keycloak-radius-plugin

Mikrotik Keycloak Radius Plugin

• Mikrotik implementation for Keycloak Radius Plugin features:
• Hotspot :
  • pap,chap,mschapv2 authorization
  • openID connect
  • login using facebook , google, etc…
• PPP
  • pap,chap, mschapv2 authorization support services: hotspot, login, ppp

Mikrotik Login Example (Radius Server)

1. create ${KEYCLOAK_PATH}/config/radius.config

{
  {
   "sharedSecret":"TEST",
   "authPort":1812,
   "accountPort":1813,
   "useUdpRadius":true,
   "radsec":{
      "privateKey":"config/private.key",
      "certificate":"config/public.crt",
      "useRadSec":false
   }
}

1. create “mikrotik_login” Realm
2. create “radius” client
3. create role “MIKROTIK-ADMIN”
4. assign radius attribute “Mikrotik-Group”=”full” to Role “MIKROTIK-ADMIN”
5. create “testUser” User
6. set Password “test” for User. uncheck “Temporary”
7. assign Role “MIKROTIK-ADMIN” to “testUser”
8. set Action “Update Radius Password” (or send this event to user be email)
9. Impersonate user
10. Sign-out
11. Login with testUser:test
12. Set Radius User Password
13. open Mikrotik Radius configuration Page
14. enable Radius AAA
15. try to login with a new User
16. try to login by ssh(the same for telnet and winbox)

Mikrotik Rad-sec Example

Mikrotik RadSec Example

Hotspot Example (with Facebook login)

Hotspot Example (with Facebook login)

Example CoA Configuration

Radius Disconnect Message

Radius Proxy

Radius Proxy Module

This site is open source. Improve this page.