»» SolidTrustPay Wajib Bagi Anda Pebisnis Online ««


»» SolidTrustPay must for your online business ««

▬▬▬▬▬▬▬▬▬ஜ۩۞۩ஜ▬▬▬▬▬▬▬▬▬▬
»» WELCOME to DOFOLLOW BLOGs "17 January 2012"««
»» Computer & Software Technology Sharing Information««
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ஜ۩۞۩ஜ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
  • Mikrotik Router Local Users Authentication via RADIUS Server

    Local Users Authentication via RADIUS Server



    This manual discusses how to make two users ex and ex2 which are members of different groups and are authenticated with RADIUS.

    For the purposes of this manual we use Debian GNU/Linux system and FreeRADIUS RADIUS server. Both these products are free software.

    * MikroTik Router Configuration
    o
    Configure the router with proper RADIUS server connection parameters.

    [admin@MikroTik] radius> add service=login address=1.1.1.1 secret="xxx" disabled=no
    [admin@MikroTik] radius> print detail
    Flags: X - disabled
    0 service=login called-id="" domain="" address=1.1.1.1 secret="xxx"
    authentication-port=1812 accounting-port=1813 timeout=300ms
    accounting-backup=no
    [admin@MikroTik] radius>

    o

    Enable local user authorization service to use RADIUS server

    [admin@MikroTik] user aaa> set use-radius=yes
    [admin@MikroTik] user aaa> print
    use-radius: yes
    accounting: yes
    interim-update: 0s
    default-group: read
    [admin@MikroTik] user aaa>

    * FreeRADIUS Server Installation and Configuration
    o

    Install FreeRADIUS server package

    root@wildcat:/etc# apt-get install freeradius
    Reading Package Lists... Done
    Building Dependency Tree... Done
    Suggested packages:
    freeradius-ldap freeradius-mysql freeradius-krb5 freeradius-iodbc
    The following NEW packages will be installed:
    freeradius
    0 upgraded, 1 newly installed, 0 to remove and 269 not upgraded.
    Need to get 0B/1788kB of archives.
    After unpacking 4362kB of additional disk space will be used.
    Selecting previously deselected package freeradius.
    (Reading database ... 60006 files and directories currently installed.)
    Unpacking freeradius (from .../freeradius_0.9.3-1_i386.deb) ...
    Setting up freeradius (0.9.3-1) ...
    Group freerad does already exist as a system group. Exiting...
    freerad : freerad shadow
    Restarting FreeRADIUS daemon: Stopping FreeRADIUS daemon: freeradius.
    Starting FreeRADIUS daemon: Tue Sep 14 10:50:30 2004 : Info: Starting
    - reading configuration files ...
    freeradius.

    root@wildcat:/etc#

    o

    Open the file /etc/freeradius/clients.conf and add the following record:

    client 1.1.1.3 {
    secret = xxx
    shortname = xxx
    }

    This record represents reachable MT router's address (src-address of packets coming from MT router).
    o

    Open the file /etc/freeradius/users and add the following line:

    ex User-Password == "ex"

    This adds user named ex which will belong to the default group specified under /user aaa submenu.
    o

    To add a user which belongs to the group other then default, you need to supply Group attribute to the router. Open /etc/freeradius/users file once more and add second user named ex2 which will be the member of group full.

    ex2 User-Password == "ex2"
    Group = "full"

    Do not forget to update FreeRADIUS dictionary with additional attributes! Open /etc/freeradius/dictionary file and add the following:

    VENDOR Mikrotik 14988

    ATTRIBUTE Recv-Limit 1 integer Mikrotik
    ATTRIBUTE Xmit-Limit 2 integer Mikrotik
    ATTRIBUTE Group 3 string Mikrotik
    ATTRIBUTE Wireless-Forward 4 integer Mikrotik
    ATTRIBUTE Wireless-Skip-Dot1x 5 integer Mikrotik
    ATTRIBUTE Wireless-Enc-Algo 6 integer Mikrotik
    ATTRIBUTE Wireless-Enc-Key 7 string Mikrotik
    ATTRIBUTE Rate-Limit 8 string Mikrotik

    o

    Restart FreeRADIUS server.

    root@wildcat:/etc# /etc/init.d/freeradius restart
    Restarting FreeRADIUS daemon: Stopping FreeRADIUS daemon: freeradius.
    Starting FreeRADIUS daemon: Tue Sep 14 12:02:05 2004 : Info: Starting
    - reading configuration files ...
    freeradius.
    root@wildcat:/etc#
    *
    Configuration testing

    To test the configuration log on to your router as whether ex or ex2 user. Note, that user ex has only read permissions while on the contrary user ex2 has full permissions, exempli gratia he can create new users.

    next .. have to lunch ..


    Jika info lebih lanjut, silahkan bertanya di komentar.

2 komentar:

  1. Very nice example. Some good mikrotik tutorials can be found on tikdude.com.

  1. Ami Nischup says:

    you can some mikrotik tut from here : http://mikrotiktutorialblog.blogspot.com

Penting Menurut Anda ? Bantu Sebarkan ...
  • Share
  • [i]
Warning :
This articles is the property of http://www.tambelanblog.com
Copying and publishing any articles from our site to your websites is strictly NOT allowed


Protected by Copyscape Online Plagiarism Check

#################################################


.::Latest Comments

Recent Comments Widget

.::Search On This Blog

.::About us : Do Follow Blog !!

TambelanBlog, Care to Shared Do Follow Blog

.::Media

.::Translate This Page

Arabic Korean Japanese Chinese Simplified Russian Portuguese
English French German Spain Italian Dutch

.::Subscribe Now For Free

Our Readers

Your email here

Received Update for FREE:

Delivered by FeedBurner

.::Be My Circles

.::Popular Post by Readers

.::Follower to be Followed!

.::First Class Exchange Link!