile ,yes?
2.what is "Till time" ?
Thanks!
now its working!
now 2 more questions: (if I can.....)
1. I understand I need to do a profile(unlimited,max time....) and then enter the user to the profile ,yes?
2.what is "Till time" ?
Thanks!
Re: trying to make a radius server for my hotspot-basic ques
Hi David. That part is up to you. Some users on my system can login and stay logged in forever. Others buy time and are thrown off (logged out) after a specific date/time.
I use two RADIUS attributes in the Access-Accept message from the RADIUS server (User Manager).
1) Mikrotik-Group to send the appropriate user group entered in "/ip hotspot user profile".
2) WISPr-Session-Terminate-Time to automatically log out the user at a specific date and time. This requires NTP client set in the router.
This has all the stuff on the radius client end.
http://wiki.mikrotik.com/wiki/Manual:RADIUS_Client
I use two RADIUS attributes in the Access-Accept message from the RADIUS server (User Manager).
1) Mikrotik-Group to send the appropriate user group entered in "/ip hotspot user profile".
2) WISPr-Session-Terminate-Time to automatically log out the user at a specific date and time. This requires NTP client set in the router.
This has all the stuff on the radius client end.
http://wiki.mikrotik.com/wiki/Manual:RADIUS_Client
Re: trying to make a radius server for my hotspot-basic ques
O.K
I will "play" with this , and if I have more questions I will ask.
Thanks (again) for all your help!
I will "play" with this , and if I have more questions I will ask.
Thanks (again) for all your help!
Re: trying to make a radius server for my hotspot-basic ques
SurferTim been seeing your abilities in resolving the problem with us user have with: RADIUS server is not responding. Could take a look at config.settings done as describe at:Are you certain the radius secret is the same in the router's radius section and the User Manager Routers section?
http://wiki.mikrotik.com/wiki/User_Mana ... ot_Example
Here are my router print outs. Thank you for your help.
[admin@CauseyMainRouter] /ip hotspot> print
Flags: X - disabled, I - invalid, S - HTTPS
# NAME INTERFACE ADDRESS-POOL PROFILE IDLE-TIMEOUT
0 hotspot1 EtherNet3 CauseyNet LAN dhcp_pool1 hsprof1 none
[admin@CauseyMainRouter] /radius> print
Flags: X - disabled
# SERVICE CALLED-ID DOMAIN ADDRESS SECRET
0 hotspot 127.0.0.1 123456
[admin@CauseyMainRouter] /tool user-manager customer> print
Flags: X - disabled
0 login="admin" password="" backup-allowed=yes time-zone=-00:00 permissions=owner signup-allowed=no paypal-allowed=no paypal-secure-response=no paypal-accept-pending=no
[admin@CauseyMainRouter] /tool user-manager router> print
Flags: X - disabled
0 customer=admin name="hotspot" ip-address=127.0.0.1 shared-secret="123456" log=auth-ok,auth-fail,acct-ok,acct-fail use-coa=no coa-port=1700
[admin@CauseyMainRouter] /tool user-manager user> print
Flags: X - disabled, A - active, I - incomplete
0 customer=admin name="demo" actual-profile="111M24hr" password="demo" shared-users=1 wireless-psk="" wireless-enc-key="" wireless-enc-algo=none last-seen=never
What else would you like to see? How can I help you help me?
Of course if I just use the router's "add user" and "user profile" it works fine.
But when I add a new radius server, built into the routerOS x86, then I build with in User Manger a User Named "demo" I can't login. But I can see it making requests to the new radius server in Radius. Server, Status. But then when trying to login using the MikroTik Hotspot Browser login:
User Name: demo
PW: demo
I get the dreaded: RADIUS server is not responding.
I know the obvious thought would be "Check Your Secrets" they are both the same. In the Radius and User Manger, Router, Password. They are both set to 123456 as shown above.
Waiting your response.
/rk
Re: trying to make a radius server for my hotspot-basic ques
I just started over from scratch, by doing a factory reset: winbox system/reset configuration on the router and it all works now.
"Happy MikroTik-ing
/tk
"Happy MikroTik-ing
/tk