Hi
I've got my mikrotik hotspots working in every way expect Mac Authentication. Can someone tell me what i've done wrong.
Using RADIUSdesk-2016-4-0.ova upgraded to the latest snv and to the freeradius in the snv.
The mac address has been auto added to the user, I can see the mikrotik pushing the mac address when trying to login in. In the radius out put i can see the freeradius connecting the mac with the correct user name and profiles. Here is the output of freeradius after the first warning.
(0) pap: WARNING: Auth-Type already set. Not setting to PAP
(0) [pap] = noop
(0) } # authorize = ok
(0) Found Auth-Type = CHAP
(0) # Executing group from file /etc/freeradius/sites-enabled/radiusdesk-plain
(0) Auth-Type CHAP {
(0) chap: ERROR: &request:CHAP-Password has invalid length
(0) [chap] = invalid
(0) } # Auth-Type CHAP = invalid
(0) Failed to authenticate the user
(0) Using Post-Auth-Type Reject
(0) # Executing group from file /etc/freeradius/sites-enabled/radiusdesk-plain
(0) Post-Auth-Type REJECT {
(0) attr_filter.access_reject: EXPAND %{User-Name}
(0) attr_filter.access_reject: --> 00-03-7F-8E-DA-50
(0) attr_filter.access_reject: Matched entry DEFAULT at line 11
(0) [attr_filter.access_reject] = updated
(0) if (reply:Reply-Message =~ /You are already logged in/i){
(0) ERROR: Failed retrieving values required to evaluate condition
(0) policy RADIUSdesk_last_reject {
(0) if (EAP-Message){
(0) if (EAP-Message) -> FALSE
(0) EXPAND %{User-Name}
(0) --> 00-03-7F-8E-DA-50
(0) SQL-User-Name set to '00-03-7F-8E-DA-50'
rlm_sql (sql): Reserved connection (2)
(0) Executing query: UPDATE permanent_users SET last_reject_time=now(),last_reject_nas='192.168.0.1',last_reject_message='N/A' where username='00-03-7F-8E-DA-50'
rlm_sql_mysql: Rows matched: 0 Changed: 0 Warnings: 0
(0) SQL query affected no rows
rlm_sql (sql): Released connection (2)
(0) EXPAND %{sql:UPDATE permanent_users SET last_reject_time=now(),last_reject_nas='%{NAS-IP-Address}',last_reject_message='%{%{reply:Reply-Message}:-N/A}' where username='%{User-Name}'}
(0) -->
(0) EXPAND %{User-Name}
(0) --> 00-03-7F-8E-DA-50
(0) SQL-User-Name set to '00-03-7F-8E-DA-50'
rlm_sql (sql): Reserved connection (3)
(0) Executing query: UPDATE devices SET last_reject_time=now(),last_reject_nas='192.168.0.1',last_reject_message='N/A' where name='00-03-7F-8E-DA-50'
rlm_sql_mysql: Rows matched: 1 Changed: 1 Warnings: 0
rlm_sql (sql): Released connection (3)
(0) EXPAND %{sql:UPDATE devices SET last_reject_time=now(),last_reject_nas='%{NAS-IP-Address}',last_reject_message='%{%{reply:Reply-Message}:-N/A}' where name='%{Calling-Station-Id}'}
(0) --> 1
(0) EXPAND %{User-Name}
(0) --> 00-03-7F-8E-DA-50
(0) SQL-User-Name set to '00-03-7F-8E-DA-50'
rlm_sql (sql): Reserved connection (4)
(0) Executing query: UPDATE vouchers SET last_reject_time=now(),last_reject_nas='192.168.0.1',last_reject_message='N/A' where name='00-03-7F-8E-DA-50'
rlm_sql_mysql: Rows matched: 0 Changed: 0 Warnings: 0
(0) SQL query affected no rows
rlm_sql (sql): Released connection (4)
(0) EXPAND %{sql:UPDATE vouchers SET last_reject_time=now(),last_reject_nas='%{NAS-IP-Address}',last_reject_message='%{%{reply:Reply-Message}:-N/A}' where name='%{User-Name}'}
(0) -->
(0) } # policy RADIUSdesk_last_reject = updated
(0) } # Post-Auth-Type REJECT = updated
(0) Delaying response for 1.000000 seconds
Ok, this makes no sense, my primary Radiusdesk VM basd on 2016-2, lasted svn etc, is now authenticating mac addresses. Three days trying, post a message, then it works. I just don't get it.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Found the answer. Turn on HTTP PAP as well and MAC, mac as username and password. And the important part... Wait or reboot, takes time for some reason. Not very mikrotik.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi
I've got my mikrotik hotspots working in every way expect Mac Authentication. Can someone tell me what i've done wrong.
Using RADIUSdesk-2016-4-0.ova upgraded to the latest snv and to the freeradius in the snv.
The mac address has been auto added to the user, I can see the mikrotik pushing the mac address when trying to login in. In the radius out put i can see the freeradius connecting the mac with the correct user name and profiles. Here is the output of freeradius after the first warning.
(0) pap: WARNING: Auth-Type already set. Not setting to PAP
(0) [pap] = noop
(0) } # authorize = ok
(0) Found Auth-Type = CHAP
(0) # Executing group from file /etc/freeradius/sites-enabled/radiusdesk-plain
(0) Auth-Type CHAP {
(0) chap: ERROR: &request:CHAP-Password has invalid length
(0) [chap] = invalid
(0) } # Auth-Type CHAP = invalid
(0) Failed to authenticate the user
(0) Using Post-Auth-Type Reject
(0) # Executing group from file /etc/freeradius/sites-enabled/radiusdesk-plain
(0) Post-Auth-Type REJECT {
(0) attr_filter.access_reject: EXPAND %{User-Name}
(0) attr_filter.access_reject: --> 00-03-7F-8E-DA-50
(0) attr_filter.access_reject: Matched entry DEFAULT at line 11
(0) [attr_filter.access_reject] = updated
(0) if (reply:Reply-Message =~ /You are already logged in/i){
(0) ERROR: Failed retrieving values required to evaluate condition
(0) policy RADIUSdesk_last_reject {
(0) if (EAP-Message){
(0) if (EAP-Message) -> FALSE
(0) EXPAND %{User-Name}
(0) --> 00-03-7F-8E-DA-50
(0) SQL-User-Name set to '00-03-7F-8E-DA-50'
rlm_sql (sql): Reserved connection (2)
(0) Executing query: UPDATE
permanent_usersSET last_reject_time=now(),last_reject_nas='192.168.0.1',last_reject_message='N/A' where username='00-03-7F-8E-DA-50'rlm_sql_mysql: Rows matched: 0 Changed: 0 Warnings: 0
(0) SQL query affected no rows
rlm_sql (sql): Released connection (2)
(0) EXPAND %{sql:UPDATE
permanent_usersSET last_reject_time=now(),last_reject_nas='%{NAS-IP-Address}',last_reject_message='%{%{reply:Reply-Message}:-N/A}' where username='%{User-Name}'}(0) -->
(0) EXPAND %{User-Name}
(0) --> 00-03-7F-8E-DA-50
(0) SQL-User-Name set to '00-03-7F-8E-DA-50'
rlm_sql (sql): Reserved connection (3)
(0) Executing query: UPDATE
devicesSET last_reject_time=now(),last_reject_nas='192.168.0.1',last_reject_message='N/A' where name='00-03-7F-8E-DA-50'rlm_sql_mysql: Rows matched: 1 Changed: 1 Warnings: 0
rlm_sql (sql): Released connection (3)
(0) EXPAND %{sql:UPDATE
devicesSET last_reject_time=now(),last_reject_nas='%{NAS-IP-Address}',last_reject_message='%{%{reply:Reply-Message}:-N/A}' where name='%{Calling-Station-Id}'}(0) --> 1
(0) EXPAND %{User-Name}
(0) --> 00-03-7F-8E-DA-50
(0) SQL-User-Name set to '00-03-7F-8E-DA-50'
rlm_sql (sql): Reserved connection (4)
(0) Executing query: UPDATE
vouchersSET last_reject_time=now(),last_reject_nas='192.168.0.1',last_reject_message='N/A' where name='00-03-7F-8E-DA-50'rlm_sql_mysql: Rows matched: 0 Changed: 0 Warnings: 0
(0) SQL query affected no rows
rlm_sql (sql): Released connection (4)
(0) EXPAND %{sql:UPDATE
vouchersSET last_reject_time=now(),last_reject_nas='%{NAS-IP-Address}',last_reject_message='%{%{reply:Reply-Message}:-N/A}' where name='%{User-Name}'}(0) -->
(0) } # policy RADIUSdesk_last_reject = updated
(0) } # Post-Auth-Type REJECT = updated
(0) Delaying response for 1.000000 seconds
Thanks.
Ok, this makes no sense, my primary Radiusdesk VM basd on 2016-2, lasted svn etc, is now authenticating mac addresses. Three days trying, post a message, then it works. I just don't get it.
Found the answer. Turn on HTTP PAP as well and MAC, mac as username and password. And the important part... Wait or reboot, takes time for some reason. Not very mikrotik.