User Manager/Hotspot Example

User Manager/Hotspot Example

Introduction
To make this setup, you should have running Hotspot server on the router. Let us consider configuration steps for
HotSpot and User Manager routers, in order to use User Manager for HotSpot users.

HotSpot configuration
Set HotSpot to use User Manager for HotSpot server users,
/ ip hotspot profile set hsprof1 use-radius=yes
Add radius client to consult User Manager for HotSpot service.
/ radius add service=hotspot address=y.y.y.y secret=123456
'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address. By default this is
127.0.0.1. If using a remotely located Router (perhaps via a VPN) then the IP address entered is the IP address of
that remote Router. The router could be a Radius Server, or another ROS with User Manager installed.
Note, first local HotSpot database is consulted, then User Manager database.
It means that if you have configuration in '/ ip hotspot user print', users will be able to authenticate in HotSpot using
this data.
Delete users configuration from '/ ip hotspot print' to stop using local HotSpot database for authentication. To move
batch of local HotSpot users to the User Manager database use export and import . Use text editor program to create
appropriate file to import local users to the User Manager database.

User Manager configuration

First, you need to download and install User Manager package [1];
Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called
'admin' is created automatically - you can skip the following stage and change 'MikroTik' to 'admin' in subsequent
steps;
/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner

Add HotSpot router information to router list,

/ tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456

'x.x.x.x' is the address of the HotSpot router, 'shared-secret' should match on both User Manager and HotSpot
routers. Adding 'x.x.x.x' as a router allows Radius requests from 'x.x.x.x' to be passed to the Radius Server built into
User Manager. Therefore if you have any remote ROS Hotspots that require access to this Radius Server, then all
their IP addresses must be added to this list.
Add HotSpot user information, it is equal to 'ip hotspot user' when local HotSpot is used for clients
In version 3:
/ tool user-manager user add name=demo password=demo subscriber=MikroTik
In version 4:
/ tool user-manager user add name=demo password=demo customer=MikroTik

User Manager/Hotspot Example

We discuss only basic configuration example, detailed information about 'user' menu configuration.
You can use User Manager web interface after first subscriber created.
To make sure, that client is using User Manager for AAA,
/ ip hotspot active print
Flags: R - radius, B - blocked
#
USER
ADDRESS
0 R 00:01:29:2... 192.168.100.2

UPTIME
1m29s

'R' means that client uses User Manager server for AAA services.

References
[1] http:/ / www. mikrotik. com/ download. html

SESSION-TIME-LEFT IDLE-TIMEOUT

Article Sources and Contributors

Article Sources and Contributors

User Manager/Hotspot Example Source: http://wiki.mikrotik.com/index.php?oldid=17669 Contributors: Girts, Nest, Normis, SergejsB, Vitell