MikroTik

Community discussions
https://forum.mikrotik.com/

Get MAC address of an IP Bindings user

https://forum.mikrotik.com/viewtopic.php?t=118583

Page 1 of 1

Get MAC address of an IP Bindings user

Posted: Tue Feb 21, 2017 1:16 am
by rukverc
Hi folks!

Our system use multiple capsmans to authenticate users on different locations.
The login server running on debian with apache2, logged in user's MACs are stored in every capsman's IP Bindings by API.
So the users are getting inside bypassed, that means they have no access to the hotspot login page to gather their data (for example MAC address, hotspot name) and give them rights to use special services.
(This is not the last security line in the system.)

The question:
Is there any way to gather this data from clientside or perhaps serverside ?

Re: Get MAC address of an IP Bindings user

Posted: Wed Feb 22, 2017 3:26 pm
by rukverc
Update:

I can not connect to the router by API until I get informations about the name or wan IP of the active router.
At last how can I recognize which router has the client from browser or other way ?

Re: Get MAC address of an IP Bindings user

Posted: Wed Feb 22, 2017 5:29 pm
by scotthammersley
Do you mean userman instead of CAPSMAN?

If you do indeed mean userman, you would be able to define the client LAC identifier responding to the authentication requests (that forwards it to your AAA Server). This would allow you to know which client was authenticating to which system.

If not, you are possibly looking at some type of script to run on the router that gathers the attached clients.

Really need a better understanding of what you mean and are looking for though.

Re: Get MAC address of an IP Bindings user

Posted: Thu Feb 23, 2017 1:22 pm
by rukverc
Hi Scott!

Thanks for your time and effort.

For your information:
- We not using radius, AD nor userman. The debian serves the login process. Users and devices are stored in debian's database, IP bindings are refreshing daily in capsman controllers by API.
- Registerd users have multiple devices.
- Every user can use every controller.
- Every capsman controller has its own local network: 192.168.50.0/16

Long story short:
Registered users devices are in IP bindings, they are bypassing the hotspot and their local web on 192.168.50.1 is not reachable for them to ask their details. From server side we dont know which controller to ask.
The only port open from devices subnet direction is the API port on the controller.
The debian has no information about the devices to recognize them for logging and other purposes:
- which hotspot to connect for their data,
- real IP,
- mac address.

Local websrevers for storing local controllers data (for example on 192.168.50.2 on every controller):
- Not possible to create a webserver on mikrotik. Metarouter is not an alternative.
-Not possible to place external local webserver to every controller.

Connect from client side to controller by API:
- There is no client side (js) API for router os to connect from device's browser, so need a way to get them somehow from serverside (php).

What kind of scripts can we use here ?
Can you provide an example?

Re: Get MAC address of an IP Bindings user

Posted: Wed Mar 01, 2017 4:44 pm
by rukverc
If everyone has the same problem I got the solution:
First get the real IP of the user's device based on $_SERVER variables:
Code: Select all
use PEAR2\Net\RouterOS; 

function get_real_ip(){
	$client = new RouterOS\Client($_SERVER['REMOTE_ADDR'], 'username', 'password');
	$request = new RouterOS\Request('/ip/firewall/connection/print');

	$query = RouterOS\Query::where('reply-dst-address', $_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT']);
	$request->setArgument('.proplist', 'src-address');

	$request->setQuery($query);
	$responses = $client->sendSync($request);

	foreach ($responses as $response) {
	    foreach ($response as $name => $value) {	       
	    	$parts = explode(":", $value);
	        $real_ip = $parts[0];
	    }
	  
	}
	
	   if ($real_ip) {
	 	return $real_ip;
	 } else {
	 	return false;
	 }

}
And then get its mac address:
Code: Select all
function get_mac($real_ip){

		$client = new RouterOS\Client($_SERVER['REMOTE_ADDR'], 'username', 'password');
		$request = new RouterOS\Request('/ip/arp/print');

		
		$query = RouterOS\Query::where('address', $real_ip);
		$request->setArgument('.proplist', 'mac-address');

		$request->setQuery($query);
		$responses = $client->sendSync($request);

		foreach ($responses as $response) {
		    foreach ($response as $name => $value) {
		        //echo "{$value}\n";
		        $mac = $value;
		    }
		   
		}
		
		if ($mac) {
		 	return $mac;
		 } else {
		 	return false;
		 }
		
	}
You can get it in one step:
Code: Select all
$mac = get_mac(get_real_ip());
If you need the router name:
Code: Select all
function get_router_name(){
	$util = new RouterOS\Util(
	    $client = new RouterOS\Client($_SERVER['REMOTE_ADDR'], 'username', 'password')
	);
	$util->setMenu('/system identity');
	
	$router_name = $util->get(null, 'name');
	return $router_name;

}
I hope this helps someone.
Dont forget to change username and password in connection parameters :D

Re: Get MAC address of an IP Bindings user

Posted: Wed Jan 18, 2023 2:49 pm
by eyesaka
How get wifi router mac address using mikrotik rest api ?
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/