Personal greetings, I'm testing the freeradius plugin to authenticate operators on mikrotik hardware, it works, but I can't pass the permissions (read, full and write) via radius, does anyone have any solution for this? all operators log in as read only.
Which attributes do you need?
Quote from: mimugmail on March 11, 2020, 07:25:36 PM
Which attributes do you need?
I would like to assign read or full permissions to users, is it possible to do this within the web interface or even in the terminal?
You need to tell me the Attributes needed.
I don't know exactly how to do this, but will I send a picture of a system that does this help? I don't know how the freeradius receives and sends the attributes.
https://imgur.com/ndAA0ml
when with my user in Winbox (mikrotik routers management system) freeradius log, is there a log that is more specific that would help to verify these past attributes?
Fri Mar 13 09:05:13 2020 : Auth: (372263) Login OK: [jhonathan/] (from client CE_MORRO port 0 cli 17xxxxx)
found this, help?
https://wiki.mikrotik.com/wiki/Manual:RADIUS_Client/vendor_dictionary
ATTRIBUTE Mikrotik-Group 3 string
Any idea?
After editing the users files in: / usr / local / etc / raddb via shell, I got what I needed, but the graphical interface is not possible, so the file looks like this:
logintest Cleartext-Password: = "passtest"
Mikrotik-Group = full
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
I will add it in a couple of days ...