Dear Sir,

First i want to say sorry if my writing can't make you understand .
Now i get successful to integrate IAS Radius with Mikrotik Router. So now i use Domain users to log in Hotspot for using internet.
I really interesting with this, but it still not complete with our requirements such as:

- Now we can't control on domain users(set bandwidth users, Limited speed, filter on users by block icmp,....) as users-management that i have test before.
- Web control and Manage users.

When users log to use internet I can saw them active on Winbox. but I can't manage them anything because user have create in AD and I can't set those users to any specific IP, it hard for me to control them.


So do you have any recommend document for me, to solve this problem?
Please help me, i need it urgent to deploy it in my local!

Thank for advance!

You can control the ips issued by the hotspot if you are using the 1:1 NAT (default) in the hotspot. You can send either Framed-IP-Address or Framed-Pool with the RADIUS Access-Accept. However, this does not change the client ip. Take a look at "/ip hotspot host". The to-address will change to the new address when the user logs in. The to-address is the only ip that the router sees. The hotspot is between the interface and the clients.

Or you can use the router/hotspot to control bandwidth usage. The attribute Mikrotik-Rate-Limit will throttle your clients to the correct speed.

Dear sir,

I'm still not clear about it. can you detail or show code for me?
Do you have document related for this?
I'm new member so i hope you have detail for me!

Regard,
Phearak

Dear All

I have a problem on logging to internet using domain account through mikrotik hotspot

any help
i have mikrotik router connected the internet modem throw wan interface
and connected to my network through lan interface

i added the dns and the global internet getaway

i have microsoft dhcp so i added no pools
i configured radius to use service login , hotspot -- added only the (AD + IAS) ip address
and authentication and accounting 1812,1813 with timeout 300ms only with a specific secret
i added nothing else in the radius tab

i added ip addresses to both interfaces as i mentioned and added hotspot server acting on the lan interface using server profile enable login by pap and chap and https and enable using radius and accounting and NAS is 15-Ethernet i don't know if this is right

I added no manual user neither user profile as i want to login only through domain account

i configured IAS to the server acting domain controller active directory

i registerd it to AD
i started the service
i made a client with friendly name MIKROTIK and ip equal to the ip on the lan interface on the mikrotik server
i made a remote access policy that if windows group matches Domain-controller\domain user : comes with any type of authentication and either unencrypted pap and spap with any type of encryption then should grant access permissions

with no connection request policy so i added no realm name


but after all i can not log to internet using user account so what is wrong in the past describtion

thanks for your help

You have set reverse password encryption on the user and rest the password in de AD. Than the password is saved in reverse encryption.

I guess that solves your problem.

more details please
so what should I do exactly ?