OPNsense Forum
English Forums => General Discussion => Topic started by: jhonathanddf on March 11, 2020, 06:26:37 pm
-
Personal greetings, I'm testing the freeradius plugin to authenticate operators on mikrotik hardware, it works, but I can't pass the permissions (read, full and write) via radius, does anyone have any solution for this? all operators log in as read only.
-
Which attributes do you need?
-
Which attributes do you need?
I would like to assign read or full permissions to users, is it possible to do this within the web interface or even in the terminal?
-
You need to tell me the Attributes needed.
-
I don't know exactly how to do this, but will I send a picture of a system that does this help? I don't know how the freeradius receives and sends the attributes.
https://imgur.com/ndAA0ml
when with my user in Winbox (mikrotik routers management system) freeradius log, is there a log that is more specific that would help to verify these past attributes?
Fri Mar 13 09:05:13 2020 : Auth: (372263) Login OK: [jhonathan/] (from client CE_MORRO port 0 cli 17xxxxx)
found this, help?
https://wiki.mikrotik.com/wiki/Manual:RADIUS_Client/vendor_dictionary
ATTRIBUTE Mikrotik-Group 3 string
-
Any idea?
-
After editing the users files in: / usr / local / etc / raddb via shell, I got what I needed, but the graphical interface is not possible, so the file looks like this:
logintest Cleartext-Password: = "passtest"
Mikrotik-Group = full
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
-
I will add it in a couple of days ...
-
I will add it in a couple of days ...
Thanks!