Overview
User Manager is RADIUS server implementation in RouterOS which provides centralized user authentication and authorization to a certain service. Having a central user database allows better track of system users and customers. As a separate package, User Manager is available on all architectures including SMIPS, however care must be taken due to limited free space available. It supports many different authentication methods including PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP-TLS, EAP-TTLS and EAP-PEAP. In RouterOS, DHCP, Dot1x, Hotspot, IPsec, PPP, Wireless are features that benefit from User Manager the most. Each user can see their account statistics and manage available profiles using WEB interface. Additionally, users are able buy their own data plans (profiles) using the most popular payment gateway - PayPal making it a great system for service providers. Customized reports can be generated to ease processing by billing department. User Manager works according to RADIUS standard defined in RFC2865 and RFC3579.
Attributes
RADIUS attributes are defined authorization, information and configuration parameters that are passed between the RADIUS server and client. User Manager allows sending customized attributes defined in "attributes" menu. Complete list of attributes that can be sent from User Manager is compiled in the table below.
| # | Attribute | Data type | Packet type | Description |
|---|---|---|---|---|
| 1 | User-Name | text | Access-Accept | RFC2865 section 5.1 |
| 6 | Service-Type | enum | Access-Accept | RFC2865 section 5.6 |
| 7 | Framed-Protocol | enum | Access-Accept | RFC2865 section 5.7 |
| 8 | Framed-IP-Address | ipv4 | Access-Accept | RFC2865 section 5.8 |
| 9 | Framed-IP-Netmask | ipv4 | Access-Accept | RFC2865 section 5.9 |
| 10 | Framed-Routing | enum | Access-Accept | RFC2865 section 5.10 |
| 11 | Filter-Id | text | Access-Accept | RFC2865 section 5.11 |
| 12 | Framed-MTU | integer | Access-Accept | RFC2865 section 5.12 |
| 13 | Framed-Compression | enum | Access-Accept | RFC2865 section 5.13 |
| 14 | Login-IP-Host | ipv4 | Access-Accept | RFC2865 section 5.14 |
| 15 | Login-Service | enum | Access-Accept | RFC2865 section 5.15 |
| 16 | Login-TCP-Port | integer | Access-Accept | RFC2865 section 5.16 |
| 18 | Reply-Message | text | Access-Accept, Access-Challenge | RFC2865 section 5.18 |
| 19 | Callback-Number | text | Access-Accept | RFC2865 section 5.19 |
| 20 | Callback-Id | text | Access-Accept | RFC2865 section 5.20 |
| 22 | Framed-Route | text | Access-Accept | RFC2865 section 5.22 |
| 23 | Framed-IPX-Network | ipv4 | Access-Accept | RFC2865 section 5.23 |
| 24 | State | string | Access-Accept, Access-Challenge | RFC2865 section 5.24 |
| 25 | Class | string | Access-Accept | RFC2865 section 5.25 |
| 26 | Vendor-Specific | Access-Accept, Access-Challenge | RFC2865 section 5.26 | |
| 27 | Session-Timeout | integer | Access-Accept, Access-Challenge | RFC2865 section 5.27 |
| 28 | Idle-Timeout | integer | Access-Accept, Access-Challenge | RFC2865 section 5.28 |
| 29 | Termination-Action | enum | Access-Accept | RFC2865 section 5.29 |
| 33 | Proxy-State | string | Access-Accept, Access-Challenge | RFC2865 section 5.33 |
| 34 | Login-LAT-Service | text | Access-Accept | RFC2865 section 5.34 |
| 35 | Login-LAT-Node | text | Access-Accept | RFC2865 section 5.35 |
| 36 | Login-LAT-Group | string | Access-Accept | RFC2865 section 5.36 |
| 37 | Framed-AppleTalk-Link | integer | Access-Accept | RFC2865 section 5.37 |
| 38 | Framed-AppleTalk-Network | integer | Access-Accept | RFC2865 section 5.38 |
| 39 | Framed-AppleTalk-Zone | text | Access-Accept | RFC2865 section 5.39 |
| 56 | Egress-VLANID | integer | Access-Accept | RFC4675 section 2.1 |
| 57 | Ingress-Filters | enum | Access-Accept | RFC4675 section 2.2 |
| 58 | Egress-VLAN-Name | text | Access-Accept | RFC4675 section 2.3 |
| 59 | User-Priority-Table | string | Access-Accept | RFC4675 section 2.4 |
| 62 | Port-Limit | integer | Access-Accept | RFC2865 section 5.42 |
| 63 | Login-LAT-Port | text | Access-Accept | RFC2865 section 5.43 |
| 64 | Tunnel-Type | enum | Access-Accept | RFC2868 section 3.1 |
| 65 | Tunnel-Medium-Type | enum | Access-Accept | RFC2868 section 3.2 |
| 66 | Tunnel-Client-Endpoint | text | Access-Accept | RFC2868 section 3.3 |
| 67 | Tunnel-Server-Endpoint | text | Access-Accept | RFC2868 section 3.4 |
| 69 | Tunnel-Password | string | Access-Accept | RFC2868 section 3.5 |
| 81 | Tunnel-Private-Group-ID | text | Access-Accept | RFC2868 section 3.6 |
| 82 | Tunnel-Assignment-ID | text | Access-Accept | RFC2868 section 3.7 |
| 83 | Tunnel-Preference | integer | Access-Accept | RFC2868 section 3.8 |
| 90 | Tunnel-Client-Auth-ID | text | Access-Accept | RFC2868 section 3.9 |
| 91 | Tunnel-Server-Auth-ID | text | Access-Accept | RFC2868 section 3.10 |