I’m receiving so many questions about FreeRadius and I’m sorry to tell this but I can’t and I won’t give you tech support 4 free. I can and I will answer on one or two questions but do not bother me every single day via email and IM clients when I already wrote on this blog all you need to know.
I understand that RADIUS protocol is marginalized but there are more than enough articles which just laying around and waiting for you. All you need is Google and the right search term.
Before you continue to this read this article, please:
turn on your brain
find out what exactly do you want from your RADIUS server
read the four articles I posted on this blog
be sure that you Mikrotik can reach the Internet (has properly configured IP addresses, DNS, default route, etc)
In this post, I will explain how to set up a Mikrotik router to act as a NAS (but only the part related to RADIUS).
The first step you need to do is to be sure that Mikrotik and RADIUS server “can talk” which means you can ping RADIUS server from Mikrotik and vice verse. Of course, the connection must be reliable and without packet loss.
In the last example, our RADIUS server had an IP address 192.168.0.10 and if you remember we added IP 192.168.0.15 inside the nas table with mysecret as a RADIUS secret. This means that only NAS from IP address 192.168.0.15 would be able to talk with RADIUS server but only if the secret is correct.
So, lets define the RADIUS server inside Mikrotik.
Connect to Mikrotik via Winbox utility. Click on RADIUS and click on the + to add a new RADIUS server.
Enter RADIUS server IP address (in this case 192.168.0.10), enter secret and select ppp.
The next step is to enable Incoming requests so you will be able to disconnect users via PoD (Packet of Disconnect). Click on the Incoming button (RADIUS -> Incoming) and enable Accept checkbox.
Add new PPPoE server (PPP – PPPoE Servers and click Add).
The most important thing here is to choose the right interface. I your LAN interface is connected to the network where are the users, select LAN. My recommendation is to leave only pap and chap inside Auth. section.
The next step is to define a IP pool which will be used for address allocation.
Be sure that pool name is the same like you defined in the database because radius server will return the pool name to Mikrotik and if the pool with that name doesn’t exists, the users won’t get an IP address.
The next step is to properly configure the default profile for PPPoE users.
Enter local IP address (your public IP address), select remote address pool (the IP pool which we defined above) and add DNS servers which will be returned to the users.You can use the same Mikrotik as a DNS server but you need to turn on Allow remote requests inside DNS settings.
The last step is to turn on RADIUS for accounting inside PPP – Secret menu. Interim update is the time and I do not recommend the values less than 5 minutes.