Powered by Jitbit .Net Forum free trial version. dismiss

HomeInteroperability

Interoperability with RADIUS clients & servers

Attributes in work with DHCP on Mikrotik. Messages in this topic - RSS

RedDemon
RedDemon
Posts: 11


22.05.2017
RedDemon
RedDemon
Posts: 11
Good day everyone.
What i have.
Tekraduis + SQL Express (2016 sp1), Mikrotik RB951G-2Hnd with DHCP on board.
Mikrotic is connected to TekRADIUS as Client.
Mikrotik DHCP use RADIUS in options.
Clients machine get request for address from DHCP but not autorise by Tek RADIUS.
Tell ,please which attribute s i need use in TekRADIUS in Group and USER option?
0 link
Admin
Admin
Administrator
Posts: 4736


22.05.2017
Admin
Admin
Administrator
Posts: 4736
Hi,

Can you send TekRADIUS log (Accessible through file menu) entries for failed authentication attempt after setting logging = developer at settings / service parameters?

Best regards,

Yasin KAPLAN
0 link
RedDemon
RedDemon
Posts: 11


22.05.2017
RedDemon
RedDemon
Posts: 11
here it is.

0 link
Admin
Admin
Administrator
Posts: 4736


22.05.2017
Admin
Admin
Administrator
Posts: 4736
Hi,

This log shows no authentication request. Please make sure that you have entered IP address of RADIUS server correctly in Mikrotik configuration. Please also check if there is not a firewall or IP filter blocking RADIUS communications between TekRADIUS and Mikrotik device.

You can verify if RADIUS requests arrive to TekRADIUS machine by getting a Wireshark trace on TekRADIUS installed machine.

Best regards,

Yasin KAPLAN
0 link
RedDemon
RedDemon
Posts: 11


22.05.2017
RedDemon
RedDemon
Posts: 11
Thank you. I will check this immediately
0 link
RedDemon
RedDemon
Posts: 11


23.05.2017
RedDemon
RedDemon
Posts: 11
Good day.
And Good news. After troubleshooting some network problem, Tekradius start working and clinet machine began to receive the address, with the approval of RADIUS.
But without any check and apply attributes.
And here appears the second part of the problem:
1. We want after approval of the request by tekRADUIS information was added to Adddress LIst on Mikrotik. In this form: in the field username is mac address approved by radius. And address is adress which DHCP lease for client.
2. Or add a column to the left window in user tab. So that we can assign user entries to an arbitrary name.

0 link
Admin
Admin
Administrator
Posts: 4736


23.05.2017
Admin
Admin
Administrator
Posts: 4736
Would you like to allow client login requests based on their MAC addresses?
0 link
RedDemon
RedDemon
Posts: 11


23.05.2017
RedDemon
RedDemon
Posts: 11
This is the initial idea. We also want the lists to be formed for the subsequent moderation of access to resources. And we plan to use for this TekRadius as our RADIUS server.
0 link
Admin
Admin
Administrator
Posts: 4736


23.05.2017
Admin
Admin
Administrator
Posts: 4736
You can add External-Executable attribute as a check attribute to user profile and run a command line utility to access Mikrotik command line and add Framed-IP-Address to a firewall Address List received in RADIUS authentication request.
+1 link
RedDemon
RedDemon
Posts: 11


23.05.2017
RedDemon
RedDemon
Posts: 11
just add External-Executable attribute or do I specify the values there? And if it is necessary,what to write there?
Qestion about mikrotik, i think need to ask a specialist for Mikrotik.
thank for you help)
0 link
RedDemon
RedDemon
Posts: 11


23.05.2017
RedDemon
RedDemon
Posts: 11
Thank you.
0 link
Admin
Admin
Administrator
Posts: 4736


23.05.2017
Admin
Admin
Administrator
Posts: 4736
Please see TekRADIUS Manual for External-Executable usage. You can pass received attribute values to a command line executable.
0 link
RedDemon
RedDemon
Posts: 11


23.05.2017
RedDemon
RedDemon
Posts: 11
Resolved problem.
Thank s for you help/
One last qestion: There are restrictions on the number of users?
0 link
Admin
Admin
Administrator
Posts: 4736


24.05.2017
Admin
Admin
Administrator
Posts: 4736
There is no limit on number of users can be defined in TekRADIUS database.
0 link
RedDemon
RedDemon
Posts: 11


24.05.2017
RedDemon
RedDemon
Posts: 11
Then the question is. What are the limitations of the free version?
We want to use it in an important direction of work. And we want to learn the "pitfalls".
0 link
Admin
Admin
Administrator
Posts: 4736


24.05.2017
Admin
Admin
Administrator
Posts: 4736
Please see https://www.kaplansoft.com/download.html for freeware limitations.
0 link
RedDemon
RedDemon
Posts: 11


28 days ago
RedDemon
RedDemon
Posts: 11
Good day.
Testing going well. But we have some questions.
First and most impotant.
can we redirect connections which not in Users, to separate adresslist on mikrotik?
0 link
Admin
Admin
Administrator
Posts: 4736


28 days ago
Admin
Admin
Administrator
Posts: 4736
TekRADIUS allows you to have a Default user profile. This will allow you to redirect non-existing users.
0 link
RedDemon
RedDemon
Posts: 11


28 days ago
RedDemon
RedDemon
Posts: 11
but what Username for this User profile?(now Username=mac address)
And group for this user will be "Default"? Or we can oeder group?
0 link
Admin
Admin
Administrator
Posts: 4736


28 days ago
Admin
Admin
Administrator
Posts: 4736
Username = Default

You can set any existing group as user group for this user profile.
0 link






Powered by Jitbit Forum 8.3.8.0 © 2006-2013 Jitbit Software