Portal Home > Knowledgebase > Tips & Tricks > How to setup up RADIUS for use with MikroTik

How to setup up RADIUS for use with MikroTik

Let's say that you have mysql and freeradius installed in your system and would like to use it with MikroTik. After FreeRADIUS is installed, we need to configure it. This step will detail how to setup the server for use with the local Unix user accounts for the machine that FreeRADIUS is installed on. If you would like to immediately setup the server for use with the MySQL database proceed to the next step but I highly recommend you do this step first to verify the RADIUS install works properly. Step 4 also builds on this step.

First we are going to need some tool to test the installation of the RADIUS server with, I prefer NTRadPing you can download it from MasterSoft’s website(free download) NTRadPing provides a nice simple testing interface for MS Windows computers.

First we need to authorize access to the RADIUS server to certain computers:

cd /etc/raddb
vi clients

Add the IP address of the Mikrotik box and the IP address of the windows computer you have NTRadPing installed on and pick a secret key for each.


# Client Name Key
#---------------- ---------- testkey
ramona.lb.ru testkey

optional step

This step is not crucial and may be skipped, it simply adds functionaility for you to use the two attributes: Mikrotik-Recv-Limit and Mikrotik-Xmit-Limit for limiting how much data a user can use before being knocked offline (ie. once they transfer say 200MB they are kicked offline). I don’t use this, but you may wish to:

We now need to ‘install’ the dictionary file for the Mikrotik:

cd /usr/local/share/freeradius
wget http://www.mikrotik.com/Documentation/manual_2.9/dictionary.mikrotik
vi dictionary

After the last $INCLUDE statement add the following line:

$INCLUDE dictionary.mikrotik


Add the same IP addresses for your test computer and Mikrotik box into this file and select the type of NAS. Example:

# NAS Name Short Name Type
#---------------- ---------- ----
localhost local portslave test portslave
ramona.lb.ru hs1 mikrotik


Find the Unix section of the file and ensure that the lines

passwd = /etc/passwd
shadow = /etc/shadow
group = /etc/group

are NOT commented out (ie. do not have a # sign in front of them).

Congratulations!!! You now have a fully functional RADIUS server that will uses the local Unix accounts as its authentication base.

Let’s test it out

Start the RADIUS server in debug mode(-x) by typing:

radiusd –x
  • Note: You must be logged in as root (su or real login) to start the server, otherwise you will get a “command not found” error.

If you receive no error messages you have configured the server properly, now on the MS Windows machine open NTRadPing. Enter the following:

RADIUS Server: {ip address of your radius server}
Port: 1812
RADIUS Secret Key: {the key you specified in the clients file}
User-Name: root
Password: {root password for the machine on which freeRADIUS is installed}
  • You should get an “Access-Accept” message.
  • Now change the password to something incorrect, ensure you get an “Access-Reject” message
  • Now correct the password, change the port to 1813, and change the Request Type to: “Accounting Start”. Ensure you get an “Accounting-Response” message.
  • Finally change the Request Type to: “Accounting Stop”. Ensure you get an “Accounting-Response” message.

Getting the Mikrotik RouterOS Box to Work with the RADIUS Server

Log into the Mikrotik box and execute these simple commands:

For simplicities’ sake later ensure you can ping the radius server from the Mikrotik box:

ping {ip address of your RADIUS server}
CTRL-C to break when you are satisfied you can/can not talk to the server
You should now, as a hotspot client, be able to request any page and be directed to the login page as normal, if you login as an entry in the SQL database (username: radiustest, password: testpassword) you shold be authenticated no problem.

Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Uplink Bandwidth problem (Views: 1422)
Settign up Raid (Views: 1102)