If you have bought the RADIUS module, activated it and set it properly, you can use the Mikrotik login function. If you do not know whether the RADIUS module in your application is active or not, you can check it out in Clients Home.
If you decide to use it, you will not have to set up special accounts for technicians (with corresponding rights) on each router. Also, when a technician leaves your company, it will not be necessary for you to remove their accounts on all routers. Access to the RADIUS server is automatically configured, which enables MikroTik login for technicians (through WinBox, SSH etc., depending on the rights settings). Manual configuration of all routers is thus unnecessary, which speeds up the whole process.
To activate the management of technicians’ access rights to routers, you have to set the service_mikrotik_login key to 1 in Settings Syst. settings Mikrotik. By doing this, you activate the MikroTik login through RADIUS feature on all routers in the system.
By default, a given administrator has access to all routers.
If you do not want anyone to have access to a certain router (for example: main gateway or CORE router), then you can uncheck the Login of technicians to Mikrotiks via Radius box in the settings of a given router in Hardware Routers All. If this box is not checked, it is not possible to log in through any account created in Settings Administrators Mikrotik Login.
If everything is set correctly and you start RADIUS, the system automatically activates communication with the RADIUS server on all routers, sets up relevant access groups (information about individual groups’ rights must be saved directly to routers) and allows technicians to log in according to their authorization.
ATTENTION
If you want to use this function, it is necessary to check the setting of the server_ip key in Settings Syst. settings General. You have to enter here the IP address of the ISPadmin server that is accessible from all routers. This IP address will be set as the IP address of the RADIUS server on all routers. If you set it incorrectly, access to routers through RADIUS will not be possible because of a non-existent RADIUS server.
The MikroTik login through RADIUS feature is functional only if the RADIUS module in the ISPadmin system is activated. If it is not activated, the feature is not functional.
You can easily check whether and how the function works by having a technician connect to one of the routers or through WinBox - in the Radius menu and in the System / Users / Groups menu.
Groups
On this page, you can define in detail the rights of individual groups that will be used for the management of technicians’ access to routers. Then you assign individual users (technicians) to the groups you have created. You may create as many groups with various rights as possible.
A new group can be added by clicking on + Add group. On the page that appears, enter the name of a given group and set the individual rights the way you want. You can also modify the settings in the overview of existing groups. There is a list of rights for each group along with information about how you have configured them (
/ 
). You can change the configuration by clicking on individual icons.
You can set the following rights:
| local | A given group of technicians is / is not allowed to log in through a local console. |
|---|---|
| telnet | A given group of technicians is / is not allowed to log in through telnet. |
| ssh | A given group of technicians is / is not allowed to log in through SSH. |
| ftp | A given group of technicians is / is not allowed to log in through FTP. Such technicians can read, write and delete. |
| reboot | A given group of technicians is / is not allowed to reboot a router. |
| read | A given group of technicians is only allowed to read. No configuration changes are possible. |
| write | A given group of technicians is / is not allowed to modify configurations (with the exception of user management - setting up further user accounts for access to routers). If you want to allow this group to read as well, you have to modify the read item accordingly. |
| policy | A given group of technicians is / is not allowed to set up further administrator accounts for access to routers. |
| test | A given group of technicians is / is not allowed to carry out the following tests: ping, traceroute, bandwidth-test, wireless scan, sniffer a snooper. |
| web | A given group of technicians is / is not allowed to log in through the web interface. |
| winbox | A given group of technicians is / is not allowed to log in through WinBox. |
| password | A given group of technicians is / is not allowed to change passwords to individual user accounts. |
| sensitive | A given group of technicians is / is not allowed to see sensitive data, such as passwords, wireless keys etc. |
| api | A given group of technicians is / is not allowed to log in through API. |
| sniff | A given group of technicians is / is not allowed to use a sniffer utility. |
You can edit a particular group by clicking on 
.
You can delete a particular group by clicking on 
.
Clients
You can add a new user (technician) by clicking on + Add user. Enter the login name and password of a given technician on the page that appears. Since every single user has to belong to a certain group (with a given set of rights), assign this technician to a particular group. Furthermore, you can add a note to them. Finish the process by clicking on Save.
The overview of users contains the following details: user, group and note.
You can edit a particular user by clicking on the icon.
You can delete a particular user by clicking on the icon.