MikroTik RADIUS Server (UserMan) Installation and Configuration
RADIUS server is a centralized user authentication, authorization as well as accounting application. RADIUS authentication gives the ISP or network administrator ability to manage PPP users, login users and Hotspot users from one server throughout a large network. MikroTik RouterOS has a RADIUS client that is able to authenticate login users, Hotspot users and PPP users through a RADIUS server. MikroTik team also developed a totally separate RADIUS server package named User Manager that can be used to authenticate MikroTik users smoothly. In this article, I will discuss about MikroTik User Manager RADIUS Server as well as how to install and configure MikroTik User Manager Package properly.
RADIUS, short for Remote Authentication Dial-In User Service, is a client-server networking protocol that is used to manage (authentication, authorization and accounting) users who connect and use network services. RADIUS server runs in the application layer and it can use either TCP or UDP as transport. A lot of RADIUS server applications are found today but among these User Manager RADIUS Server developed by MikroTik is specially used for MikroTik user authentication and authorization purpose.
MikroTik User Manager RADIUS Server
User Manager is an optional and totally separate MikroTik RouterOS RADIUS Server Package that is used to manage MikroTik user authentication, authorization and accounting. ISP Company or network administrator can use User Manager as their login user authentication, PPP user authentication, and Hotspot user authentication as well as billing purpose. But before using User Manager RADIUS Server Package in your network, you should know the minimum system requirements of this package.
User Manager Package Requirements
User Manager RADIUS Server installation must have below minimum requirements.
- MikroTik RouterOS and User Manager Package must have the same version.
- The MikroTik User Manager works on x86, MIPS, PowerPC and TILE processor based routers and CHR devices.
- The router should have at least 32MB RAM and 2MB free HDD space.
How RouterOS Client and User Manager RADIUS Server Works
MikroTik User Manager works like a judge. It receives question from RADIUS client and must give answer. For example, when a user (say, bob) like below network diagram wants to connect to the network, the RouterOS RADIUS client first check its local user database and if it fails to authenticate from local database, it asks to User Manager RADIUS Server: “is user ‘bob’ is allowed to network?”
If user ‘bob’ is present in RADIUS server’s user database, it answers: “Yes but with profile limitation”. If user is not in RADIUS Server’s user database, the server replies with NO.
How to Install MikroTik User Manager RADIUS Server
User Manager is a MikroTik RouterOS Package. So, User Manager Package installation in your network can be divided into methods.
- User Manager Package can be installed in your physical MikroTik RouterOS. Or,
- User Manager Package can be installed in a Server Machine or in a PC where MikroTik RouterOS is running.
I always prefer the second method because User Manager will generate a lot of logs and a physical RouterOS machine has limited storage capacity as well as to handle multiple RouterOS request in a large network, a User Manager should have a stable and powerful physical machine.
Install User Manager Radius Server Package in a Physical MikroTik RouterOS
As User Manager is a separate RouterOS Package, it is usually not included with MikroTik Roterboard Operating System. However, you can check your RouterOS whether it contains User Manager Package by visiting Winbox System > Packages menu. In this Package List window, you will find all the available packages that are installed in your RouterOS. If User Manager Package is installed, you will find a list named user-manager. If User Manager Package is not installed, follow the below steps to install User Manager Package in your RouterOS.
- Go to MikroTik download section and download your MikroTik RouterOS version’s Extra packages or all_packages zip file and then extract that zip file with your favorite unzip software.
- You will find User Manager (user-manager-your_version.npk) file within this zip file.
- Drag and drop this user-manager file into your MikroTik’s Files window if you use Winbox software.
- Alternatively, you can use FTP to upload your user-manager file into Files
- Now reboot your RouterOS.
User Manager Package will be installed at the time of next booting and user-manager package will be available in your Package List window.
Install User Manager RADIUS Server Package in a Dedicated Server Machine or in a PC
This is the best method to use User Manager RADIUS Server in a network. In this method, MikroTik RouterOS is installed on a dedicated server machine or on a personal Desktop Computer having only basic system package and user manager package installed.
MikroTik RouterOS can be installed on a dedicated physical machine or on a virtual machine. If you use physical machine, download the latest MikroTik RouterOS ISO file from MikroTik download section and burn the ISO file on a DVD or on a USB drive and then boot your computer from this media. If you wish to install RouterOS on a virtual machine, just download the ISO file and attach the ISO file to CD/DVD drive and then boot your virtual machine. While booting your machine, MikroTik package selection window will appear. You will just select System Package and User Manager Package from this window and then start installation. Within a few seconds MikroTik RouterOS installation will be completed.
If you feel confused to install MikroTik RouterOS ISO on your machine, read my article about Install MikroTik RouterOS on PC where I have described how to install MikroTik RouterOS on a PC and a video is also included. I hope your confusion will be reduced if you follow the article carefully.
After completing RouterOS installation, login with user admin and password left blank and then run this command: ip address add address=radious_server_ip interface=ether1 to assign IP address to ether1 interface.
Note: Put your RADIUS Server IP that you want to assign in the place of radious_server_ip such as 192.168.110.10/24
Now open your favorite web browser and type http://radious_server_ip/userman. If everything is OK, you will find a login prompt like below image to login to your User Manager RADIUS Server.
By default User Manager creates an owner customer named admin with no password. So, put admin as login and password left blank and then click on Lon in button. You will now find User Manger Dashboard where we will do our entire User Management activity.
MikroTik User Manager Radius Server Package can easily be installed and configured if you follow above steps carefully. However, if you face any difficulty to do above steps properly, follow my video tutorial about MikroTk User Manager Radius Server installation and configuration. I hope, it will reduce your any confusion.
Routers, Users and Customers are three important terms in User Manager RADIUS Server. In my next article I will explain these three basic terms and then I will show how to maintain RouterOS user, Hotspot user and PPP user with User Manager RADIUS Server one by one. I hope you will keep with me.
MikroTik User Manager RADIUS Server installation and configuration has been discussed in this article. I hope you are now able to install User Manager Package in your MikroTik RouterOS successfully. However, if you face any problem to install User Manager Package, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.