Manual:User Manager

From MikroTik Wiki
Revision as of 08:09, 22 May 2019 by Artursc (talk | contribs)
Jump to navigation Jump to search

Introduction

User manager (UM) is a management system that can be used in various setups. UM can be used for HotSpot, PPP, DHCP, Wireless and RouterOS users. User Manager is a RADIUS server application. The first UM test package was introduced in RouterOS version 4. User manager package is supported on all RouterOS architectures including x86 and Cloud Host Router.

Icon-note.png

Note: SMIPS based devices without additional memory do not have enough free space for UM package.


Getting started

MikroTik User Manager can be downloaded from the MikroTik web site download section. In there find the system and software version that you need this package for and download Extra packages archive for it. In this archive, you will find the User Manager package. To install the package simply upload it on the device and reboot the unit.

A default Customer with login admin and empty password is created when the User Manager package is installed for the first time.

[admin@MikroTik] /tool user-manager customer set admin password=adminpassword

After that, you can use print command to see what you have added.

 [admin@MikroTik] /tool user-manager customer> print
  Flags: X - disabled
   0   login="admin" password="adminpassword" backup-allowed=yes currency="USD" 
       time-zone=-00:00 permissions=owner signup-allowed=no paypal-allowed=no
       paypal-secure-response=no paypal-accept-pending=no

Web Interface

To access User managers Web interface type IP address and /Userman at the end of it, for example, http://192.168.88.1/userman

Alt text
Default login is admin with empty password
Icon-note.png

Note: Since RouterOS 4.1, User-manager web interface is unreachable with an HTTP 404 when attempting to navigate to http://inside_ip/userman from behind a Hotspot interface where inside_ip is a non-NAT'd IP address on the router. Two workarounds: change the 'www' service port from 80 to something other than 80 or 8080, such as port 81. Then use http://inside_ip:81/userman, or use an IP address hotspot users are NAT'd to (http://outside_ip/userman) instead.


Quick start

Concepts explained

Customers

Sub-menu: /tool user-manager customer


Customers use a web interface to manage users, credits, routers, etc. Each customer can have a zero or more sub-customers and exactly one parent-customer with the same or weaker permission level than its parent.

Subscriber is a customer with owner permissions who's a parent is himself. Subscribers can be thought as domain - each subscriber sees everything that happens with his sub-customers, credits, users, routers, sessions, etc., but has no access to other subscriber's data. All data objects (users, routers, credits, logs) belong to one specific subscriber and can, therefore, belong to many sub-customers of the owner subscriber. To separate users among customers of one subscriber, user prefix is used.


Property Description
access (config-payment-gw | own-profiles | own-users | parent-payment-gw | parent-routers | own-limits | own-routers | parent-limits | parent-profiles | parent-users; Default: ) Configureable parameters
  • config-payment-gw
  • own-limits
  • own-profiles
  • own-routers
  • own-users
  • parent-limits
  • parent-payment-gw
  • parent-profiles
  • parent-routers
  • parent-users
backup-allowed (yes | no; Default: yes) Allow to manage backups.
city (string; Default: ) Informational
company (string; Default: ) Informational
copy-from (string; Default: ) Copy data from specific customer.
country (string; Default: ) Informational
currency (string; Default: ) Used for payments and money-related data representation on the web page.
date-format (string; Default: ) Used on web pages for data representation. Only allowed formats (listed in the drop-down) can be used. When the value doesn't match any of allowed (it's possible to enter any value from console) formats, default is used.
disabled (yes | no; Default: no) Allow to disable/enable customer.
email (string; Default: ) Email address. Used to send emails (for ex., sign up information) to users.
parent (string; Default: ) Customers parent.
password (string; Default: ) Used for Login.
paypal-accept-pending= (yes | no; Default: no) When true, payments with status "Pending" are accepted as valid. This may be used for multi-currency payments where manual approvals must be made.
paypal-allowed= (yes | no; Default: no) Whether Paypal is allowed.
paypal-business-id (string; Default: no) Business ID of the PayPal account where the money will be sent.
paypal-secure-response (yes | no; Default: no) Whether to use https (when true) or HTTP (when false) to receive payment feedback from PayPal. An additional security mechanism is used to check the validity of this feedback information so using HTTP is not mandatory.
permissions (full | owner | read-only | read-write; Default: owner) Customer account permissions.
public-host (string; Default: ) IP address or DNS name specifying the public address of this User Manager router. Payment gateways use this address to send transaction status response. This field has sense only if users access User Manager site through local IP address (for, example, http://192.168.0.250/user) and another address is used for public access (for example, http://userman.mt.lv/user).
public-id (string; Default: ) It's an ID used to identify customer because Login names are allowed to be equal and for security reasons, they are kept in secret.
signup-allowed= (yes | no; Default: no) When checked, this customer allows users to use sign-up.
time-zone (string; Default: ) Specific for each customer. By default equals to 00:00. Session and credit info is stored as GMT regardless of ROS time zone on the User Manager router. This value specifies the way data is displayed on the User Manager web pages.
user-prefix (string; Default: ) Used to separate users between customers of one subscriber.
login (string; Default: ) Customers Login name.


A WEB interface provides the same options as CLI. Usually, people choose to use "User managers" WEB interface, because it is more transparent and comfortable to manage.

Alt text
Customer section in the WEB inteface

Users

Sub-menu: /tool user-manager users

Users are people who use services provided by customers and each user can have time, traffic and speed limitations. Customers can create, modify and delete users but the owner is the subscriber who is also the owner of these customers. To separate users among customers of one subscriber, user prefix is used.

{{{prop}}} {{{desc}}}
caller-id (string; Default: )
caller-id-bind-on-first-use (yes | no; Default: no)
copy-from (string; Default: ) Copy parameters from specific user
disabled (yes | no; Default: no) Whether user is disabled
email (string; Default: ) Email. Used to send notifications to user (for ex., sign-up email)
first-name (string; Default: ) Informational
ip-address (string; Default: 0.0.0.0.) If not blank, user will get this IP address on successful authorization
last-name (string; Default: ) Informational
location (string; Default: ) Informational
password (string; Default: ) Used to identify user
phone (string; Default: ) Informational
random-password (yes | no; Default: no) Randomly generates password for User
reg-key (string; Default: )
registration-date (string; Default: )
shared-users (number | unlimited; Default: unlimited)
username (string; Default: ) Used to identify user
wireless-enc-algo (40bit-wep | 104bit-wep | aes-ccm | none | tkip; Default: )
wireless-enc-key (string; Default: )
wireless-psk (string; Default: )
customer (string; Default: ) User account owner

Common

Version 4.x test package specific

Version 3.x specific

Reference

Web interface

Customer page

User page

User sign-up

User payments