Wednesday, November 13, 2013

Mikrotik RADIUS and User Manager

Setup RADIUS & User Manager on Mikrotik RB


On the last post, we already create a hotspot with one administrator profile. Now, we will create radius server to do the user management and accounting for your hotspot. It will control user authentication and access to your hotspot system. First of all, you will need to create a Radius Server. Mikrotik allows you to setup a basic Radius Server.
First, run WinBox and click on IP > Hotspot > Hotspot Profiles.

You can see [ default ] and [ hsprof1 ] in the Hotspot Server Profiles window. Double click the [ hsprof1 ] to edit its properties. Enter or change the information as shown in the picture below.


Click image to enlarge
Click image to enlarge
Change ‘Hotspot Address’ to match your ether1 IP Address.
On the “Login” tab, only select “HTTP CHAP” and disable everything else.
Next, on the “RADIUS” tab, select the “Use RADIUS” checkbox.
Finally, click “OK” to accept the configuration.

/ / / / / / / / / / @ \ \ \ \ \ \ \ \ \ \

The above steps are to activate your hotspot radius functionality with more control options than WinBox Hotspot user account. Now you will need to enter “userman” and start managing your client’s account.

Firstly, change the web service port to “808” or any other unused port number besides “80” and “8080”. Launch WinBox and go to IP > SERVICES. Change “www” to port “808” (I use this number because I like it).

Next, launch your internet explorer (other browser don’t work well with Mikrotik RB User Management System). Go to http://192.168.5.10:808/userman/ or http://your-dns-name:808/userman/ to enter User Management System. Enter your username and password created in hotspot via WinBox earlier.

If your information is correct, your browser should open the User Management System. Click on “ROUTER” located at the upper left side of the window.

Add caption
 Give a name for your Radius Server for easy identification.

Enter the information that you supplied when setting up RADIUS on WinBox. It must be the exact copy or your RADIUS Server won’t work properly. Refer to image above if your setting is same as mine. When finished, click on “SAVE”.

Now, your RADIUS Server is ready. All we need is at least one username. It will be used to login to your hotspot before the client is allowed to access the internet through your hotspot.

/ / / / / / / / / / @ \ \ \ \ \ \ \ \ \ \

Click image to enlarge
Click on “Profiles” and go to “Limitations” tab to create speed limitation if you require it. I have 3 packages and each one will be assigned with different speed. This limitation is to create traffic shaping so that you can make the most out of your internet connection.

Give it a name and enter limitation values in the box provided.

Limits:
  • Download: Limit account by download volume.
  • Upload: Limit account by upload volume.
  • Transfer: Limit account by total upload and download volume.
  • Uptime: Limit account by their logged in time / uptime.
Note: You can set “Limits” either by download or upload. If you want the account to be limited to certain total volume calculated on download + upload, enter the value in “Transfer” box. I prefer to leave it blank for unlimited transfer and uptime.

Rate Limits:
  • Rate Limit: “Tx” for download limit and “Rx” for upload limit.
  • Burst Rate: We don’t set this.
  • Burst Threshold: We don’t set this.
  • Burst Time: We don’t set this.
  • Min Rate: “Tx” for download and “Rx” for upload.
  • Priority: This will prioritize queue on account. Leave it as default if you don’t want to use it.
When everything is in order, click on “Save” to accept the configuration.

Repeat it to add another limitation.


/ / / / / / / / / / @ \ \ \ \ \ \ \ \ \ \


Click image to enlarge
Now we will setup your account profile. Click on “Profiles” tab just beside the “Limitations” tab and click on the ‘+’ sign to add your account profile. For example, I create a yearly pass. Give it a name to easily identify it and enter validity period of the profile. When expired, the account will not be able to login to your hotspot.

If you want a free account profile, leave the price box empty.

Finally, add any limitation to that profile. The limitation has been created earlier.

/ / / / / / / / / / @ \ \ \ \ \ \ \ \ \ \

Click image to enlarge
Now, we will create a user for your hotspot. Click on “Users” located at the left panel of your screen. You can see a menu on top. Click on “Add” and select “One” to create single username. A new box will appear and all you need is to input the username/password and assign any profile to be applied to the user. That’s it! Now the username can be used to login to you hotspot.

Repeat it to create additional users or click on “Batch” to create multiple users at the same time. It will generate random username and password for login.


2 comments: