MikroTik RADIUS Server (User Manager) Installation
RADIUS Server is a centralized user authentication, authorization and accounting application. RADIUS authentication gives the ISP or network administrator ability to manage PPP users, login users and Hotspot users from one server throughout a large network. MikroTik RouterOS has a RADIUS client that is able to authenticate login users, Hotspot users and PPP users through a RADIUS server. MikroTik team also developed a totally separate RADIUS server package named User Manager that can be used to authenticate MikroTik users smoothly. But frankly speaking, MikroTik User Manager is not suitable for medium to large organizations because it is limited to customization. On the other hand, freeRADIUS is a modular RADIUS suite that can be customized according to organizational requirements but freeRADIUS has to be customized by yourself. In this article, I will only discuss about MikroTik User Manager RADIUS Server and how to install and configure MikroTik User Manager Package properly. For freeRADIUS installation and configuration, visit my another article about freeRADIUS installation and basic configuration on CentOS 7 Linux distribution.
RADIUS Server
RADIUS, short for Remote Authentication Dial-In User Service, is a client-server networking protocol that is used to manage (authentication, authorization and accounting) users who connect and use network services. RADIUS server runs in the application layer and it can use either TCP or UDP as transport. A lot of RADIUS server applications are found today but among these User Manager RADIUS Server developed by MikroTik is specially used for MikroTik user authentication and authorization purpose.
MikroTik User Manager RADIUS Server
User Manager is an optional and totally separate MikroTik RouterOS RADIUS Server Package that is used to manage MikroTik user authentication, authorization and accounting. ISP Company or network administrator can use User Manager as their login user authentication, PPP user authentication, and Hotspot user authentication as well as billing purpose. But before using User Manager RADIUS Server Package in your network, you should know the minimum system requirements of this package.
User Manager Package Requirements
User Manager RADIUS Server installation must have below minimum requirements.
- MikroTik RouterOS and User Manager Package must have the same version.
- The MikroTik User Manager works on x86, MIPS, PowerPC and TILE processor based routers and CHR devices.
- The router should have at least 32MB RAM and 2MB free HDD space.
How RouterOS Client and User Manager RADIUS Server Works
MikroTik User Manager works like a judge. It receives question from RADIUS client and must give answer. For example, when a user (say, bob) like below network diagram wants to connect to the network, the RouterOS RADIUS client first check its local user database and if it fails to authenticate from local database, it asks to User Manager RADIUS Server: “is user ‘bob’ is allowed to network?”
If user ‘bob’ is present in RADIUS server’s user database, it answers: “Yes but with profile limitation”. If user is not in RADIUS Server’s user database, the server replies with NO.
How to Install MikroTik User Manager RADIUS Server
User Manager is a MikroTik RouterOS Package. So, User Manager Package installation in your network can be divided into methods.
- User Manager Package can be installed in your physical MikroTik RouterOS. Or,
- User Manager Package can be installed in a Server Machine or in a PC where MikroTik RouterOS is running.
I always prefer the second method because User Manager will generate a lot of logs and a physical RouterOS machine has limited storage capacity as well as to handle multiple RouterOS request in a large network, a User Manager should have a stable and powerful physical machine.
Install User Manager Radius Server Package in a Physical MikroTik RouterOS
As User Manager is a separate RouterOS Package, it is usually not included with MikroTik Roterboard Operating System. However, you can check your RouterOS whether it contains User Manager Package or not by visiting Winbox System > Packages menu. In this Package List window, you will find all the available packages that are installed in your RouterOS. If User Manager Package is installed, you will find a list named user-manager. If User Manager Package is not installed, follow the below steps to install User Manager Package in your RouterOS.
- Login Mikrotik Router with Winbox Software.
- From Winbox, go to System > Resources menu item and find Architecture Name and RouterOS Version from Resources window.
User Manager Package will be installed at the time of next booting and user-manager package will be available in your Package List window.
Install User Manager RADIUS Server Package in a Dedicated Server Machine or in a PC
This is the best method to use User Manager RADIUS Server in a network. In this method, MikroTik RouterOS is installed on a dedicated server machine or on a personal Desktop Computer having only basic system package and user manager package installed.
MikroTik RouterOS can be installed on a dedicated physical machine or on a virtual machine. If you use physical machine, download the latest MikroTik RouterOS ISO file from MikroTik download section and burn the ISO file on a DVD or on a USB drive and then boot your computer from this media. If you wish to install RouterOS on a virtual machine, just download the ISO file and attach the ISO file to CD/DVD drive and then boot your virtual machine. While booting your machine, MikroTik package selection window will appear. You will just select System Package and User Manager Package from this window and then start installation. Within a few seconds MikroTik RouterOS installation will be completed.
If you feel confused to install MikroTik RouterOS ISO on your machine, read my article about Install MikroTik RouterOS on PC where I have described how to install MikroTik RouterOS on a PC and a video is also included. I hope your confusion will be reduced if you follow the article carefully.
After completing RouterOS installation, login with user admin and password left blank and then run this command: ip address add address=radious_server_ip interface=ether1 to assign IP address to ether1 interface.
Note: Put your RADIUS Server IP that you want to assign in the place of radious_server_ip such as 192.168.110.10/24
Now open your favorite web browser and type https://radious_server_ip/userman. If everything is OK, you will find a login prompt like below image to login to your User Manager RADIUS Server.
By default User Manager creates an owner customer named admin with no password. So, put admin as login and password left blank and then click on Lon in button. You will now find User Manger Dashboard where we will do our entire User Management activity.
MikroTik User Manager Radius Server Package can easily be installed and configured if you follow above steps carefully. However, if you face any difficulty to do above steps properly, follow my video tutorial about MikroTk User Manager Radius Server installation and configuration. I hope, it will reduce your any confusion.
Routers, Users and Customers are three important terms in User Manager RADIUS Server. In my next article I will explain these three basic terms and then I will show how to maintain RouterOS user, Hotspot user and PPP user with User Manager RADIUS Server one by one. I hope you will keep with me.
MikroTik User Manager RADIUS Server installation and configuration has been discussed in this article. I hope you are now able to install User Manager Package in your MikroTik RouterOS successfully. However, if you face any problem to install User Manager Package, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.
Why not a Cup of COFFEE if the solution?
I love this site ever since I was referred by a friend from quora. I would love to juice all the knowledge available on this site.
Dear sir,im using usermanager in one router as AAA server for free so now i want to use the same usermanager_installed router to serve another mikrotik as a AAA server .please give me some idea so that i can use database of r1_usermanager for mikroik 2 which should act as a radius client.
Thank you.
Follow my any article on Radius server. you will get how to configure radius client there.
Sir,
What routerboard is the best to use with Radius?
You can use any routerboard you can also use MikroTik PC router.
Hello MD Abu Sayeed. I was browsing through the net in search of how to configure Mikrotik, then I came to your site and Video. Yes, they are good and good teaching too.
I will like to be your friend and learn more from you.
Kindly reply me with your contact details including your phone number.
You can visit Contact page where I have mentioned my contact.
Sir
Thank you
can we use the user manager radius server for any wifi access point as a client radius example Linksys access point or other ?
It is only applicable for MikroTik RouterOS.