[HamWAN PSDR] Radius for Mikrotik login auth
Bryan Fields
Bryan at bryanfields.net
Thu Aug 11 18:30:47 PDT 2016
I just implemented this here in Florida. It's actually not that hard, and it
would be trivial to implement OTP or token based auth if you wanted to get
really fancy.
Mikrotik config
/radius
add accounting-backup=no accounting-port=1813 address=44.98.252.1
authentication-port=1812 called-id="" \
disabled=no domain="" realm="" secret=RADIUS-PW service=login timeout=300ms
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s
use-radius=yes
Freeradius
setup it to listen on a give ipv4/v6 interface in radiusd.conf
clients.conf:
client 44.98.248.0/23 {
secret = RADIUS-PW
shorname = HamWAN
}
users:
bobdole Cleartext-Password := "PASSWORD!"
Mikrotik-Group = "full", # only if you want root!
Service-Type = Login-User,
Juniper-Local-User-Name := "super-users", # only if you want root!
Juniper:
groups {
global {
system {
authentication-order [ radius password ];
radius-server {
44.98.252.1 {
port 1812;
accounting-port 1813;
secret "nope.jpg"; ## SECRET-DATA
}
}
login {
user full {
class super-user;
}
}
}
}
}
system {
host-name TAMPA-CORE-EX;
authentication-order [ radius password ];
root-authentication {
encrypted-password "nope.jpg"; ##
}
radius-server {
44.98.254.1 {
secret "nope.jpg"; ## SECRET-DATA
source-address 44.98.249.1;
}
}
login {
user super-users {
uid 2003;
class super-user;
}
}
--
Bryan Fields
727-409-1194 - Voice
http://bryanfields.net
More information about the PSDR
mailing list