User-manager Package Mikrotik Download
Efraine Ton
User Manager is RADIUS server implementation in RouterOS which provides centralized user authentication and authorization to a certain service. Having a central user database allows better tracking of system users and customers. As a separate package, User Manager is available on all architectures except SMIPS, however, care must be taken due to limited free space available. It supports many different authentication methods including PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP-TLS, EAP-TTLS, and EAP-PEAP. In RouterOS, DHCP, Dot1x, Hotspot, IPsec, PPP, and Wireless are features that benefit from User Manager the most. Each user can see their account statistics and manage available profiles using the WEB interface. Additionally, users can buy their own data plans (profiles) using the most popular payment gateway - PayPal making it a great system for service providers. Customized reports can be generated to ease processing by the billing department. User Manager works according to RADIUS standards defined in RFC2865 and RFC3579.
RADIUS attributes are defined authorization, information, and configuration parameters that are passed between the RADIUS server and the client. User Manager allows sending customized attributes defined in the "attributes" menu. RouterOS has a set of predefined attributes already present, but it is also possible to add additional attributes if necessary. Predefined attributes:
All RADIUS-related information is stored in a separate User Manager's database configurable under the "database" sub-menu. "Enabled" and "db-path" are the only parameters that are not stored in the User Manager's database and instead are stored in the main RouterOS configuration table meaning that these parameters will be affected by the RouterOS configuration reset. The rest of the configuration, session, and payment data is stored in a separate SQLite database on the FLASH storage of the device. When performing any actions with databases, it is advised to make a backup before and after any activity.
Limitations are used by Profiles and are linked together by Profile-Limitations. RADIUS accounting and Interim updates must be enabled to seamlessly switch between multiple limitations or disconnect active sessions when download-limit, upload-limit or uptime-limit is reached.
To disconnect already active sessions from User Manager, accept must be set to yes on the RADIUS client side. If simultaneous session limits are not unlimited (shared-users) and it has reached the maximum allowed number, then the router will try to disconnect the older user session first.
User-Manager attempts to disconnect an active session before a new user will be accepted (when the appropriate limit is set), that's why in such setups it is suggested to use 1s for /radius client timeout.
Profile-Limitations table links Limitations and Profiles together and defines their validity period. When multiple Limitations are assigned to the same Profile, a user must comply with all Limitations for the session to be established. This allows more complicated setups to be created, for example, separate monthly and daily bandwidth limits.
User groups define common characteristics of multiple users such as allowed authentication methods and RADIUS attributes. There are two groups already present in User Manager called default and default-anonymous.
This menu assigns users a profile and tracks the status of the profile. A single user can have multiple profiles assigned, however, only one can be used at the same time. A user will seamlessly be switched to the next profile when the currently active profile expires without dropping the user's session.
Each user has access to his personal profile using a WEB interface. The WEB interface can be accessed by adding "/um/" directory to the router's IP or domain, for example, Note that the WEB interface is affected by IP Services "www" and "www-ssl". The WEB interface can be customized using CSS, JavaScript, and HTML.
It is possible to create multiple new users with randomly generated usernames and passwords. For example, the following command will generate 3 new users with 6 lowercase symbols as the username and 6 lowercase, uppercase, and numbers as the password.
It is possible to send additional RADIUS attributes during the authentication process to provide NAS with custom information about the session, such as what IP address should be assigned to the supplicant or what address pool to use for address assigning.
To assign the end user a static IP address, Framed-IP-Address attribute can be used. When using static IP address allocation, shared-sessions must be set to 1 to prevent cases when a user has multiple simultaneous sessions, but there is only one IP address. For example:
To calculate the TOTP token on the supplicant side, many widely available applications can be used, for example, Google Authenticator or Adding mysecret to the TOTP token generator will provide a new unique 6-digit code that must be added to the user password.
To generate a single user's printable voucher card, simply use the generate-voucher command. Specify the RouterOS ID number of the user or use the find command to specify a username. A template is already included in User Manager's installation available in the Files section of your device. You can customize the template for your needs.
In cases where presentable network usage information is required by companies billing or legal team an automated session export can be created using the generate-report command. The command requires an input of the report template - an example of the template is available in um5files/PRIVATE/TEMPLATES/reports/report_default.html. Example of the report generation:
After logging into the user's private profile by accessing the router's /um/ directory using a WEB browser, for example, , he will be able to see all available Profiles in the respective menu. Profiles that have specified price values will have a Buy this Profile button available.
After pressing the Buy this Profile button, the user will be asked to choose from available transaction service providers (currently only PayPal is available) and later redirected to PayPal's payment processing page.
When you upgrade your User Manager router from RouterOS v6 to the v7 the new User Manager will work with new database files and configuration. To continue using the old user, router, profile, etc. configuration you must manually execute the migrate command. To do so you must have files from the old User Manager server folder "user-manager" present. The folder can be renamed, but all the contents from the old installation must be transferred to the new v7 installation (you can move the old configuration from one router to another router with v7, you must copy "user-manager" folder). After that, all you need to do is execute this command - "/user-manager/database/migrate-legacy-db database-path=".
Many of the functions in this are automated, however not the addition of per-account rate limits, which would normally be based on the package purchased. Instead most sites opt to use a preset speed value on a per router basis. An alternative option to this would be to put different users in different IP pools and setup a rate-limited queue tree based on that.
I was requested to build a script for use on the main user-manager mikrotik, that would allow accounts to be assigned a rate limit based on the package someone had purchased. Once set, this speed value remains the same.
Mikrotik is a brand that is well-known for its various hardware and software that are involved in the internet network world and Mikrotik itself has a tool called the Mikrotik User Manager which is useful for managing various hardware and software from Mikrotik.
User manage (UM) is a management system that can be used in a variety of settings. UM can be used for HotSpot, PPP, DHCP, Wireless and RouterOS users. User Manager is a RADIUS server application. UM testing packages were first introduced in RouterOS version 4. User manager packages are supported on all RouterOS architectures including x86 and Cloud Host Router.
User Manager Mikrotik is downloaded from the downloads section of the MikroTik website. There find the system and software version you need for this package and download the additional package archive for it, you can download user manage download user manager mikrotik rb941, download user manager mikrotik rb750 or download user manager mikrotik rb750gr3.
In this example, we will use user-managed Mikrotik rb750gr3, this one package is indeed easy to use and with a more comfortable interface using the GUI. So, there is no need to be complicated like using the CLI.
You must also change the default Userman access rights settings by changing or providing a Userman username / user by entering the Customers menu and clicking the Add button to grant users or change admin access rights. The following is an example of the picture:
Add a Limitation if your hotspot user connection will be limited / limited with steps to enter the Profiles menu then Limitations, for example you will limit hotspot users with Upload and Download by 2 Mb. Look at the following picture:
So that users can be integrated with each other with your hotspot server, you must activate Radius in the Server Profile along with steps to enter the IP menu -> Hotspot -> Server Profiles, then choose the name of the server profile that radius server will activate. Look at the following picture:
PT. Network Data Sistem is your partner in the Information Technology and Information Consulting Business Company. We are made up of qualified experts specializing in IT and our team is dedicated to providing high quality service and support.
I am going to divide this post into two parts. One will be on downloading usermanger, configuring hotspots and radius server, while the other part will be on how to install Mikrotik usermanager. So here we go.
This configuration will help us allocate internet access to users based on data or on uptime. To do this, you will have to download and install the usermanager software. Go to here, click on extra packages to download. Once downloaded, open it, locate and drag usermanager to the file menu of your mikrotik router (log in via winbox, click on file to open the file menu), then reboot your router. At this point, you will have usermanager show up in your system packages. Click on system, packages to see if yours is there. Note that for it to work your routeros must be same version as the usermanager downloaded.
c80f0f1006