MikroTik RADIUS Server (User Manager) Installation

RADIUS Server is a centralized user authentication, authorization and accounting application. RADIUS authentication gives the ISP or network administrator ability to manage PPP users, login users and Hotspot users from one server throughout a large network. MikroTik RouterOS has a RADIUS client that is able to authenticate login users, Hotspot users and PPP users through a RADIUS server. MikroTik team also developed a totally separate RADIUS server package named User Manager that can be used to authenticate MikroTik users smoothly. But frankly speaking, MikroTik User Manager is not suitable for medium to large organizations because it is limited to customization. On the other hand, freeRADIUS is a modular RADIUS suite that can be customized according to organizational requirements but freeRADIUS has to be customized by yourself. In this article, I will only discuss about MikroTik User Manager RADIUS Server and how to install and configure MikroTik User Manager Package properly. For freeRADIUS installation and configuration, visit my another article about freeRADIUS installation and basic configuration on CentOS 7 Linux distribution.




RADIUS Server




RADIUS, short for Remote Authentication Dial-In User Service, is a client-server networking protocol that is used to manage (authentication, authorization and accounting) users who connect and use network services.  RADIUS server runs in the application layer and it can use either TCP or UDP as transport.  A lot of RADIUS server applications are found today but among these User Manager RADIUS Server developed by MikroTik is specially used for MikroTik user authentication and authorization purpose.




MikroTik User Manager RADIUS Server




User Manager is an optional and totally separate MikroTik RouterOS RADIUS Server Package that is used to manage MikroTik user authentication, authorization and accounting. ISP Company or network administrator can use User Manager as their login user authentication, PPP user authentication, and Hotspot user authentication as well as billing purpose. But before using User Manager RADIUS Server Package in your network, you should know the minimum system requirements of this package.




User Manager Package Requirements




User Manager RADIUS Server installation must have below minimum requirements.               




  • MikroTik RouterOS and User Manager Package must have the same version.
  • The MikroTik User Manager works on x86, MIPS, PowerPC and TILE processor based routers and CHR devices.
  • The router should have at least 32MB RAM and 2MB free HDD space.






How RouterOS Client and User Manager RADIUS Server Works




MikroTik User Manager works like a judge. It receives question from RADIUS client and must give answer. For example, when a user (say, bob) like below network diagram wants to connect to the network, the RouterOS RADIUS client first check its local user database and if it fails to authenticate from local database, it asks to User Manager RADIUS Server: “is user ‘bob’ is allowed to network?”




MikroTik RADIUS Server Network
MikroTik RADIUS Server Network




If user ‘bob’ is present in RADIUS server’s user database, it answers: “Yes but with profile limitation”. If user is not in RADIUS Server’s user database, the server replies with NO.




How to Install MikroTik User Manager RADIUS Server




User Manager is a MikroTik RouterOS Package. So, User Manager Package installation in your network can be divided into methods.




  • User Manager Package can be installed in your physical MikroTik RouterOS. Or,
  • User Manager Package can be installed in a Server Machine or in a PC where MikroTik RouterOS is running.




I always prefer the second method because User Manager will generate a lot of logs and a physical RouterOS machine has limited storage capacity as well as to handle multiple RouterOS request in a large network, a User Manager should have a stable and powerful physical machine.




Install User Manager Radius Server Package in a Physical MikroTik RouterOS




As User Manager is a separate RouterOS Package, it is usually not included with MikroTik Roterboard Operating System.  However, you can check your RouterOS whether it contains User Manager Package or not by visiting Winbox System > Packages menu. In this Package List window, you will find all the available packages that are installed in your RouterOS. If User Manager Package is installed, you will find a list named user-manager. If User Manager Package is not installed, follow the below steps to install User Manager Package in your RouterOS.




  • Login Mikrotik Router with Winbox Software.
  • From Winbox, go to System > Resources menu item and find Architecture Name and RouterOS Version from Resources window.




MikroTik Router Resources Window
MikroTik Router Resources Window




  • Go to MikroTik download section and select your MikroTik RouterOS version and download all packages zip file that will match with your Architecture Name (all_packages-architecture_name-routeros_version.zip).



  • Now extract downloaded zip file and you will find User Manager (user-manager-routeros_version-architecture_name.npk) file within this zip file.



  • Click on Files menu item from Winbox and drag and drop this user-manager file to File List window.



  • Now reboot your RouterOS.



  • User Manager Package will be installed at the time of next booting and user-manager package will be available in your Package List window.




    Install User Manager RADIUS Server Package in a Dedicated Server Machine or in a PC




    This is the best method to use User Manager RADIUS Server in a network. In this method, MikroTik RouterOS is installed on a dedicated server machine or on a personal Desktop Computer having only basic system package and user manager package installed.




    MikroTik RouterOS can be installed on a dedicated physical machine or on a virtual machine. If you use physical machine, download the latest MikroTik RouterOS ISO file from MikroTik download section and burn the ISO file on a DVD or on a USB drive and then boot your computer from this media. If you wish to install RouterOS on a virtual machine, just download the ISO file and attach the ISO file to CD/DVD drive and then boot your virtual machine. While booting your machine, MikroTik package selection window will appear. You will just select System Package and User Manager Package from this window and then start installation. Within a few seconds MikroTik RouterOS installation will be completed.




    If you feel confused to install MikroTik RouterOS ISO on your machine, read my article about Install MikroTik RouterOS on PC where I have described how to install MikroTik RouterOS on a PC and a video is also included. I hope your confusion will be reduced if you follow the article carefully.




    After completing RouterOS installation, login with user admin and password left blank and then run this command: ip address add address=radious_server_ip interface=ether1 to assign IP address to ether1 interface.




    Note: Put your RADIUS Server IP that you want to assign in the place of radious_server_ip such as 192.168.110.10/24




    Now open your favorite web browser and type https://radious_server_ip/userman. If everything is OK, you will find a login prompt like below image to login to your User Manager RADIUS Server.




    User Manager Login Screen
    User Manager Login Screen




    By default User Manager creates an owner customer named admin with no password. So, put admin as login and password left blank and then click on Lon in button. You will now find User Manger Dashboard where we will do our entire User Management activity.




    MikroTik User Manager Radius Server Package can easily be installed and configured if you follow above steps carefully. However, if you face any difficulty to do above steps properly, follow my video tutorial about MikroTk User Manager Radius Server installation and configuration. I hope, it will reduce your any confusion.