MikroTik

Community discussions
https://forum.mikrotik.com/

trying to make a radius server for my hotspot-basic question

https://forum.mikrotik.com/viewtopic.php?t=68621

Page 1 of 1

trying to make a radius server for my hotspot-basic question

Posted: Tue Jan 01, 2013 10:50 am
by David1234
Hello
First I want to know if I get this right -
The radius server help me menage the users of my hotspot - is it true?
in the end of the configuration every user I will add to the radius will be able to enter the hotspot and go on-line?

Re: trying to make a radius server for my hotspot-basic ques

Posted: Tue Jan 01, 2013 12:49 pm
by SurferTim
Yes and yes.

Re: trying to make a radius server for my hotspot-basic ques

Posted: Tue Jan 01, 2013 2:43 pm
by David1234
o.k

now - I have try to config radius server (I have also install the user manage)
did everything like it said
but I can only enter the hotspot with the admin user and pass

I want to have one router with hotspot and be able to manage 10 users that I enter into the radius (for start....)

** is there a guide that explain all is need to be done from start till end?

this is what I have :

Re: trying to make a radius server for my hotspot-basic ques

Posted: Tue Jan 01, 2013 9:45 pm
by SurferTim
You must set up User Manager also. You must enter a client in the "Routers" section. The IP address should be 127.0.0.1 and the radius secret must match the entry in the radius section.

Enable radius logging. Try a login, then check the log.
Code: Select all
/system logging
add topics=radius,debug action=memory

Re: trying to make a radius server for my hotspot-basic ques

Posted: Wed Jan 02, 2013 9:51 am
by David1234
now I get radius server not responding

Code: Select all
09:48:44 wireless,info C8:AA:21:15:3F:55@wlan1: connected 
09:48:44 dhcp,info dhcp3 deassigned 10.10.10.250 from C8:AA:21:15:3F:55 
09:48:44 dhcp,info dhcp3 assigned 10.10.10.250 to C8:AA:21:15:3F:55 
09:48:45 system,info,account user admin logged out via winbox 
09:48:45 system,info,account user admin logged out via local 
09:49:00 system,info,account user admin logged in from 10.0.0.200 via winbox 
09:49:03 radius,debug sending 05:00 to 127.0.0.1:1813 
09:49:03 radius,debug,packet sending Accounting-Request with id 6 to 127.0.0.1:181
3 
09:49:03 radius,debug,packet     Signature = 0x1c3c800f5d4ddc3b3b2577f0d1ceeaf8 
09:49:03 radius,debug,packet     Acct-Status-Type = 7 
09:49:03 radius,debug,packet     NAS-Identifier = "3GRouter" 
09:49:03 radius,debug,packet     Acct-Delay-Time = 0 
09:49:03 radius,debug,packet     NAS-IP-Address = 127.0.0.1 
09:49:03 radius,debug,packet received bad Accounting-Response with id 6 from 127.0
.0.1:1813 
09:49:03 radius,debug,packet     Signature = bad 0x0cd733e71354ccff65fa52df17943fd
4 
09:49:03 radius,debug received packet for 05:00 with bad signature, dropping 
09:49:27 hotspot,info,debug \D7\9B\D7\9B\D7\93\D7\92\D7\9B (10.10.10.250): trying 
to log in by http-chap 
09:49:27 radius,debug new request 3f:26 code=Access-Request service=hotspot called
-id=hotspot1 
09:49:27 radius,debug sending 3f:26 to 127.0.0.1:1812 
09:49:27 radius,debug,packet sending Access-Request with id 7 to 127.0.0.1:1812 
09:49:27 radius,debug,packet     Signature = 0x1f3099974476a9e28ea8e7ea467b9720 
09:49:27 radius,debug,packet     NAS-Port-Type = 19 
09:49:27 radius,debug,packet     Calling-Station-Id = "C8:AA:21:15:3F:55" 
09:49:27 radius,debug,packet     Called-Station-Id = "hotspot1" 
09:49:27 radius,debug,packet     NAS-Port-Id = "wlan1" 
09:49:27 radius,debug,packet     User-Name = 0xd79bd79bd793d792d79b 
09:49:27 radius,debug,packet     NAS-Port = 2151677952 
09:49:27 radius,debug,packet     Acct-Session-Id = "80400000" 
09:49:27 radius,debug,packet     Framed-IP-Address = 10.10.10.250 
09:49:27 radius,debug,packet     MT-Host-IP = 10.10.10.250 
09:49:27 radius,debug,packet     CHAP-Challenge = 0x181fa13061d12d96c430dfea542f21
d0 
09:49:27 radius,debug,packet     CHAP-Password = 0xae6dcf4fc16b314e215822a3f60f375
e 
09:49:27 radius,debug,packet       bb 
09:49:27 radius,debug,packet     Service-Type = 1 
09:49:27 radius,debug,packet     WISPr-Logoff-URL = "http://10.10.10.254/logout" 
09:49:27 radius,debug,packet     NAS-Identifier = "3GRouter" 
09:49:27 radius,debug,packet     NAS-IP-Address = 127.0.0.1 
09:49:27 radius,debug,packet received bad Access-Reject with id 7 from 127.0.0.1:1
812 
09:49:27 radius,debug,packet     Signature = bad 0xf1e7b4279364cc06aab7b9f0266768c
8 
09:49:27 radius,debug,packet     Reply-Message = 0x75736572203cd79bd79bd793d792d79
b 
09:49:27 radius,debug,packet       3e206e6f7420666f756e64 
09:49:27 radius,debug received packet for 3f:26 with bad signature, dropping 
09:49:27 radius,debug resending 3f:26 
09:49:27 radius,debug,packet sending Access-Request with id 7 to 127.0.0.1:1812 
09:49:27 radius,debug,packet     Signature = 0x1f3099974476a9e28ea8e7ea467b9720 
09:49:27 radius,debug,packet     NAS-Port-Type = 19 
09:49:27 radius,debug,packet     Calling-Station-Id = "C8:AA:21:15:3F:55" 
09:49:27 radius,debug,packet     Called-Station-Id = "hotspot1" 
09:49:27 radius,debug,packet     NAS-Port-Id = "wlan1" 
09:49:27 radius,debug,packet     User-Name = 0xd79bd79bd793d792d79b 
09:49:27 radius,debug,packet     NAS-Port = 2151677952 
09:49:27 radius,debug,packet     Acct-Session-Id = "80400000" 
09:49:27 radius,debug,packet     Framed-IP-Address = 10.10.10.250 
09:49:27 radius,debug,packet     MT-Host-IP = 10.10.10.250 
09:49:27 radius,debug,packet     CHAP-Challenge = 0x181fa13061d12d96c430dfea542f21
d0 
09:49:27 radius,debug,packet     CHAP-Password = 0xae6dcf4fc16b314e215822a3f60f375
e 
09:49:27 radius,debug,packet       bb 
09:49:27 radius,debug,packet     Service-Type = 1 
09:49:27 radius,debug,packet     WISPr-Logoff-URL = "http://10.10.10.254/logout" 
09:49:27 radius,debug,packet     NAS-Identifier = "3GRouter" 
09:49:27 radius,debug,packet     NAS-IP-Address = 127.0.0.1 
09:49:27 radius,debug,packet received bad Access-Reject with id 7 from 127.0.0.1:1
812 
09:49:27 radius,debug,packet     Signature = bad 0xf1e7b4279364cc06aab7b9f0266768c
8 
09:49:27 radius,debug,packet     Reply-Message = 0x75736572203cd79bd79bd793d792d79
b 
09:49:27 radius,debug,packet       3e206e6f7420666f756e64 
09:49:27 radius,debug received packet for 3f:26 with bad signature, dropping 
09:49:28 radius,debug resending 3f:26 
09:49:28 radius,debug,packet sending Access-Request with id 7 to 127.0.0.1:1812 
09:49:28 radius,debug,packet     Signature = 0x1f3099974476a9e28ea8e7ea467b9720 
09:49:28 radius,debug,packet     NAS-Port-Type = 19 
09:49:28 radius,debug,packet     Calling-Station-Id = "C8:AA:21:15:3F:55" 
09:49:28 radius,debug,packet     Called-Station-Id = "hotspot1" 
09:49:28 radius,debug,packet     NAS-Port-Id = "wlan1" 
09:49:28 radius,debug,packet     User-Name = 0xd79bd79bd793d792d79b 
09:49:28 radius,debug,packet     NAS-Port = 2151677952 
09:49:28 radius,debug,packet     Acct-Session-Id = "80400000" 
09:49:28 radius,debug,packet     Framed-IP-Address = 10.10.10.250 
09:49:28 radius,debug,packet     MT-Host-IP = 10.10.10.250 
09:49:28 radius,debug,packet     CHAP-Challenge = 0x181fa13061d12d96c430dfea542f21
d0 
09:49:28 radius,debug,packet     CHAP-Password = 0xae6dcf4fc16b314e215822a3f60f375
e 
09:49:28 radius,debug,packet       bb 
09:49:28 radius,debug,packet     Service-Type = 1 
09:49:28 radius,debug,packet     WISPr-Logoff-URL = "http://10.10.10.254/logout" 
09:49:28 radius,debug,packet     NAS-Identifier = "3GRouter" 
09:49:28 radius,debug,packet     NAS-IP-Address = 127.0.0.1 
09:49:28 radius,debug,packet received bad Access-Reject with id 7 from 127.0.0.1:1
812 
09:49:28 radius,debug,packet     Signature = bad 0xf1e7b4279364cc06aab7b9f0266768c
8 
09:49:28 radius,debug,packet     Reply-Message = 0x75736572203cd79bd79bd793d792d79
b 
09:49:28 radius,debug,packet       3e206e6f7420666f756e64 
09:49:28 radius,debug received packet for 3f:26 with bad signature, dropping 
09:49:28 radius,debug timeout for 3f:26 
09:49:29 hotspot,info,debug \D7\9B\D7\9B\D7\93\D7\92\D7\9B (10.10.10.250): login f
ailed: RADIUS server is not responding

Re: trying to make a radius server for my hotspot-basic ques

Posted: Wed Jan 02, 2013 12:48 pm
by SurferTim
Are you certain the radius secret is the same in the router's radius section and the User Manager Routers section?

Re: trying to make a radius server for my hotspot-basic ques

Posted: Wed Jan 02, 2013 1:32 pm
by David1234
yes
I have reset the router and this is what I did:
* IP of the router ethernet -10.0.0.254
IP of the ppp - 91.135.109.3
IP of the wlan (hotspot) 10.10.10.254
1. create hotspot --> hotspot setup (I have check it and it's working with user=admin pass=123)
2. / ip hotspot profile set hsprof1 use-radius=yes
3. / radius add service=hotspot address=127.0.0.1 secret=123
4.tool user-manager customer add login="admin" password=123 --error
Code: Select all
failure: such login name already exists
5./tool user-manager router add ip-address=10.0.0.254 shared-secret=123 customer=admin
6./tool user-manager user add name=demo password=demo customer=admin
7. I have enter the user-manager with the explorer and I generate a voucher to username=demo

I still get "not responding
Code: Select all
13:30:09 radius,debug,packet sending Access-Request with id 10 to 127.0.0.1:1812 
13:30:09 radius,debug,packet     Signature = 0x204779bfad19bc4cffbe2280bd9fd636 
13:30:09 radius,debug,packet     NAS-Port-Type = 19 
13:30:09 radius,debug,packet     Calling-Station-Id = "C8:AA:21:15:3F:55" 
13:30:09 radius,debug,packet     Called-Station-Id = "hotspot1" 
13:30:09 radius,debug,packet     NAS-Port-Id = "wlan1" 
13:30:09 radius,debug,packet     User-Name = "demo" 
13:30:09 radius,debug,packet     NAS-Port = 2149580802 
13:30:09 radius,debug,packet     Acct-Session-Id = "80200002" 
13:30:09 radius,debug,packet     Framed-IP-Address = 10.10.10.250 
13:30:09 radius,debug,packet     MT-Host-IP = 10.10.10.250 
13:30:09 radius,debug,packet     CHAP-Challenge = 0x7f00fdbec998c1960977a91d0a5a12
25 
13:30:09 radius,debug,packet     CHAP-Password = 0xa8d59d7392edb306601db0fd2e43a93
4 
13:30:09 radius,debug,packet       7e 
13:30:09 radius,debug,packet     Service-Type = 1 
13:30:09 radius,debug,packet     WISPr-Logoff-URL = "http://10.10.10.254/logout" 
13:30:09 radius,debug,packet     NAS-Identifier = "Hotspottest" 
13:30:09 radius,debug,packet     NAS-IP-Address = 127.0.0.1 
13:30:09 radius,debug resending 3f:29 
13:30:09 radius,debug,packet sending Access-Request with id 10 to 127.0.0.1:1812 
13:30:09 radius,debug,packet     Signature = 0x204779bfad19bc4cffbe2280bd9fd636 
13:30:09 radius,debug,packet     NAS-Port-Type = 19 
13:30:09 radius,debug,packet     Calling-Station-Id = "C8:AA:21:15:3F:55" 
13:30:09 radius,debug,packet     Called-Station-Id = "hotspot1" 
13:30:09 radius,debug,packet     NAS-Port-Id = "wlan1" 
13:30:09 radius,debug,packet     User-Name = "demo" 
13:30:09 radius,debug,packet     NAS-Port = 2149580802 
13:30:09 radius,debug,packet     Acct-Session-Id = "80200002" 
13:30:09 radius,debug,packet     Framed-IP-Address = 10.10.10.250 
13:30:09 radius,debug,packet     MT-Host-IP = 10.10.10.250 
13:30:09 radius,debug,packet     CHAP-Challenge = 0x7f00fdbec998c1960977a91d0a5a12
25 
13:30:09 radius,debug,packet     CHAP-Password = 0xa8d59d7392edb306601db0fd2e43a93
4 
13:30:09 radius,debug,packet       7e 
13:30:09 radius,debug,packet     Service-Type = 1 
13:30:09 radius,debug,packet     WISPr-Logoff-URL = "http://10.10.10.254/logout" 
13:30:09 radius,debug,packet     NAS-Identifier = "Hotspottest" 
13:30:09 radius,debug,packet     NAS-IP-Address = 127.0.0.1 
13:30:09 radius,debug timeout for 3f:29 
13:30:10 hotspot,info,debug demo (10.10.10.250): login failed: RADIUS server is no
t responding
this is all right? or that I forgot to do something?

Re: trying to make a radius server for my hotspot-basic ques

Posted: Wed Jan 02, 2013 2:04 pm
by SurferTim
That ip-address in User Manager must be the localnet interface also.
Code: Select all
/tool user-manager router add ip-address=127.0.0.1 shared-secret=123 customer=admin

Re: trying to make a radius server for my hotspot-basic ques

Posted: Wed Jan 02, 2013 2:25 pm
by David1234
Thank you!
now its working! :D :D :D

now 2 more questions: (if I can.....)
1. I understand I need to do a profile(unlimited,max time....) and then enter the user to the profile ,yes?
2.what is "Till time" ?

Thanks!

Re: trying to make a radius server for my hotspot-basic ques

Posted: Wed Jan 02, 2013 3:11 pm
by SurferTim
Hi David. That part is up to you. Some users on my system can login and stay logged in forever. Others buy time and are thrown off (logged out) after a specific date/time.

I use two RADIUS attributes in the Access-Accept message from the RADIUS server (User Manager).

1) Mikrotik-Group to send the appropriate user group entered in "/ip hotspot user profile".

2) WISPr-Session-Terminate-Time to automatically log out the user at a specific date and time. This requires NTP client set in the router.

This has all the stuff on the radius client end.
http://wiki.mikrotik.com/wiki/Manual:RADIUS_Client

Re: trying to make a radius server for my hotspot-basic ques

Posted: Wed Jan 02, 2013 3:17 pm
by David1234
O.K
I will "play" with this , and if I have more questions I will ask.

Thanks (again) for all your help!
:-)

Re: trying to make a radius server for my hotspot-basic ques

Posted: Wed Jan 22, 2014 10:12 pm
by corkuck
Are you certain the radius secret is the same in the router's radius section and the User Manager Routers section?
SurferTim been seeing your abilities in resolving the problem with us user have with: RADIUS server is not responding. Could take a look at config.settings done as describe at:

http://wiki.mikrotik.com/wiki/User_Mana ... ot_Example

Here are my router print outs. Thank you for your help.

[admin@CauseyMainRouter] /ip hotspot> print
Flags: X - disabled, I - invalid, S - HTTPS
# NAME INTERFACE ADDRESS-POOL PROFILE IDLE-TIMEOUT
0 hotspot1 EtherNet3 CauseyNet LAN dhcp_pool1 hsprof1 none

[admin@CauseyMainRouter] /radius> print
Flags: X - disabled
# SERVICE CALLED-ID DOMAIN ADDRESS SECRET
0 hotspot 127.0.0.1 123456


[admin@CauseyMainRouter] /tool user-manager customer> print
Flags: X - disabled
0 login="admin" password="" backup-allowed=yes time-zone=-00:00 permissions=owner signup-allowed=no paypal-allowed=no paypal-secure-response=no paypal-accept-pending=no


[admin@CauseyMainRouter] /tool user-manager router> print
Flags: X - disabled
0 customer=admin name="hotspot" ip-address=127.0.0.1 shared-secret="123456" log=auth-ok,auth-fail,acct-ok,acct-fail use-coa=no coa-port=1700


[admin@CauseyMainRouter] /tool user-manager user> print
Flags: X - disabled, A - active, I - incomplete
0 customer=admin name="demo" actual-profile="111M24hr" password="demo" shared-users=1 wireless-psk="" wireless-enc-key="" wireless-enc-algo=none last-seen=never


What else would you like to see? How can I help you help me?

Of course if I just use the router's "add user" and "user profile" it works fine.

But when I add a new radius server, built into the routerOS x86, then I build with in User Manger a User Named "demo" I can't login. But I can see it making requests to the new radius server in Radius. Server, Status. But then when trying to login using the MikroTik Hotspot Browser login:
User Name: demo
PW: demo
I get the dreaded: RADIUS server is not responding.

I know the obvious thought would be "Check Your Secrets" they are both the same. In the Radius and User Manger, Router, Password. They are both set to 123456 as shown above.

Waiting your response.

/rk

Re: trying to make a radius server for my hotspot-basic ques

Posted: Fri Feb 07, 2014 10:04 pm
by corkuck
I just started over from scratch, by doing a factory reset: winbox system/reset configuration on the router and it all works now.

"Happy MikroTik-ing

/tk
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/