hi,
i am running User-manager 3.7 with a license level 4

i have setup the user-manager and hotspot correctly and all that works fine,

now, i am trying to setup other AP to use the userManager for authentication of wireless clients using WPA,
setup the radius server ip as the ip of the mikrotik but once a user try to authenticate with the AP,
usermanager returns "unknown authentication algorithm"

tried with an D-link AP and a Cisco AP

this is the debug output from the user-manager

when trying to connect to the d-link AP
18:20:52 manager,debug,packet received Access-Request with id 2 from 192.168.5.253:1202
18:20:52 manager,debug,packet Signature = 0x84a49103cc815a8aeb3d9cb12b4137c4
18:20:52 manager,debug,packet User-Name = "blah"
18:20:52 manager,debug,packet NAS-IP-Address = 192.168.5.253
18:20:52 manager,debug,packet NAS-Port = 0
18:20:52 manager,debug,packet Called-Station-Id = "00-40-05-5E-FA-C7"
18:20:52 manager,debug,packet Calling-Station-Id = "00-19-D2-8F-0B-7A"
18:20:52 manager,debug,packet NAS-Identifier = "DI-624"
18:20:52 manager,debug,packet Framed-MTU = 1380
18:20:52 manager,debug,packet NAS-Port-Type = 19
18:20:52 manager,debug,packet EAP-Message = 0x0201000901626c6168
18:20:52 manager,debug,packet Message-Authenticator = 0x0a9f9dc298bf91b9dc6ff0910fb0d9c8
18:20:52 manager,debug received remote request 115 code=Access-Request from 192.168.5.253:1202
18:20:52 manager,debug sending Access-Reject to request 115
18:20:52 manager,debug,packet sending Access-Reject with id 2 to 192.168.5.253:1202
18:20:52 manager,debug,packet Signature = 0x7754294530c983190983071605ea0978
18:20:52 manager,debug,packet Reply-Message = "unknown authentication algorithm"
18:20:52 manager,debug unknown authentication algorithm for user <blah> in authentication request 115, rejecting

when trying to connect to the Cisco AP
21:21:06 manager,debug,packet received Access-Request with id 2 from 192.168.0.254:1645
21:21:06 manager,debug,packet Signature = 0x86f6743ef048f45b2d95ba18d826e2ce
21:21:06 manager,debug,packet User-Name = "blah"
21:21:06 manager,debug,packet Framed-MTU = 1400
21:21:06 manager,debug,packet Called-Station-Id = "001f.6cf4.d0e0"
21:21:06 manager,debug,packet Calling-Station-Id = "0019.d28f.0b7a"
21:21:06 manager,debug,packet Service-Type = 1
21:21:06 manager,debug,packet Message-Authenticator = 0x275e9d78d317bbcf4e150d9d0a3bfd2c
21:21:06 manager,debug,packet EAP-Message = 0x0202111e01536b756c6c4b696c6d
21:21:06 manager,debug,packet NAS-Port-Type = 19
21:21:06 manager,debug,packet NAS-Port = 259
21:21:06 manager,debug,packet NAS-Port-Id = "259"
21:21:06 manager,debug,packet NAS-IP-Address = 192.168.0.254
21:21:06 manager,debug,packet NAS-Identifier = "SkullKillR"
21:21:06 manager,debug received remote request 117 code=Access-Request from 192.168.0.254:1645
21:21:06 manager,debug sending Access-Reject to request 117
21:21:06 manager,debug,packet sending Access-Reject with id 2 to 192.168.0.254:1645
21:21:06 manager,debug,packet Signature = 0x8a04f8fffc18e107f6911c1acc0342df
21:21:06 manager,debug,packet Reply-Message = "unknown authentication algorithm"
21:21:06 manager,debug unknown authentication algorithm for user <SkullKill> in authentication request 117, rejecting



any idea why???

note: try to connect to AP with windows vista / XP
trying to use PEAP

What authentication method are you trying to use on the wireless?

I believe that User-Manager is not able to provide with PEAP or similar authentication.
Currently you need to use Free RADIUS or similar product to get PEAP or other kind of authentication.

ok then, snif snif, would be a GOOD option to have in the userManager though....

+1 vote

Very interesting. I have same issue here as well. using Open Radius means a new server right? Or is there a way to integrate that to Mikrotik perhaps running a Linux distro with Open Radius in xen.

Are there currently any plans to integrate EAP into User Manager or do we still have to use Freeradius in the Future?

As far as I know there is no plans for near future, but it could be possible in future.

Ok, thank you for the answer. Would be really a great option for the future!

+1 vote for EAP in UM!

This would definitely be a nice feature. I assumed it could do that already until I read this. Please include in v4!

I Agree that this would be a very good addition:

+1 Vote

Do I understand well that I can't use the Mikrotik with User Manager as central RADIUS server for users connecting to AP? Is anything new in this area?

@zervan: This thread is about PEAP authentication. If you use the default http-chap, it does fine.

As far as I know there is no plans for near future, but it could be possible in future.

I need it for IEEE 802.1X port-based authentication on my switches.

+1 here

+1

Missing EAP-TLS authentication with (user manager) RADIUS!

+ 1 looking to drop pppoe from network

+1 here

+1 here

Im also have Userman on x86 Ros v5.22 and I want to give some other network usage to same users which is already in userman base ...
Is it possible to the existing RADIUS server access to some external method?
For now, I'm trying to make a connection with NTRadPing ... but no luck ...
If anyone knows the settings with which you can connect, please help.
I always have errors like in this picture :

+1

Missing EAP-TLS authentication with (user manager) RADIUS!

+1 for EAP-TLS authentication with user manager!!!!!!

+1s are little annoying but in this case I have to add my one - user manager should be able to act as RADIUS server for other APs.
Mikrotik, consider this feature requested for 7 years, please

I agree ... this feature is needed for corporate environments, CCR series as capsman works great but having to use external radius for this is just silly.

JF.

Any news on the subject userman as radius server?

Hi - I have just tried it and I believe the issue persist. Any news / hopes ? ( It has been 11 years since the original post )

Yup, just tried is not possible to use userman to as a radius server for wireless clients. No EAP-TLS, EAP-SIM, EAP-AKA, PEAP, LEAP or EAP-TTLS support.

We are planning to add RADIUS Server features to our User-Manager in v7.

Hello there,

I can't remotely access RADIUS server however it perfectly works for internal services. For example NTRadPing says me "no response from server".
Is this somehow related to discussed issue with authentication?

Hi again

I'm really interested on this feature. I was trying to install 7.0 version in a hap lite but I couldn't. Do you know when the official 7 versión Will be released for all devices? I'd like to use usermanager to autenticate the wifi conection with radius without a freeradius server

Regards