we have the following setup at a customer: there is a RB1100AHx2 with ROS 6.33.5 (stable) as internet gateway. On it we have a hotspot configured to authenticate against RADIUS, and we have the user-manager installed. Up to here the setup is the same as we have with several customers.
Now the difference: we have a second RADIUS (TekRADIUS, http://www.kaplansoft.com/tekradius/) for certain types of users. In the hotspot-configuration “Split User Domain” is enabled, and a default domain is set. Both RADIUS-Servers have a domain in the configuration. Authentication of the users works perfect with users from both RADIUS-Servers.
The problem we have is in connection with session timeouts: the users on the usermanager have only limited internet time. When the time is used, they should be logged out. When this happens, we will see the error message “Radius disconnect request has wrong attributes” in our logs and the user is not logged out.
Here is the relevant configuration from hotspot, RADIUS and userman:
Code: Select all
> ip hotspot export
# jan/28/2016 12:24:58 by RouterOS 6.33.5
#
/ip hotspot profile
add hotspot-address=172.31.0.1 login-by=http-chap,mac-cookie name=hsprof1 radius-default-domain=domain1 \
radius-interim-update=5m split-user-domain=yes use-radius=yes
/ip hotspot
add address-pool=ipPool_dhcpHotspot addresses-per-mac=1 disabled=no interface=bridge-LAN name=hotspot1 \
profile=hsprof1
/ip hotspot user profile
set [ find default=yes ] idle-timeout=1h mac-cookie-timeout=18h shared-users=2
> radius export
# jan/28/2016 12:26:01 by RouterOS 6.33.5
#
/radius
add address=127.0.0.1 domain=domain2 secret=xxxxxx service=hotspot
add address=192.168.0.XX domain=domain1 secret=yyyyyyy service=hotspot
/radius incoming
set accept=yes
> tool user-manager export
# jan/28/2016 12:27:10 by RouterOS 6.33.5
#
/tool user-manager customer
add access=own-routers,own-users,own-profiles,own-limits,config-payment-gw \
backup-allowed=yes disabled=no login=rootUserNameChanged password=\
passwordChanged paypal-accept-pending=no paypal-allowed=no \
paypal-secure-response=no permissions=owner signup-allowed=no time-zone=\
+01:00
add access="own-routers,own-users,own-profiles,own-limits,config-payment-gw,pa\
rent-routers,parent-users,parent-profiles,parent-limits,parent-payment-gw" \
backup-allowed=no disabled=no login=customerUserNameChanged parent=rootUserNameChanged \
password=passwordChanged paypal-accept-pending=no paypal-allowed=no \
paypal-secure-response=no permissions=full signup-allowed=no time-zone=\
+00:00
/tool user-manager profile
add name=EineStunde name-for-users="" override-shared-users=2 owner=rootUserNameChanged \
price=0 starts-at=logon validity=1h
add name=EinTag name-for-users="" override-shared-users=2 owner=rootUserNameChanged \
price=0 starts-at=logon validity=1d
add name=EineWoche name-for-users="" override-shared-users=2 owner=rootUserNameChanged \
price=0 starts-at=logon validity=1w
/tool user-manager database
set db-path=user-manager1
/tool user-manager router
add coa-port=3799 customer=rootUserNameChanged disabled=no ip-address=127.0.0.1 log=\
auth-fail name=router1 shared-secret=xxxxxx use-coa=yes
I hope someone can help me.
Thanks,
Wolfgang
