User Manager/RouterOS user Example

From MikroTik Wiki
Jump to: navigation, search


User Manager server might be used as remote storage of RouterOS login and password information. MikroTik router will consult User Manager for login and password, when you are accessing RouterOS via Winbox or console session. Let us consider configuration steps.

RouterOS configuration

  • Set RouterOS to use User Manager server for checking login and password information,
 / user aaa set use-radius=yes
  • '/user aaa' has 'default-group' option, that define type of the default group. Default is read permissions, if you need to allow full permissions for users stored in User Manager database
 / user aaa set default-group=full
  • Add radius client to consult User Manager for login service.
/ radius add service=login address=y.y.y.y secret=123456

'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address.

  • Note, first local router database is consulted, then User Manager database.

User Manager configuration

  • Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called 'admin' is created automatically - you can skip the following stage and change 'MikroTik' to 'admin' in subsequent steps;
/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
  • Add RouterOS router information to router list,

In version 3:

/ tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456

In version 4:

/ tool user-manager router add customer=MikroTik ip-address=x.x.x.x shared-secret=123456

'x.x.x.x' is the address of the RouterOS router, 'shared-secret' must match on both User Manager and RouterOS routers.

  • Add login/password information, that account will be able to access RouterOS. login is MikroTik, password is MikroTik.

In version 3:

/ tool user-manager user add subscriber=MikroTik username=MikroTik password=MikroTik

In version 4:

/ tool user-manager user add customer=MikroTik username=MikroTik password=MikroTik