RADIUS Integration

Kennieth_Goodwin · 2017-02-05 20:14:36 UTC

I’m looking for information on RADIUS integration. We are moving over from VISP and our sites are setup with Mikrotik using Hotspot authentication and queuing. Do we need to create our own RADIUS server? The casts and any documentation are very vague or don’t touch on the RADIUS server aspect of provisioning. We’re very technical, so point us in the right direction.

Kind Regards,

Jason_Wilson · 2017-02-06 00:03:45 UTC

This will get you on the right direction. This is what we did and hopefully tomorrow with support switching over from VISP for auth.

Jason

simon · 2017-02-06 15:53:24 UTC

https://sonar.software/casts/provisioning/using-radius-pppoe-and-address-lists will probably be helpful too.

Kennieth_Goodwin · 2017-02-07 21:24:12 UTC

Update, I successfully setup RADIUS server and have Sonar talking to it successfully. I probably went through too much trouble in having a RADIUS server with a separate MySQL backend. However, it seems to be writing data to SQL server from Sonar. I would like to set it up where our existing queuing and hotspot authentication was working, however, I may try to test with PPPoE method. I just moved away from PPPoE due to performance issues.

Steven_Sugg · 2017-02-07 21:56:11 UTC

We didn’t want to use PPPOE either which is why we requested to change to the user section of RADIUS to allow username only for MAC auth in the Mikrotik. It looks like that was added. Now to see if it’s pushing the username only to the RADIUS database.

Kennieth_Goodwin · 2017-02-08 17:31:14 UTC

Where are you seeing this option? I have upgraded to 1.1.3, but am not seeing. Thanks!

**Edit

Is this what you were referring to:

RADIUS Accounts New Feature
It is now possible to create RADIUS accounts without passwords.

Steven_Sugg · 2017-02-08 19:12:31 UTC

Accounts | Network | RADIUS

This is where you enter the username and password for the customer’s RADIUS authorization. MAC-Auth doesn’t use the password so we needed the password required option turned off.

Kennieth_Goodwin · 2017-02-08 23:38:45 UTC

So are you basically using the MAC address of the device as the username and leaving the password field blank? Is there a way to use the MAC from the device that’s inventoried/assigned to that customer?

Steven_Sugg · 2017-02-09 00:08:49 UTC

Just copy and paste it into the field.

Kennieth_Goodwin · 2017-02-09 00:30:18 UTC

I’m sorry, I may not be clear. I’m just trying to make sure I’m doing best practices. Do you create a RADIUS account and set the username as the MAC address of the radio while leaving the password field blank?

Steven_Sugg · 2017-02-09 14:16:42 UTC

Yes. That is what I’ve done.

Please note that I don’t have RADIUS fully active yet, because the blank password issue just got resolved.

Mario_Aldayuz · 2018-01-30 01:56:10 UTC

Any update on getting this working? We are looking to use MAC based auth for devices so basically scan, assign, they can get online.

simon · 2018-01-30 13:10:22 UTC

What is the problem you’re having? This was resolved months ago.