Create Mikrotik Hotspot With Radius Server

Create Mikrotik Hotspot With Radius Server

May be it's to late to write about how to create a Mikrotik hotspot, but it's better than not at all i think. Like my other post, i always like to use winbox rather than text mode because it's easy and always simple.

Creating Mikrotik Hotspot.
OK, first what you need todo is set your wireless mode to "ap bridge", give a name to the SSID, select your wireless band and frequency.


Now, navigate to IP -> Hotspot, and follow these steps.
  • Click Setup
  • Select your Hotspot Interface and click next,
  • Set your local IP address (better end with 1, for example 192.168.0.1), click Masquerade Network and click next,
  • Select address pool of network (i think you can just click next this time),

  • Select certificate or leave it with none and click next,
  • Insert your smtp server if you have it or leave it and click next,
  • Fill your primary and secondary dns Server and then click next,
  • Set your hotspot private domain name like "my.public.hotspot.net" and then click next,
  • Set admin user and password of your hotspot and click next.

That's it, your hotspot now ready, you can now test your admin login by pointing and associating your laptop wireless to your hotspot. If you want to add a new user, navigate to IP->Hotspot and click Users. Add new user there and you can filter user by their mac address or IP.

Connecting To Radius Server.
Assume you already have a radius server, but if you don't and you have a Fedora linux you can read it here.

Back to your Mikrotik box, in the main menu click "Radius" and add new radius server by clicking red "+" sign. In the new radius server windows, fill address with IP of your radius server , fill secret with your radius secret key and make sure "hotspot" is checked in the service list.

Click apply to save your setting. Now Mikrotik will check both user added from Mikrotik and from radius server if some one trying to login to Mikrotik hotspot. You can read how to simply manage radius user for Mikrotik hotspot here.

Free Software for FreeRadius User Management

While searching around in google i found several application to managing radius account. Actually i did tried to Dialup Admin and Mikrotik Userman but not for the rest application, check it out.

dolaRADIUS
daloRADIUS is an advanced RADIUS web management application aimed at managing hotspots and general-purpose ISP deployments. It features user management, graphical reporting, accounting, a billing engine and integrates with GoogleMaps for geo-locating.


daloRADIUS is written in PHP and JavaScript and utilizes a MySQL database. It is based on a FreeRADIUS deployment with MySQL serving as the backend. Among other features it implements ACLs, GoogleMaps integration for locating hotspots/access points visually and many more features.

Dialup Admin
The FreeRADIUS server comes including a powerfull web interface written in PHP to administer radius users, called dialupadmin. Dialup Admin supports users either in SQL (MySQL or PostgreSQL are supported) or in LDAP.


Apart from the web pages, it also includes a number of scripts to make the administrator's life a lot easier.

Mikrotik Userman
User manager is a management system that can be used for HotSpot user, PPP (PPtP/PPPoE) users, DHCP users, Wireless users and RouterOS users.


Try mikrotik user manager online demo here with user and password is demo.

FreeRadius Admin Pacakage
A snazzy front-end admin kit for FreeRADIUS that allows for the addition of radius users,user groups, and group attribute templating.


Access controls allow for admin users and 'agents' that can act autonomously. Also admins FreeRADIUS radius attributes.

phpRADmin
phpRADmin is a tool written in PHP intended to handle the administration and provisioning of FreeRADIUS over the Web with MySQL as backend. This interface allows the administrator to config, find, create, edit, delete, and test users on an SQL (MySQL) database, create SQL groups, gather accounting information for a user.


phpRADmin show pies and graphs of your network status, usage audits, administration profiles with 3 levels. phpRADmin is Chillispot and WISP ready.

Happy trying and goodluck.

Install and Configure FreeRadius with MySQL

To complete my previous post about Creating Mikrotik User Manager, now I'd like to share a little information about installing FreeRadius with MySQL and how to configure it. And like the other post i have, i try to make it in the simple and fast way with example screenshot . My sample OS today is Fedora.

Install FreeRadius with MySQL
An easy way to install a new FreeRadius supported to our current Fedora is uisng YUM. Yum will resolve dependent software package related to FreeRadius, it's mean we don't need to find and download dependent package related to FreeRadius because yum will look for it, download and automatically install it.

[root@host ~]#yum -y install freeradius freeradius-mysql


If no problem occurs, then installation is complete.

Configuring FreeRadius with MySQL
All installed config file by default placed on "/etc/raddb", then change your directory to it.

[root@host ~]#cd /etc/raddb ;ls -altF

You should see many freeradius config dile there. Next is creating freeradius database (Assume you have already install MySQL).

[root@host raddb]# mysql -uroot -p
Enter password:
mysql>create database freeradius
mysql>exit



Now that freeradius database successful created, we now may import freeradius tables from db_mysql.sql files. This file was placed in "/usr/share/doc/freeradius-(VERSION)/db_mysql.sql".

[root@host raddb]#mysql -u root -p freeradius < /usr/share/doc/freeradius-(VERSION)/db_mysql.sql


Database and tables for freeradius now created, next step is edit file sql.conf to setup MySQL server, login, password and database infomation.

[root@host raddb]#nano sql.conf

You don't need to edit anything on this file unless you know what you're doing, save it (Note you can use any text editor know like vi or vim). Next is edit clients.conf files to set radius secret key.

[root@host raddb]#nano clients.conf

secret = mysecretword


Now edit line "secret" with any secret word you want, then save when your done. Last is editing radius.conf config file. Look for "accounting {" and "authorize {" then remove "#" (comment) from "sql".

Save when you're done and all setting for freeradius is done. You may now start freeradius using "radiusd -y".

[root@host raddb]#radiusd -y

To get freeradius start on boot, type "ntsysv" and select radiusd using space to add radiusd to automatic start service.


Ok, let test our freeradius server. Create one account in freeradius database. Login to mysql and select freeradius database, then add username = test and password = password.

mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('test', 'Password', 'password');
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('test', 'Auth-Type', 'Local');


Next is test our user with radtest.

[root@host raddb]#radtest test password localhost secret mysecretword


If "rad_recv: Access-Accept" showed up then your simple installation are complete now.

Part 4 - Mikrotik Hotspot & Freeradius -- Create your own user manager

Last time you has made your own script for inserting a new user to radius database. This time we are gonna view and manage user stats with fetching theradact tables in the radius database, but first make sure that there are some user already using their hotspot account before, this important because their login activity will be inserted automatically to the radact tables and we are gonna use that information data this time.

Open your MySQL admin software (i.e phpMyAdmin) the go to radact tables in the radius database.

If you are using phpMyAdmin the tables will be look like the above picture. There are some field that need to mention there is UserName, AcctStartTime, AcctStopTime and AcctSessionTime. This field will give us information about how long their log in activity. If we are need to know their download and upload activity the look at the AcctInputOctets and AcctOutputOctets it will show you.

If you want to resetting the user stats in case that they have using their maximum session time and need to log in again, simply just delete the rows that is related to user account in radact tables.

Next you need to do is write another php script to fetching radact tables and to delete rows for resetting process. I hope this post helpful and good luck.

Part 3 - Mikrotik Hotspot & Freeradius -- Create your own user manager

If in the previous part we are using phpMyAdmin for inserting a new user and it's information, but in this third part you have to write a little php script for inserting and querying MySQL database.

First we need to ensure that you understand with basic php programing especially with MySQL data processing. If you don't understand than i suggest you to go to one of my favorite links and learn some basic php MySQL programing. Don't ask me why, just read the title of this post "Create your own....", it's mean i am not give you any tutorials for php programing or something like that in this time, i just give you some clue for made it your self.

Next create a page contain with username, password and session time (in Second) selection form. Then create submit page to process the form and insert it into radcheck tables in freeradius database, the result will be like this example image.

Then give the user a group.
Another image to see.


There are 3 steps to do, first you need to add a user and password next you give the user a maximum session time (this is an optional, if you don't do this step then user will be have an unlimited session time) then add the user into a group.

Sql code:
INSERT INTO radcheck VALUES('', 'auserloginname', 'User-Password', '==', 'auserpassword')
INSERT INTO radcheck VALUES('', 'auserloginname', 'Max-All-Session', ':=', '10800')
INSERT INTO usergroup VALUES('auserloginname', agroupname', '1')

Please note that the "op" field in the radcheck it's is not the same form the first code and the second code.

OK, now you had made your own user registration page, user now can login into MikrotikHotspot (assume that Mikrotik box has already connect to radius server).

Next: Managing User Stats.

Part 2 - Mikrotik Hotspot & Freeradius -- Create your own user manager

Now entering part 2 - creating your own user manager, but first ensure that you already read the part 1.

USERGROUP
Field: UserName, GroupName, priority

Another image to see.

UserName fill it with user login name
GroupName fill it with group name of user you want to.
Priority fill it with priority number


RADGROUPREPLY

Field
: id, GroupName, Attribute, op, Value
Almost the same with radcheck except this thread is per group.

See another image here


Field information see the radcheck and use example from picture for Attribute field.

In the attribute field:
Idle-Timeout - maximum idle time of connected user.
Ascend-Data-Rate - maximum upload rate of connected user.
Ascend-Xmit-Rate - maximum download rate of connected user.

For complete reference with Attribute information, read here.

Part 1 & 2 Summary.
For making simple Freeradius user management related to Mikrotik Hotspot we just need the a few tables in the Freeradius database that is radcheck, radgroupreply and usergroup. From now on we can use a MySQL administration software for managing user like phpMyAdmin or else that can doing insert and querying data form Freeradius database. But remember all this way are based on my experience that is mean it is not based from an official guide for making a Mikrotik User manager. But the important thing is -- it's work.

Next -Write your code.


Part 1 - Mikrotik Hotspot & Freeradius -- Create your own user manager

FreeRADIUS is a free open source RADIUS server.

It offers an alternative to other enterprise RADIUS servers, as it is one of the most modular and feature-rich RADIUS servers available today. It is also within the top 5 RADIUS servers world-wide in terms of number of deployments, and number of users who are authenticated with it every day (Source : Wikipedia).

Below are simple steps to creating your own user manager based on Freeradius + MySQL for Mikrotik Hotspot and assume that we are already Install the Freeradius with MySQL support, but if you not install it already then read here for the Freeradius install instruction (I will write for it in another time). Let's do it in my way (Sorry, i write this post in several part).

In this way we are using Freeradius as an authentication server and using MySQL to store user database. Looks like we are gonna use web as an interface!. Not really, this time we just need to know what tables are used for user managing and we can use any MySQL administrator software for it (i.e. phpMyAdmin).


Above are list of tables in freeradius database (Admin and PrintUser tables are optional -- create by me), some tables aren't needed at this time, tables we are needed is: radcheck, radgroupreply and usergroup.

racheck are used for storing user information like user name and password
radgroupreply are used for reply to the radius client some of user group information (i.e. Rate limit, iddle time and etc) in this case Mikrotik Hotspot is act as a Radius client .
usergroup are used for storing user grouping information.

RADCHECK
Field : id, UserName, Attribute, op, Value

See this picture for example implementation.

UserName are filled with user log in name information.
Attribute are filled with user attribute information.
op are filled with operational key for attribute value.
Value are filled with attibute values like user password or number of session time.

In the Attribute field:
User-Password - giving UserName with a password in the related Value field.Max-All-Session - giving user a maximum session time in the related Value field.

Comments

Unknown said…
Great Tutorial.
May I have your e-mail Address?
No Name said…
Hi All!

I'm selling fresh & genuine SSN Leads, with good connectivity. All data are tested & verified.
Headers in Leads:

First Name | Last Name | SSN | Dob | Address | State | City | Zip | Phone Number | Account Number | Bank NAME | DL Number | House Owner

*You can ask for sample before any deal
*Each SSN lead will be cost $1
*Premium Lead will be cost $5
*If anyone wants in bulk I will negotiate
*Sampling is just for serious buyers

Hope for the long term deal
For detailed information please contact me on:

Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040

Popular Posts