Embed Size (px)
Citation preview
PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information.PDF generated at: Tue, 22 Feb 2011 21:49:06 UTC
User Manager - Mikrotik
Manual:User Manager 1
Manual:User Manager
Introduction• What is User Manager• Requirements• Supported browsers• Demo• Differences between version 3 and version 4-test
Getting started• Download• Install• Create first subscriber• First log on User Manager web
Quick start• User Manager and HotSpot• User Manager and PPP servers• User Manager and DHCP• User Manager and Wireless• User Manager and RouterOS user
Concepts explained
Common• Customers• Users• Routers• Sessions• Payments• Reports• Logs• Customer permission levels• Character constants• Active sessions• Active users• Customer public ID
Manual:User Manager 2
Version 4.x test package specific• Profiles• Limitations• User data templates• MAC binding• Languages• CoA (Radius incoming)
Version 3.x specific• Subscribers• Credits• User prefix• Time, traffic amount and rate limiting• Prepaid and unlimited users• Voucher template
Reference
Web interface• Search patterns• Tables:
• Sorting• Filtering• Division in pages• Multiple object selection• Operations with selected objects• Minimization• Links to detail form
• Detail forms• Page printing
Customer page• Setup• How to find it?• Sections
• Status• Routers• Credits• Users• Sessions• Customers• Reports• Logs
Manual:User Manager 3
User page• Setup• How to find it?• Link to user page• Sections
• Status• Payments• Settings
User sign-up• Setup• Sign-up steps
• Creating account• Activating account• Login
User payments• Authorize.Net• PayPal
Questions and answers• Quick introduction into User Manager setup• How to separate users among customers?• How to create a link to user page?• How to create a link to user sign-up page?• Visual bugs since upgrade• Cannot log in User Manager• Too many active sessions shown• What does "active sessions" refer to?• How to make Hotspot and User Manager on the same router?• How to make MAC authentication in the User Manager?• How to turn off logging for specific Routers?• How to create timed Voucher?• Cannot access User Manager WEB interface• Incorrect time shown for sessions and credits• User Manager does not allow to login due to expired uptime• How to debug PayPal payments• How to send logs to a remote host, using SysLog
User Manager/Introduction 4
User Manager/Introduction
What is User ManagerUser manager is a management system that can be used for:• HotSpot users;• PPP (PPtP/PPPoE) users;• DHCP users;• Wireless users;• RouterOS users.It is a separate package for RouterOS.User Manager is a RADIUS [1] server application.In RouterOS version 4 User Manager test package was introduced, having major functionality and interface changes.
Requirements• You should have the same version for RouterOS and the User Manager package.• The MikroTik User Manager works on x86, MIPS and PowerPC processor based routers.• The router should have at least 32MB RAM and 2MB free HDD space.
Supported browsersAll current generation browsers are supported, including:• Opera [2] (>= 9.0). Probably works fine also on Opera 8.x• Mozilla Firefox [3] (>= 1.5). Probably works fine also on Mozilla Firefox 1.0.x• Microsoft Internet Explorer [4] (>= 6.0).• Safari [5] (>= 2.0)
DemoTo see what User Manager can do for you, log into the test system: User Manager Online Demo [6] with the loginand password both being "demo"
Note: Demo user has read-only permissions. Download and install User Manager package on your router tosee all the features
Note: This demo uses v3 User Manager
User Manager/Introduction 5
References[1] http:/ / en. wikipedia. org/ wiki/ RADIUS[2] http:/ / www. opera. com/ download/[3] http:/ / www. mozilla. com/ firefox/[4] http:/ / www. microsoft. com/ windows/ ie/[5] http:/ / www. apple. com/ safari[6] http:/ / userman. mt. lv/ userman
User Manager/Getting started
DownloadMikroTik User Manager can be downloaded from the MikroTik download page: MikroTik User Manager [1], choosesystem and software type and All packages.
InstallPerform the usual router upgrade steps - upload the User Manager package to the router's FTP server and reboot therouter.
Create first subscriberNote: Starting from version 3.0 a default subscriber with login admin and empty password is created whenUser Manager package is installed for the first time. I.e., admin subscriber is created only if the User Managerpackage was not installed prior to version 3.0.
If you are using a version prior to 3.0, then the first subscriber must be added using Mikrotikterminal (console). All the configuration is done under the /tool user-manager menu.
To create a subscriber you should go to /tool user-manager customer menu and execute add command. It will askfor the username which you will use.or you can enter this into the command line:
[admin@USER_MAN] tool user-manager customer> add login="admin"
password="PASSWORD" permissions=owner
You can use the following command to change the password for the 'admin' user:
[admin@USER_MAN] tool user-manager customer set admin password=PASSWORD
After that you can use print command to see what you have added.
[admin@USER_MAN] tool user-manager customer> print
Flags: X - disabled
0 subscriber=admin login="admin" password="adminpassword" time-zone= 00:00
permissions=owner parent=admin
User Manager/Getting started 6
Note: Subscriber shown only in version 3
After that you can use the web interface.
Use web interface
To log on customer web interface type the following address in your web browser: http:/ / Router_IP_address/userman
where "Router_IP_address" must be replaced with IP address of your router.Use login and password of the subscriber you have created in console.Note: On RouterOS 4.1, User-manger webinterface is unreachable with an HTTP 404 when attempting to navigateto http:/ / inside_ip/ userman from behind a Hotspot interface where inside_ip is an non-NAT'd IP address on therouter. Two workarounds: change the 'www' service port from 80 to something other than 80 or 8080, such as port81. Then use http:/ / inside_ip:81/ userman, or use an IP address hotspot users are NAT'd to (http:/ / outside_ip/userman) instead.
References[1] http:/ / www. mikrotik. com/ download. html
User Manager/Hotspot Example
IntroductionTo make this setup, you should have running Hotspot server on the router. Let us consider configuration steps forHotSpot and User Manager routers, in order to use User Manager for HotSpot users.
HotSpot configuration• Set HotSpot to use User Manager for HotSpot server users,
/ ip hotspot profile set hsprof1 use-radius=yes
• Add radius client to consult User Manager for HotSpot service.
/ radius add service=hotspot address=y.y.y.y secret=123456
'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address. By default this is127.0.0.1. If using a remotely located Router (perhaps via a VPN) then the IP address entered is the IP address ofthat remote Router. The router could be a Radius Server, or another ROS with User Manager installed.• Note, first local HotSpot database is consulted, then User Manager database.It means that if you have configuration in '/ ip hotspot user print', users will be able to authenticate in HotSpot usingthis data.Delete users configuration from '/ ip hotspot print' to stop using local HotSpot database for authentication. To movebatch of local HotSpot users to the User Manager database use export and import . Use text editor program to createappropriate file to import local users to the User Manager database.
User Manager/Hotspot Example 7
User Manager configuration• First, you need to download and install User Manager package [1];• Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called
'admin' is created automatically - you can skip the following stage and change 'MikroTik' to 'admin' in subsequentsteps;
/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
• Add HotSpot router information to router list,
/ tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456
'x.x.x.x' is the address of the HotSpot router, 'shared-secret' should match on both User Manager and HotSpotrouters. Adding 'x.x.x.x' as a router allows Radius requests from 'x.x.x.x' to be passed to the Radius Server built intoUser Manager. Therefore if you have any remote ROS Hotspots that require access to this Radius Server, then alltheir IP addresses must be added to this list.• Add HotSpot user information, it is equal to 'ip hotspot user' when local HotSpot is used for clientsIn version 3:
/ tool user-manager user add name=demo password=demo subscriber=MikroTik
In version 4:
/ tool user-manager user add name=demo password=demo customer=MikroTik
We discuss only basic configuration example, detailed information about 'user' menu configuration.• You can use User Manager web interface after first subscriber created.• To make sure, that client is using User Manager for AAA,
/ ip hotspot active print
Flags: R - radius, B - blocked
# USER ADDRESS UPTIME SESSION-TIME-LEFT IDLE-TIMEOUT
0 R 00:01:29:2... 192.168.100.2 1m29s
'R' means that client uses User Manager server for AAA services.
User Manager/PPP Example 8
User Manager/PPP Example
IntroductionUser Manager can be used as a remote authentication, authorization and accounting server for PPP clients.Since 2.9.35 PAP,CHAP, MS-CHAPv1 and MS-CHAPv2 protocols are supported by the User Manager.Let us consider the following configuration steps for PPP and User Manager routers.
PPP configurationWe consider PPPoE server <-> PPPoE client configuration example, where the PPPoE server uses a remote UserManager database for PPPoE client authentication, authorization and accounting. Both PPPoE server and PPPoEclient are MikroTik routers, any other PPPoE client might be used instead.
PPP server configuration• First, add the PPPoE server to the local interface, :
/ interface pppoe-server server add interface=ether1 service-name=MikroTik one-session-per-host=yes disabled=no
• Specify the use of User Manager for PPPoE clients:
/ ppp aaa set use-radius=yes
• Set IP address of the PPPoE server, IP address might not be assigned to the interface of PPPoE server. Moreoverstatic IP address or DHCP should not be used on the same interfaces as the PPPoE server for security reasons.
/ ppp profile set default local-address=192.168.0.1
• Add radius client to consult User Manager for PPP service.
/ radius add service=ppp address=y.y.y.y secret=123456
'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address.• Note, first the local PPP database is consulted, then the User Manager database.
PPP client configuration• Add PPPoE client to the interface
/ interface pppoe-client add interface=ether1 user=MikroTik password=MikroTik service-name=MikroTik disabled=no
User Manager configuration• First, you need to download and install User Manager package [1];• Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called
'admin' is created automatically - you can skip the following stage and change 'MikroTik' to 'admin' in subsequentsteps;
/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
• Add PPP server information to router list,In version 3:
/ tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456
User Manager/PPP Example 9
In version 4:
/ tool user-manager router add customer=MikroTik ip-address=x.x.x.x shared-secret=123456
'x.x.x.x' is the address of the PPPoE-server router, 'shared-secret' should match on both User Manager andPPPoE-server routers.• Add PPPoE client information,In version 3:
/ tool user-manager user add username=demo password=demo subscriber=MikroTik ip-address=192.168.0.2
In version 4:
/ tool user-manager user add username=demo password=demo customer=MikroTik ip-address=192.168.0.2
• Let us verify, that PPPoE client is connected and using User Manager for authentication, authorization andaccounting. First we monitor if PPPoE client is connected, then we verify that User Manager was used. The firstcommand is executed on PPPoE client router, second on PPPoE server:
/ interface pppoe-client monitor pppoe-out1
status: "connected"
uptime: 12h2m29s
idle-time: 12h2m17s
service-name: "MikroTik"
ac-name: "MikroTik"
ac-mac: 00:0C:42:05:54:8F
mtu: 1480
mru: 1480
/ ppp active> print
Flags: R - radius
# NAME SERVICE CALLER-ID ADDRESS UPTIME ENCODING
0 R MikroTik pppoe 00:0C:42:05:54:6E 192.168.0.2 12h1m48s
User Manager/DHCP Example 10
User Manager/DHCP Example
IntroductionTo make this setup, you should have running DHCP [1] server on the router. Let's consider configuration steps forDHCP and User Manager routers, in order to use User Manager for DHCP server users.
DHCP router configuration• Set DHCP to use User Manager for DHCP server leases,
/ ip dhcp-server set dhcp1 use-radius=yes
• Add radius client to consult User Manager for DHCP service.
/ radius add service=dhcp address=y.y.y.y secret=123456
'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address.• Note, first local router database is consulted, then User Manager database. User will be unable to obtain DHCP
lease, if DHCP router and User Manager server will not contain any information about user's data.
User Manager configuration• First, you need to download and install User Manager package [1];• Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called
'admin' is created automatically - you can skip the following stage and change 'MikroTik' to 'admin' in subsequentsteps;
/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
• Add DHCP router information to router list,In version 3:
/ tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456
In version 4:
/ tool user-manager router add customer=MikroTik ip-address=x.x.x.x shared-secret=123456
'x.x.x.x' is the address of the DHCP router, 'shared-secret' should match on both User Manager and DHCP routers.• Add DHCP user information, that client with MAC address 00:01:29:27:81:95 will always receive 192.168.100.2
address. User will receive dynamic address from the DHCP ip pool, if ip-address is not specified.In version 3:
/ tool user-manager user add add subscriber=MikroTik username="00:01:29:27:81:95" ip-address=192.168.100.2
In version 4:
/ tool user-manager user add add customer=MikroTik username="00:01:29:27:81:95" ip-address=192.168.100.2
We discuss only basic configuration example, detailed information about user menu configuration.• To make sure, that user is receiving lease from User Manager,
User Manager/DHCP Example 11
/ ip dhcp-server lease> print
Flags: X - disabled, R - radius, D - dynamic, B - blocked
# ADDRESS MAC-ADDRESS HOST-NAME SERVER RATE-LIMIT STATUS
0 R 192.168.100.2 00:01:29:27:81:95 dhcp1 bound
'R' means that lease has been received from User Manager server.
References[1] http:/ / www. mikrotik. com/ testdocs/ ros/ 2. 9/ ip/ dhcp. php
User Manager/Wireless Example
IntroductionWe consider the scenario for wireless network, when only clients from User Manager database are able to establishcommunications with 'Access Point' router. To make this setup, you must have running Access Point [1]. Let usconsider configuration steps for Access Point and User Manager routers.
Access Point configuration• Set Access Point to use User Manager for wireless client authentication,
/ interface wireless security-profiles set default radius-mac-authentication=yes
• Add radius client to consult User Manager for wireless service.
/ radius add service=wireless address=y.y.y.y secret=123456
'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address.• Note, first local router database is consulted, then User Manager database. Wireless client will be unable to
connect to Access Point, if Access Points router does not contain any entry in the 'interface wireless access-list'for the particular configuration and User Manager server will not have any information about user's data.
• Make sure you do not have any entry in the 'interface wireless access-list', remove all hosts from 'access-list' toensure wireless client MAC authentication only via User Manager,
/ interface wireless access-list remove [find]
User Manager configuration• First, you need to download and install User Manager package [1];• Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called
'admin' is created automatically - you can skip the following stage and change 'MikroTik' to 'admin' in subsequentsteps;
/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
• Add Access Point router information to router list,In version 3:
/ tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456
User Manager/Wireless Example 12
In version 4:
/ tool user-manager router add customer=MikroTik ip-address=x.x.x.x shared-secret=123456
'x.x.x.x' is the address of the Access Point router, 'shared-secret' must match on both User Manager and Access Pointrouters.• Add wireless client information, client MAC-address that is allowed to establish connection to the Access Point,In version 3:
/ tool user-manager user add subscriber=MikroTik username="00:01:29:27:81:95"
In version 4: / tool user-manager user add customer=MikroTik username="00:01:29:27:81:95"
References[1] http:/ / www. mikrotik. com/ testdocs/ ros/ 2. 9/ interface/ wireless. php
User Manager/RouterOS user Example
IntroductionUser Manager server might be used as remote storage of RouterOS login and password information. MikroTik routerwill consult User Manager for login and password, when you are accessing RouterOS via Winbox or consolesession. Let us consider configuration steps.
RouterOS configuration• Set RouterOS to use User Manager server for checking login and password information,
/ user aaa set use-radius=yes
• '/user aaa' has 'default-group' option, that define type of the default group. Default is read permissions, if you needto allow full permissions for users stored in User Manager database
/ user aaa set default-group=full
• Add radius client to consult User Manager for login service.
/ radius add service=login address=y.y.y.y secret=123456
'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address.• Note, first local router database is consulted, then User Manager database.
User Manager/RouterOS user Example 13
User Manager configuration• First, you need to download and install User Manager package [1];• Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called
'admin' is created automatically - you can skip the following stage and change 'MikroTik' to 'admin' in subsequentsteps;
/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
• Add RouterOS router information to router list,In version 3:
/ tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456
In version 4:
/ tool user-manager router add customer=MikroTik ip-address=x.x.x.x shared-secret=123456
'x.x.x.x' is the address of the RouterOS router, 'shared-secret' must match on both User Manager and RouterOSrouters.• Add login/password information, that account will be able to access RouterOS. login is MikroTik, password is
MikroTik.In version 3:
/ tool user-manager user add subscriber=MikroTik username=MikroTik password=MikroTik
In version 4: / tool user-manager user add customer=MikroTik username=MikroTik password=MikroTik
User Manager/Customers• Customers are service providers. They use web interface to manage users, credits, routers;• Customers are hierarchically ordered in a tree structure [1] - each can have zero or more sub-customers and
exactly one parent-customer;• Each customer can have same or weaker permission level than it's parent;• Each customer has exactly one owner-subscriber.• Customer with owner permissions is called subscriber. Subscriber's parent is himself;• Customer data contains:
• Login and password. Used for web interface;• Parent. Enumerator over customers. Used to keep the hierarchy of customers;• Permissions. Specifies permission level;• Public ID. It's an ID used to identify customer. When a user wants to log on the user page or to sign up he/she
needs to specify, which customer to use (because user login names are allowed to be equal among severalsubscribers). To keep customer login names in secret (for security reasons) this field is used to identifycustomers (subscribers);
• Public host. Only for subscribers. IP address or DNS name [2] specifying public address of this User Managerrouter. Payment gateways use this address to send transaction status response. This field has sense only if usersaccess User Manager site through local IP address (for, example, http:/ / 192. 168. 0. 250/ user) and anotheraddress is used for public access (for example, http:/ / userman. mt. lv/ user).
• Company, city, country. Informational;• Email address. Used to send emails (for ex., sign up information) to users;
User Manager/Customers 14
• User prefix. Used to separate users between customers of one subscriber;• Sign-up allowed. When checked, this customer allows users to use sign-up;• Sign-up email subject. When a user completes signs up successfully, he/she receives an email with
authorization information, called sign-up email. Subject of this email is configurable.• Sign-up email body. Text template of sign-up email. Must contain several specific string constants:
• %login% - will be replaced with login name of newly created account;• %password% - will be replaced with password of newly created account.• %link% - will be replaced with link to User page. This field can be omitted;
• Authorize.Net fields (only for subscribers and only when using https):• Allow payments. When checked, users are allowed to use Authorize.Net as payment method for this
subscriber;• Login ID, Transaction Key, MD5 Value. Authorize.Net merchant attributes. Must match those specified in
Authorize.Net Merchant gateway security settings;• Title. The name of this payment method shown to users. For example, if one changes title to "Credit Card",
users will see "Pay with Credit Card" instead of "Pay with Authorize.Net". This field can be very useful ifusers don't know what Authorize.Net means and get confused;
• Return URL: address to which user is redirected when pressing "Return to User Manager" button aftersuccessful payment. Can be used to redirect user to HotSpot login page;
• Use Test Gateway. When true, payment info will be sent to Authorize.Net test gateway. Can be used fortesting payments without actual money charge;
• PayPal fields (only for subscribers):• Allow payments. When checked, users are allowed to use PayPal as payment method for this subscriber;• Business ID (login/email). Business ID of the PayPal account where the money will be sent;• Secure Response: whether to use https (when true) or http (when false) to receive payment feedback from
PayPal. Additional security mechanism is used to check validity of this feedback information so using httpis not mandatory;
• Accept pending: when true, payments with status "Pending" are accepted as valid. This may be used formulti-currency payments where manual approvals must be made;
• Return URL: address to which user is redirected when pressing "Return to merchant" button after successfulpayment. Can be used to redirect user to HotSpot login page;
• Date format. Used on web pages for data representation. Only allowed formats (listed in drop-down) can beused. When the value doesn't match any of allowed (it's possible to enter any value from console) formats,default is used. See date character constants:
• Currency. Used for payments and money-related data representation on the web page;• Time zone. Specific for each customer. By default equals to 00:00. Session and credit info is stored as GMT
regardless of ROS time zone on the User Manager router. This value specifies the way data is displayed on theUser Manager web pages.
References[1] http:/ / en. wikipedia. org/ wiki/ Tree_structure[2] http:/ / en. wikipedia. org/ wiki/ Domain_name
User Manager/Users 15
User Manager/Users• Users are people who use services provided by customers;• Each user can have time, traffic and speed limitations;• Users belong to specific subscriber, not to customer. Customers can create, modify and delete users but the owner
is the subscriber who is also owner of these customers;• To separate users among customers of one subscriber, user prefix is used.• User data contains:
• Username and password - used to identify user. Different subscribers can have users with the same username;• First name, last name, phone, location. Informational;• Email. Used to send notifications to user (for ex., sign-up email);• IP address. If not blank, user will get this IP address on successful authorization;• Pool name. If not blank, user will get IP address from this IP pool on successful authorization;• Group. Sent to Radius client as Mikrotik-Group attribute. Indicates group (/user group) for RouterOS users and
profile for HotSpot users. See Radius client documentation [1] for further details, search for "Mikrotik-Group".• Address list. Sent to Radius client as Mikrotik-Address-List attribute. Used only for PPP (not hotspot) -
indicates to which "ip firewall address-list" should the remote address be added.• Download limit. Limit of download traffic, in bytes;• Upload limit. Limit of upload traffic, in bytes;• Transfer limit. Limit of total traffic (download + upload), in bytes;• Uptime limit. Limit of total time the user can use services. When left blank, user is limited in time only by
credits. Note that this value only takes effect when a user is logged on. When they log off the clock is stopped.If you want to limit the time whether or not the user is logged in, you have to use credits.
• Rate limits. Has several parts. For more detailed description see HotSpot User AAA [2], search for "rate-limit".• User also have read-only counters:
• Uptime used;• Download used;• Upload used.
Note: RouterOS users have nothing to do with User Manager user. If you have RouterOS user admin, it doesn't meanit will also be a customer/subscriber in User Manager.
References[1] http:/ / www. mikrotik. com/ testdocs/ ros/ 2. 9/ guide/ aaa_radius. php[2] http:/ / www. mikrotik. com/ testdocs/ ros/ 2. 9/ guide/ aaa_hotspot. php
User Manager/Routers 16
User Manager/RoutersUser Manager must know with which routers (IP addresses) to communicate. User Manager is like a judge - itreceives questions and must give answers. For example:HotSpot: "Is user 'nick' allowed to use hotspot?"User Manager: "Yes, but only 2 hours. And give him IP 192.168.0.40".If an unknown router asks something, User Manager ignores it.Router table contains information about known routers which are allowed to ask User Manager questions.Router data contains:• Name. Name of the router. Informational, must be unique per subscriber;• IP address. Address of the router;• Shared secret. Password used for authentication;• Log events. Specifies which events must be written to log.
User Manager/SessionsThe term session refers to a period when a user is using customer's services (HotSpot). It has nothing to do with UserManager web-page sessions.Fields:• Username. Session owner;• NAS Port. See: RADIUS Client documentation [1] (Supported Radius Attributes);• NAS Port Type. See: RADIUS Client documentation [1] (Supported Radius Attributes);• Calling Station ID. See: RADIUS Client documentation [1] (Supported Radius Attributes);• Status. Session status, composition of several facts;• User IP. User's IP address;• Host IP. Router's IP address;• NAS Port ID. See: RADIUS Client documentation [1] (Supported Radius Attributes);• From Time. Session start time;• Till Time. Session end time;• Terminate Cause. Session termination reason;• Uptime. = EndTime - StartTime;• Download. Downloaded traffic amount;• Upload. Uploaded traffic amount.
User Manager/Payments 17
User Manager/PaymentsUsers can buy credits using payment methods allowed by the subscriber. Subscribers can define accessible paymentmethods on the customer page.Payments hold history of user's transactions.Attributes:• Created. Transaction start-time;• Finished. Transaction end-time;• Price. Transaction amount (credit price);• Credit time. Credit prepaid-time bought;• Status. Current status of transaction. Can be one of the following:
• Started - transaction is in progress;• Approved - transaction completed successfully;• Error - transaction failed;• Timeout - transaction failed (not finished in required time);
• Status description - message describing transaction status;
User Manager/LogsLogs are written when Authorization (auth) or Accounting (acct) requests from routers are received.It is configurable per router which logs must be written (See: HOWTO).Log data contains:• Username. Can differ from those registered in user table;• User IP;• Host IP. Router's IP;• Status;• Time;• Description;• NAS Port;• NAS Port type;• NAS Post ID;• ACCT Session ID;• Calling station ID.
User Manager/Logs 18
More information on what these fields mean can be found in Mikrotik RouterOS Radius client documentation [1],Supported RADIUS Attributes.
Sending logs to SyslogStarting from version 3.24, support for sending logs to SysLog is added. To enable it:1) Configure per router, which requests to log: accounting/authorization failure/success (See: HOWTO);2) On the router configure log writing:
/system logging add topics=manager,account action=remote
/system logging action set remote target=remote remote=1.2.3.4:514
, where 1.2.3.4 and 514 is IP address and UDP port of the remote host, which will receive the logs.3) Configure your remote host to listen on port 514 (any other port can be used, but it MUSt be UDP port and MUSTmatch the one entered in router's system logging action);4) Test, if logs are successfully received at the remote host:4.1) Generate some logs by logging in and out using HotSpot/PPP users;4.2) Check the Log page. The logs must appear here. Logs are sent to syslog only if they are logged in the UserManager database;4.3) Check, if logs are received remotely. If you are running Linux, nc [2] can be used:
nc -l -u -p 514
, where 514 is the UDP port used. Could be, that root permissions are required to run listening on a UDP port.Another alternative is Wireshark [3] - a multi platform tool for network packet "sniffing". Start a new session andenter
udp port 514
in the filter field. You should see incoming logs appearing.
User Manager/Logs 19
Syslog message formatThe logs are in the following format:
<user-ip>,<username>,<log-type>,<message>
, where:• user-ip - IP of user (NOT the routers IP!): four number in the range 0-255, separated by commas. 0.0.0.0 means
"empty address";• username - username of the user or MAC address, when MAC-authentication used;• log type: string describing type of the log. Takes one of the following values: "auth ok", "auth fail", "acct ok",
"acct fail". Fail means - the user was not successful to authorize or the accounting log was malicious. To trackuser session activity, only logs having "auth ok" and "acct ok" must be taken in account.
• message - contains message, describing error, in case of failure. can be empty. SysLog messages are limited insize, therefore it could happend, that the end of the message has been cut off.
References[1] http:/ / www. mikrotik. com/ docs/ ros/ 2. 9/ guide/ aaa_radius[2] http:/ / netcat. sourceforge. net/[3] http:/ / www. wireshark. org/
User Manager/PermissionsThis table lists customer permissions:
Read-only Read-write Full Owner
View
Routers + + + +
Credits + + + +
Users + + + +
Sessions + + + +
Customers + +
Reports + + + +
Logs + + + +
Add
Routers + + +
Credits + + +
Users + + +
Customers +
Edit
Routers + + +
Credits + +
Users + + +
Customers +
User Manager/Permissions 20
Remove
Routers + +
Credits + +
Users + +
Customers +
Sessions + +
Logs + +
Specific actions
Reset user counters + +
Reset router counters + + +
Remove last user credit + + +
Close active sessions + + +
User Manager/Character constants
Time constantsTime constants can be divided in parts. Each part consists of integer followed by one of the following characters:• w - week (equals 7 days)• d - day (equals 24 hours)• h - hour (equals 60 minutes)• m - minute (equals 60 seconds)• s - secondExamples:• 4w2d - 30 days (4 weeks and 2 days).• 30d - 30 days. Equals 4w2d• 3h - 3 hours• 2d2h - 50 hours (2 days and 2 hours). Equals 50h• 2w30m - 2 weeks and 30 minutes. Equals 20190m.
Date constantsIn date constant following characters will be replaced with proper values:• %Y - four digit year representation• %b - verbal (short) month representation• %m - two digit month representation• %d - two digit day-of-the-month representationExamples (representing October 5, 2006):• %d/%m/%Y - 05/10/2006• %Y-%b-%d - 2006-Oct-05
User Manager/Character constants 21
Voucher template constantsThe following constants of voucher template will be replaced with actual user attribute values:• %u_username% - Username (login);• %u_password% - Password;• %u_fname% - First name;• %u_lname% - Last name;• %u_phone% - Phone number;• %u_locat% - Location;• %u_email% - Email address;• %u_ip% - IP address;• %u_pool% - Pool name;• %u_group% - Group;• %u_limit_download_f% - Nicely formatted download limit (introduced in v3.1);• %u_limit_upload_f% - Nicely formatted upload limit (introduced in v3.1);• %u_limit_transfer_f% - Nicely formatted transfer limit (introduced in v3.1);• %u_limit_download% - Download limit (in bytes);• %u_limit_upload% - Upload limit (in bytes);• %u_limit_uptime% - Uptime limit (in bytes);• %u_used_download% - Used download;• %u_used_upload% - Used upload;• %u_used_uptime% - Used uptime;• %u_prep_time% - Prepaid time - time constant or the word unlimited;• %u_tot_price% - Total price, including currency
User Manager/Active sessions 22
User Manager/Active sessionsWhen a session is started it's state is set to active. It can become inactive in one of the following ways:• User Manager receives accounting-stop message;• Customer closes session manually in the web interface. The option "Close" is available for the active-session
table, on the status page;• An active session is closed when the same router asks to start a new session with the same accounting-session-id.If the router hasn't sent accounting-stop message the session may remain active even if it should have closed muchsooner. Such sessions can be closed manually.
User Manager/Public IDEach subscriber already has an unique field - login. But for security reasons another field - Public ID is used. Note:In earlier versions (until version 2.9.31) login is used to identify subscriber.Each customer has a Public ID. It can be configured in the customer section. But there is no need to specify publicID for each customer. Because the subscriber search procedure occurs as follows:• Search for a customer with specified public ID. If no customer found, the default (first) subscriber is used.
Otherwise proceed to the next step;• Search for a subscriber (owner) of the customer just found. Every customer has its subscriber, so this procedure
always finds the result.So only one customer per subscriber must have a public ID defined. Usually the subscriber itself has a public ID andall the other customers can live without it.Public ID for customers is significant in user sign-up process to use different user prefix and sign-up-credit fordifferent customers.Only subscribers have permissions to edit customers. That means, subscriber must configure public IDs for allsub-customers.
User Manager/MAC binding 23
User Manager/MAC bindingApplies to RouterOS: v4.x test package
DescriptionMAC binding is a feature, when users MAC address is not specified beforehand, but is fixed (bound) when the userconnects for the first time. Further the user is allowed to use only this MAC address.In User Manager MAC address can be re-bound also for users with previously fixed one. In this case MAC addressis re-fixed at next user logon.
Binding MAC address in the Web interfaceTo bind MAC address, check the box "Bind on first use" for Caller ID field from the Constraints group in UserDetail form:
To specify a particular MAC address, un-check this box and type in the MAC address manually.
Binding MAC address in consoleTo bind MAC address in console, just change users caller-id to "bind":
/tool user-manager add customer=admin name=user1 caller-id=bind
how to make your mac faster [1]
References[1] http:/ / www. mac-how. net
User Manager/Languages 24
User Manager/LanguagesIn RouterOS v4, User Manager supports multiple languages.
Create your own translations1. Download language file template [1], containing English translations2. Open it with poEdit. Language files are plain-text and can also be edited with any text editor if poEdit [2] is not
available. Please, use UTF-8 encoding for non-standard characters.3. Translate the file4. Set the language: in poEdit [2]: Catalog > Settings > Language, in text editor, change the line containing
"X-Poedit-Language: English\n"5. Save it as .lng file. File name is not important (.lng extension is required), but it is recommended to contain
translation language information, for example de_DE.lng for German translation)6. Upload the file to router, using ftp7. If you are logged in to User Manager web, log out and log in again.8. In the web page there will be language select box on the menu. Select desired language.Multiple languages can be stored on router at the same time, desired language is chosen in customer web page.Every customer can choose its own language to use.
User translationsCurrently no ready-to-use translations are available here. But, if you made one, please post it here: choose "Uploadfile" from menu on the left side of this wiki, upload the file and then post a direct link to it here.Spanish translation http:/ / wiki. mikrotik. com/ images/ b/ be/ Sp_SP_def. txt author: Jose Salazar, Spain. Changetxt extension for lng and upload it via FTP to Router.Portuguese-BR translation http:/ / wiki. mikrotik. com/ images/ 2/ 2c/ Pt_BR. lng. txt author: Antonio Junior, Brazil.Change extension for lng and upload it via FTP to Router.Italian translation http:/ / wiki. mikrotik. com/ images/ 2/ 23/ It_IT_def. txt author: Renato Bernardi, Italy. Changetxt extension for lng and upload it via FTP to Router.
References[1] http:/ / wiki. mikrotik. com/ images/ 5/ 59/ En_EN_def. txt[2] http:/ / www. poedit. net/
User Manager/Search patterns 25
User Manager/Search patternsTables can be searched (filtered) by one field. This field is specific for each kind of table. For example, users arefiltered by username, routers - by name.Filter pattern:• is case-insensitive [1].• matches a part of the value. (abc matches abc, abcde, 123abc, 123abcde). Pattern "abc" is actually used as
"%abc%" (See below for explanation of character %);• Special characters can be used:
• % - matches any sequence of zero or more characters;• _ - matches any single character;• \ - escape character. Use it before '%', '_' and '\' literals to match them as regular characters.
Examples• "spot" matches hotspot, hotSpot, HotSpot, HotSpots, HOTSPOT, ...• "r%m" matches rm, arm, armor, ram, rome, aroma, Mikrotik manager ...
References[1] http:/ / en. wikipedia. org/ wiki/ Case_insensitive
User Manager/TablesTables are used to display a list of objects: users, routers, credits, sessions, customers or logs.In one table are displayed only objects of one type. Each type of objects has specific fields to display.If the object contains many parameters, not all of them are displayed in the table. To see all parameters the objectdetail form can be used.Tables have several options:• Sorting;• Filtering (Search);• Division in pages;• Multiple object selection;• Operations with selected objects;• Minimization;• Links to detail form.
User Manager/Tables 26
SortingSorting can be done by almost all fields. But there are some "non-sortable" fields, mostly because they are calculatedfields.Sorting can be ascending (1, 2, 3, ...) or descending (5, 4, 3, ...).There are triangular sort buttons for each column - on sides of column's title (at the top). Ascending sort - on the left,descending - on the right:
Sorting decreases data reading performance - sorted data reads take more time than non-sorted reads. Howeversorting affects only reads in the current table, tables are independent to each other.
FilteringEach table can be filtered only by one field:• Users, sessions, logs: by username;• Routers, credits: by name;• Customers: by login.Some tables cannot be filtered (for example, specific user's sessions).Enter pattern in the search form at the bottom of the table and press search. To cancel filtering, clear value of thesearch form and press search:
User Manager/Tables 27
Division in pagesA table can contain plenty of records. It could be a very long operation to display them all. Therefor records aredivided in pages and only one page, called active page, at a time is displayed.Record count per page is changeable on the top-right corner:
The active page can be changed using the link on the upper-left corner:
• Links with numbers go to respective page.• Links with arrows go to previous and next page.• There are also links to first and last page, but they are only displayed when needed (when it is possible to go to
the last/first page with number-links, first/last page links will not be displayed).A total number of records (not pages) is displayed in parenthesis right after page-links:
User Manager/Tables 28
Multiple object selectionTables have checkboxes for each object on the right side of row:
Each object can be selected and actions can be performed on selected objects.On the top of all checkboxes is the select-all checbox which toggles selection of all objects in the current page:
A title displaying selected object count is located at the bottom of a table:
The total count of selected objects and selected objects in the active page is displayed.There is also a button which unchecks all selected objects in other (inactive) pages (affects only this table). Thisbutton is very useful if you select some objects and then change sorting criteria for the table - selected objects getscattered between many pages but you can still uncheck them all by one click.
User Manager/Tables 29
Operations with selected objectsDifferent operations can be performed on selected objects.Web-interface users can have different allowed operations depending on their permissions.Operations are performed only with users in the active page. The reason is security. It is very easy to select someobjects, then change the page and forget the selected objects in other pages. Some operations (like remove) are verydangerous in such situations. That's why all operations work only with selected objects in the active page.All allowed operations (except adding, which is available in main menu on the left) can be found at the bottom of atable in a form of popout toolbar. Each table can have different allowed operations:
.
MinimizationTables can be minimized with a click on the minimize button on the top-right corner:
Minimized tables are not shown in printable page.
User Manager/Tables 30
Links to detail formAlmost every table has links to object detail form, because not all the information can be displayed in the table.Some tables have even links to two different detail forms, for example, session table has links to user and sessiondetail forms.Detail form Links are displayed as usual html-links, underlined:
User Manager/Customer page 31
User Manager/Customer page
SetupThere are no special setup actions for web interface. The only requirement - at least one subscriber must be defined.See first subscriber setup guide.
How to find?Type the following address in your web browser: http:/ / Router_IP_address/ usermanwhere "Router_IP_address" must be replaced with IP address of your router.
SectionsHere are described customer page sections. Use menu on the left side to navigate:
StatusThis page has several components:• User search;• Active user listing;• Active session listing;• User batch-add form.
User search
Type in the search pattern and press the button "Search". Results will be displayed in a new table.
Active users
Active user count displayed here. To see a full list of active users, click on "Show":
User Manager/Customer page 32
Active sessions
Active sessions count displayed here. To see a full list of active sessions, click on "Show":
User batch-add form
Batch of users can be added here:
Fields:• Number of users. How many users to add;• Login starts with. Displays user prefix;• Rate limits. hidden by default. Check the box on the right to show rate limit field group;• Uptime limit;• Prepaid. Credit that will be assigned to users. Unlimited users can also be created by selecting unlimited as a
value.• Generate CSV [1] file. When checked a CSV-file [1] will be generated containing just created user data;• Generate vouchers. When checked printable vouchers for just created users will be generated.
Routers
View routers
Table displaying routers:
User Manager/Customer page 33
All router's attributes are shown here.Click on name opens router detail/edit form.
Add router
Opens router add form. The same form is used to edit routers:
Fields:• Name. Router's name. Must be unique per subscriber;• IP Address. Address of the router;• Shared secret. Password used for authentication;• Log events. Specifies which events must be written to log.
Credits
View credits
Table displaying credits:
All credit's attributes are shown here.Click on name opens credit detail/edit form.
User Manager/Customer page 34
Add credit
Opens credit add form. The same form is used to edit credits:
Fields:• Name. Credit's name. Must be unique per subscriber;• Time. How long this credit is valid when started;• Full price. The price of this as the first credit for a user. When the checkbox at the right is empty, full price is
unavailable - this credit can not be used as a base credit;• Extended price. The price of this as extended credit for a user (user already has credits before this on). When the
checkbox at the right is empty, extended price is unavailable - this credit can not be used as an extended credit;
Users
View users
Table displaying users:
User Manager/Customer page 35
Only part of user's attributes are shown here. To see all details of specific user, open user detail form by clicking onusername in the table.
User detail form
Detail form with user data:
Contains all user fields.There are groups of fields (for example, private information, rate limits). These fields are hidden by default and areaccessible by checking the box on the right:
If the user has credits assigned the total prepaid time is shown at the bottom. To see credit details click on the plussign ("+") under Prepaid time:
User Manager/Customer page 36
New credits can also be assigned (if permitted) to user. At the bottom is a select-box called "Extend" (called "Addtime" when user has no credits yet). The price depends on what kind of credit this is for a user - first or extended.Price is shown in braces:
.To assign credit to the user, choose the desired credit and click Save.Options (buttons at the bottom):• Save - saves edited information, assigns credit, if one selected;• View report - opens single user report.• Remove last credit - removes last credit that's not started yet;• Show sessions - opens window with all sessions this user has;
Add user
Detail form for filling in information about the new user. Very similar to user detail form. This form does not haveread-only counters and other user statistics:
User Manager/Customer page 37
Add batch of users
The User batch-add form will be opened.
Sessions
View sessions
Table displaying sessions:
Only part of session's attributes are shown here. To see all details of specific session, open session detail form byclicking on ID in the table.To see details of session user click on the username in the table.
User Manager/Customer page 38
Session detail form
Detail form with session data:
Contains all session fields.
Customers
View customers
Table displaying customers:
Only part of customer's attributes are shown here. To see all details of specific customer, open customer detail formby clicking on login in the table.
User Manager/Customer page 39
Customer detail form
Detail form with customer data:
Contains all customer fields.There are groups of fields (for example, private information, user options). These fields are hidden by default and areaccessible by checking the box on the right:
There are fields which are accessible only for subscribers: Public Host and Authorize.Net fields. These fields are notshown for customers who are not subscribers:
User Manager/Customer page 40
There are sensitive-data fields (Authorize.Net) which are visible only when using secure connection (https):
There are sensitive-data fields (Authorize.Net) whose values are not shown. Whether the field has value specified ornot is visible by the title standing before it: if the title says "Set ...", this field has no value set; the title saying"Change ..." means that this field has some value:
User Manager/Customer page 41
In the example above Login ID and Transaction Key fields have values (titles are "Change ...") while MD5 Valuefield has no value specified (title is "Set ...").
Add customer
Detail form for filling in information about the new customer. Very similar to customer detail form. This form doesnot have subscriber fields since subscribers cannot be added here:
ReportsThis section refers to user time and traffic reports.Reports generated here can be printed directly.Configurable options:• Users - which users to show: prepaid, unlimited or all;• Type - time (contains prepaid time, extend time and price) or amount (contains upload and download amount)
report;• Period - total (whole history) or with specific time boundaries;See user time and traffic reports for further detail.Sample report:
User Manager/Customer page 42
Logs
View logs
Table displaying logs:
Only part of log's attributes are shown here. To see all details of specific log, open log detail form by clicking on IDin the table.
User Manager/Customer page 43
Log detail form
Detail form with log data:
Contains all log fields.
References[1] http:/ / en. wikipedia. org/ wiki/ Comma-separated_values
User Manager/User page 44
User Manager/User page
How to find?User page can be found at address: http:/ / Router_IP_address/ user?subs=publicID , where• "Router_IP_address" must be replaced with IP address of your router where the User Manager is running (don't
mix it with the HotSpot router, if User Manager and HotSpot are running on different routers);• publicID must be replaced with public ID of the subscriber who is the owner of this user;• If there is only one subscriber on this router the part "?subs=..." can be skipped, i.e., then the address http:/ /
Router_IP_address/ user can be used.
What is Public ID and how to change it?See: Subscriber public ID.
Link to user pageLinks and buttons to user page can be used in other web pages. There are several things configurable:• router IP address;• subscriber's public ID;• caption on the link/button.
Textual linkTo get a textual link to user page, replace this template with your own values:
<a href="http://%hostname%/user?subs=%subid%">%caption%</a>
• %hostname% - router's hostname or IP address;• %subid% - subscriber's public ID;• %caption% - caption of the link that will be show to user.Example: To get a link to userman.mt.lv router's demo subscriber user page, use the following link:
<a href="http://userman.mt.lv/user?subs=demo">This is an example link to Mikrotik User Manager demo User page</a>
And it looks like this: This is an example link to Mikrotik User Manager demo User page [1]
Link buttonTo get a button, which leads to user page, replace this template with your own values:
<button onclick="document.location='http://%hostname%/user?subs=%subid%'">%caption%</button>
Example: To get a button-link to userman.mt.lv router's demo subscriber user page, use the following link:
<button onclick="document.location='http://userman.mt.lv/user?subs=demo'">Check</button>
The visual representation cannot be shown here because of the wiki security so you have to pretend how it looks like.The same button-link is used in HotSpot page templates. By default it looks like this:
<!-- user manager link -->
<button onclick="document.location='http://$(hostname)/user?subs='">status</button>
User Manager/User page 45
$(hostname) here is replaced with the hostname of the HotSpot router (so the default link works only if HotSpot andUser Manager are running on the same router). And "subs=" means that first subscriber will be used (works finewhen there's only one subscriber on the router). Hostname and subscriber id can be replaced with desired values.
SectionsThis par of a document describes sections available in user page. For navigation use the menu on the left side:
StatusHere the user can see account's status:• Summary;• Credits;• Sessions.Sample screenshot:
This information is also formatted for printing. See print preview in the browser (Usually under File > Print previewin the browser's toolbar). Credits and sessions are formed in tables. These tables can be "minimized" - the button onthe upper right corner of the table. A minimized table will not be printed (see print preview).
User Manager/User page 46
Summary
Here the user can see:• Prepaid time - duration of all the credits bought (See: time constants). Or the word unlimited (See prepaid and
unlimited users);• Total price - how much all the credits cost;• Uptime limit - the maximum allowed duration of user's sessions;• Uptime used - current duration of user's sessions;• Download used• Upload used
Credits
Table with all credits this user has bought. No data for unlimited users.Sample screenshot:
If there are credits that are not started yet (see: credits), start-time and end-time fields contain values "awaitinglogin".
User Manager/User page 47
Sessions
Table with all user's sessions.Sample screenshot:
PaymentsHere the user can view payment history and buy a new credit. This section is only available if the subscriber hasallowed any payments.
View payments
Table with all user salles de poker [2] payments.Sample screenshot:
To see all details of specific payment, open payment detail form by clicking on ID in the table.
User Manager/User page 48
Payment detail form
Detail form with payment data:
Contains all payment fields.
Buy credit
A new credit can be bought here using payment methods which are allowed by the subscriber.There are a number of restrictions for this sub-section to be accessible:• Secure connection (https [3]) must be used to access the site. Otherwise a notification with a link to secure page
will be shown;• At least one payment method must be allowed by the subscriber;• Subscriber must have configured all required payment attributes;Sample screenshot:
Here user can see his/her current balance and choose a credit to buy. After click on the "Buy" button user will beredirected to payment gateway where he/she will have to enter required data to process payment.
User Manager/User page 49
Important - payment data (such as credit card number and expiry date) is sent directly from user's computer topayment gateway and is not captured by User Manager. User Manager processes only response about the paymentresult from the payment gateway. This response does not contain any sensitive user's data.When the payment is successful, the selected credit is added to user's account.
SettingsIn this section user can configure his/her parameters:• Private information (informational, not used by User Manager):
• First name;• Last name;• Phone;• Location.
• Email - used to send emails to user. Must be unique.If values provided in "New password" and "Retype new password" fields, the password will be changed.Sample screenshot:
References[1] http:/ / userman. mt. lv/ user?subs=demo[2] http:/ / www. pokerenfrancais. eu/ salles-de-poker[3] http:/ / en. wikipedia. org/ wiki/ Https
User Manager/User sign up 50
User Manager/User sign upUsually user accounts are created by customers. But users can also sign-up by filling in the sign-up form. Thisfeature is available since version 2.9.31.
SetupUser sign-up can be enabled per customer. I.e., some customers can allow it while others don't.Sign-up is disabled by default. To enable it several requirements must be met:• Note: All the attributes mentioned above can be configured in customer section of the customer web-page;• Customer, who wants to allow sign-up, must have public ID. Since Only subscribers have permissions to edit
customers, this public ID must be assigned by the subscriber. In other words - subscriber must configure publicIDs for its customers.
• Subscriber must have at least one credit with full price specified;• In the case when users access sign-up page from a local address which is not accessible from outside (global
Internet) subscriber must have public host address configured. This address is needed by PayPal, paymentresponse will be sent to this it;
• The customer has to enable sign-up by checking the "Signup allowed" box in Signup options section;• The subscriber must have at least one payment method enabled and configured;• The customer should have email address specified. Email will be send to users who sign up (if the user specifies
his/her email address) using this as the from-address;• SMTP-server should be specified. It can be done via console, under tool email, command "set
server=xxx.xxx.xxx.xxx". This SMTP server will be used to send email reminding user's account data. Users canhowever log on to the HotSpot after a successful payment without receiving this email;
• Signup email subject and body can be personalized. There are defaults defined, but one can customize them.However there are constant strings (will be replaced by actual values) that must be present within the messagebody. See sign-up email body field definition.
Sign-up stepsUser sign-up can divided in following steps:• Subscriber configures required parameters (described above);• User creates an account:
• User opens sign-up page URL in the browser;• User fills in the sign-up form;• User chooses credit;• User chooses payment method;• An inactive account is created for the user;
• User activates the account (executes payment):• User is redirected to Payment Gateway;• The payment is being processed;• Payment gateway sends response (was the payment successful or not) to User Manager router;• The account gets activated (if the payment was successful);
• User can start using services. Status check and setting change can be done in the user web-page.May seem a little confusing, but all these steps are simple and can be done in several minutes.
User Manager/User sign up 51
Creating accountUser opens http:/ / routerIP/ user?signup=publicID, where routerIP must be replaced with the IP address of the UserManager router and publicID must be replaced with subscribers public id.Sign-up form will be shown:
Input fields:• email. Email address for user account. must be unique per subscriber. Account data will be sent to this address if
one specified;• login. Desired username. If user prefix is defined, it is shown at the left and cannot be changed. So the prefix is
already predefined (may be empty), the remaining part of username can be chosen. IT must be at least 3characters long. Example: if the prefix is "cu" (shown on the left) and "test" is entered as the remaining part, theusername will be "cutest";
• password. Self explanatory;• confirm password. Password once again to reduce possibility to mistype it;• time. The initial credit for the user account;• pay with. Payment method selector.After the "sign up" button is pressed, authorization data is show to the user. He/She must remember this data as itwill be required to log in later:
If the "Cancel" button is pressed, user is returned to sign-up form.If the "Pay with ..." button is pressed, an inactive account is being created and the user is redirected to paymentgateway.
User Manager/User sign up 52
Activating accountOn a successful payment, the account is activated and the user is returned to User Manager/User page where he/shecan check the status of the account.If the email address was specified in sign-up form, an email with authorization information is sent to it. The text iscustomizable in customer web-page. By default it looks like this:
Your authorization data:
login: userLogin
password: userPassword
To check your status and buy extented time go to address http://userman.mt.lv/user?subs=demo.
here:• userLogin is the username (login);• userPassword is the password.• http:/ / userman. mt. lv/ '' is the hostname of the User Manager router;
LoginAfter successful account activation user is able to start using services (Hotspot). Status and settings are available inuser web-page.
User Manager/User payments
Supported payment methodsAuthorize.Net [1] (since version 2.9.40 or 3.0beta5) and PayPal [2] (since version 2.9.41 or 3.0beta6) payments aresupported.
Authorize.Net
Authorize.Net requirementsTo allow Authorize.Net payments for users the following requirements must be met:• User Manager v3.0 (or v2.9.x, >= 2.9.40) package installed on the router. See: Getting started;• User Manager subscriber created (See: Getting started);• Subscriber must have merchant account in Authorize.Net [3] gateway;• Web server on the router must be configured to support secure SSL connections (See HTTPS connection
enabling);• HotSpot router should contain entries in 'walled-garden to User Manager router and Authorize.net webpage,
/ ip hotspot walled-garden ip add dst-address=x.x.x.x action=accept
where x.x.x.x is address of User-Manager server,
/ ip hotspot walled-garden add dst-host=:^secure\\.authorize\\.net dst-port=443 action=allow
These entry is used to allow access to Authorize.net
User Manager/User payments 53
Authorize.Net setup
Authorize.Net merchant account configuration
Relay URL
Relay URL list must either be empty or contain URL to the User Manager router. For example, if you are usinguserman.mt.lv as User Manager router, then Relay URL list must contain URL https:/ / userman. mt. lv/ (works withand without trailing slash). Relay URL list can be configured in Authorize.Net [3] merchant gateway under Account> Settings > Response/Receipt URLs
API Login ID
API Login ID is shown in Authorize.Net [3] merchant gateway under Account > Settings > API Login ID andTransaction Key.
Transaction Key
Transaction Key can be obtained in Authorize.Net [3] merchant gateway under Account > Settings > API Login IDand Transaction Key > Create New Transaction Key.
MD5-Hash value
MD5-Hash value can be set in Authorize.Net [3] merchant gateway under Account > Settings > MD5-Hash.WARNING!: Standard MD5 hash values are 32 characters long, however, the Authorize.net MD5-Hash input fieldsonly allow 20 characters. Best chance of success if you paste your md5sum into the Authorize.net input field, thencopy it back out to paste into User Manager configuration. By re-copying from the Authorize.net input field, you areselecting only the 20 characters that the field length allows.
Payment Form
Payment Form configuration can be found in Authorize.Net [3] merchant gateway under Account > Settings >Payment Form. The look of this form is customizable here. While the only required fields for processing transactionare credit card number and expiration date, another fields are allowed to be shown in the form. Form customizationis up to merchant.
Authorize.Net subscriber configuration
Subscriber attribute values can be edited using customer detail form in customer page.
Subscriber Authorize.Net attributes
Subscribers have a set of specific Authorize.Net attributes which must be configured properly to allow Authorize.Netpayments:• Only subscribers have Authorize.Net attributes, other customers don't;• Attribute values can be changed only in customer web page, not in console. There is only possibility to change
values, not to see them. As these attributes contain sensitive data, their values are encrypted on the router;• Customer web page must be opened using secure SSL connection (https) to change attribute values;All the attributes can be found in Authorize.Net attribute group:
User Manager/User payments 54
1. "Allow Payments" must be checked to allow this payment method;2. Login ID, Transaction Key and MD5 Value must have same values as set in Authorize.Net merchant gateway.3. Title is optional. It specifies the text shown to users as the name of this payment method. Default title is
"Authorize.Net", but it can be changed to something more used to users, for example "Credit Card". The value ofthis field does not affect the payment process it is only user interface element.
4. Return URL (optional, added in version 3.24): address to which user is redirected when pressing "Return to UserManager" button after successful payment. Can be used to redirect user to HotSpot login page;
5. Use Test Gateway (optional): when checked, payment information is sent to test gateway of Authorize.Net andno real money is charged. This mode can be used to test Authorize.Net payments before User Managerdeployment.
Other subscriber requirements
• Subscriber must have at least one credit with price other than zero. Credit price will be used as transaction amountfor the payment;
• Correct currency must be specified for subscriber. If USD is accepted by Authorize.Net merchant, currencyattribute can be left unchanged for subscriber:
• If users access User Manager page through a local IP address, public host attribute must be specified. It mustcontain a public address of User Manager router which is acceptable as Relay URL for Authorize.Net gateway(See: Authorize.Net Merchant account configuration). Domain name or IP address can be used. Only the addressmust be specified, not URL (for example, userman.mt.lv, not https:/ / userman. mt. lv/ and not https:/ / userman.mt. lv/ userman):
User Manager/User payments 55
Authorize.Net usage• User can buy credits in User Manager page. First he/she has to log on the page. See: User page.• Secure connection must be used for web page, so user has to use https:/ / router_IP/ user instead of http:/ /
router_IP/ user (https instead of http).• Payment section is available on main menu only if subscriber has allowed any payment method.• To buy credit user chooses "Buy credit" from "Payments" section:
• If https connection is not used for web session, a message with error and link to https site will be opened:
• In this form user chooses credit he/she wishes to buy;
• Current balance is also shown:
User Manager/User payments 56
• User chooses Authorize.Net as payment method:
• When the credit is chosen, "Buy" button must be pressed to start payment transaction:
User Manager/User payments 57
• User is redirected to Authorize.Net gateway payment form, which should look similar to following:
• The actual look of this form can be configured in Authorize.Net merchant gateway• User fills in credit card number and expiry date. Other fields are optional:
User Manager/User payments 58
• User submits the form::
• The data is transmitted directly to Authorize.Net gateway via secure connection. Neither credit card number norexpiry date is submitted to User Manager router.
• Authorize.Net gateway processes the data and sends response to specified User Manager router. This responsecontains only data required to identify payment in User Manager and detect result status of transaction - was itsuccessful or not. It does not contain any information about the user - credit card number, expiry date or othersensitive data.
• User Manager processes the response and updates payment record status;• If the transaction was successful requested credit is added to user's account;• A message describing payment result is shown to user:
• Click on the button redirects the user back to User Manager page:
• User is returned to payment section displaying table with payment history:
User Manager/User payments 59
PayPal
PayPal requirementsTo allow PayPal payments for users the following requirements must be met:• User Manager v3.0 (>= 3.0beta6) or v2.9.x (>= 2.9.41) package installed on the router. See: Getting started;• User Manager subscriber created (See: Getting started);• Subscriber must have merchant PayPal [4] account;• Web server on the router must be configured to support secure SSL connections (See HTTPS connection
enabling);• HotSpot router should contain entries in 'walled-garden to User Manager router and Paypal webpage,
/ ip hotspot walled-garden ip add dst-address=x.x.x.x action=accept
where x.x.x.x is address of User-Manager server;• version v2.9
/ ip hotspot walled-garden add dst-host=:^www\\.paypal\\.com\$ dst-port=443 action=allow
/ ip hotspot walled-garden add dst-host=:^content\\.paypalobjects\\.com\$ dst-port=443 action=allow
/ ip hotspot walled-garden add dst-host=*.akamaiedge.net action=allow
/ ip hotspot walled-garden add dst-host=paypal.112.2O7.net action=allow
• version v3
/ ip hotspot walled-garden add dst-host=":^www\\.paypal\\.com\$" dst-port=443 action=allow
/ ip hotspot walled-garden add dst-host=":^content\\.paypalobjects\\.com\$" dst-port=443 action=allow
/ ip hotspot walled-garden add dst-host=*.akamaiedge.net action=allow
/ ip hotspot walled-garden add dst-host=paypal.112.2O7.net
These four entries are required to allow reliable access to the Paypal system.
PayPal setup
PayPal merchant account configuration
Basically there is no specific PayPal account configuration that must be done. The only requirement is to havePayPal account which is allowed to receive money.Warning! User Manager accepts payment as successful only when it receives status "Completed" from PayPalgateway. If the status is "Pending" and some manual operations must be done by merchant (or the merchant has notverified the account) to accept payment, the credit will be transfered to User Manager user account only when thepayment will be accepted.Note: Since version 2.9.45 and 3.0beta11 it is possible to also accept payments with "Pending" status, except forthose with pending reason "unilateral".
User Manager/User payments 60
PayPal subscriber configuration
Subscriber attribute values can be edited using customer detail form in customer page.
Subscriber PayPal attributes
The only PayPal attribute subscribers have is business login. It is the login (usually an email address) merchants useto log on their account. Only subscribers have this business login, other customers don't;Since versions 2.9.45 and 3.0beta11 there are also options that refer to PayPal payment processing: "SecureResponse" and "Accept Pending".Field "Return URL" added in version 3.11.All the attributes can be found in PayPal attribute group:
1. "Allow Payments" must be checked to allow this payment method;2. Login (email) must be the PayPal merchant account login.3. Secure response. When checked, PayPal will send response via HTTPS. Otherwise response will be send via
HTTP;4. Accept pending. When checked, User Manager will also add credit to user if the payment status is "Pending",
except for payments with pending reason "unilateral".
Other subscriber requirements
• Subscriber must have at least one credit with price other than zero. Credit price will be used as transaction amountfor the payment;
• Correct currency must be specified for subscriber. If USD is accepted by PayPal merchant, currency attribute canbe left unchanged for subscriber:
User Manager/User payments 61
• If users access User Manager page through a local IP address, public host attribute must be specified. It mustcontain a public address of User Manager router which is acceptable as response URL for PayPal gateway(PayPal will send payment result to this address). Domain name or IP address can be used. Only the address mustbe specified, not complete URL (for example, userman.mt.lv, not https:/ / userman. mt. lv/ and not https:/ /userman. mt. lv/ userman):
PayPal usage• User can buy credits in User Manager page. First he/she has to log on the page. See: User page.• Secure connection must be used for web page, so user has to use https:/ / router_IP/ user instead of http:/ /
router_IP/ user (https instead of http).• Payment section is available on main menu only if subscriber has allowed any payment method.• To buy credit user chooses "Buy credit" from "Payments" section:
• If https connection is not used for web session, a message with error and link to https site will be opened:
• In this form user chooses credit he/she wishes to buy;
User Manager/User payments 62
• Current balance is also shown:
• User chooses PayPal as payment method:
User Manager/User payments 63
• When the credit is chosen, "Buy" button must be pressed to start payment transaction:
• User is redirected to PayPal gateway payment form, which should look similar to following (PayPal web site canchange, these screen shots may differ from actual page):
User Manager/User payments 64
• User logs on to the account. Payment is now displayed with the Pay button:
• When user presses Pay button, PayPal starts to process data. On successful payment result page is displayed:
• This page contains button "Return to merchant" pressing which returns user to User Manager payment historypage:
User Manager/User payments 65
• User Manager receives data from PayPal indicating Payment status.• On a successful payment the appropriate credit is added to user.
PayPal chargebackWhen a payment changes status from "Approved" to "Aborted" (For example, "Reversed") User Manager tries toremove credit bought for this money. This is however possible only if the two following requirements are met:• The credit is not started yet;• The credit is last for current user, i.e., no other credit is bought after this one.
PayPal payment process description• The payment data is transmitted directly to PayPal gateway. All operation with money and accounts is processed
by PayPal. User Manager knows nothing about it.• PayPal gateway processes the data and after that sends response to specified User Manager router. It may take
time, usually not more than one minute. That means that payment may have status "Started" for a few seconds,the status is updated only when PayPal sends response to User Manager;
• If the option "Secure response" is enabled, secure connection (https) is established between PayPal and UserManager;
• When experiencing problems with HTTPS response from PayPal, "Secure response" may be disabled. Then nocertificate will be needed on User Manager router to receive PayPal response;
• Again - PayPal response contains only data required to identify payment in User Manager and detect result statusof transaction - was it successful or not. It does not contain any information about the user - credit card number,expiry date or other sensitive data;
• User Manager sends request to PayPal to verify that this payment response comes from PayPal and not from ahacker. Because of this verification it is not necessary to receive response from PayPal via https - if aMan-In-The-Middle [5] catches data and sends wrong response to User Manager, the verification fails;
• Response verification requires SSL certificate of root certification authority [6] who has signed PayPal certificate.This root CA certificate is imported automatically and can bee seen in certificate section on the router (console orWinbox);
• User Manager processes the response and updates payment record status;• If the transaction was successful requested credit is added to user's account;The payment processing is shown in the following picture:
User Manager/User payments 66
Related activities
HTTPS connection enabling
Creating certificate
Trusted SSL Certificate can be bought from trusted authorities, for example, VeriSign [7]. An unsigned certificatecan be generated by hand, using OpenSSL on a Linux box. To do it issue following commands in the shell:
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Two important things:1. Enter the same pass phrase always when asked for "Enter pass phrase for server.key" (Should be 4 times);2. Enter your server's domain name, when asked for "Common Name (eg, YOUR name) []". This is important,
because otherwise some browsers may refuse your certificate. For example, if the User Manager server's addressis http:/ / userman. mt. lv/ userman, then "userman.mt.lv" must be specified as Common Name for the certificate.
After doing this three files will be created:1. server.crt - Certificate, must be uploaded to router;2. server.key - Private key, must be uploaded to router;3. server.csr - Signature request, can/should be deleted;Upload server.crt and server.key to the router and import them, using the same pass phrase again when asked.server.crt must be imported before server.key.
User Manager/User payments 67
Importing certificate
Certificate file can be then uploaded to the router and imported with command
/certificate import file-name=...
The command should return
certificates-imported: 1
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
If it doesn't, could happen that the file contains private key and certificate sections in incorrect order. In this situationthe output should be
certificates-imported: 1
private-keys-imported: 0
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 1
Just repeat the same command
/certificate import file-name=...
once again and the output should be this time
certificates-imported: 0
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
Now certificate is imported correctly and ready for use;
Enabling WWW SSL
SSL connections for WWW server can be enabled with command
/ip service set www-ssl disabled=no certificate=cert1
where cert1 must be replaced by a correct certificate name (from /certificate section)
Troubleshooting
1. Authorize.net requires that time time on the server be within 15 minutes of UTC or you will get a failedtransaction, use NTP client.2. Your user manager must be accessible from the internet on port 443, make sure you have DNS setup properly oruse the IP address for all of your references. Don't forget to open your firewall for port 443 and use NAT to get toyour user manager if behind a firewall.3. You must put the URL of your UserManager instance in your Authorize.net control panel. For example: ResponseReason Code: 14Response Reason Text: The Referrer or Relay Response URL is invalid.
User Manager/User payments 68
Notes: Applicable only to SIM and WebLink APIs. The Relay Response or Referrer URL does not match themerchant?s configured value(s) or is absent.
To add a valid Response/Receipt URL, please follow these steps:
1: Login to your Merchant Interface at https://account.authorize.net.
2: Click Settings in the main left side menu.
3: Click Response/Receipt URLs.
4: Click Add URL.
5: Enter your Response URL.
6: Click Submit.
4. When inputting the above URL, use only the base URL, not /userman or it won't work.
References[1] http:/ / authorize. net/[2] https:/ / www. paypal. com/[3] https:/ / authorize. net[4] https:/ / www. paypal. com[5] http:/ / en. wikipedia. org/ wiki/ Man_in_the_middle[6] http:/ / en. wikipedia. org/ wiki/ Certification_authority[7] http:/ / www. verisign. com
Centralized Authentication for Hotspot userGenerally we are using external Radius servers for user authentication as MikroTik is not Radius server. But here inthis example we use the MikroTik User Manager which works as a Radius server and does authentication andcontrol of your Hotspot users.
Requirements
Central location: MikroTik OS with User Manager (suggested License is L6 [1]).Hotspot: Mikrotik Routerboard with at least a L4 LicenseNetwork 192.168.1.0/24
Centralized Authentication for Hotspot user 69
R1-Hotspot Master
WAN IP- <Connected to Internet>
LAN IP – 192.168.1.1/24
R2-Hotspot IT Dept
WAN IP – 192.168.1.2/24LAN IP – 10.10.10.1/24
R3-Hotspot Account Dept.
WAN IP – 192.168.1.3/24LAN IP – 20.20.20.1/24
R4- Hotspot Purchase Dept
WAN IP – 192.168.1.4/24LAN IP – 30.30.30.1/24
R5- Hotspot Sales Dept.
WAN IP – 192.168.1.5/24LAN IP – 40.40.40.1/24
We assume that all the setup is ready and the hotspot is configured on R2, R3, R4, and R5 with local authentication.First, we will configure R2, R3, R4 & R5 to use MikroTik user manager as a Radius server.
/ip hotspot profile
use-radius=yes
Centralized Authentication for Hotspot user 70
/radius add
service=hotspot address=192.168.1.1 secret=123456
This configuration will apply to all the Hotspot router.
Now, we will configure R1-Hotspot Master.
/tool user-manager customer add
subscriber=mikrotik login="mikrotik" password="ashish" time-zone=+05:30
permissions=owner parent=mikrotik
/tool user-manager router add
subscriber=mikrotik name="R2" ip-address=192.168.1.2 shared-secret="123456"
subscriber=mikrotik name="R3" ip-address=192.168.1.3 shared-secret="123456"
subscriber=mikrotik name="R4" ip-address=192.168.1.4 shared-secret="123456"
subscriber=mikrotik name="R5" ip-address=192.168.1.5 shared-secret="123456"
and finally add the user on R1
/tool user-manager user add
username=ashish password=ashishpatel subscriber=mikrotik
The user name and password will work for all the remote hotspot router…a user can login from any department ofthe company with same ID and password and we can have all the user data centrally.Now you can log into the User Manager web interface on the address http:/ / 192. 168. 1. 1/ userman and start settingup your user accounts.NEED the Solution..??? - Pl Contact.ASHISH PATEL - [email protected] - +91 2692 227275 - +91 99098 90908.
More information in the User Manager section.
References[1] http:/ / www. mikrotik. com/ pricelist. php?sect=1#product10
User Manager/QA/How to make MAC authentication 71
User Manager/QA/How to make MACauthenticationLet's consider configuration scenario, when we need HotSpot users MAC authentication trough User Manager.HotSpot MAC authentication method allows to authenticate clients as soon as they appear in the hosts list, usingclient's MAC address as username. We assume that User Manager already provides AAA for HotSpot router.Configuration required on HotSpot server router:
/ip hotspot profile set hsprof1 login-by=mac use-radius=yes
Command enables MAC authentication for the particular profile and forces to use RADIUS for AAA. Note, firstlocal HotSpot database is consulted, then User Manager database.User Manager configuration (for each mac-address):
/too user-manager user add username=XX:XX:XX:XX:XX:XX subscriber=MikroTik
We add user information belonging to the particular subscriber, it allows HotSpot user with MAC-addressXX:XX:XX:XX:XX:XX to authenticate in HotSpot without prompting login/password.
User Manager/QA/How to turn off logging forspecific RoutersIn the customer web-page, router section choose the router you want to edit. Open it's detail form by clicking onrouter's name in the table. Here you can check which events of the router must be logged:
User Manager/QA/How to create timed Voucher 72
User Manager/QA/How to create timed VoucherApplies to RouterOS: v3.x
1. Create credit;2. Create users accounts with desired credits;3. Open user table in customer web-page;4. Check users for which you want to print vouchers;5. Chose action Generate > print page (at the bottom of the table);6. Formatted information will be shown on the page. It is ready for printing.7. Choose File > Print in your web-browser.
Steps 2-5 can be replaced by:1. Open User-batch-add form (Users > batch add, or form in status page) in customer web-page;2. configure, how many users to create, which credits to use;3. checkbox show printpage must be checked;4. csv file can also be generated with newly created user data, but it is optional;5. generate users;
Article Sources and Contributors 73
Article Sources and ContributorsManual:User Manager Source: http://wiki.mikrotik.com/index.php?oldid=19155 Contributors: Akangage, Bhhenry, Binhtanngo2003, Cmit, Comnetisp, Eep, Girts, Hellbound, Janisk,Levipatick, Marisb, Nest, Normis, Polokus, Rtkrh10, SergejsB, Uldis
User Manager/Introduction Source: http://wiki.mikrotik.com/index.php?oldid=15583 Contributors: EotThj, Girts, Jandrade28, Janisk, Ni3ls, Normis, SergejsB, WcjZrv
User Manager/Getting started Source: http://wiki.mikrotik.com/index.php?oldid=15586 Contributors: Ctech4285, Fewi, Girts, HarvSki, Janisk, MwdNx0, Normis, Vitell, Xhimimavraj,Xm0Vlj
User Manager/Hotspot Example Source: http://wiki.mikrotik.com/index.php?oldid=17669 Contributors: Girts, Nest, Normis, SergejsB, Vitell
User Manager/PPP Example Source: http://wiki.mikrotik.com/index.php?oldid=15590 Contributors: Bney, Cmit, Girts, SergejsB
User Manager/DHCP Example Source: http://wiki.mikrotik.com/index.php?oldid=15592 Contributors: Girts, SergejsB
User Manager/Wireless Example Source: http://wiki.mikrotik.com/index.php?oldid=15595 Contributors: Girts, MarkSorensen, SergejsB
User Manager/RouterOS user Example Source: http://wiki.mikrotik.com/index.php?oldid=15596 Contributors: Girts, SergejsB
User Manager/Customers Source: http://wiki.mikrotik.com/index.php?oldid=12156 Contributors: Girts, Mw0Jme, Normis
User Manager/Users Source: http://wiki.mikrotik.com/index.php?oldid=10912 Contributors: Girts, Vitell
User Manager/Routers Source: http://wiki.mikrotik.com/index.php?oldid=3511 Contributors: Girts, SergejsB
User Manager/Sessions Source: http://wiki.mikrotik.com/index.php?oldid=3875 Contributors: Girts
User Manager/Payments Source: http://wiki.mikrotik.com/index.php?oldid=3857 Contributors: Girts
User Manager/Logs Source: http://wiki.mikrotik.com/index.php?oldid=12383 Contributors: Girts
User Manager/Permissions Source: http://wiki.mikrotik.com/index.php?oldid=3837 Contributors: Girts
User Manager/Character constants Source: http://wiki.mikrotik.com/index.php?oldid=12153 Contributors: Girts, Linkwave
User Manager/Active sessions Source: http://wiki.mikrotik.com/index.php?oldid=17499 Contributors: Girts, Nest
User Manager/Public ID Source: http://wiki.mikrotik.com/index.php?oldid=5237 Contributors: Girts, Normis, NzvKqo, Vw3Bfw, Yo8Zyo
User Manager/MAC binding Source: http://wiki.mikrotik.com/index.php?oldid=19530 Contributors: Girts, Myrrhman
User Manager/Languages Source: http://wiki.mikrotik.com/index.php?oldid=20409 Contributors: Anjunior, Girts, Josemari, Medianet, Normis, SergejsB
User Manager/Search patterns Source: http://wiki.mikrotik.com/index.php?oldid=15556 Contributors: Girts
User Manager/Tables Source: http://wiki.mikrotik.com/index.php?oldid=5254 Contributors: Girts, Lv0Egm, Normis
User Manager/Customer page Source: http://wiki.mikrotik.com/index.php?oldid=12984 Contributors: Girts, Infoservi, Normis, WpyOj4, Xhimimavraj
User Manager/User page Source: http://wiki.mikrotik.com/index.php?oldid=20401 Contributors: Ahmed allam, Girts, Mala, MollyRodriguez, Prence iraq, SergejsB
User Manager/User sign up Source: http://wiki.mikrotik.com/index.php?oldid=4567 Contributors: Girts, SergejsB
User Manager/User payments Source: http://wiki.mikrotik.com/index.php?oldid=14296 Contributors: Girts, Nest, Normis, Sdischer, SergejsB, Stutteringp0et, WruAqo
Centralized Authentication for Hotspot user Source: http://wiki.mikrotik.com/index.php?oldid=10129 Contributors: Ashish, Normis
User Manager/QA/How to make MAC authentication Source: http://wiki.mikrotik.com/index.php?oldid=5229 Contributors: Girts, LvsJl6, Normis, RurA4z, SergejsB, ZmzGwx
User Manager/QA/How to turn off logging for specific Routers Source: http://wiki.mikrotik.com/index.php?oldid=3473 Contributors: Girts
User Manager/QA/How to create timed Voucher Source: http://wiki.mikrotik.com/index.php?oldid=15632 Contributors: Girts, Normis
Image Sources, Licenses and Contributors 74
Image Sources, Licenses and ContributorsImage:Icon-note.png Source: http://wiki.mikrotik.com/index.php?title=File:Icon-note.png License: unknown Contributors: Marisb, RouteImage: UserManLogDetails.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManLogDetails.png License: unknown Contributors: GirtsImage:Version.png Source: http://wiki.mikrotik.com/index.php?title=File:Version.png License: unknown Contributors: NormisImage:UserMan4MACBind.png Source: http://wiki.mikrotik.com/index.php?title=File:UserMan4MACBind.png License: unknown Contributors: GirtsImage:UserManSorting.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSorting.png License: unknown Contributors: GirtsImage:UserManSearch.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSearch.png License: unknown Contributors: GirtsImage:UserManPerPage.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPerPage.png License: unknown Contributors: GirtsImage:UserManPageSel.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPageSel.png License: unknown Contributors: GirtsImage:UserManTotal.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManTotal.png License: unknown Contributors: GirtsImage:UserManCheckboxes.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCheckboxes.png License: unknown Contributors: GirtsImage:UserManSelectAll.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSelectAll.png License: unknown Contributors: GirtsImage:UserManSelCount.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSelCount.png License: unknown Contributors: GirtsImage:UserManOptions.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManOptions.png License: unknown Contributors: GirtsImage:UserManTableMinimize.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManTableMinimize.png License: unknown Contributors: GirtsImage:UserManTableLinks.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManTableLinks.png License: unknown Contributors: GirtsImage:UserManTableMultiLinks.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManTableMultiLinks.png License: unknown Contributors: GirtsImage:UserManCustMenu.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustMenu.png License: unknown Contributors: Binhtanngo2003, GirtsImage:UserManSearchUsers.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSearchUsers.png License: unknown Contributors: GirtsImage: UserManActiveUsers.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManActiveUsers.png License: unknown Contributors: GirtsImage: UserManActiveSessions.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManActiveSessions.png License: unknown Contributors: GirtsImage: UserManBatchAdd.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManBatchAdd.png License: unknown Contributors: GirtsImage: UserManRouters.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManRouters.png License: unknown Contributors: GirtsImage: UserManRouterAdd.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManRouterAdd.png License: unknown Contributors: GirtsImage: UserManCredits.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCredits.png License: unknown Contributors: GirtsImage: UserManCreditAdd.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCreditAdd.png License: unknown Contributors: GirtsImage: UserManUsers.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUsers.png License: unknown Contributors: GirtsImage: UserManEditUser.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManEditUser.png License: unknown Contributors: GirtsImage: UserManUserPrivInfo.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserPrivInfo.png License: unknown Contributors: GirtsImage: UserManUserCredDet.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserCredDet.png License: unknown Contributors: GirtsImage: UserManUserExtend.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserExtend.png License: unknown Contributors: GirtsImage: UserManUserAdd.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserAdd.png License: unknown Contributors: GirtsImage: UserManSessions.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSessions.png License: unknown Contributors: GirtsImage: UserManEditSession.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManEditSession.png License: unknown Contributors: GirtsImage: UserManCustomers.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustomers.png License: unknown Contributors: GirtsImage: UserManEditCustomer.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManEditCustomer.png License: unknown Contributors: GirtsImage: UserManCustPrivInfo.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustPrivInfo.png License: unknown Contributors: GirtsImage: UserManCustSubsFields.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustSubsFields.png License: unknown Contributors: GirtsImage: UserManCustUseHttps.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustUseHttps.png License: unknown Contributors: GirtsImage: UserManCustSensitiveFieldTitles.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustSensitiveFieldTitles.png License: unknown Contributors: GirtsImage: UserManCustomerAdd.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustomerAdd.png License: unknown Contributors: GirtsImage: UserManReport.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManReport.png License: unknown Contributors: GirtsImage: UserManLogs.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManLogs.png License: unknown Contributors: GirtsImage:UserManUserMenu.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserMenu.png License: unknown Contributors: GirtsImage:UserManUserStatus.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserStatus.png License: unknown Contributors: GirtsImage:UserManUserCredits.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserCredits.png License: unknown Contributors: GirtsImage:UserManUserSessions.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserSessions.png License: unknown Contributors: GirtsImage:UserManUserPayments.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserPayments.png License: unknown Contributors: GirtsImage:UserManPaymentDetail.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPaymentDetail.png License: unknown Contributors: GirtsImage:UserManBuyCredit.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManBuyCredit.png License: unknown Contributors: GirtsImage:UserManUserSettings.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserSettings.png License: unknown Contributors: GirtsImage:UserManSignupForm.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSignupForm.png License: unknown Contributors: GirtsImage: UserManSignupConfirm.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSignupConfirm.png License: unknown Contributors: GirtsImage: UserManCustAuthNet.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustAuthNet.png License: unknown Contributors: GirtsImage: UserManCustCurrency.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustCurrency.png License: unknown Contributors: GirtsImage: UserManCustPublicHost.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustPublicHost.png License: unknown Contributors: GirtsImage: UserManUserBuyCredit.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCredit.png License: unknown Contributors: GirtsImage: UserManHttpsWarning.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManHttpsWarning.png License: unknown Contributors: GirtsImage: UserManUserBuyCreditCredit.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditCredit.png License: unknown Contributors: GirtsImage: UserManUserBuyCreditBalance.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditBalance.png License: unknown Contributors: GirtsImage: UserManUserBuyCreditMethodAuthnet.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditMethodAuthnet.png License: unknown Contributors:GirtsImage: UserManUserBuyCreditButton.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditButton.png License: unknown Contributors: GirtsImage: UserManAuthNetPaymentForm.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManAuthNetPaymentForm.png License: unknown Contributors: GirtsImage: UserManAuthNetFormFilled.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManAuthNetFormFilled.png License: unknown Contributors: GirtsImage: UserManAuthNetFormSubmit.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManAuthNetFormSubmit.png License: unknown Contributors: GirtsImage: UserManPaymentSuccess.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPaymentSuccess.png License: unknown Contributors: GirtsImage: UserManPaymentReturnButton.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPaymentReturnButton.png License: unknown Contributors: GirtsImage: UserManUserPayments.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserPayments.png License: unknown Contributors: GirtsImage: UserManCustPayPal.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustPayPal.png License: unknown Contributors: Girts
Image Sources, Licenses and Contributors 75
Image: UserManUserBuyCreditMethodPayPal.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditMethodPayPal.png License: unknown Contributors: GirtsImage: UserManUserBuyCreditButtonPP.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditButtonPP.png License: unknown Contributors: GirtsImage: UserManPayPalPaymentForm.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPayPalPaymentForm.png License: unknown Contributors: GirtsImage: UserManPayPalFormLogged.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPayPalFormLogged.png License: unknown Contributors: GirtsImage: UserManPayPalSuccess.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPayPalSuccess.png License: unknown Contributors: GirtsImage: UserManPayPalPaymentProcess.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPayPalPaymentProcess.png License: unknown Contributors: GirtsImage:usermanager.jpg Source: http://wiki.mikrotik.com/index.php?title=File:Usermanager.jpg License: unknown Contributors: AshishImage: UserManLogsOff.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManLogsOff.png License: unknown Contributors: GirtsImage: UserManGenPrintPage.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManGenPrintPage.png License: unknown Contributors: GirtsImage: UserManBatchAddUsers.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManBatchAddUsers.png License: unknown Contributors: Girts
![Connection load balancing - MikroTikmum.mikrotik.com/presentations/ID16/presentation_3384_1479372904.pdf · Connection load balancing with mikrotik [workshop] Mikrotik User Meeting](https://img.pdfslide.us/doc/110x75/5f0a50897e708231d42b0c87/connection-load-balancing-connection-load-balancing-with-mikrotik-workshop-mikrotik.jpg)
