Syed Jahanzaib Personnel Blog to Share Knowledge !

July 5, 2011

A Success story with Mikrotik and DMASoftlab RADIUS MANAGER [Glass Line Pvt Ltd.] June, 2011


Article by Syed Jahanzaib !

Recently I was contacted by a friend who was really passionate in starting a mini-ISP type network setup for about 3000 users in the interior area of city. (soon it may expand up to 5000+ users). He asked my help to setup a scratch card base fully automatic system where user purchase scratch card, & using User self care portal web site, user may create his new ID or refresh his previous ID or change the service package according to the card package offers. I had previously setup this kind of scenario in a cable.net environment using Mikrotik built-in radius server called ‘User Manager’, but it have very limited basic features and all it can offer was a pre-paid type option and it doesn’t have many accounting features. So I thought I should give a try to more rich feature radius server and after a lot of googling i decided to go with  (FREERADIUS base ) DMASOFTLAB RADIUS MANAGER. A very famous radius server with all the option that a mini-ISP would required at unbelievably low price.

The hardware that I have used for this setup.

*Main Mikrotik = v4.17 x86 / Xeon 3.6Ghz Dual / 2 GB Ram / WD 500 GB Sata Hdd , This MT is serving as a PPPoE Server + NAT + bandwidth shaping. It also redirects HTTP traffic to Proxy server.

* Mikrotik RB750 = Just for HOTSPOT to redirect users to self care portal.
(This can be done on Main MT also, but I prefer it this way)

* Radius Server = DMASoftlab RM v3.9 installed on Fedora v10 / Xeon 3.6Ghz Dual / 4 GB Ram / WD 500 GB x2 Sata Hdd

* SQUID PROXY GW = SQUID v2.7 on UBUNTU Karmic Koala v9.10 / Xeon 3.6Ghz Dual / 8 GB Ram / WD 500 GB x3 SATA HDD (2 HDD reserved for Cache), This server acts as a proxy + Gateway machine for the Mikrotik, It also do URL Filtering blocking ads, it also have ZPH enabled so content available in squid cache should be downloaded at full speed (without package limitation) at user end. It also cache youtube videos using VIDEOCACHE.

* Linux Transparent BRIDGE firewall + DHCP + DNS + MRTG + WEB Server on FEDORA V10 / Xeon 3.6Ghz Dual / 4 GB Ram / WD 500 GB SATA HDD, This server sits between Mikrotik and Users , filtering unwanted traffic, ports and do some other stuff like lightweight DNSMASQ DNS Server,  DHCP server providing ips to users , Web Site with MRTG , Psychostats ranking system for Counter Strike Game, Server Monitoring Scripts and Alerts, PHPBB Forums for Users, and some other cool stuff. DNS+DHCP is hosted on this server to minimize load on main mikrotik machine, alos this machine filters unwanted traffic from passing by to main mikrotik.

In this setup , I have configured HOTSPOT on extra RB750 only to redirect user to my advertisement page, where he is informed that he is not logged in via dialer, either create / refresh his ID from RM User Self Care Portal, or if he already have an id, connect it via dialer. I don’t prefer HotSpot authentication due to various security reasons, mainly due to I had a very bad experience having HOTSPOT hit by ARP-POISONING and many virus flooder that requires default gateway.

When user first login , his PC MAC address is binded with his ID to prevent accessing it from different pcs. Multiple session of same ID is NOT allowed , I provide user with scratch card (with refill code) , which he can use to refill his account according to card amount/package from RM User self care portal. RM demo can be viewed at http://www.dmasoftlab.com/cont/radman

When users with pppoe dialer tries to connect to main Mikrotik, MT verifies its credentials by asking Radius Server for the account validity, if the ID is valid, user connects okay and can use internet , otherwise he gets disconnected. When the User account is expired, he still can login via dialer, but then he is redirect to my local web server page where he is informed that his account is expired and he should visit billing.local page to renew his account using the card.

Please find along with attachment is my Network Diagram (This was initially designed, I made few changes afterward, I removed FTP from MT DMZ to user subnet lan to avoid load on MT , I moved ftp OS from windows to Linux and integrate it with radius authentication using APACHE.

Some other entertainment services that I setup here were:
2 FTP Media Sharing Servers ( 4 TB of data )
2 Live TV Channel streaming over LAN using VLC Media Player Broadcasting
1 Counter Strike 1.6 Dedicated Server with Psychostats Ranking System and adminmod/amxmod
1 Web Server (Ubunut) hosting site u-dear . com , an entertainment portal and hosting other features. It also features monitoring system with MRTG / SMS Alerts via attached Mobile.

About RM: Radius Manager uses a nice web interface for administering the users and the whole system (traffic accounting, tracking of online users, display statistics, maintenance ,account management etc.).

and to add that DMASoftlab customer support guys (specially Mr. Viktor.K) have excellent support and respond instantly even to the dumbest of questions. It is real value for money especially for those who do not have big wallet$.

Network Diagram Layout : (Complete setup guide can found at
http://aacable.wordpress.com/2011/07/19/mikrotik-squid-zph-complete-guide-incomplete-post-i-will-edit-it-later/

GLASSLINE-Network-Presentation-by-zaib Update 03/08/2001

About these ads

89 Comments »

  1. This is very nice. Can I host “DMASOFTLAB RADIUS MANAGER” on a server on the internet and have like 10 Mikrotik RB450G hotspots in different locations in my country link to this Radius? I have limited knowledge of these things but would like to set up hotspots in different locations in my country. I would like to be able to roam between the different hotspots with a single prepaid scratch card. Can you help me get this project off the ground?

    Comment by Brian Dorset — August 4, 2011 @ 10:57 AM

    • Yes you can have central RADIUS and multiple NAS (mikrotik) all over the country and let them authenticate it with central RADIUS.

      If your NASes (Network Access Servers like Mikrotik HOTSPOT) are on remote locations , (which are not reachable directly by the RADIUS server or not the same LAN), realize the following setup to get them working with Radius Manager:

      1. Install a central PPtP server (Mikrotik RB750 will be enough for this) in NOC, beside the RADIUS server.
      2. Connect all your NASes (Mikrotik) to the central PPtP server with PPtP connections. The central PPtP server must have public, static IP (it must be visible for the remote NASes).
      3. PPtP server will assign static local IPs to NASes via PPtP tunnels.
      4. All NASes will reach the RADIUS server via PPtP tunnels and vice versa (RADIUS UDP protocol).

      Using this method NASes can use any IP (public, local, static, dynamic) and RADIUS server will see them on local, static IP addresses, via the PPtP tunnels. Tunnels are used for RADIUS packets only (low traffic), while the heavy Internet traffic is going through the main connection of NAS (ADSL etc.).

      Comment by Pinochio / zaib — August 4, 2011 @ 11:09 AM

      • Thank you for your extremely quick reply. Now I will start implementing this project soon. Keep up the good work brother! I will keep you updated on my progress.

        Comment by Brian Dorset — August 4, 2011 @ 11:51 AM

      • is the above method will work for DMA soft radius manager along with mikrotik server.

        Comment by tamilmaran — June 21, 2012 @ 10:22 AM

      • Yes. the described scenario is based on Mikrotik PPPoE + DMASOFTLAB RM

        Comment by Syed Jahanzaib / Pinochio~:) — June 21, 2012 @ 10:46 AM

      • CAN YOU MAKE A TUTORIAL ABOUT THIS? THE SCENARIO IS BOTH OR ALL REMOTE MIKROTIK ROUTERS ARE DYNAMIC IP, HOW CAN YOU SETUP ALL OF THEM TO CONNECT TO CENTRAL ROUTER? AND WHAT ARE THE SEETINGS FOR REMOTE MIKROTIK.. PLEASE MAKE TUTORIAL..

        Comment by jakol — June 11, 2013 @ 5:26 PM

      • then you can simply setup DDNS on main Mikrotik or DMA. then at remote mikrotik you can use this ddns name (configured on main mikrotik/dma) to get authentication.

        Comment by Syed Jahanzaib / Pinochio~:) — June 12, 2013 @ 10:24 AM

    • do i need an isp to provide me with bandwidth in order to start my own mini isp

      Comment by aluko — July 15, 2013 @ 5:20 PM

  2. Nice post….i am working at something very similar to this…just that my expected user base is 15000+, so i plan for 5000+ on each main mikrotik X3 and just a radius manager server…do you think this can scale? also can you share the setup config you used for the caching/transparent bridge firewall……

    Comment by ojeysky — August 11, 2011 @ 1:38 AM

    • Radius Manager Pro and CTS versions have no limitation in a maximal number of users. The performance of the entire Radius Manager system mainly depends on the speed of the hard disks and the MySQL subsystem. Adding more RAM will drastically speed up the MySQL system. Indexes must be fit in the RAM for optimal performance.

      Add more RAM to the system. Adding 4-8 OR 8-16 GB of RAM doesn’t mean any problem nowadays.

      In real situations the capacity of NAS (Mikrotik) can have the problem. Use Multiple Quad core CPU and you will be fine with that much load.

      Working Squid.conf examples.

      https://aacable.wordpress.com/2011/06/01/working-squid-conf-example-testing-file/

      For Transparent Bridge which is also acting as Firewall +DNS + web + MAC to IP binding DHCP server , I will write its guide as soon as I get free time.

      Comment by Pinochio / zaib — August 11, 2011 @ 11:43 AM

  3. Hi

    I am trying to setup a Hotspot site to intergrate with the Radius Server. I have assigned public ip addresses to the Radius Server and the Mikrotik Nas and from the Hotspot Mikrotik I can ping both the nas and radius server. However, when I try to browse I am being taken to the Mikrotik Hotspot logon, I am not sure howto link up the hotspot to the the nas and finally the Radius server.
    Can you please provide me with some guidelines.

    Comment by www.lanlink.co.za — August 17, 2011 @ 5:02 PM

  4. Hi

    On my Hotspot Mikrotik I have refined the Radius ip address as 196.15.xy.x but when I try logging in to the Hotspot logon page with Radius users I get an error “Radius server not responding” even I can ping the Radius Sever. The Hotspot Mikrotik logs gives this error “hotspot info debug : user loging failed:RADIUS server is not responding”

    Can you assist on this.

    Comment by www.lanlink.co.za — August 22, 2011 @ 3:08 PM

  5. HI,
    I’ve just about given up on the Radius Manager, though I’ve had it in trial mode with my MTik Hotspot/router for @ 3 weeks. And had it working fine. Now some Apache issues.
    I just am not good with Linux but I have good network skills. It’s unfortunate because of all the time I’ve spent getting it up and running.
    I cannot get consistent responses from DMASoftlabs.
    I guess my question is where to find support.

    Comment by Tim — August 24, 2011 @ 8:26 AM

    • The best support that you can get regarding RM is support@dmasoftlab.com
      There response time is very good. They usually answers to RM related issues only.

      Usually, Once you have configured RM properly, it works fine without any hurdle. I have configured many RM in my area and they are running from many months without any issues. My personnel advise: Try not to mess up with the configuration files. What Linux disto you are using?

      RM works great with FEDORA 10 with all default configuration. I suggest you to install Fedora 10, then follow on the guide I have published on my Blog. Its a step by step guide with some my own added experiences.

      Following is a link to the article.

      http://aacable.wordpress.com/2011/07/19/mikrotik-dmasoftlab-rm-squid-zph-linux-bridgecomplete-guide/

      Comment by Pinochio / zaib — August 24, 2011 @ 10:47 AM

  6. Hello, plz i need help on detailed configuration of squid proxy server (Transparent proxy) using redhat linux, so that it can help me improve my browsing speed for my lan users. My email is obinna4god@yahoo.com.

    I heard that there are ways to stop or block adbanners in redhat or linux, i equally need the steps to achieve it.

    Thanks

    Comment by Dunga — September 13, 2011 @ 5:09 PM

  7. To configure SQUID in transparent mode. Please use the following guide.

    http://aacable.wordpress.com/2011/08/08/linux-transparent-squid-proxy-server-guide/

    http://aacable.wordpress.com/2011/06/01/linux-simple-internet-sharing-script/

    To block internet advertisement via SQUID, Please use the following guide.

    http://aacable.wordpress.com/2011/06/01/squid-howto-block-ads/

    Comment by Pinochio / zaib — September 14, 2011 @ 10:51 AM

  8. salaam i am aman sir maire passs mikrotik 5.7 ki key pardi hoi hai plz aap mujhe bata sake hai os ko kese install karo only import key hai plz help me

    Comment by a — November 23, 2011 @ 10:41 PM

    • First copy key at your desktop.
      Then Open Winbox / Goto Files, Paste the KEY file here,

      Now goto System/ License, Now select Import KEY.

      OR

      http://wiki.mikrotik.com/wiki/Manual:Entering_a_RouterOS_License_key

      Comment by Pinochio~:) — November 24, 2011 @ 10:37 AM

      • salaam alikuam
        sir aap maire baat amjh nahi main khara hoo ke maire pas mikrotik 5.7 hai main is ko careke ke se karo maire pass asal ki hai wo yeh hai W5EY-LHT9 HAI AUR MIKROTIK 5.7 KI KEY YEH ARAHI HAI BMD5-E77L MAIN YEH ASAL KEY KESE YEH LIYE KAAR AOA SOFTWARE ID W5EY-LHT9

        SIR PLZ HELP ME

        Comment by a — November 24, 2011 @ 8:40 PM

  9. plz sir help me

    Comment by a — November 24, 2011 @ 10:04 PM

    • Sorry I can’t help you in cracking Mikrotik. Its ILLEGAL.
      I post an article on howto crack mikrotik 3.3 , but that was just for Educational and learning purpose only.

      I do not support Cracking/Illegal usage of softwares.

      Comment by Pinochio~:) — November 25, 2011 @ 10:42 AM

  10. great post!
    Will come back later for some questioning session.

    Comment by shohaib — November 25, 2011 @ 9:58 PM

  11. ok thank you ir
    but aik aur soawal ka jowab ded ke mikrotik pcc load balacing se dual peed hoti hai yaa naram main ne sona hai ke do dsl hoo 4mb aur 4mb pcc se 8 mb ate hai kia yeh sachha hai

    Comment by aman — November 26, 2011 @ 11:02 AM

    • Yes. its true in some extent that you get data from both lines, PCC do more then that if you use it correctly

      Comment by Pinochio~:) — November 26, 2011 @ 11:09 AM

  12. thank you sir
    aik aur baat sir maire mikrotik 3.22 hai kia is main bhi pcc load balacing ho sakti hai

    Comment by aman — November 26, 2011 @ 11:17 AM

  13. thank you sir
    aur aik baat kia haam mikroik se clinet ke pc dekh ssakte hai i mean on ki web site

    Comment by aman — November 26, 2011 @ 11:26 AM

  14. plz tell me

    Comment by aman — November 26, 2011 @ 11:34 AM

  15. dolasoft is free or commerical software…?
    pls provide the download link

    Comment by tamilmaran — December 15, 2011 @ 6:04 PM

  16. Im a local wisp for 100+ customers with for internet connection with shared and commerical clients,
    what kind of setup i need.?

    Comment by tamilmaranamilmaran — December 19, 2011 @ 9:50 AM

    • Depends on your requirements.
      For 100 clients, Following can help you for beginning (Network portion only)

      Mikrotik / PPPoE Server = any P4 base machine with 512MB RAM
      SQUID Proxy Server = any P4 base machine with 2 OR 4GB RAM and 250GB/320GB HDD would be enough.

      Hardware configuration varies depending on configuration/numbers of users.

      Comment by Pinochio~:) — December 19, 2011 @ 10:33 AM

  17. i thing :) this is the best isp website that i’ve ever seen :) ur amazing :)
    i’ve a small isp company with 250users at the moment . what do u thing is the best solutions for me to work .

    Max customers in one mikrotik are 60users connected with Rb435G routerboard 680mhz rb .
    into the others are mostly 20-50users on 433 RB .

    I’ve 7 routers and one RadiusMANAGER with a DELL COMPUTER 3.0GHZ 250GB HDD and 2GB RAM

    can i do the squid server just for webs like .php .html and not for musics and videos on the radiusmanager server with this amount of users 200-250simulations users

    what do u thing do i need to add on my base station now … ( whats the best solutions to have a better quality for my clients )
    and is there a full how to build a squid server on centOS .

    Comment by Nori — December 30, 2011 @ 4:30 AM

    • SQUID is an highly customizable proxy server, You can configure it according to you requirements and its possible to cache only certain content in cache.
      If you add proxy, your users browsing experience will increase.
      It’s not matter what flavor you use for building SQUID, I personally use UBUNTU 10.4, which is quite lighter and getting higher attention of administrators all over the globe.

      Comment by Pinochio~:) — December 30, 2011 @ 11:20 AM

  18. yeah but is there a complete guide how to build a squid server
    from the beginning cuz im newbie on linux and want to do a squid server
    or do i need just to install ubuntu and then add the squid configuration file ?

    and my quesiton was “Can i build squid server ( just for php/html pages/images) in the same computer as radiusmanager or not (radius manager is working at the moment with CentOS 6 ) .

    And can i connect the squid server with a public ip address like the radiusmanager and mikrotiks and if i have a problem with squid server will it affect to the users or does it work like this

    IF SQUID SERVER IS ON , then take the bantwith from squid server
    if it is off then take the bantwith from INTERNET .

    thanks for ur reply , ur amazing good :) and sorry for my bad english :)

    Comment by Nori — December 30, 2011 @ 1:49 PM

  19. thanks for ur reply’s .

    i’m going to try to build a new server , and my another question was :
    does the users bantwith work like this :
    IF SQUID SERVER IS ON , then take the bantwith from squid server
    if it is off then take the bantwith from INTERNET . ( for example if squid is full or for any reasen shutdown ) do my users have internet access again or does it affect to all users and nobody gets internet then .

    And what do u thing what sort of computer is better for me :
    At the moment i’ve 250Users and in the far future maybe ill have 350 users max .
    At the moment all the users within one month are using this bantwith :
    Month Download Upload Total Trafich all the month for all users
    2011-11(November) % 1.6 TB 443.8 GB 2.0 TB
    2011-12(December) % 2.3 TB 595.1 GB 2.9 T

    Comment by Nori — December 30, 2011 @ 2:13 PM

    • Well you can do Fail-over via using the following trick.
      Assuming the following scenario.

      On Mikrotik you have 3 Interfaces.
      1st is connected with the WAN1 > DSL
      2nd is connected with the SQUID PROXY This will act as the default Gateway for Mikrotik.
      3rd is connected with the User LAN

      So in ip route you will set up routes with check-gateway that if your default gateway (Squid) is down, then sends requests via WAN1 > DSL,

      You need to Read a lot first in order to understand how fail over works in Mikrotik. Read n Read. :)

      Regarding SQUID Hardware, Get some good speed hardware, the more speedy hardware you put in it, the better cache performance you will get. For example, following hardware would be enough.

      3.6 Ghz Xeon / Dual Core Processors
      4 or 8 GB Ram
      2 Fast Harddrive , one for OS and Logs, second dedicated for CACHING (preferably at lease 1-2 TB for caching, also you can spread your cache in several harddrives for better response, but for smaller setup like 350 users, Just use 2 fast harddrives, one for logs and one for caching)
      Gigabits Lan Cards

      And lastly, Well configured Squid Configuration :)

      Comment by Pinochio~:) / Syed Jahanzaib — December 30, 2011 @ 3:30 PM

  20. Hello !,

    I have a hotspot wi-fi configured with :

    1. Mikrotik Routers OS 4.16(Hotspot Gateway)
    2. DMA Softlab Radius Manager 3.9.0

    mikrotik-ether1==> WAN ISP(Public IP Address)
    Mikrotik-ether2==> LAN For Hotspot Wi-Fi Users.(Private IP)
    RM configured with Public IP.

    One more thing , there are Access Points & some switches which is also configured with private IPs.

    Problem :
    – APs and Switches are configured with (192.168.22.0/24 ) and this ip is added in ether 2 as secondary IP.
    – When tried to access APs and switches , Mikrotik Login page displays.
    and is only accessible when i manually enter username/password.
    I want to access those APs and Switches without any authentication.

    Create a firewall access rule but it didn’t worked.

    Just needed some help.

    Thanx in advance.

    – Shiva

    Comment by Shiva Thapa — February 7, 2012 @ 9:29 AM

  21. Sir i have configured Radius Manager and i have four mikrotik routers with have 100 user’s in them in one LAN could you please guide me through how to connect them with central radius manager.

    Comment by masood — June 19, 2012 @ 11:36 AM

    • Wy FOUR mikrotik router for 100 users :s even single mikrotik rb450 is enough for you.

      On all your NAS, point to your RM in RADIUS section. its very simple, Read the manual of RM on howto connect to RM in Mikrotik.

      Comment by Syed Jahanzaib / Pinochio~:) — June 19, 2012 @ 12:50 PM

  22. Sir i have configured dmasoftlab Radius manager and i have two mikrotik router that userman is enabled with having 100 user’s each so i need to connect them with centralized Radius manager i have searched alot about it but i didnot got the concept of any one of it please provide me a configuration for it.

    Thnx in Advance

    Comment by Masood Andesha — June 19, 2012 @ 12:22 PM

  23. Sir for connecting mikrotik with RM i have read the manual of RM but that didnot worked for me and if you can give the guide i would really appreciate it.

    Thanks in Advance,

    Comment by Masood Andesha — June 19, 2012 @ 2:25 PM

  24. learn video plaes

    Comment by muhammad mahdi — August 20, 2012 @ 5:26 AM

  25. I have A and B location and we are using cyberrom for authentication at A location , now i have one question to u we are using mikrotik at B location if i have to authenticate B location user to A location than what i have to configure at B and mikrotik

    Comment by Hitesh — October 5, 2012 @ 4:26 PM

  26. I dont know y you guys are messing around ……
    your configuration is simple and already briefly explained by Mr. Syed

    Comment by billy — October 17, 2012 @ 4:05 PM

  27. if do want to mess with your netowrk for experimenting which i suggest as your customers will be in trouble i suggest u to get a good machine and run aware work station for experiments and when u r done in that then just implement that on your real time network.
    i have configured about 19 hotspot in different areas, with simple RBs as NASes and single RM server. recently i was informed that we have reached 1000+ users.

    Comment by billy — October 17, 2012 @ 4:14 PM

  28. Assalam-O-Alaikum jahanzaib bhai please http://freeradius.org/ ki koi guide dain k isko kese install keren aur mikrotik k sath config kese kren

    Comment by Zeeshan — November 20, 2012 @ 8:24 AM

  29. Dear Syed Jahanzaib

    Thanks a lot for you support for new biggners …. No word to explain.. ThanQ ..

    Comment by swamy — December 5, 2012 @ 10:26 AM

  30. We need support system as well SMS module and payment module agent module with dmasoftlab… can any one help me??

    Comment by Nishit — January 30, 2013 @ 3:11 PM

  31. does reset traffic counters work ? on add credit in additional mode ? I dont think so it works on Radius manager

    Comment by nk — February 20, 2013 @ 10:45 AM

  32. sir ma cable net ka kam karta ho aor ma na ek Data server share kaya ha jis ka path \\server ha lakin jin users ko ma router lagha kar dataho aun ka pass server open nahi hota app pls is ka liya bi kuch kare

    Comment by tahirmirza786 — February 24, 2013 @ 3:44 PM

    • IT would be much better if you use HTTP or FTP base sharing server, this way you will have more control and features over your media server.

      Comment by Syed Jahanzaib / Pinochio~:) — February 26, 2013 @ 11:51 AM

  33. sir plz help me few command of radius make problem for

    CREATE USER ‘radius’@’localhost’ IDENTIFIED BY ‘yourpass’;
    CREATE USER ‘conntrack’@’localhost’ IDENTIFIED BY ‘yourpass’;
    GRANT ALL ON radius.* TO radius@localhost;
    GRANT ALL ON conntrack.* TO conntrack@localhost;
    how i can solve it

    Comment by junaid — March 7, 2013 @ 3:03 PM

    • What exact error you are getting ???

      Don’t copy paste SQL code from blog to SQL console. Manually type all the commands related to SQL. Pay specially attention to commas like ‘
      when you copy paste the comma, it becomes another character which SQL doesn’t understand?

      Comment by Syed Jahanzaib / Pinochio~:) — March 10, 2013 @ 7:20 PM

  34. Hello Syed Jahanzaib, How could I directly contact to you? I’ve few questions. Thanks.

    Comment by Tamir — March 10, 2013 @ 9:09 PM

  35. hi syed
    i get error when i user radtest user 1111 localhost
    get no response frome server id socket 3

    how can i solve it

    Comment by dh — March 17, 2013 @ 2:08 AM

  36. HI,
    have a big problem while restricting bandwidth in radius manager. Local/outside traffic both gets restricted by doing this,As an alternative , just for authentication , it goes to RM , For rest , bandwidth restriction , i have created a queue rule and applied bandwidth.
    Also I have assigned static ip in RM , queue rule has been maintained for the same IP.
    What went wrong is it gets different ip address than one assigned in radius manager.

    what can be the solution to this ??

    Regards,
    Shiva

    Comment by Shiva Thapa — March 24, 2013 @ 3:42 PM

  37. buenas tardes tengo un problema instale barias beses RM 4 y cuando entro al ACP la primera vez va todo bien luego cierro el panel y reinicio la maquina y quiero ingresar nuevamente al ACP me habre una pagina en blanco y en otra oportunidad me descargo un archivo admin.php. ayuda desde ya muchas gracias

    Comment by walter — April 6, 2013 @ 7:56 AM

    • English Please :)

      This problem often happens due to incorrect version of ZEND installed in PHP. Usual causes are php and .so conflict.
      Try using Ubuntu 10.4 , it works very well and have been tested and deployed successfully at many networks.

      Comment by Syed Jahanzaib / Pinochio~:) — April 7, 2013 @ 3:49 PM

  38. Sir,
    What a wonderful post, nice, i configured it and working very fine, thanks again.
    but here is small query with my hotspot login page.

    my (Mikrotik) hotspot does not redirect login page if i someone tries the secure (https://) site like https://www.google.com
    eg if someone types http://www.google.com, he will redirected to login page, but if he tries secure site like https://youtube.com, than he will not get redirected to login page and browser gives error loading page.

    Can you please help me!!! i have tried to make tick mark in mikrotik ip/hotspot/server profile/ login https=yes
    but nothing improved!!!

    Waiting for your king reply.

    Comment by Abidali Kadiwala — April 11, 2013 @ 11:38 PM

    • The hotspot only redirects port 80 requests. It won’t redirect SSL, email, FTP, or ssh clients. It just blocks them until you are logged in on port 80.
      There MIGHT be a solution for this but If you intercepted the HTTPS response, the users browser would throw up SSL error messages which really scare the users off

      Comment by Syed Jahanzaib / Pinochio~:) — April 12, 2013 @ 1:15 PM

  39. for payment gateway integration which file is to be edited, pls share the filename & path….

    Comment by tamilmaran — June 19, 2013 @ 3:22 PM

  40. sir can you be a consultant to our company we are ready to pay your fees.

    Comment by Jaydeep — February 8, 2014 @ 2:51 AM

  41. assalamualaikum Jahanzaib Bhai.

    bhai kya ap mujhe bata sukty hain k ubuntu server on terminal se external lan card k driver mein kis tarha intsall kar sukta hoon …. aur mein ubuntu desktop use nahi karta hoon . ap muhje terminal se download karny ka tarika baty . PLZ bhai help me

    Comment by Mubashir — March 10, 2014 @ 12:47 PM

  42. Hi there

    am currently changing my wisp network from bridged to routed using Mtik OSPF. All is good but am having problems with RadiusManager. I have created a PPTP server on my gateway RB, on same net as the RM server and on the Hotspot RB have set a PPTP client to comunicate RM packets (1812-1813) via the PPTP tunnel to the RM server. I can ping the RM server no problem (proxy arp enabled) but I always get “Radius Manager is not responding” error when trying to authenticate.
    The RM server address is 10.0.0.3. the NAS is set to 10.0.0.198 (ip address op PPTP client side). PPTP server is set to 10.0.0.9 and remote to 10.0.0.198 On RB the radius address is set to 10.0.0.3 and the timeout to 3000ms.
    The tunnel is set to work on my network and not to go out to the net. I assume this is ok
    Can you give me any help or advice
    Thanks
    David

    Comment by David — April 7, 2014 @ 8:24 PM

    • If ping reply is OK , then radius timeout could be due to various factors,
      check following
      – Radius SECRET at both end, at RM ACP NAS section and Mikrotik Radisu Client settings,
      – Make sure to rebuild the clients.conf (from rm menu) after making any changes and restart the RADIUS server (from the rm menu)
      – Make sure your password ok in sql.conf file, its most common issue if you are not using default password.

      Comment by Syed Jahanzaib / Pinochio~:) — April 10, 2014 @ 9:50 AM

  43. you have mad networking skills with mikrotik, great article and config is beautiful, thanks for the hard work and posting Sir. keep it up :)

    Comment by cory — April 19, 2014 @ 8:52 AM

  44. sir, where to download dmasoft radius manager

    Comment by aayush — May 26, 2014 @ 8:16 AM

    • Google for dmasoftlabs

      Comment by david — May 27, 2014 @ 12:55 PM

  45. Thanks for your great tutorial on sending message by DMASOFTLAB using kannel and USB dongle, using your guide i can make the system send SMS , but i have a bulk sms route and they have provided me http api and a code using php and curl , unfortunately i could not make it to work , even DMASOFT lab is not supporting saying that they can only help with clicktal ,please guide me , i think a bit tweaking can make it work and thats all up to U,, thanks a lot

    Comment by Dr Anupam Das — July 25, 2014 @ 6:57 PM

  46. thanks for this kind info…
    my clients are mobile phone users and windows users.
    If I create Radius DHCP server. Do I need to login again and again as in hotspot. loging for mobile users causes truobles.

    Comment by Wajid — August 27, 2014 @ 4:16 PM

  47. Asalam Alaikom..

    Syed brother.. i have read all your post here….no words can explain…ur awesome brother.. I want to start hotspot i need your expertise. Thanks for educating all of us….:)

    Comment by Rashid Tampus — September 19, 2014 @ 7:05 PM


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Silver is the New Black Theme. Create a free website or blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 2,361 other followers

%d bloggers like this: