[HamWAN PSDR] Radius for Mikrotik login auth

Bryan Fields Bryan at bryanfields.net
Thu Aug 11 18:30:47 PDT 2016


I just implemented this here in Florida. It's actually not that hard, and it
would be trivial to implement OTP or token based auth if you wanted to get
really fancy.

Mikrotik config
/radius
add accounting-backup=no accounting-port=1813 address=44.98.252.1
authentication-port=1812 called-id="" \
    disabled=no domain="" realm="" secret=RADIUS-PW service=login timeout=300ms
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s
use-radius=yes

Freeradius
setup it to listen on a give ipv4/v6 interface in radiusd.conf

clients.conf:

client 44.98.248.0/23 {
        secret      = RADIUS-PW
        shorname    = HamWAN
}

users:

bobdole Cleartext-Password := "PASSWORD!"
        Mikrotik-Group = "full",  # only if you want root!
        Service-Type = Login-User,
        Juniper-Local-User-Name := "super-users", # only if you want root!


Juniper:

groups {
    global {
        system {
            authentication-order [ radius password ];
            radius-server {
                44.98.252.1 {
                    port 1812;
                    accounting-port 1813;
                    secret "nope.jpg"; ## SECRET-DATA
                }
            }
            login {
                user full {
                    class super-user;
                }
            }
        }
    }
}

system {
    host-name TAMPA-CORE-EX;
    authentication-order [ radius password ];
    root-authentication {
        encrypted-password "nope.jpg"; ##
    }
    radius-server {
        44.98.254.1 {
            secret "nope.jpg"; ## SECRET-DATA
            source-address 44.98.249.1;
        }
    }
    login {
	user super-users {
            uid 2003;
            class super-user;
        }
    }





-- 
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net


More information about the PSDR mailing list