User group freeradius

Started by jhonathanddf, March 11, 2020, 06:26:37 PM

Previous topic - Next topic
Personal greetings, I'm testing the freeradius plugin to authenticate operators on mikrotik hardware, it works, but I can't pass the permissions (read, full and write) via radius, does anyone have any solution for this? all operators log in as read only.


Quote from: mimugmail on March 11, 2020, 07:25:36 PM
Which attributes do you need?

I would like to assign read or full permissions to users, is it possible to do this within the web interface or even in the terminal?


March 13, 2020, 01:08:05 PM #4 Last Edit: March 13, 2020, 01:19:01 PM by jhonathanddf
I don't know exactly how to do this, but will I send a picture of a system that does this help? I don't know how the freeradius receives and sends the attributes.

https://imgur.com/ndAA0ml
when with my user in Winbox (mikrotik routers management system) freeradius log, is there a log that is more specific that would help to verify these past attributes?
Fri Mar 13 09:05:13 2020 : Auth: (372263) Login OK: [jhonathan/] (from client CE_MORRO port 0 cli 17xxxxx)

found this, help?
https://wiki.mikrotik.com/wiki/Manual:RADIUS_Client/vendor_dictionary

ATTRIBUTE       Mikrotik-Group                  3   string 


After editing the users files in: / usr / local / etc / raddb via shell, I got what I needed, but the graphical interface is not possible, so the file looks like this:

logintest Cleartext-Password: = "passtest"
        Mikrotik-Group = full
      

DEFAULT Framed-Protocol == PPP
         Framed-Protocol = PPP,
         Framed-Compression = Van-Jacobson-TCP-IP

DEFAULT Hint == "CSLIP"
         Framed-Protocol = SLIP,
         Framed-Compression = Van-Jacobson-TCP-IP

DEFAULT Hint == "SLIP"
         Framed-Protocol = SLIP