- Wireless AP will be a MikroTik (MT) router. RADIUS server will be FreeRADIUS 2.2.5 running on Linux Mint Debian. This tutorial is only an instruction to setup a 802.1X/EAP wireless network. It will not explain how 802.1X/EAP wireless network works. Radius Terminologies: Clients: A client refers to a NAS, like an access point (AP).
- Let's say that you have mysql and freeradius installed in your system and would like to use it with MikroTik. After FreeRADIUS is installed, we need to configure it. This step will detail how to setup the server for use with the local Unix user accounts for the machine that FreeRADIUS is installed on.
'freeradius-mysql' is a required freeradius module so we can communicate with the mysql server. The Mysql server will store the needed data so freeradius can authenticate the client machine. Next, we will need to edit the default file to change the AAA mechanism of freeradius from file system to sql server.
I inherited a wireless setup of three Mikrotik routers in the roof of aset of office suites in Cape Town, South Africa. They were connected toan ADSL router, but the owners problem was there was no accountability onusage.
Mikrotik
Mikrotik make a numberofSingle-board computers, known as 'Routerboard's, and licence aproprietary operating system called RouterOS for use on these boards.
This was my first time to come across the Routerboards, and I like them.I was asked in because Mikrotik specialists in Cape Town are hard tofind, and harder to schedule.
I looked around for solutions to his problem, and decided on aFreeradius installation on Ubuntu, backed up with a mysql databaseand Freeradius-dialupadmin as a web front end for management. I found nogood documentation on a setup to handle my requirements, so I had tofigure it out as I went along, and now I am writing it up for anyoneelse. I did find auseful article on a hotspot-stylesetupandanotheron the Mikrotik wiki, but nothing that used MACauthentication.
RouterOS will authenticate via RADIUS - Remote Authentication Dial InUserService - and 3.x versions of RouterOS will do accounting viaRADIUS.
The existing setup used the (insecure) method of system identificationvia MAC address. It has the advantage of not requiring users to rememberpasswords, it just needs a list of the wireless MAC addresses.
RouterOS setup
Wireless clients need a number of things before they can use theInternet. They need an address, a default route, and nameservers. This istraditionally done via DHCP, and I saw no reason to change that. Eventhough the Mikrotik boxes can run a ‘hotspot' - where they allocate IPaddresses locally and ‘NAT' the collective for the upstream routers, Idecided there should be one DHCP server serving all clients. To accomplishthis I bridged the wireless and wired interfaces on the Mikrotiks. Thewired interface needs an IP address - I used an RFC1918 Class C networkfor everything. I put the Ubuntu server at 172.16.1.254, and the Mikrotikaccess points at 172.16.1.{1,2,3}. All the Mikrotiks need different IPs,and I also give them different names, so obviously those below willchange between boxes. I had to upgrade two of the Mikrotik boxes to 3.Xsoftware as the 2.X software does not do radius accounting.
Mikrotiks have a command hierarchy - and easy help. I am usingthe export verb at the appropriate command level to show myconfiguration. I do not include default parameters, and I keep the longlines so they can be copy-pasted.
Wired interface
Wireless interface
The wireless network also needs setup. The interface name is wlan1,it should not authenticate by default (we need it to ask RADIUS that), itmust be configured as an Access Point, and it needs an SSID that laptopusers can identify with.
Bridge the interfaces :-
Radius
We must instruct the wireless interface to use radius authenticationand accounting, and we must tell it where to find the radius server (theIP address below). The Radius server and clients (the Mikrotik boxes)need a common secret, used to hash information in either direction. Ienabled the incoming radius port, meaning that the radius server cancontact the client as well. Normally the client initiates all exchanges.
Now we have 3 wireless access points, requesting authentication froma Radius server, allowing authenticated clients to make DHCP requestsfrom their common wired interface, and passing accounting packets back tothe same Radius server.
Radius server
I installed Ubuntu 9.10 with freeradius,freeradius-mysql,freeradius-dialupadmin, mysql, phpmyadmin and dhcp (outof repositories). Iinstall phpmyadmin with mysql - it is an excellentdatabase administrator. I will not cover DHCP here - suffice it to saythat it is a standard setup, with'range' set to172.16.1.20-172.16.1.250.
The main radius configuration file is/etc/freeradius/radiusd.conf -the only change needed here is to ensure that it includes sql.conf - bydefault that line is commented out.
In sql.conf, set the database type to mysql, and set a custom mysqlpassword for the radius user.
Ubuntu has apache-style configurationdirectories/etc/freeradius/sites-availableand/etc/freeradius/sites-enabled, and on installation two ‘sites'are enabled, default and inner-tunnel. Keep it that way, and edit only/etc/freeradius/sites-available/default.
Mikrotik routers when using MAC radius authentication present theMAC address as the username with an empty password. We wish the MACaddress to be looked up from the database. In/etc/freeradius/sites-available,uncomment 'sql' in the 'authorize'section, and comment out 'pap' in the same section.
MySQL
We must now create all the necessary tables in mysql for radius to use.I am assuming mysql has been installed expressly for this purpose - ifyou are using mysql for other things you will know which instructionsbelow to avoid. mysql on ubuntu comes with no root password ininstallation, we must create one, and that ‘radius' database.
From here we can use the scripts provided in/etc/freeradius/sql/mysql.Edit admin.sql in that directory to set a custom password - for thisdiscussion I will use wizzyradius.
At the prompt, use the mysql root password above -wizzypassword.
At the prompt, use the radius user password above - wizzyradius.thissets up all the radius tables, and the optional nas table.
Now to add in a user for testing. It is easiest to use phpmyadmin, butI will do it from the command line here.
With radius running, we can now test authentication with radius :-
We are looking for a response code 2. To debug any steps with radius,stop radius, and start it with debugging.
If this works as above, you should be ready to test with the Mikrotiks.
Finally, let us throw freeradius-dialupadmin into the mix, to makethings easier on the administration front. If you installed it above,apache would also have been installed. Symlink its configuration fileinto apache, like so:-
and take a look at its configuration filesin/etc/freeradius-dialupadmin/. The main one isadmin.conf. Justshowing all the changes I made below, not all the variables in the file.I also commented out all references to ldap.
Now, from http://172.16.1.254/freeradius-dialupadmin/ you should seethe administration page, and in particular the user we added earlier.There are some useful cron scriptsat/usr/share/freeradius-dialupadmin/bin/freeradius-dialupadmin.cron thatI also installed to run as user radius.
If you need Mikrotik help in Cape Town, feel free to contact me.
Mikrotik Freeradius Mysql Server
- 1Mikrotik and Freeradius 1.0.4+ with MySql For PPP Authentication
- 1.1Setting Up Freeradius
- 3Crash Course On Radius
- 5Testing What We Have Done So Far
- 6Configuring RouterOs for Radius & PPP* AAA
- 7MySQL replication
Mikrotik and Freeradius 1.0.4+ with MySql For PPP Authentication
This guide assumes you have a working Linux system (for the purpose of this guide Ubuntu 5.10 is used), The Linux system can communicate with the RouterOs system and you have a basic understanding of Linux and MySql commands. The purpose of this document is to walk you through the steps needed to configure freeradius, get freeradius talking to MySql and finally getting your RouterOs system to authenticate and assign IP's for PPP* connections.
- All of the commands in the following guide assumes you are logged into *NIX systems as root or RouterOs systems as Admin
Setting Up Freeradius
Once you have installed freeradius with the MySql module on your Linux system its time to tidy up the base configuration. This guide assumes that the freeradius server will ONLY be serving RouterOs systems. In order for Mikrotik & freeradius to work nicely together a lot of unnecessary options/features in freeradius must be removed or turned off, we start this by trimming radiusd.conf
radiusd.conf
- An example of a trimmed radiusd.conf can be found Here - This is in production use on a Ubuntu 5.10 server processing requests for PPPoE, We will now run through the file and i will explain what options do what
The above options are specific to your installation of freeradius and may be different from these, do not overwrite your local setting with the above settings, you may find your freeradius server not long functions correctly - it is generally better to leave these settings alone
These settings control your server, what you should change here is the max_requests setting and the bind address, max_requests should be set to 256 * Number of routers using this radius server, it is better to set this number too high than it is to set it too low, if this number is too low the server will stop responding to radius requests when under load. For this example I have said that 4 RouterOs devices will use this radius server so 1024 is an ideal number. Alter the ‘bind_address' if you have multiple network interfaces or ip's on the *NIX box, otherwise it's safe to leave it how it is
Leave these off, its better for everyone
Depending on how your freeradius server was compiled you can use RegEx, if it was turned on when freeradius was compiled then you are able to turn it either on or off, if it was not turned on at compile time then you are unable to turn it on, doing so will cause freeradius to error at startup
The above section is really just to stop your log files clogging up, for debugging you could turn the above options to 'Yes' but there are better ways to debug failed radius requests which I will show you later in the guide
Turning this on may rip a hole in the fabric of space-time, actually the doc's just say may result in the server behaving strangely. However in versions 1.1+ this can be used to check for stale connections in the radius database, this is something not needed is a simple setup but it may be usefull if the server is going to be under heavy production load
This will change all the usernames and passwords on incoming radius requests to lower case, i prefer this in my network as we only allow lower case usernames when users sign up, however if you add users to freeradius with mixed case or upper case this will cause freeradius to reject the request
This is the same again, only this time it will remove and spaced in the username and password
We leave this alone - it just does checks on the NAS devices
This sets the maximum number of radius attributes in a incoming or outgoing radius packet, I prefer to leave it at its default of 200 however those that will use this radius server ONLY for mikrotik you can safely set this to 10-30.Reject delay slows down brute force cracking attempts, however it slows down debugging and testing so during testing we set this to 1. In a production server this should be set around 3-5Status server is turned off because its useless, its only included for legacy support to from devices that use radius - Mikrotik is not one of these devices
We won't be running a radius proxy so we can turn this off
After we have cleaned this file up we will setup clients.conf, this is NOT where you setup users but where you setup the devices that are allowed to use the radius server
I don't use SNMP on my network to monitor the freeradius server
This controls how many 'process' are spawned by freeradius, you can tweak these settings for fine turning the server's performance, max_requests_per_server should be altered to 512 or 1024, this is the number of requests that the child process will handle before dying, it helps avoid issues where a child process is locked up
This defines the authentication methods used by freeradius, in this case we will use pap,chap and mschap
This creates a unique account ID for accounting updates, sometimes devices can reuse the same accounting ID which causes problems. Mikrotik doesn't do this as far as I am aware but its better safe than sorry
This includes the MySql configuration for the server, we will be altering this file soon
Since our users may be connected for more than 24 hours at a time we keep this in here, it will reset some attributes daily so that the accounting packets work correctly
These are here for debugging purposes, so we leave them alone
These are all setup to point to the MySql database for their purpose
clients.conf
Next up we have to alter sql.conf and clients.conf, we will start with clients.conf which is used to setup which devices are allowed to use freeradius and a password for basic security.
Once again the trimmed clients.conf file can be found Here
Always keep this in the file - it allows the server itself to use the freeradius server, it's helpful for testing and debugging.'secret' is the password that the device using freeradius must have before it can start using freeradius'shortname' is a simple identifier for use in logging, if you have a lot of devices using a single freeradius server it can make debugging a lot easier by having a different shortname for each device'nastype' is always set to other when the device is RouterOs
In this example we have specified a single IP address on a network
Here we have defined an entire IP subnet rather than a single IP, this should be AVOIDED at all costs, it allows devices on the network to access the radius server that you may not want having access
Clients.conf is rather simple to setup, where possible only allow single IP's as it will decrease the risk of someone on your network hacking the server
sql.conf
This file defines the connection to your MySql server, MySql can be running locally on the same server or can be hosted off site
- Be aware that if the MySql server is hosted off site and goes down all freeradius requests will be rejected until freeradius can connect to the MySql server again
Trimmed file is Here
sql {
This is the server IP address,username/password and database needed for freeradius to connect to the MySql database, you should change this before trying to run freeradius
The above defines the structure of the database and where freeradius should look for it's information
Mikrotik Freeradius Mysql Command
Its best to leave this on
If you are having trouble with MySql you can turn this on and it will log all MySql commands freeradius executes
The number of connection's freeradius will keep open to the MySql server and how long it will wait before trying to reconnect if the MySql server goes down
Removed to keep page formatting niceThe rest of the file had to be removed to make sure page formatting remained tidy, it contained the exact SQL query freeradius uses for various database look ups, unless you know what you are doing do not alter this section
dictionary
The last file we have to edit is the dictionary, (/etc/freeradius/dictionary), this is the file that defines all the attributes that freeradius uses to talk to RouterOS, the Mikrotik-dictionary is included in the freeradius package, we simply need to include it in the main dictionary file.
Congrats!Freeradius is now setup on the server, but don't start freeradius just yet - you will find it wont work as we need to setup the MySql database with the correct tables.
Mikrotik Dictionary File as included with FreeRADIUS:
SettingUp Mysql
This is a simple task of importing an SQL file into the database, then setting up the MySql user and finally granting the correct permissions.
The hardest part I found was finding a copy of the sql schema to import, Once again freeradius.sql is Here. This guide assumes you are not completely new to MySql, RouterOs or Radius and as such i will not walk you thought importing the file or setting up the MySql user. If you are unable to do this then you need to have a look at if you are the right person to be putting radius into place for your company
Once you have imported the sql file and setup the MySql user with the right permissions then you should be able to start up the freeradius server like this
All going well you should see this
If you do then pat yourself on the back, the hardest part is done now. If not then freeradius is very good at its error messages,For example
Tells you that either you MySql permissions are not setup correctly or you didn't setup sql.conf correctly
Crash Course On Radius
At this point its a good time to explain what goes on in a basic radius transaction and how it interacts with the MySql database
- Client Desktop Attempts PPPoE connection
RouterOS Router recives PPPoE connection attempt, looks at local PPP users first then sends a 'Access-Request' packet to freeradius
- Freeradius connect to MySql database and looks at 'radcheck' table for user-name 'testing', If freeradius finds a row with the right username it will check the password against the user-password sent in the access-request packet otherwise freeradius with send an 'Access-Reject' packet back and RouterOs will decline the Client Desktop's Attempt for PPPoE
- If freeradius finds a correct match of user-name and user-password then it looks in 'radreply' for any and all rows that contain the user-name, if none are found then an 'Access-Accept'
- If freeradius does find rows however it will send those rows back with the 'Access-Accept' like this:
To sum it all up
- Client Talks to RouterOs
- RouterOS looks at itself then looks to Freeradius
- Freeradius connects to MySql
- Freeradius checks some things in MySql and send back the response
- RouterOs acts on this reponses
Radius is a VERY powerful protocol and it's very complex - using it with RouterOs for PPP* is easy once you understand how freeradius check it's information and where it looks for reply attributes
Setting Up Users In MySql
Now that you know about how freeradius does things its time to start adding users into the database, for this example i will walk you though the raw SQL commands to create and new user with a password and IP address of '192.168.0.100'How you enter the sql into MySql comes down to personal taste, some will use the 'mysql' command in *NIX others will use a front-end like phpmyadmin - It doesn't matter as long as the commands are entered correctly.
The first thing freeradius looks for is the user-name, then it makes sure that supplied password matches the password in MySql. We setup the sql like this
NOTE: With freeradius2, user-password should be changed to Cleartext-Password.
In your case replace test-user and test-pass with your username and password. Now that freeradius will accept our user-name and user-password we should tell it some attributes to reply with, like our static IP address
Simple as that the user is created and given a static IP address, repeat the last sql statement with as many attributes as you want
Testing What We Have Done So Far
So you've gotten this far, by now you should have:
- A running freeradius server that's lean and mean
- MySql server with the freeradius database and user setup
- A user loaded with a static IP address
If you don't then try to Google any errors or the Mikrotik ForumsIf you do then GREAT!
So let's test,
Radius Client
Radtest, This comes with freeradius package in Debian/Ubuntu and others, to test our setup as it is with radtest we do the following
And you should see the following
Mikrotik Freeradius Mysql Tutorial
If the above test fails the following are some common errors
As you can see it's telling you the secret in clients.conf and the one you supplied do not match, check the secret and try again
This one looks like your username or password supplied doesn't match the one in the database, check it and try again
Any other errors you get mean you put the error message through Googleand if it still fails check your configuration from the top
Configuring RouterOs for Radius & PPP* AAA
- This is designed for RouterOs 2.9, 2.8 Users may find none of the following works at all. On top of this it is designed for a clean router with no existing PPPoE servers or Radius client's setup
Well now the end is insight, all that's left now is to configure RouterOs as a radius client and tell the PPPoE server to use AAA.
RouterOs Radius Client
What this does is tell RouterOs that when a PPP user tries to login it will look to the local ppp users list and then will send a access-request packet to 192.168.0.2 with a secrey of 'somepassword' and will wait 500ms for a reply before resending
RouterOs PPP AAA setup
This part tells RouterOs to use radius and to use accounting also, which will be updated every 5 minutes
Whats Left To Do
Well that's the end of this guide, all that's left to do now is setup a PPPoE server on the router and attempt to connect a user to do. If you get stuck remember to check the user-name and user-password is correct and you can put freeradius into verbose debug mode by going
Other wise Google is your friend then the Mikrotik Forums.
After we have cleaned this file up we will setup clients.conf, this is NOT where you setup users but where you setup the devices that are allowed to use the radius server
I don't use SNMP on my network to monitor the freeradius server
This controls how many 'process' are spawned by freeradius, you can tweak these settings for fine turning the server's performance, max_requests_per_server should be altered to 512 or 1024, this is the number of requests that the child process will handle before dying, it helps avoid issues where a child process is locked up
This defines the authentication methods used by freeradius, in this case we will use pap,chap and mschap
This creates a unique account ID for accounting updates, sometimes devices can reuse the same accounting ID which causes problems. Mikrotik doesn't do this as far as I am aware but its better safe than sorry
This includes the MySql configuration for the server, we will be altering this file soon
Since our users may be connected for more than 24 hours at a time we keep this in here, it will reset some attributes daily so that the accounting packets work correctly
These are here for debugging purposes, so we leave them alone
These are all setup to point to the MySql database for their purpose
clients.conf
Next up we have to alter sql.conf and clients.conf, we will start with clients.conf which is used to setup which devices are allowed to use freeradius and a password for basic security.
Once again the trimmed clients.conf file can be found Here
Always keep this in the file - it allows the server itself to use the freeradius server, it's helpful for testing and debugging.'secret' is the password that the device using freeradius must have before it can start using freeradius'shortname' is a simple identifier for use in logging, if you have a lot of devices using a single freeradius server it can make debugging a lot easier by having a different shortname for each device'nastype' is always set to other when the device is RouterOs
In this example we have specified a single IP address on a network
Here we have defined an entire IP subnet rather than a single IP, this should be AVOIDED at all costs, it allows devices on the network to access the radius server that you may not want having access
Clients.conf is rather simple to setup, where possible only allow single IP's as it will decrease the risk of someone on your network hacking the server
sql.conf
This file defines the connection to your MySql server, MySql can be running locally on the same server or can be hosted off site
- Be aware that if the MySql server is hosted off site and goes down all freeradius requests will be rejected until freeradius can connect to the MySql server again
Trimmed file is Here
sql {
This is the server IP address,username/password and database needed for freeradius to connect to the MySql database, you should change this before trying to run freeradius
The above defines the structure of the database and where freeradius should look for it's information
Mikrotik Freeradius Mysql Command
Its best to leave this on
If you are having trouble with MySql you can turn this on and it will log all MySql commands freeradius executes
The number of connection's freeradius will keep open to the MySql server and how long it will wait before trying to reconnect if the MySql server goes down
Removed to keep page formatting niceThe rest of the file had to be removed to make sure page formatting remained tidy, it contained the exact SQL query freeradius uses for various database look ups, unless you know what you are doing do not alter this section
dictionary
The last file we have to edit is the dictionary, (/etc/freeradius/dictionary), this is the file that defines all the attributes that freeradius uses to talk to RouterOS, the Mikrotik-dictionary is included in the freeradius package, we simply need to include it in the main dictionary file.
Congrats!Freeradius is now setup on the server, but don't start freeradius just yet - you will find it wont work as we need to setup the MySql database with the correct tables.
Mikrotik Dictionary File as included with FreeRADIUS:
SettingUp Mysql
This is a simple task of importing an SQL file into the database, then setting up the MySql user and finally granting the correct permissions.
The hardest part I found was finding a copy of the sql schema to import, Once again freeradius.sql is Here. This guide assumes you are not completely new to MySql, RouterOs or Radius and as such i will not walk you thought importing the file or setting up the MySql user. If you are unable to do this then you need to have a look at if you are the right person to be putting radius into place for your company
Once you have imported the sql file and setup the MySql user with the right permissions then you should be able to start up the freeradius server like this
All going well you should see this
If you do then pat yourself on the back, the hardest part is done now. If not then freeradius is very good at its error messages,For example
Tells you that either you MySql permissions are not setup correctly or you didn't setup sql.conf correctly
Crash Course On Radius
At this point its a good time to explain what goes on in a basic radius transaction and how it interacts with the MySql database
- Client Desktop Attempts PPPoE connection
RouterOS Router recives PPPoE connection attempt, looks at local PPP users first then sends a 'Access-Request' packet to freeradius
- Freeradius connect to MySql database and looks at 'radcheck' table for user-name 'testing', If freeradius finds a row with the right username it will check the password against the user-password sent in the access-request packet otherwise freeradius with send an 'Access-Reject' packet back and RouterOs will decline the Client Desktop's Attempt for PPPoE
- If freeradius finds a correct match of user-name and user-password then it looks in 'radreply' for any and all rows that contain the user-name, if none are found then an 'Access-Accept'
- If freeradius does find rows however it will send those rows back with the 'Access-Accept' like this:
To sum it all up
- Client Talks to RouterOs
- RouterOS looks at itself then looks to Freeradius
- Freeradius connects to MySql
- Freeradius checks some things in MySql and send back the response
- RouterOs acts on this reponses
Radius is a VERY powerful protocol and it's very complex - using it with RouterOs for PPP* is easy once you understand how freeradius check it's information and where it looks for reply attributes
Setting Up Users In MySql
Now that you know about how freeradius does things its time to start adding users into the database, for this example i will walk you though the raw SQL commands to create and new user with a password and IP address of '192.168.0.100'How you enter the sql into MySql comes down to personal taste, some will use the 'mysql' command in *NIX others will use a front-end like phpmyadmin - It doesn't matter as long as the commands are entered correctly.
The first thing freeradius looks for is the user-name, then it makes sure that supplied password matches the password in MySql. We setup the sql like this
NOTE: With freeradius2, user-password should be changed to Cleartext-Password.
In your case replace test-user and test-pass with your username and password. Now that freeradius will accept our user-name and user-password we should tell it some attributes to reply with, like our static IP address
Simple as that the user is created and given a static IP address, repeat the last sql statement with as many attributes as you want
Testing What We Have Done So Far
So you've gotten this far, by now you should have:
- A running freeradius server that's lean and mean
- MySql server with the freeradius database and user setup
- A user loaded with a static IP address
If you don't then try to Google any errors or the Mikrotik ForumsIf you do then GREAT!
So let's test,
Radius Client
Radtest, This comes with freeradius package in Debian/Ubuntu and others, to test our setup as it is with radtest we do the following
And you should see the following
Mikrotik Freeradius Mysql Tutorial
If the above test fails the following are some common errors
As you can see it's telling you the secret in clients.conf and the one you supplied do not match, check the secret and try again
This one looks like your username or password supplied doesn't match the one in the database, check it and try again
Any other errors you get mean you put the error message through Googleand if it still fails check your configuration from the top
Configuring RouterOs for Radius & PPP* AAA
- This is designed for RouterOs 2.9, 2.8 Users may find none of the following works at all. On top of this it is designed for a clean router with no existing PPPoE servers or Radius client's setup
Well now the end is insight, all that's left now is to configure RouterOs as a radius client and tell the PPPoE server to use AAA.
RouterOs Radius Client
What this does is tell RouterOs that when a PPP user tries to login it will look to the local ppp users list and then will send a access-request packet to 192.168.0.2 with a secrey of 'somepassword' and will wait 500ms for a reply before resending
RouterOs PPP AAA setup
This part tells RouterOs to use radius and to use accounting also, which will be updated every 5 minutes
Whats Left To Do
Well that's the end of this guide, all that's left to do now is setup a PPPoE server on the router and attempt to connect a user to do. If you get stuck remember to check the user-name and user-password is correct and you can put freeradius into verbose debug mode by going
Other wise Google is your friend then the Mikrotik Forums.
MySQL replication
MySQL replication is an easy way of creating hardware redundancy. MySQL replication can be done this way.
Note Use mysql-server-4.1 instead of the standard mysql-server(on Debian 3.1).
Slave configuration
Add to /etc/mysql/my.cnf:
Start synchronisation
Last Words
I hope you find this guide helpful, I personally had a lot of trouble finding good information on how to setup freeradius best for use with RouterOs and alot of the configuration comes from a production server.
Stay tuned for more guides from me(Tristram) about using freeradius more in a Mikrotik Network(DHCP, Wifi Auth etc)In the mean time please leave some feedback on the talk page, Talk:RouterOs_MySql_Freeradius
Links to related articles
MRTG RADIUS MySQL Accounting - Monitor your user's traffic with MRTG. Generates MRTG configuration and gets accounting information from MySQL.
- This link is dead. Tried using google to locate that page, but it is nowhere to be found. If you have that materiel somewhere else, please link it. **
RADIUS webfrontend - For easier administration, you can use this web interface.
Snapshot of radius.conf from web archive
Snapshot of freeRadius.sql from archive.org
