RADIUSdesk

Trace: install

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
user_guide:mikrotik:rb751_advanced [2016/06/02 23:15] – created adminuser_guide:mikrotik:rb751_advanced [2022/06/13 09:48] (current) – [Add an entry to the Mikrotik Walled Garden] admin
Line 3: Line 3:
 Although the instructions on this page makes use of the RB751, the same principles should also apply to other Mikrotik Routerboards.\\ Although the instructions on this page makes use of the RB751, the same principles should also apply to other Mikrotik Routerboards.\\
 The following advanced configurations will be covered in this document: The following advanced configurations will be covered in this document:
-  * Heartbeat configuration 
   * Central Dynamic login pages   * Central Dynamic login pages
- 
------------------ 
-===== Heartbeat configuration ===== 
-  * The heartbeat configuration is done to provide a means for the Mikrotik router to report its status to RADIUSdesk 
-  * The heartbeat system also provides a means for the RADIUSdesk server to reply with instructions to be executed by the Mikrotik router. 
-==== Configure the Mikrotik router ==== 
-  * Connect to the Mikrotik's web interface and select **System** → **Scheduler**. 
-  * Select **Add new** to create a new entry. 
-  * Use the following table as a reference to populate the entry. The important replacement is to replace the **116.73.109.36** with the IP Address or DNS name of your RADIUSdesk server. 
- 
-^ Item      ^ Value       ^ Comment          ^ 
-| Enabled   | Checked            | 
-| Name | RD-heartbeat |    | 
-| Start Date | <today> |    | 
-| Start Time | startup |   | 
-| Interval | 00:01:00 | Increase this value is you have a large deployment of devices to lighten the load on the server  | 
-| On Event | <code>/tool fetch keep-result=yes mode=http address=116.73.109.36 src-path=("/cake2/rd_cake/webroot/files/heartbeat.php?nasid=".[/system identity get name]) dst-path=("rd.rsc" 
-/import file-name=rd.rsc  
-/file remove rd.rsc </code> |    | 
-| Policy | Select Reboot, Read, Write, Policy, Test, Password, Sniff, Sensitive | Do't exactly know why we have to select these ... but then the script runs :-) | 
- 
-{{:user_guide:mikrotik:mikrotik-heartbeat.jpg |}} 
- 
-==== Configure RADIUSdesk ==== 
-<WRAP center round important 60%> 
-This functionality will only work with the **Beta-4** VM image and upwards or SVN revision 540 or higher 
-</WRAP> 
- 
-  * We assume to already followed the basic setup and have the Mikrotik already defined as a Dynamic Client in the NAS devices applet. 
-  * Since we have not defined any monitoring for the device, although is is listed; the status will be specified as **Unknown**. 
-  * In RADIUSdesk go **Menu** -> **NAS Devices** -> **NAS Devices**. Select the device and edit it. 
-  * Select **NAS** -> **Optional info** sub-tab. Then specify the **Type** as **Mikrotik-Heartbeat**. 
-  * Under the **NAS** -> **Monitor settings** sub-tab, specify **Monitor method** as **Heartbeat** and the **Heartbeat is dead after** as **600** seconds (You may want to increase this value is you are not sending heartbeats that often through to the RADIUSdesk server). 
-  * Under the **NAS** -> **Enhancements** sub-tab specify **Auto close stale sessions** and **Auto close activation time** as 600. 
-  * Save these changes. 
- 
-Your heartbeat system is now configured and the status of the device should indicate that it is up as soon as the first heartbeats comes in from the Mikrotik router. 
- 
-==== Command the router ==== 
-  * You can command the router to execute given instructions as a reply to a heartbeat pulse from the Mikrotik. 
-  * Log into the RADIUSdesk webtop. 
-  * Go **Menu** -> **NAS Devices** -> **NAS Devices**. Select the device and edit it. 
-  * Since the device is defined as a heartbeat device; there will be a tab called **Heartbeat actions**. 
-  * Here you can see a list of instructions previously send, and those that are still awaiting execution. 
-  * As soon as an awaiting instruction was returned as an answer to a heartbeat pulse the status will change to **Fetched**. 
-  * RADIUSdesk uses this system to insert a command to disconnect any of the users which you decided to **Kick** from the Activity viewer applet (provided the device the user connected through is a Mikrotik-Heartbeat type device). 
  
 ------------------- -------------------
 ===== Central Dynamic Login pages ===== ===== Central Dynamic Login pages =====
-  * RADIUSdesk allow you to have one centrally managed location to serve a dynamic login page to many Mikrotik devices.+  * RADIUSdesk allows you to have one centrally managed location to serve a dynamic login page to many Mikrotik devices.
   * This allows you to   * This allows you to
     * Group Mikrotik devices together and serve one common login page to them all.     * Group Mikrotik devices together and serve one common login page to them all.
     * Include company info and slideshows with the login page which are determined by the device from which a user connects.     * Include company info and slideshows with the login page which are determined by the device from which a user connects.
-    * Auto detect the type of device and serve a login page according to the device connecting. 
-      * Laptops and Desktops will get a Desktop style login page 
-      * Mobile devices like phones and tablets will get a mobile login page. 
     * Have a modern login page that makes use of AJAX techniques to connect and display session details.     * Have a modern login page that makes use of AJAX techniques to connect and display session details.
   * To enjoy this enhancement you will need:   * To enjoy this enhancement you will need:
-    * Beta-4 or higher of the RADIUSdesk VM 
     * Ensure the Hotspot configuration on the Mikrotik includes PAP support.     * Ensure the Hotspot configuration on the Mikrotik includes PAP support.
     * Replace some static hotspot login pages located and served from the Mikrotik router.     * Replace some static hotspot login pages located and served from the Mikrotik router.
Line 74: Line 23:
   * Select the one used by the current Hotspot. (Usually called **hsprof1**).   * Select the one used by the current Hotspot. (Usually called **hsprof1**).
   * Ensure **Login by** includes **HTTP PAP**.   * Ensure **Login by** includes **HTTP PAP**.
-  * Apply the changes if there was any.+  * Apply the changes if there were any.
  
-==== Fetch and replacement login pages ==== +==== Fetch Replacement Login Pages ==== 
-  * We assume you have Linux machine with the svn client installed where you will issue the following commands from. +  * The latest RADIUSdesk GIT code on Source Forge contains folder with the replacement login pages. 
-<WRAP center round tip 60%>+  * If you need a reminder to check out the code, or you want to check it out on another machine here is the command: 
 +<WRAP center round tip 100%>
 <code bash> <code bash>
-#From a terminal on Ubuntu try the following to install svn client: +#From a Linux machine with git client installed 
-sudo apt-get install subversion+sudo git clone https://git.code.sf.net/p/radiusdesk/git rd_code
 </code> </code>
 </WRAP> </WRAP>
  
-  * Check out the **rd_clients/mikrotik** folder from the RADIUSdesk project's source tree. +  * The replacement files will be under the **rd_code/cake3/rd_cake/setup/mikrotik** folder
-<code bash> +
-svn checkout svn://svn.code.sf.net/p/radiusdesk/code/trunk/rd_clients/mikrotik/ +
-</code> +
-  * This will create a **mikrotik** folder.+
      
  
 ==== Add a dynamic key to a Dynamic login page entry  ==== ==== Add a dynamic key to a Dynamic login page entry  ====
-  * On your local machine, change directory to the **mikrotik** folder and edit the **login.html** file to redirect to your RADIUSdesk server.+<WRAP center round alert> 
 +  * As of 2022 we recommend changing to serving the login pages over HTTPS. 
 +  * This will require valid SSL certificates on the server as well as the Mikrotik 
 +</WRAP> 
 + 
 + 
 +  * On your local machine, change directory to the **rd_code/cake3/rd_cake/setup/mikrotik** folder and edit the **login.html** file to redirect to your RADIUSdesk server.
   * Also ensure there is an item which you can use as a dynamic key to specify the dynamic login page's info which should be displayed.   * Also ensure there is an item which you can use as a dynamic key to specify the dynamic login page's info which should be displayed.
   * In the sample page we include the **nasid** item and give it a value of $(identity).   * In the sample page we include the **nasid** item and give it a value of $(identity).
   * This will be automatically substituted with **za-gp-pta-001**.   * This will be automatically substituted with **za-gp-pta-001**.
   * We will subsequently have to add a **Dynamic key** to one of the items in the **Dynamic login pages** applet that will tie this a item in the query string to an item in the **Dynamic login pages** applet.   * We will subsequently have to add a **Dynamic key** to one of the items in the **Dynamic login pages** applet that will tie this a item in the query string to an item in the **Dynamic login pages** applet.
-  * If we have deployed 15 of these Mikrotik devices in Striusbaai; we can simply include an item like **ssid=Struisbaai** with the login.html's redirect instruction and use **ssid** as a **Dynamic key**. In this way we group these 15 devices to all show the **Struisbaai** dynamic login page.+  * If we have deployed 15 of these Mikrotik devices in Gauteng; we can simply include an item like **ssid=Gauteng** with the login.html's redirect instruction and use **ssid** as a **Dynamic key**. In this way we group these 15 devices to all show the **Gauteng** dynamic login page. 
 + 
 +<code html> 
 +$(if error == ''
 +<html> 
 +    <head><title>...</title></head> 
 +    <body> 
 +        $(if chap-id) 
 +        <noscript> 
 +            <center><b>JavaScript required. Enable JavaScript to continue.</b></center> 
 +        </noscript> 
 +        $(endif) 
 +        <center>If you are not redirected in a few seconds, click 'continue' below<br> 
 +        <form name="redirect" action="https://YOUR_RADIUSDESK_SERVER_IP/cake3/rd_cake/dynamic-details/mikrotik-browser-detect" method="post"> 
 +            <input type="hidden" name="loginlink" value="$(link-login-only)"> 
 +            <input type="hidden" name="nasid" value="$(identity)"> 
 +            <input type="hidden" name="link_status" value="$(link-status)"> 
 +            <input type="hidden" name="link_login_only" value="$(link-login-only)"> 
 +            <input type="hidden" name="link_logout" value="$(link-logout)"> 
 +            <input type="hidden" name="mac" value="$(mac-esc)"> 
 +            <input type="hidden" name="type" value="mikrotik"> 
 +            <input type="hidden" name="ssid" value="Gauteng"> 
 +            <input type="submit" value="continue"> 
 +        </form> 
 +        <script language="JavaScript"> 
 +        <!-- 
 +           document.redirect.submit(); 
 +        //--> 
 +        </script> 
 +        </center> 
 +    </body> 
 +</html> 
 +$(else) 
 +$(var)({ 
 + 'logged_in'     : '$(logged-in)',  
 + 'link_login_only' : '$(link-login-only)', 
 + 'error_orig' : '$(error-orig)', 
 + 'error' : '$(error)' 
 +}) 
 +$(endif) 
 +</code>
  
 When you are done editing the login.html page and also added the **Dynamic key** to the **Dynamic login page** which you want to serve on the Mikrotik; you can copy the replacement pages to the Mikrotik router. When you are done editing the login.html page and also added the **Dynamic key** to the **Dynamic login page** which you want to serve on the Mikrotik; you can copy the replacement pages to the Mikrotik router.
 +
 +==== Enable HTTPs support on Mikrotik  ====
 +  * To Enable HTTPS support on the Mikrotik you need to configure the following:
 +        * Install a valid SSL certificate onto the Mikrotik.
 +        * Specify a DNS name in the Hotspot setup that matches the certificate
 +        * Enable **Login By** option **HTTPS**.
 +
 +=== Install a valid SSL Certificate ===
 +
  
 ==== Add an entry to the Mikrotik Walled Garden  ==== ==== Add an entry to the Mikrotik Walled Garden  ====
Line 108: Line 109:
   * Select the **Walled garden IP List** sub-tab to add an entry.    * Select the **Walled garden IP List** sub-tab to add an entry. 
   * The destination IP Address will be the IP Address of the RADIUSdesk server.   * The destination IP Address will be the IP Address of the RADIUSdesk server.
 +  * The screenshot below assume the RADIUSdesk server has an IP Address of 178.32.59.137
 +
 +{{ :user_guide:mikrotik:mikrotik_walled_garden_ip_list.png?nolink |}}
 ==== Replace the existing pages on the Mikrotik ==== ==== Replace the existing pages on the Mikrotik ====
   * Copy these files over to the Mikrotik router's **hotspot** folder. (You may want to back-up the old files first).   * Copy these files over to the Mikrotik router's **hotspot** folder. (You may want to back-up the old files first).
Last modified: 2016/06/02 23:15