User Manager - Mikrotik
PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Tue, 22 Feb 2011 21:49:06 UTC
Manual:User Manager
Manual:User Manager Introduction • • • • •
What is User Manager Requirements Supported browsers Demo Differences between version 3 and version 4-test
Getting started • • • •
Download Install Create first subscriber First log on User Manager web
Quick start • • • • •
User Manager and HotSpot User Manager and PPP servers User Manager and DHCP User Manager and Wireless User Manager and RouterOS user
Concepts explained Common • • • • • • • • • • • •
Customers Users Routers Sessions Payments Reports Logs Customer permission levels Character constants Active sessions Active users Customer public ID
1
Manual:User Manager
Version 4.x test package specific • • • • • •
Profiles Limitations User data templates MAC binding Languages CoA (Radius incoming)
Version 3.x specific • • • • • •
Subscribers Credits User prefix Time, traffic amount and rate limiting Prepaid and unlimited users Voucher template
Reference Web interface • Search patterns • Tables: • Sorting • Filtering • Division in pages • Multiple object selection • Operations with selected objects • Minimization • Links to detail form • Detail forms • Page printing
Customer page • Setup • How to find it? • Sections • • • • • • • •
Status Routers Credits Users Sessions Customers Reports Logs
2
Manual:User Manager
User page • • • •
Setup How to find it? Link to user page Sections • Status • Payments • Settings
User sign-up • Setup • Sign-up steps • Creating account • Activating account • Login
User payments • Authorize.Net • PayPal
Questions and answers • • • • • • • • • • • • • • • • •
Quick introduction into User Manager setup How to separate users among customers? How to create a link to user page? How to create a link to user sign-up page? Visual bugs since upgrade Cannot log in User Manager Too many active sessions shown What does "active sessions" refer to? How to make Hotspot and User Manager on the same router? How to make MAC authentication in the User Manager? How to turn off logging for specific Routers? How to create timed Voucher? Cannot access User Manager WEB interface Incorrect time shown for sessions and credits User Manager does not allow to login due to expired uptime How to debug PayPal payments How to send logs to a remote host, using SysLog
3
User Manager/Introduction
4
User Manager/Introduction What is User Manager User manager is a management system that can be used for: • • • • •
HotSpot users; PPP (PPtP/PPPoE) users; DHCP users; Wireless users; RouterOS users.
It is a separate package for RouterOS. User Manager is a RADIUS [1] server application. In RouterOS version 4 User Manager test package was introduced, having major functionality and interface changes.
Requirements • You should have the same version for RouterOS and the User Manager package. • The MikroTik User Manager works on x86, MIPS and PowerPC processor based routers. • The router should have at least 32MB RAM and 2MB free HDD space.
Supported browsers All current generation browsers are supported, including: • • • •
Opera [2] (>= 9.0). Probably works fine also on Opera 8.x Mozilla Firefox [3] (>= 1.5). Probably works fine also on Mozilla Firefox 1.0.x Microsoft Internet Explorer [4] (>= 6.0). Safari [5] (>= 2.0)
Demo To see what User Manager can do for you, log into the test system: User Manager Online Demo and password both being "demo"
[6]
with the login
Note: Demo user has read-only permissions. Download and install User Manager package on your router to see all the features
Note: This demo uses v3 User Manager
User Manager/Introduction
References [1] [2] [3] [4] [5] [6]
http:/ / en. wikipedia. org/ wiki/ RADIUS http:/ / www. opera. com/ download/ http:/ / www. mozilla. com/ firefox/ http:/ / www. microsoft. com/ windows/ ie/ http:/ / www. apple. com/ safari http:/ / userman. mt. lv/ userman
User Manager/Getting started Download MikroTik User Manager can be downloaded from the MikroTik download page: MikroTik User Manager [1], choose system and software type and All packages.
Install Perform the usual router upgrade steps - upload the User Manager package to the router's FTP server and reboot the router.
Create first subscriber Note: Starting from version 3.0 a default subscriber with login admin and empty password is created when User Manager package is installed for the first time. I.e., admin subscriber is created only if the User Manager package was not installed prior to version 3.0.
If you are using a version prior to 3.0, then the first subscriber must be added using Mikrotik terminal (console). All the configuration is done under the /tool user-manager menu. To create a subscriber you should go to /tool user-manager customer menu and execute add command. It will ask for the username which you will use. or you can enter this into the command line: [admin@USER_MAN] tool user-manager customer> add login="admin" password="PASSWORD" permissions=owner You can use the following command to change the password for the 'admin' user: [admin@USER_MAN] tool user-manager customer set admin password=PASSWORD After that you can use print command to see what you have added. [admin@USER_MAN] tool user-manager customer> print Flags: X - disabled 0 subscriber=admin login="admin" password="adminpassword" time-zone= 00:00 permissions=owner parent=admin
5
User Manager/Getting started
Note: Subscriber shown only in version 3
After that you can use the web interface.
Use web interface To log on customer web interface type the following address in your web browser: http:/ / Router_IP_address/ userman where "Router_IP_address" must be replaced with IP address of your router. Use login and password of the subscriber you have created in console. Note: On RouterOS 4.1, User-manger webinterface is unreachable with an HTTP 404 when attempting to navigate to http:/ / inside_ip/ userman from behind a Hotspot interface where inside_ip is an non-NAT'd IP address on the router. Two workarounds: change the 'www' service port from 80 to something other than 80 or 8080, such as port 81. Then use http:/ / inside_ip:81/ userman, or use an IP address hotspot users are NAT'd to (http:/ / outside_ip/ userman) instead.
References [1] http:/ / www. mikrotik. com/ download. html
User Manager/Hotspot Example Introduction To make this setup, you should have running Hotspot server on the router. Let us consider configuration steps for HotSpot and User Manager routers, in order to use User Manager for HotSpot users.
HotSpot configuration • Set HotSpot to use User Manager for HotSpot server users, / ip hotspot profile set hsprof1 use-radius=yes • Add radius client to consult User Manager for HotSpot service. / radius add service=hotspot address=y.y.y.y secret=123456 'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address. By default this is 127.0.0.1. If using a remotely located Router (perhaps via a VPN) then the IP address entered is the IP address of that remote Router. The router could be a Radius Server, or another ROS with User Manager installed. • Note, first local HotSpot database is consulted, then User Manager database. It means that if you have configuration in '/ ip hotspot user print', users will be able to authenticate in HotSpot using this data. Delete users configuration from '/ ip hotspot print' to stop using local HotSpot database for authentication. To move batch of local HotSpot users to the User Manager database use export and import . Use text editor program to create appropriate file to import local users to the User Manager database.
6
User Manager/Hotspot Example
7
User Manager configuration • First, you need to download and install User Manager package [1]; • Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called 'admin' is created automatically - you can skip the following stage and change 'MikroTik' to 'admin' in subsequent steps; / tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
• Add HotSpot router information to router list, / tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456
'x.x.x.x' is the address of the HotSpot router, 'shared-secret' should match on both User Manager and HotSpot routers. Adding 'x.x.x.x' as a router allows Radius requests from 'x.x.x.x' to be passed to the Radius Server built into User Manager. Therefore if you have any remote ROS Hotspots that require access to this Radius Server, then all their IP addresses must be added to this list. • Add HotSpot user information, it is equal to 'ip hotspot user' when local HotSpot is used for clients In version 3: / tool user-manager user add name=demo password=demo subscriber=MikroTik In version 4: / tool user-manager user add name=demo password=demo customer=MikroTik We discuss only basic configuration example, detailed information about 'user' menu configuration. • You can use User Manager web interface after first subscriber created. • To make sure, that client is using User Manager for AAA, / ip hotspot active print Flags: R - radius, B - blocked # USER ADDRESS 0 R 00:01:29:2... 192.168.100.2
UPTIME 1m29s
'R' means that client uses User Manager server for AAA services.
SESSION-TIME-LEFT IDLE-TIMEOUT
User Manager/PPP Example
User Manager/PPP Example Introduction User Manager can be used as a remote authentication, authorization and accounting server for PPP clients. Since 2.9.35 PAP,CHAP, MS-CHAPv1 and MS-CHAPv2 protocols are supported by the User Manager. Let us consider the following configuration steps for PPP and User Manager routers.
PPP configuration We consider PPPoE server PPPoE client configuration example, where the PPPoE server uses a remote User Manager database for PPPoE client authentication, authorization and accounting. Both PPPoE server and PPPoE client are MikroTik routers, any other PPPoE client might be used instead.
PPP server configuration • First, add the PPPoE server to the local interface, : / interface pppoe-server server add interface=ether1 service-name=MikroTik one-session-per-host=yes disabled=no
• Specify the use of User Manager for PPPoE clients: / ppp aaa set use-radius=yes • Set IP address of the PPPoE server, IP address might not be assigned to the interface of PPPoE server. Moreover static IP address or DHCP should not be used on the same interfaces as the PPPoE server for security reasons. / ppp profile set default local-address=192.168.0.1 • Add radius client to consult User Manager for PPP service. / radius add service=ppp address=y.y.y.y secret=123456 'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address. • Note, first the local PPP database is consulted, then the User Manager database.
PPP client configuration • Add PPPoE client to the interface / interface pppoe-client add interface=ether1 user=MikroTik password=MikroTik service-name=MikroTik disabled=no
User Manager configuration • First, you need to download and install User Manager package [1]; • Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called 'admin' is created automatically - you can skip the following stage and change 'MikroTik' to 'admin' in subsequent steps; / tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
• Add PPP server information to router list, In version 3: / tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456
8
User Manager/PPP Example
9
In version 4: / tool user-manager router add customer=MikroTik ip-address=x.x.x.x shared-secret=123456
'x.x.x.x' is the address of the PPPoE-server router, 'shared-secret' should match on both User Manager and PPPoE-server routers. • Add PPPoE client information, In version 3: / tool user-manager user add username=demo password=demo subscriber=MikroTik ip-address=192.168.0.2
In version 4: / tool user-manager user add username=demo password=demo customer=MikroTik ip-address=192.168.0.2
• Let us verify, that PPPoE client is connected and using User Manager for authentication, authorization and accounting. First we monitor if PPPoE client is connected, then we verify that User Manager was used. The first command is executed on PPPoE client router, second on PPPoE server: / interface pppoe-client monitor pppoe-out1 status: "connected" uptime: 12h2m29s idle-time: 12h2m17s service-name: "MikroTik" ac-name: "MikroTik" ac-mac: 00:0C:42:05:54:8F mtu: 1480 mru: 1480 / ppp active> print Flags: R - radius # NAME SERVICE CALLER-ID 0 R MikroTik pppoe 00:0C:42:05:54:6E 192.168.0.2 12h1m48s
ADDRESS
UPTIME
ENCODING
User Manager/DHCP Example
User Manager/DHCP Example Introduction To make this setup, you should have running DHCP [1] server on the router. Let's consider configuration steps for DHCP and User Manager routers, in order to use User Manager for DHCP server users.
DHCP router configuration • Set DHCP to use User Manager for DHCP server leases, / ip dhcp-server set dhcp1 use-radius=yes • Add radius client to consult User Manager for DHCP service. / radius add service=dhcp address=y.y.y.y secret=123456 'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address. • Note, first local router database is consulted, then User Manager database. User will be unable to obtain DHCP lease, if DHCP router and User Manager server will not contain any information about user's data.
User Manager configuration • First, you need to download and install User Manager package [1]; • Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called 'admin' is created automatically - you can skip the following stage and change 'MikroTik' to 'admin' in subsequent steps; / tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
• Add DHCP router information to router list, In version 3: / tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456
In version 4: / tool user-manager router add customer=MikroTik ip-address=x.x.x.x shared-secret=123456
'x.x.x.x' is the address of the DHCP router, 'shared-secret' should match on both User Manager and DHCP routers. • Add DHCP user information, that client with MAC address 00:01:29:27:81:95 will always receive 192.168.100.2 address. User will receive dynamic address from the DHCP ip pool, if ip-address is not specified. In version 3: / tool user-manager user add add subscriber=MikroTik username="00:01:29:27:81:95" ip-address=192.168.100.2
In version 4: / tool user-manager user add add customer=MikroTik username="00:01:29:27:81:95" ip-address=192.168.100.2
We discuss only basic configuration example, detailed information about user menu configuration. • To make sure, that user is receiving lease from User Manager,
10
User Manager/DHCP Example / ip dhcp-server lease> print Flags: X - disabled, R - radius, D - dynamic, B - blocked # ADDRESS MAC-ADDRESS HOST-NAME SERVER RATE-LIMIT 0 R 192.168.100.2 00:01:29:27:81:95 dhcp1
11
STATUS bound
'R' means that lease has been received from User Manager server.
References [1] http:/ / www. mikrotik. com/ testdocs/ ros/ 2. 9/ ip/ dhcp. php
User Manager/Wireless Example Introduction We consider the scenario for wireless network, when only clients from User Manager database are able to establish communications with 'Access Point' router. To make this setup, you must have running Access Point [1]. Let us consider configuration steps for Access Point and User Manager routers.
Access Point configuration • Set Access Point to use User Manager for wireless client authentication, / interface wireless security-profiles set default radius-mac-authentication=yes
• Add radius client to consult User Manager for wireless service. / radius add service=wireless address=y.y.y.y secret=123456 'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address. • Note, first local router database is consulted, then User Manager database. Wireless client will be unable to connect to Access Point, if Access Points router does not contain any entry in the 'interface wireless access-list' for the particular configuration and User Manager server will not have any information about user's data. • Make sure you do not have any entry in the 'interface wireless access-list', remove all hosts from 'access-list' to ensure wireless client MAC authentication only via User Manager, / interface wireless access-list remove [find]
User Manager configuration • First, you need to download and install User Manager package [1]; • Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called 'admin' is created automatically - you can skip the following stage and change 'MikroTik' to 'admin' in subsequent steps; / tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
• Add Access Point router information to router list, In version 3: / tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456
User Manager/Wireless Example In version 4: / tool user-manager router add customer=MikroTik ip-address=x.x.x.x shared-secret=123456
'x.x.x.x' is the address of the Access Point router, 'shared-secret' must match on both User Manager and Access Point routers. • Add wireless client information, client MAC-address that is allowed to establish connection to the Access Point, In version 3: / tool user-manager user add subscriber=MikroTik username="00:01:29:27:81:95" In version 4: / tool user-manager user add customer=MikroTik username="00:01:29:27:81:95"
References [1] http:/ / www. mikrotik. com/ testdocs/ ros/ 2. 9/ interface/ wireless. php
User Manager/RouterOS user Example Introduction User Manager server might be used as remote storage of RouterOS login and password information. MikroTik router will consult User Manager for login and password, when you are accessing RouterOS via Winbox or console session. Let us consider configuration steps.
RouterOS configuration • Set RouterOS to use User Manager server for checking login and password information, / user aaa set use-radius=yes • '/user aaa' has 'default-group' option, that define type of the default group. Default is read permissions, if you need to allow full permissions for users stored in User Manager database / user aaa set default-group=full • Add radius client to consult User Manager for login service. / radius add service=login address=y.y.y.y secret=123456 'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address. • Note, first local router database is consulted, then User Manager database.
12
User Manager/RouterOS user Example
User Manager configuration • First, you need to download and install User Manager package [1]; • Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called 'admin' is created automatically - you can skip the following stage and change 'MikroTik' to 'admin' in subsequent steps; / tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
• Add RouterOS router information to router list, In version 3: / tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456
In version 4: / tool user-manager router add customer=MikroTik ip-address=x.x.x.x shared-secret=123456
'x.x.x.x' is the address of the RouterOS router, 'shared-secret' must match on both User Manager and RouterOS routers. • Add login/password information, that account will be able to access RouterOS. login is MikroTik, password is MikroTik. In version 3: / tool user-manager user add subscriber=MikroTik username=MikroTik password=MikroTik
In version 4: / tool user-manager user add customer=MikroTik username=MikroTik password=MikroTik
User Manager/Customers • Customers are service providers. They use web interface to manage users, credits, routers; • Customers are hierarchically ordered in a tree structure [1] - each can have zero or more sub-customers and exactly one parent-customer; • Each customer can have same or weaker permission level than it's parent; • Each customer has exactly one owner-subscriber. • Customer with owner permissions is called subscriber. Subscriber's parent is himself; • Customer data contains: • • • •
Login and password. Used for web interface; Parent. Enumerator over customers. Used to keep the hierarchy of customers; Permissions. Specifies permission level; Public ID. It's an ID used to identify customer. When a user wants to log on the user page or to sign up he/she needs to specify, which customer to use (because user login names are allowed to be equal among several subscribers). To keep customer login names in secret (for security reasons) this field is used to identify customers (subscribers);
• Public host. Only for subscribers. IP address or DNS name [2] specifying public address of this User Manager router. Payment gateways use this address to send transaction status response. This field has sense only if users access User Manager site through local IP address (for, example, http://192.168.0.250/user) and another address is used for public access (for example, http://userman.mt.lv/user). • Company, city, country. Informational; • Email address. Used to send emails (for ex., sign up information) to users;
13
User Manager/Customers • User prefix. Used to separate users between customers of one subscriber; • Sign-up allowed. When checked, this customer allows users to use sign-up; • Sign-up email subject. When a user completes signs up successfully, he/she receives an email with authorization information, called sign-up email. Subject of this email is configurable. • Sign-up email body. Text template of sign-up email. Must contain several specific string constants: • %login% - will be replaced with login name of newly created account; • %password% - will be replaced with password of newly created account. • %link% - will be replaced with link to User page. This field can be omitted; • Authorize.Net fields (only for subscribers and only when using https): • Allow payments. When checked, users are allowed to use Authorize.Net as payment method for this subscriber; • Login ID, Transaction Key, MD5 Value. Authorize.Net merchant attributes. Must match those specified in Authorize.Net Merchant gateway security settings; • Title. The name of this payment method shown to users. For example, if one changes title to "Credit Card", users will see "Pay with Credit Card" instead of "Pay with Authorize.Net". This field can be very useful if users don't know what Authorize.Net means and get confused; • Return URL: address to which user is redirected when pressing "Return to User Manager" button after successful payment. Can be used to redirect user to HotSpot login page; • Use Test Gateway. When true, payment info will be sent to Authorize.Net test gateway. Can be used for testing payments without actual money charge; • PayPal fields (only for subscribers): • Allow payments. When checked, users are allowed to use PayPal as payment method for this subscriber; • Business ID (login/email). Business ID of the PayPal account where the money will be sent; • Secure Response: whether to use https (when true) or http (when false) to receive payment feedback from PayPal. Additional security mechanism is used to check validity of this feedback information so using http is not mandatory; • Accept pending: when true, payments with status "Pending" are accepted as valid. This may be used for multi-currency payments where manual approvals must be made; • Return URL: address to which user is redirected when pressing "Return to merchant" button after successful payment. Can be used to redirect user to HotSpot login page; • Date format. Used on web pages for data representation. Only allowed formats (listed in drop-down) can be used. When the value doesn't match any of allowed (it's possible to enter any value from console) formats, default is used. See date character constants: • Currency. Used for payments and money-related data representation on the web page; • Time zone. Specific for each customer. By default equals to 00:00. Session and credit info is stored as GMT regardless of ROS time zone on the User Manager router. This value specifies the way data is displayed on the User Manager web pages.
References [1] http:/ / en. wikipedia. org/ wiki/ Tree_structure [2] http:/ / en. wikipedia. org/ wiki/ Domain_name
14
User Manager/Users
User Manager/Users • Users are people who use services provided by customers; • Each user can have time, traffic and speed limitations; • Users belong to specific subscriber, not to customer. Customers can create, modify and delete users but the owner is the subscriber who is also owner of these customers; • To separate users among customers of one subscriber, user prefix is used. • User data contains: • • • • • •
Username and password - used to identify user. Different subscribers can have users with the same username; First name, last name, phone, location. Informational; Email. Used to send notifications to user (for ex., sign-up email); IP address. If not blank, user will get this IP address on successful authorization; Pool name. If not blank, user will get IP address from this IP pool on successful authorization; Group. Sent to Radius client as Mikrotik-Group attribute. Indicates group (/user group) for RouterOS users and profile for HotSpot users. See Radius client documentation [1] for further details, search for "Mikrotik-Group". • Address list. Sent to Radius client as Mikrotik-Address-List attribute. Used only for PPP (not hotspot) indicates to which "ip firewall address-list" should the remote address be added. • • • •
Download limit. Limit of download traffic, in bytes; Upload limit. Limit of upload traffic, in bytes; Transfer limit. Limit of total traffic (download + upload), in bytes; Uptime limit. Limit of total time the user can use services. When left blank, user is limited in time only by credits. Note that this value only takes effect when a user is logged on. When they log off the clock is stopped. If you want to limit the time whether or not the user is logged in, you have to use credits. • Rate limits. Has several parts. For more detailed description see HotSpot User AAA [2], search for "rate-limit". • User also have read-only counters: • Uptime used; • Download used; • Upload used. Note: RouterOS users have nothing to do with User Manager user. If you have RouterOS user admin, it doesn't mean it will also be a customer/subscriber in User Manager.
References [1] http:/ / www. mikrotik. com/ testdocs/ ros/ 2. 9/ guide/ aaa_radius. php [2] http:/ / www. mikrotik. com/ testdocs/ ros/ 2. 9/ guide/ aaa_hotspot. php
15
User Manager/Routers
User Manager/Routers User Manager must know with which routers (IP addresses) to communicate. User Manager is like a judge - it receives questions and must give answers. For example: HotSpot: "Is user 'nick' allowed to use hotspot?" User Manager: "Yes, but only 2 hours. And give him IP 192.168.0.40". If an unknown router asks something, User Manager ignores it. Router table contains information about known routers which are allowed to ask User Manager questions. Router data contains: • • • •
Name. Name of the router. Informational, must be unique per subscriber; IP address. Address of the router; Shared secret. Password used for authentication; Log events. Specifies which events must be written to log.
User Manager/Sessions The term session refers to a period when a user is using customer's services (HotSpot). It has nothing to do with User Manager web-page sessions. Fields: • • • • • • • • • • • • • •
Username. Session owner; NAS Port. See: RADIUS Client documentation [1] (Supported Radius Attributes); NAS Port Type. See: RADIUS Client documentation [1] (Supported Radius Attributes); Calling Station ID. See: RADIUS Client documentation [1] (Supported Radius Attributes); Status. Session status, composition of several facts; User IP. User's IP address; Host IP. Router's IP address; NAS Port ID. See: RADIUS Client documentation [1] (Supported Radius Attributes); From Time. Session start time; Till Time. Session end time; Terminate Cause. Session termination reason; Uptime. = EndTime - StartTime; Download. Downloaded traffic amount; Upload. Uploaded traffic amount.
16
User Manager/Payments
User Manager/Payments Users can buy credits using payment methods allowed by the subscriber. Subscribers can define accessible payment methods on the customer page. Payments hold history of user's transactions. Attributes: • • • • •
Created. Transaction start-time; Finished. Transaction end-time; Price. Transaction amount (credit price); Credit time. Credit prepaid-time bought; Status. Current status of transaction. Can be one of the following:
• Started - transaction is in progress; • Approved - transaction completed successfully; • Error - transaction failed; • Timeout - transaction failed (not finished in required time); • Status description - message describing transaction status;
User Manager/Logs Logs are written when Authorization (auth) or Accounting (acct) requests from routers are received. It is configurable per router which logs must be written (See: HOWTO). Log data contains: • • • • • • • • • • •
Username. Can differ from those registered in user table; User IP; Host IP. Router's IP; Status; Time; Description; NAS Port; NAS Port type; NAS Post ID; ACCT Session ID; Calling station ID.
17
User Manager/Logs
More information on what these fields mean can be found in Mikrotik RouterOS Radius client documentation Supported RADIUS Attributes.
18
[1]
,
Sending logs to Syslog Starting from version 3.24, support for sending logs to SysLog is added. To enable it: 1) Configure per router, which requests to log: accounting/authorization failure/success (See: HOWTO); 2) On the router configure log writing: /system logging add topics=manager,account action=remote /system logging action set remote target=remote remote=1.2.3.4:514 , where 1.2.3.4 and 514 is IP address and UDP port of the remote host, which will receive the logs. 3) Configure your remote host to listen on port 514 (any other port can be used, but it MUSt be UDP port and MUST match the one entered in router's system logging action); 4) Test, if logs are successfully received at the remote host: 4.1) Generate some logs by logging in and out using HotSpot/PPP users; 4.2) Check the Log page. The logs must appear here. Logs are sent to syslog only if they are logged in the User Manager database; 4.3) Check, if logs are received remotely. If you are running Linux, nc [2] can be used: nc -l -u -p 514 , where 514 is the UDP port used. Could be, that root permissions are required to run listening on a UDP port. Another alternative is Wireshark [3] - a multi platform tool for network packet "sniffing". Start a new session and enter udp port 514 in the filter field. You should see incoming logs appearing.
User Manager/Logs
19
Syslog message format The logs are in the following format: ,,, , where: • user-ip - IP of user (NOT the routers IP!): four number in the range 0-255, separated by commas. 0.0.0.0 means "empty address"; • username - username of the user or MAC address, when MAC-authentication used; • log type: string describing type of the log. Takes one of the following values: "auth ok", "auth fail", "acct ok", "acct fail". Fail means - the user was not successful to authorize or the accounting log was malicious. To track user session activity, only logs having "auth ok" and "acct ok" must be taken in account. • message - contains message, describing error, in case of failure. can be empty. SysLog messages are limited in size, therefore it could happend, that the end of the message has been cut off.
References [1] http:/ / www. mikrotik. com/ docs/ ros/ 2. 9/ guide/ aaa_radius [2] http:/ / netcat. sourceforge. net/ [3] http:/ / www. wireshark. org/
User Manager/Permissions This table lists customer permissions: Read-only
Read-write
Full
Owner
View Routers
+
+
+
+
Credits
+
+
+
+
Users
+
+
+
+
Sessions
+
+
+
+
+
+
Customers Reports
+
+
+
+
Logs
+
+
+
+
Routers
+
+
+
Credits
+
+
+
Users
+
+
+
Add
Customers
+ Edit
Routers
+
Credits Users Customers
+
+
+
+
+
+
+ +
User Manager/Permissions
20 Remove Routers
+
+
Credits
+
+
Users
+
+
Customers
+
Sessions
+
+
Logs
+
+
+
+
Specific actions Reset user counters Reset router counters
+
+
+
Remove last user credit
+
+
+
Close active sessions
+
+
+
User Manager/Character constants Time constants Time constants can be divided in parts. Each part consists of integer followed by one of the following characters: • • • • •
w - week (equals 7 days) d - day (equals 24 hours) h - hour (equals 60 minutes) m - minute (equals 60 seconds) s - second
Examples: • 4w2d - 30 days (4 weeks and 2 days). • • • •
30d - 30 days. Equals 4w2d 3h - 3 hours 2d2h - 50 hours (2 days and 2 hours). Equals 50h 2w30m - 2 weeks and 30 minutes. Equals 20190m.
Date constants In date constant following characters will be replaced with proper values: • • • •
%Y - four digit year representation %b - verbal (short) month representation %m - two digit month representation %d - two digit day-of-the-month representation
Examples (representing October 5, 2006): • %d/%m/%Y - 05/10/2006 • %Y-%b-%d - 2006-Oct-05
User Manager/Character constants
Voucher template constants The following constants of voucher template will be replaced with actual user attribute values: • • • • • • • • • • • • • • •
%u_username% - Username (login); %u_password% - Password; %u_fname% - First name; %u_lname% - Last name; %u_phone% - Phone number; %u_locat% - Location; %u_email% - Email address; %u_ip% - IP address; %u_pool% - Pool name; %u_group% - Group; %u_limit_download_f% - Nicely formatted download limit (introduced in v3.1); %u_limit_upload_f% - Nicely formatted upload limit (introduced in v3.1); %u_limit_transfer_f% - Nicely formatted transfer limit (introduced in v3.1); %u_limit_download% - Download limit (in bytes); %u_limit_upload% - Upload limit (in bytes);
• • • • • •
%u_limit_uptime% - Uptime limit (in bytes); %u_used_download% - Used download; %u_used_upload% - Used upload; %u_used_uptime% - Used uptime; %u_prep_time% - Prepaid time - time constant or the word unlimited; %u_tot_price% - Total price, including currency
21
User Manager/Active sessions
User Manager/Active sessions When a session is started it's state is set to active. It can become inactive in one of the following ways: • User Manager receives accounting-stop message; • Customer closes session manually in the web interface. The option "Close" is available for the active-session table, on the status page; • An active session is closed when the same router asks to start a new session with the same accounting-session-id. If the router hasn't sent accounting-stop message the session may remain active even if it should have closed much sooner. Such sessions can be closed manually.
User Manager/Public ID Each subscriber already has an unique field - login. But for security reasons another field - Public ID is used. Note: In earlier versions (until version 2.9.31) login is used to identify subscriber. Each customer has a Public ID. It can be configured in the customer section. But there is no need to specify public ID for each customer. Because the subscriber search procedure occurs as follows: • Search for a customer with specified public ID. If no customer found, the default (first) subscriber is used. Otherwise proceed to the next step; • Search for a subscriber (owner) of the customer just found. Every customer has its subscriber, so this procedure always finds the result. So only one customer per subscriber must have a public ID defined. Usually the subscriber itself has a public ID and all the other customers can live without it. Public ID for customers is significant in user sign-up process to use different user prefix and sign-up-credit for different customers. Only subscribers have permissions to edit customers. That means, subscriber must configure public IDs for all sub-customers.
22
User Manager/MAC binding
User Manager/MAC binding Applies to RouterOS: v4.x test package
Description MAC binding is a feature, when users MAC address is not specified beforehand, but is fixed (bound) when the user connects for the first time. Further the user is allowed to use only this MAC address. In User Manager MAC address can be re-bound also for users with previously fixed one. In this case MAC address is re-fixed at next user logon.
Binding MAC address in the Web interface To bind MAC address, check the box "Bind on first use" for Caller ID field from the Constraints group in User Detail form:
To specify a particular MAC address, un-check this box and type in the MAC address manually.
Binding MAC address in console To bind MAC address in console, just change users caller-id to "bind": /tool user-manager add customer=admin name=user1 caller-id=bind how to make your mac faster [1]
References [1] http:/ / www. mac-how. net
23
User Manager/Languages
User Manager/Languages In RouterOS v4, User Manager supports multiple languages.
Create your own translations 1. Download language file template [1], containing English translations 2. Open it with poEdit. Language files are plain-text and can also be edited with any text editor if poEdit [2] is not available. Please, use UTF-8 encoding for non-standard characters. 3. Translate the file 4. Set the language: in poEdit [2]: Catalog > Settings > Language, in text editor, change the line containing "X-Poedit-Language: English\n" 5. Save it as .lng file. File name is not important (.lng extension is required), but it is recommended to contain translation language information, for example de_DE.lng for German translation) 6. Upload the file to router, using ftp 7. If you are logged in to User Manager web, log out and log in again. 8. In the web page there will be language select box on the menu. Select desired language. Multiple languages can be stored on router at the same time, desired language is chosen in customer web page. Every customer can choose its own language to use.
User translations Currently no ready-to-use translations are available here. But, if you made one, please post it here: choose "Upload file" from menu on the left side of this wiki, upload the file and then post a direct link to it here. Spanish translation http:/ / wiki. mikrotik. com/ images/ b/ be/ Sp_SP_def. txt author: Jose Salazar, Spain. Change txt extension for lng and upload it via FTP to Router. Portuguese-BR translation http:/ / wiki. mikrotik. com/ images/ 2/ 2c/ Pt_BR. lng. txt author: Antonio Junior, Brazil. Change extension for lng and upload it via FTP to Router. Italian translation http:/ / wiki. mikrotik. com/ images/ 2/ 23/ It_IT_def. txt author: Renato Bernardi, Italy. Change txt extension for lng and upload it via FTP to Router.
References [1] http:/ / wiki. mikrotik. com/ images/ 5/ 59/ En_EN_def. txt [2] http:/ / www. poedit. net/
24
User Manager/Search patterns
User Manager/Search patterns Tables can be searched (filtered) by one field. This field is specific for each kind of table. For example, users are filtered by username, routers - by name. Filter pattern: • is case-insensitive [1]. • matches a part of the value. (abc matches abc, abcde, 123abc, 123abcde). Pattern "abc" is actually used as "%abc%" (See below for explanation of character %); • Special characters can be used: • % - matches any sequence of zero or more characters; • _ - matches any single character; • \ - escape character. Use it before '%', '_' and '\' literals to match them as regular characters.
Examples • "spot" matches hotspot, hotSpot, HotSpot, HotSpots, HOTSPOT, ... • "r%m" matches rm, arm, armor, ram, rome, aroma, Mikrotik manager ...
References [1] http:/ / en. wikipedia. org/ wiki/ Case_insensitive
User Manager/Tables Tables are used to display a list of objects: users, routers, credits, sessions, customers or logs. In one table are displayed only objects of one type. Each type of objects has specific fields to display. If the object contains many parameters, not all of them are displayed in the table. To see all parameters the object detail form can be used. Tables have several options: • • • • • • •
Sorting; Filtering (Search); Division in pages; Multiple object selection; Operations with selected objects; Minimization; Links to detail form.
25
User Manager/Tables
Sorting Sorting can be done by almost all fields. But there are some "non-sortable" fields, mostly because they are calculated fields. Sorting can be ascending (1, 2, 3, ...) or descending (5, 4, 3, ...). There are triangular sort buttons for each column - on sides of column's title (at the top). Ascending sort - on the left, descending - on the right:
Sorting decreases data reading performance - sorted data reads take more time than non-sorted reads. However sorting affects only reads in the current table, tables are independent to each other.
Filtering Each table can be filtered only by one field: • Users, sessions, logs: by username; • Routers, credits: by name; • Customers: by login. Some tables cannot be filtered (for example, specific user's sessions). Enter pattern in the search form at the bottom of the table and press search. To cancel filtering, clear value of the search form and press search:
26
User Manager/Tables
Division in pages A table can contain plenty of records. It could be a very long operation to display them all. Therefor records are divided in pages and only one page, called active page, at a time is displayed. Record count per page is changeable on the top-right corner:
The active page can be changed using the link on the upper-left corner:
• Links with numbers go to respective page. • Links with arrows go to previous and next page. • There are also links to first and last page, but they are only displayed when needed (when it is possible to go to the last/first page with number-links, first/last page links will not be displayed). A total number of records (not pages) is displayed in parenthesis right after page-links:
27
User Manager/Tables
28
Multiple object selection Tables have checkboxes for each object on the right side of row:
Each object can be selected and actions can be performed on selected objects. On the top of all checkboxes is the select-all checbox which toggles selection of all objects in the current page:
A
title
displaying
selected
object
count
is
located
at
the
bottom
of
a
table:
The total count of selected objects and selected objects in the active page is displayed. There is also a button which unchecks all selected objects in other (inactive) pages (affects only this table). This button is very useful if you select some objects and then change sorting criteria for the table - selected objects get scattered between many pages but you can still uncheck them all by one click.
User Manager/Tables
29
Operations with selected objects Different operations can be performed on selected objects. Web-interface users can have different allowed operations depending on their permissions. Operations are performed only with users in the active page. The reason is security. It is very easy to select some objects, then change the page and forget the selected objects in other pages. Some operations (like remove) are very dangerous in such situations. That's why all operations work only with selected objects in the active page. All allowed operations (except adding, which is available in main menu on the left) can be found at the bottom of a table in a form of popout toolbar. Each table can have different allowed operations:
.
Minimization Tables can be minimized with a click on the minimize button on the top-right corner:
Minimized tables are not shown in printable page.
User Manager/Tables
Links to detail form Almost every table has links to object detail form, because not all the information can be displayed in the table. Some tables have even links to two different detail forms, for example, session table has links to user and session detail forms. Detail form Links are displayed as usual html-links, underlined:
30
User Manager/Customer page
User Manager/Customer page Setup There are no special setup actions for web interface. The only requirement - at least one subscriber must be defined. See first subscriber setup guide.
How to find? Type the following address in your web browser: http://Router_IP_address/userman where "Router_IP_address" must be replaced with IP address of your router.
Sections Here are described customer page sections. Use menu on the left side to navigate:
Status This page has several components: • • • •
User search; Active user listing; Active session listing; User batch-add form.
User search Type in the search pattern and press the button "Search". Results will be displayed in a new table.
Active users Active user count displayed here. To see a full list of active users, click on "Show":
31
User Manager/Customer page Active sessions Active sessions count displayed here. To see a full list of active sessions, click on "Show":
User batch-add form Batch of users can be added here:
Fields: • • • • •
Number of users. How many users to add; Login starts with. Displays user prefix; Rate limits. hidden by default. Check the box on the right to show rate limit field group; Uptime limit; Prepaid. Credit that will be assigned to users. Unlimited users can also be created by selecting unlimited as a value. • Generate CSV [1] file. When checked a CSV-file [1] will be generated containing just created user data; • Generate vouchers. When checked printable vouchers for just created users will be generated.
Routers View routers Table displaying routers:
32
User Manager/Customer page All router's attributes are shown here. Click on name opens router detail/edit form. Add router Opens router add form. The same form is used to edit routers:
Fields: • • • •
Name. Router's name. Must be unique per subscriber; IP Address. Address of the router; Shared secret. Password used for authentication; Log events. Specifies which events must be written to log.
Credits View credits Table displaying credits:
All credit's attributes are shown here. Click on name opens credit detail/edit form.
33
User Manager/Customer page Add credit Opens credit add form. The same form is used to edit credits:
Fields: • Name. Credit's name. Must be unique per subscriber; • Time. How long this credit is valid when started; • Full price. The price of this as the first credit for a user. When the checkbox at the right is empty, full price is unavailable - this credit can not be used as a base credit; • Extended price. The price of this as extended credit for a user (user already has credits before this on). When the checkbox at the right is empty, extended price is unavailable - this credit can not be used as an extended credit;
Users View users Table displaying users:
34
User Manager/Customer page Only part of user's attributes are shown here. To see all details of specific user, open user detail form by clicking on username in the table. User detail form Detail form with user data:
Contains all user fields. There are groups of fields (for example, private information, rate limits). These fields are hidden by default and are accessible by checking the box on the right:
If the user has credits assigned the total prepaid time is shown at the bottom. To see credit details click on the plus sign ("+") under Prepaid time:
35
User Manager/Customer page New credits can also be assigned (if permitted) to user. At the bottom is a select-box called "Extend" (called "Add time" when user has no credits yet). The price depends on what kind of credit this is for a user - first or extended. Price is shown in braces:
. To assign credit to the user, choose the desired credit and click Save. Options (buttons at the bottom): • • • •
Save - saves edited information, assigns credit, if one selected; View report - opens single user report. Remove last credit - removes last credit that's not started yet; Show sessions - opens window with all sessions this user has;
Add user Detail form for filling in information about the new user. Very similar to user detail form. This form does not have read-only counters and other user statistics:
36
User Manager/Customer page Add batch of users The User batch-add form will be opened.
Sessions View sessions Table displaying sessions:
Only part of session's attributes are shown here. To see all details of specific session, open session detail form by clicking on ID in the table. To see details of session user click on the username in the table.
37
User Manager/Customer page Session detail form Detail form with session data:
Contains all session fields.
Customers View customers Table displaying customers:
Only part of customer's attributes are shown here. To see all details of specific customer, open customer detail form by clicking on login in the table.
38
User Manager/Customer page Customer detail form Detail form with customer data:
Contains all customer fields. There are groups of fields (for example, private information, user options). These fields are hidden by default and are accessible by checking the box on the right:
There are fields which are accessible only for subscribers: Public Host and Authorize.Net fields. These fields are not shown for customers who are not subscribers:
39
User Manager/Customer page
There are sensitive-data fields (Authorize.Net) which are visible only when using secure connection (https):
There are sensitive-data fields (Authorize.Net) whose values are not shown. Whether the field has value specified or not is visible by the title standing before it: if the title says "Set ...", this field has no value set; the title saying "Change ..." means that this field has some value:
40
User Manager/Customer page
In the example above Login ID and Transaction Key fields have values (titles are "Change ...") while MD5 Value field has no value specified (title is "Set ..."). Add customer Detail form for filling in information about the new customer. Very similar to customer detail form. This form does not have subscriber fields since subscribers cannot be added here:
Reports This section refers to user time and traffic reports. Reports generated here can be printed directly. Configurable options: • Users - which users to show: prepaid, unlimited or all; • Type - time (contains prepaid time, extend time and price) or amount (contains upload and download amount) report; • Period - total (whole history) or with specific time boundaries; See user time and traffic reports for further detail. Sample report:
41
User Manager/Customer page
Logs View logs Table displaying logs:
Only part of log's attributes are shown here. To see all details of specific log, open log detail form by clicking on ID in the table.
42
User Manager/Customer page Log detail form Detail form with log data:
Contains all log fields.
References [1] http:/ / en. wikipedia. org/ wiki/ Comma-separated_values
43
User Manager/User page
User Manager/User page How to find? User page can be found at address: http://Router_IP_address/user?subs=publicID , where • "Router_IP_address" must be replaced with IP address of your router where the User Manager is running (don't mix it with the HotSpot router, if User Manager and HotSpot are running on different routers); • publicID must be replaced with public ID of the subscriber who is the owner of this user; • If there is only one subscriber on this router the part "?subs=..." can be skipped, i.e., then the address http:// Router_IP_address/user can be used.
What is Public ID and how to change it? See: Subscriber public ID.
Link to user page Links and buttons to user page can be used in other web pages. There are several things configurable: • router IP address; • subscriber's public ID; • caption on the link/button.
Textual link To get a textual link to user page, replace this template with your own values: %caption% • %hostname% - router's hostname or IP address; • %subid% - subscriber's public ID; • %caption% - caption of the link that will be show to user. Example: To get a link to userman.mt.lv router's demo subscriber user page, use the following link: This is an example link to Mikrotik User Manager demo User page
And it looks like this: This is an example link to Mikrotik User Manager demo User page [1]
Link button To get a button, which leads to user page, replace this template with your own values: %caption%
Example: To get a button-link to userman.mt.lv router's demo subscriber user page, use the following link: Check
The visual representation cannot be shown here because of the wiki security so you have to pretend how it looks like. The same button-link is used in HotSpot page templates. By default it looks like this: status
44
User Manager/User page $(hostname) here is replaced with the hostname of the HotSpot router (so the default link works only if HotSpot and User Manager are running on the same router). And "subs=" means that first subscriber will be used (works fine when there's only one subscriber on the router). Hostname and subscriber id can be replaced with desired values.
Sections This par of a document describes sections available in user page. For navigation use the menu on the left side:
Status Here the user can see account's status: • Summary; • Credits; • Sessions. Sample screenshot:
This information is also formatted for printing. See print preview in the browser (Usually under File > Print preview in the browser's toolbar). Credits and sessions are formed in tables. These tables can be "minimized" - the button on the upper right corner of the table. A minimized table will not be printed (see print preview).
45
User Manager/User page Summary Here the user can see: • Prepaid time - duration of all the credits bought (See: time constants). Or the word unlimited (See prepaid and unlimited users); • Total price - how much all the credits cost; • Uptime limit - the maximum allowed duration of user's sessions; • Uptime used - current duration of user's sessions; • Download used • Upload used Credits Table with all credits this user has bought. No data for unlimited users. Sample screenshot:
If there are credits that are not started yet (see: credits), start-time and end-time fields contain values "awaiting login".
46
User Manager/User page Sessions Table with all user's sessions. Sample screenshot:
Payments Here the user can view payment history and buy a new credit. This section is only available if the subscriber has allowed any payments. View payments Table with all user salles de poker [2] payments. Sample screenshot:
To see all details of specific payment, open payment detail form by clicking on ID in the table.
47
User Manager/User page Payment detail form Detail form with payment data:
Contains all payment fields. Buy credit A new credit can be bought here using payment methods which are allowed by the subscriber. There are a number of restrictions for this sub-section to be accessible: • Secure connection (https [3]) must be used to access the site. Otherwise a notification with a link to secure page will be shown; • At least one payment method must be allowed by the subscriber; • Subscriber must have configured all required payment attributes; Sample screenshot:
Here user can see his/her current balance and choose a credit to buy. After click on the "Buy" button user will be redirected to payment gateway where he/she will have to enter required data to process payment.
48
User Manager/User page Important - payment data (such as credit card number and expiry date) is sent directly from user's computer to payment gateway and is not captured by User Manager. User Manager processes only response about the payment result from the payment gateway. This response does not contain any sensitive user's data. When the payment is successful, the selected credit is added to user's account.
Settings In this section user can configure his/her parameters: • Private information (informational, not used by User Manager): • First name; • Last name; • Phone; • Location. • Email - used to send emails to user. Must be unique. If values provided in "New password" and "Retype new password" fields, the password will be changed. Sample screenshot:
References [1] http:/ / userman. mt. lv/ user?subs=demo [2] http:/ / www. pokerenfrancais. eu/ salles-de-poker [3] http:/ / en. wikipedia. org/ wiki/ Https
49
User Manager/User sign up
User Manager/User sign up Usually user accounts are created by customers. But users can also sign-up by filling in the sign-up form. This feature is available since version 2.9.31.
Setup User sign-up can be enabled per customer. I.e., some customers can allow it while others don't. Sign-up is disabled by default. To enable it several requirements must be met: • Note: All the attributes mentioned above can be configured in customer section of the customer web-page; • Customer, who wants to allow sign-up, must have public ID. Since Only subscribers have permissions to edit customers, this public ID must be assigned by the subscriber. In other words - subscriber must configure public IDs for its customers. • Subscriber must have at least one credit with full price specified; • In the case when users access sign-up page from a local address which is not accessible from outside (global Internet) subscriber must have public host address configured. This address is needed by PayPal, payment response will be sent to this it; • The customer has to enable sign-up by checking the "Signup allowed" box in Signup options section; • The subscriber must have at least one payment method enabled and configured; • The customer should have email address specified. Email will be send to users who sign up (if the user specifies his/her email address) using this as the from-address; • SMTP-server should be specified. It can be done via console, under tool email, command "set server=xxx.xxx.xxx.xxx". This SMTP server will be used to send email reminding user's account data. Users can however log on to the HotSpot after a successful payment without receiving this email; • Signup email subject and body can be personalized. There are defaults defined, but one can customize them. However there are constant strings (will be replaced by actual values) that must be present within the message body. See sign-up email body field definition.
Sign-up steps User sign-up can divided in following steps: • Subscriber configures required parameters (described above); • User creates an account: • User opens sign-up page URL in the browser; • User fills in the sign-up form; • User chooses credit; • User chooses payment method; • An inactive account is created for the user; • User activates the account (executes payment): • • • •
User is redirected to Payment Gateway; The payment is being processed; Payment gateway sends response (was the payment successful or not) to User Manager router; The account gets activated (if the payment was successful);
• User can start using services. Status check and setting change can be done in the user web-page. May seem a little confusing, but all these steps are simple and can be done in several minutes.
50
User Manager/User sign up
Creating account User opens http:/ / routerIP/ user?signup=publicID, where routerIP must be replaced with the IP address of the User Manager router and publicID must be replaced with subscribers public id. Sign-up form will be shown:
Input fields: • email. Email address for user account. must be unique per subscriber. Account data will be sent to this address if one specified; • login. Desired username. If user prefix is defined, it is shown at the left and cannot be changed. So the prefix is already predefined (may be empty), the remaining part of username can be chosen. IT must be at least 3 characters long. Example: if the prefix is "cu" (shown on the left) and "test" is entered as the remaining part, the username will be "cutest"; • password. Self explanatory; • confirm password. Password once again to reduce possibility to mistype it; • time. The initial credit for the user account; • pay with. Payment method selector. After the "sign up" button is pressed, authorization data is show to the user. He/She must remember this data as it will be required to log in later:
If the "Cancel" button is pressed, user is returned to sign-up form. If the "Pay with ..." button is pressed, an inactive account is being created and the user is redirected to payment gateway.
51
User Manager/User sign up
52
Activating account On a successful payment, the account is activated and the user is returned to User Manager/User page where he/she can check the status of the account. If the email address was specified in sign-up form, an email with authorization information is sent to it. The text is customizable in customer web-page. By default it looks like this: Your authorization data: login: userLogin password: userPassword
To check your status and buy extented time go to address
http://userman.mt.lv/user?subs=demo.
here: • userLogin is the username (login); • userPassword is the password. • http://userman.mt.lv/'' is the hostname of the User Manager router;
Login After successful account activation user is able to start using services (Hotspot). Status and settings are available in user web-page.
User Manager/User payments Supported payment methods Authorize.Net supported.
[1]
(since version 2.9.40 or 3.0beta5) and PayPal
[2]
(since version 2.9.41 or 3.0beta6) payments are
Authorize.Net Authorize.Net requirements To allow Authorize.Net payments for users the following requirements must be met: • • • •
User Manager v3.0 (or v2.9.x, >= 2.9.40) package installed on the router. See: Getting started; User Manager subscriber created (See: Getting started); Subscriber must have merchant account in Authorize.Net [3] gateway; Web server on the router must be configured to support secure SSL connections (See HTTPS connection enabling); • HotSpot router should contain entries in 'walled-garden to User Manager router and Authorize.net webpage, / ip hotspot walled-garden ip add dst-address=x.x.x.x action=accept where x.x.x.x is address of User-Manager server, / ip hotspot walled-garden add dst-host=:^secure\\.authorize\\.net dst-port=443 action=allow
These entry is used to allow access to Authorize.net
User Manager/User payments
53
Authorize.Net setup Authorize.Net merchant account configuration Relay URL Relay URL list must either be empty or contain URL to the User Manager router. For example, if you are using userman.mt.lv as User Manager router, then Relay URL list must contain URL https:/ / userman. mt. lv/ (works with and without trailing slash). Relay URL list can be configured in Authorize.Net [3] merchant gateway under Account > Settings > Response/Receipt URLs API Login ID API Login ID is shown in Authorize.Net Transaction Key.
[3]
merchant gateway under Account > Settings > API Login ID and
Transaction Key Transaction Key can be obtained in Authorize.Net [3] merchant gateway under Account > Settings > API Login ID and Transaction Key > Create New Transaction Key. MD5-Hash value MD5-Hash value can be set in Authorize.Net [3] merchant gateway under Account > Settings > MD5-Hash. WARNING!: Standard MD5 hash values are 32 characters long, however, the Authorize.net MD5-Hash input fields only allow 20 characters. Best chance of success if you paste your md5sum into the Authorize.net input field, then copy it back out to paste into User Manager configuration. By re-copying from the Authorize.net input field, you are selecting only the 20 characters that the field length allows. Payment Form Payment Form configuration can be found in Authorize.Net [3] merchant gateway under Account > Settings > Payment Form. The look of this form is customizable here. While the only required fields for processing transaction are credit card number and expiration date, another fields are allowed to be shown in the form. Form customization is up to merchant. Authorize.Net subscriber configuration Subscriber attribute values can be edited using customer detail form in customer page. Subscriber Authorize.Net attributes Subscribers have a set of specific Authorize.Net attributes which must be configured properly to allow Authorize.Net payments: • Only subscribers have Authorize.Net attributes, other customers don't; • Attribute values can be changed only in customer web page, not in console. There is only possibility to change values, not to see them. As these attributes contain sensitive data, their values are encrypted on the router; • Customer web page must be opened using secure SSL connection (https) to change attribute values; All the attributes can be found in Authorize.Net attribute group:
User Manager/User payments
1. "Allow Payments" must be checked to allow this payment method; 2. Login ID, Transaction Key and MD5 Value must have same values as set in Authorize.Net merchant gateway. 3. Title is optional. It specifies the text shown to users as the name of this payment method. Default title is "Authorize.Net", but it can be changed to something more used to users, for example "Credit Card". The value of this field does not affect the payment process it is only user interface element. 4. Return URL (optional, added in version 3.24): address to which user is redirected when pressing "Return to User Manager" button after successful payment. Can be used to redirect user to HotSpot login page; 5. Use Test Gateway (optional): when checked, payment information is sent to test gateway of Authorize.Net and no real money is charged. This mode can be used to test Authorize.Net payments before User Manager deployment. Other subscriber requirements • Subscriber must have at least one credit with price other than zero. Credit price will be used as transaction amount for the payment; • Correct currency must be specified for subscriber. If USD is accepted by Authorize.Net merchant, currency attribute can be left unchanged for subscriber:
• If users access User Manager page through a local IP address, public host attribute must be specified. It must contain a public address of User Manager router which is acceptable as Relay URL for Authorize.Net gateway (See: Authorize.Net Merchant account configuration). Domain name or IP address can be used. Only the address must be specified, not URL (for example, userman.mt.lv, not https://userman.mt.lv/and not https://userman. mt.lv/userman):
54
User Manager/User payments
Authorize.Net usage • User can buy credits in User Manager page. First he/she has to log on the page. See: User page. • Secure connection must be used for web page, so user has to use https://router_IP/user instead of http:// router_IP/user (https instead of http). • Payment section is available on main menu only if subscriber has allowed any payment method. • To buy credit user chooses "Buy credit" from "Payments" section:
• If https connection is not used for web session, a message with error and link to https site will be opened:
• In this form user chooses credit he/she wishes to buy;
• Current balance is also shown:
55
User Manager/User payments
• User chooses Authorize.Net as payment method:
• When the credit is chosen, "Buy" button must be pressed to start payment transaction:
56
User Manager/User payments
• User is redirected to Authorize.Net gateway payment form, which should look similar to following:
• The actual look of this form can be configured in Authorize.Net merchant gateway • User fills in credit card number and expiry date. Other fields are optional:
57
User Manager/User payments
• User submits the form::
• The data is transmitted directly to Authorize.Net gateway via secure connection. Neither credit card number nor expiry date is submitted to User Manager router. • Authorize.Net gateway processes the data and sends response to specified User Manager router. This response contains only data required to identify payment in User Manager and detect result status of transaction - was it successful or not. It does not contain any information about the user - credit card number, expiry date or other sensitive data. • User Manager processes the response and updates payment record status; • If the transaction was successful requested credit is added to user's account; • A message describing payment result is shown to user:
• Click on the button redirects the user back to User Manager page:
• User is returned to payment section displaying table with payment history:
58
User Manager/User payments
PayPal PayPal requirements To allow PayPal payments for users the following requirements must be met: • • • •
User Manager v3.0 (>= 3.0beta6) or v2.9.x (>= 2.9.41) package installed on the router. See: Getting started; User Manager subscriber created (See: Getting started); Subscriber must have merchant PayPal [4] account; Web server on the router must be configured to support secure SSL connections (See HTTPS connection enabling); • HotSpot router should contain entries in 'walled-garden to User Manager router and Paypal webpage, / ip hotspot walled-garden ip add dst-address=x.x.x.x action=accept where x.x.x.x is address of User-Manager server; • version v2.9 / ip hotspot walled-garden add dst-host=:^www\\.paypal\\.com\$ dst-port=443 action=allow / ip hotspot walled-garden add dst-host=:^content\\.paypalobjects\\.com\$ dst-port=443 action=allow / ip hotspot walled-garden add dst-host=*.akamaiedge.net action=allow / ip hotspot walled-garden add dst-host=paypal.112.2O7.net action=allow
• version v3 / ip hotspot walled-garden add dst-host=":^www\\.paypal\\.com\$" dst-port=443 action=allow / ip hotspot walled-garden add dst-host=":^content\\.paypalobjects\\.com\$" dst-port=443 action=allow / ip hotspot walled-garden add dst-host=*.akamaiedge.net action=allow / ip hotspot walled-garden add dst-host=paypal.112.2O7.net
These four entries are required to allow reliable access to the Paypal system.
PayPal setup PayPal merchant account configuration Basically there is no specific PayPal account configuration that must be done. The only requirement is to have PayPal account which is allowed to receive money. Warning! User Manager accepts payment as successful only when it receives status "Completed" from PayPal gateway. If the status is "Pending" and some manual operations must be done by merchant (or the merchant has not verified the account) to accept payment, the credit will be transfered to User Manager user account only when the payment will be accepted. Note: Since version 2.9.45 and 3.0beta11 it is possible to also accept payments with "Pending" status, except for those with pending reason "unilateral".
59
User Manager/User payments PayPal subscriber configuration Subscriber attribute values can be edited using customer detail form in customer page. Subscriber PayPal attributes The only PayPal attribute subscribers have is business login. It is the login (usually an email address) merchants use to log on their account. Only subscribers have this business login, other customers don't; Since versions 2.9.45 and 3.0beta11 there are also options that refer to PayPal payment processing: "Secure Response" and "Accept Pending". Field "Return URL" added in version 3.11. All the attributes can be found in PayPal attribute group:
1. "Allow Payments" must be checked to allow this payment method; 2. Login (email) must be the PayPal merchant account login. 3. Secure response. When checked, PayPal will send response via HTTPS. Otherwise response will be send via HTTP; 4. Accept pending. When checked, User Manager will also add credit to user if the payment status is "Pending", except for payments with pending reason "unilateral". Other subscriber requirements • Subscriber must have at least one credit with price other than zero. Credit price will be used as transaction amount for the payment; • Correct currency must be specified for subscriber. If USD is accepted by PayPal merchant, currency attribute can be left unchanged for subscriber:
60
User Manager/User payments • If users access User Manager page through a local IP address, public host attribute must be specified. It must contain a public address of User Manager router which is acceptable as response URL for PayPal gateway (PayPal will send payment result to this address). Domain name or IP address can be used. Only the address must be specified, not complete URL (for example, userman.mt.lv, not https://userman.mt.lv/and not https:// userman.mt.lv/userman):
PayPal usage • User can buy credits in User Manager page. First he/she has to log on the page. See: User page. • Secure connection must be used for web page, so user has to use https://router_IP/user instead of http:// router_IP/user (https instead of http). • Payment section is available on main menu only if subscriber has allowed any payment method. • To buy credit user chooses "Buy credit" from "Payments" section:
• If https connection is not used for web session, a message with error and link to https site will be opened:
• In this form user chooses credit he/she wishes to buy;
61
User Manager/User payments
• Current balance is also shown:
• User chooses PayPal as payment method:
62
User Manager/User payments
• When the credit is chosen, "Buy" button must be pressed to start payment transaction:
• User is redirected to PayPal gateway payment form, which should look similar to following (PayPal web site can change, these screen shots may differ from actual page):
63
User Manager/User payments
• User logs on to the account. Payment is now displayed with the Pay button:
• When user presses Pay button, PayPal starts to process data. On successful payment result page is displayed:
• This page contains button "Return to merchant" pressing which returns user to User Manager payment history page:
64
User Manager/User payments
• User Manager receives data from PayPal indicating Payment status. • On a successful payment the appropriate credit is added to user.
PayPal chargeback When a payment changes status from "Approved" to "Aborted" (For example, "Reversed") User Manager tries to remove credit bought for this money. This is however possible only if the two following requirements are met: • The credit is not started yet; • The credit is last for current user, i.e., no other credit is bought after this one.
PayPal payment process description • The payment data is transmitted directly to PayPal gateway. All operation with money and accounts is processed by PayPal. User Manager knows nothing about it. • PayPal gateway processes the data and after that sends response to specified User Manager router. It may take time, usually not more than one minute. That means that payment may have status "Started" for a few seconds, the status is updated only when PayPal sends response to User Manager; • If the option "Secure response" is enabled, secure connection (https) is established between PayPal and User Manager; • When experiencing problems with HTTPS response from PayPal, "Secure response" may be disabled. Then no certificate will be needed on User Manager router to receive PayPal response; • Again - PayPal response contains only data required to identify payment in User Manager and detect result status of transaction - was it successful or not. It does not contain any information about the user - credit card number, expiry date or other sensitive data; • User Manager sends request to PayPal to verify that this payment response comes from PayPal and not from a hacker. Because of this verification it is not necessary to receive response from PayPal via https - if a Man-In-The-Middle [5] catches data and sends wrong response to User Manager, the verification fails; • Response verification requires SSL certificate of root certification authority [6] who has signed PayPal certificate. This root CA certificate is imported automatically and can bee seen in certificate section on the router (console or Winbox); • User Manager processes the response and updates payment record status; • If the transaction was successful requested credit is added to user's account; The payment processing is shown in the following picture:
65
User Manager/User payments
Related activities HTTPS connection enabling Creating certificate Trusted SSL Certificate can be bought from trusted authorities, for example, VeriSign [7]. An unsigned certificate can be generated by hand, using OpenSSL on a Linux box. To do it issue following commands in the shell: openssl genrsa -des3 -out server.key 1024 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Two important things: 1. Enter the same pass phrase always when asked for "Enter pass phrase for server.key" (Should be 4 times); 2. Enter your server's domain name, when asked for "Common Name (eg, YOUR name) []". This is important, because otherwise some browsers may refuse your certificate. For example, if the User Manager server's address is http://userman.mt.lv/userman, then "userman.mt.lv" must be specified as Common Name for the certificate. After doing this three files will be created: 1. server.crt - Certificate, must be uploaded to router; 2. server.key - Private key, must be uploaded to router; 3. server.csr - Signature request, can/should be deleted; Upload server.crt and server.key to the router and import them, using the same pass phrase again when asked. server.crt must be imported before server.key.
66
User Manager/User payments
67
Importing certificate Certificate file can be then uploaded to the router and imported with command /certificate import file-name=... The command should return certificates-imported: private-keys-imported: files-imported: decryption-failures: keys-with-no-certificate:
1 1 1 0 0
If it doesn't, could happen that the file contains private key and certificate sections in incorrect order. In this situation the output should be certificates-imported: private-keys-imported: files-imported: decryption-failures: keys-with-no-certificate:
1 0 1 0 1
Just repeat the same command /certificate import file-name=... once again and the output should be this time certificates-imported: private-keys-imported: files-imported: decryption-failures: keys-with-no-certificate:
0 1 1 0 0
Now certificate is imported correctly and ready for use; Enabling WWW SSL SSL connections for WWW server can be enabled with command /ip service set www-ssl disabled=no certificate=cert1 where cert1 must be replaced by a correct certificate name (from /certificate section) Troubleshooting 1. Authorize.net requires that time time on the server be within 15 minutes of UTC or you will get a failed transaction, use NTP client. 2. Your user manager must be accessible from the internet on port 443, make sure you have DNS setup properly or use the IP address for all of your references. Don't forget to open your firewall for port 443 and use NAT to get to your user manager if behind a firewall. 3. You must put the URL of your UserManager instance in your Authorize.net control panel. For example: Response Reason Code: 14 Response Reason Text: The Referrer or Relay Response URL is invalid.
User Manager/User payments Notes: Applicable only to SIM and WebLink APIs. The Relay Response or Referrer URL does not match the merchant?s configured value(s) or is absent. To 1: 2: 3: 4: 5: 6:
add a Login Click Click Click Enter Click
valid Response/Receipt URL, please follow these steps: to your Merchant Interface at https://account.authorize.net. Settings in the main left side menu. Response/Receipt URLs. Add URL. your Response URL. Submit.
4. When inputting the above URL, use only the base URL, not /userman or it won't work.
References [1] [2] [3] [4] [5]
http:/ / authorize. net/ https:/ / www. paypal. com/ https:/ / authorize. net https:/ / www. paypal. com http:/ / en. wikipedia. org/ wiki/ Man_in_the_middle
[6] http:/ / en. wikipedia. org/ wiki/ Certification_authority [7] http:/ / www. verisign. com
Centralized Authentication for Hotspot user Generally we are using external Radius servers for user authentication as MikroTik is not Radius server. But here in this example we use the MikroTik User Manager which works as a Radius server and does authentication and control of your Hotspot users. Requirements Central location: MikroTik OS with User Manager (suggested License is L6 [1]). Hotspot: Mikrotik Routerboard with at least a L4 License Network 192.168.1.0/24
68
Centralized Authentication for Hotspot user
R1-Hotspot Master WAN IP- LAN IP – 192.168.1.1/24 R2-Hotspot IT Dept WAN IP – 192.168.1.2/24 LAN IP – 10.10.10.1/24 R3-Hotspot Account Dept. WAN IP – 192.168.1.3/24 LAN IP – 20.20.20.1/24 R4- Hotspot Purchase Dept WAN IP – 192.168.1.4/24 LAN IP – 30.30.30.1/24 R5- Hotspot Sales Dept. WAN IP – 192.168.1.5/24 LAN IP – 40.40.40.1/24 We assume that all the setup is ready and the hotspot is configured on R2, R3, R4, and R5 with local authentication. First, we will configure R2, R3, R4 & R5 to use MikroTik user manager as a Radius server. /ip hotspot profile use-radius=yes
69
Centralized Authentication for Hotspot user
/radius add service=hotspot address=192.168.1.1 secret=123456 This configuration will apply to all the Hotspot router. Now, we will configure R1-Hotspot Master. /tool user-manager customer add subscriber=mikrotik login="mikrotik" password="ashish" time-zone=+05:30 permissions=owner parent=mikrotik /tool user-manager router add subscriber=mikrotik name="R2" ip-address=192.168.1.2 shared-secret="123456" subscriber=mikrotik name="R3" ip-address=192.168.1.3 shared-secret="123456" subscriber=mikrotik name="R4" ip-address=192.168.1.4 shared-secret="123456" subscriber=mikrotik name="R5" ip-address=192.168.1.5 shared-secret="123456" and finally add the user on R1 /tool user-manager user add username=ashish password=ashishpatel subscriber=mikrotik The user name and password will work for all the remote hotspot router…a user can login from any department of the company with same ID and password and we can have all the user data centrally. Now you can log into the User Manager web interface on the address http:/ / 192. 168. 1. 1/ userman and start setting up your user accounts. NEED the Solution..??? - Pl Contact. ASHISH PATEL -
[email protected] - +91 2692 227275 - +91 99098 90908. More information in the User Manager section.
References [1] http:/ / www. mikrotik. com/ pricelist. php?sect=1#product10
70
User Manager/QA/How to make MAC authentication
User Manager/QA/How to make MAC authentication Let's consider configuration scenario, when we need HotSpot users MAC authentication trough User Manager. HotSpot MAC authentication method allows to authenticate clients as soon as they appear in the hosts list, using client's MAC address as username. We assume that User Manager already provides AAA for HotSpot router. Configuration required on HotSpot server router: /ip hotspot profile set hsprof1 login-by=mac use-radius=yes Command enables MAC authentication for the particular profile and forces to use RADIUS for AAA. Note, first local HotSpot database is consulted, then User Manager database. User Manager configuration (for each mac-address): /too user-manager user add username=XX:XX:XX:XX:XX:XX subscriber=MikroTik We add user information belonging to the particular subscriber, it allows HotSpot user with MAC-address XX:XX:XX:XX:XX:XX to authenticate in HotSpot without prompting login/password.
User Manager/QA/How to turn off logging for specific Routers In the customer web-page, router section choose the router you want to edit. Open it's detail form by clicking on router's name in the table. Here you can check which events of the router must be logged:
71
User Manager/QA/How to create timed Voucher
User Manager/QA/How to create timed Voucher Applies to RouterOS: v3.x
1. Create credit; 2. Create users accounts with desired credits; 3. Open user table in customer web-page; 4. 5. 6. 7.
Check users for which you want to print vouchers; Chose action Generate > print page (at the bottom of the table); Formatted information will be shown on the page. It is ready for printing. Choose File > Print in your web-browser.
Steps 2-5 can be replaced by: 1. 2. 3. 4. 5.
Open User-batch-add form (Users > batch add, or form in status page) in customer web-page; configure, how many users to create, which credits to use; checkbox show printpage must be checked; csv file can also be generated with newly created user data, but it is optional; generate users;
72
Article Sources and Contributors
Article Sources and Contributors Manual:User Manager Source: http://wiki.mikrotik.com/index.php?oldid=19155 Contributors: Akangage, Bhhenry, Binhtanngo2003, Cmit, Comnetisp, Eep, Girts, Hellbound, Janisk, Levipatick, Marisb, Nest, Normis, Polokus, Rtkrh10, SergejsB, Uldis User Manager/Introduction Source: http://wiki.mikrotik.com/index.php?oldid=15583 Contributors: EotThj, Girts, Jandrade28, Janisk, Ni3ls, Normis, SergejsB, WcjZrv User Manager/Getting started Source: http://wiki.mikrotik.com/index.php?oldid=15586 Contributors: Ctech4285, Fewi, Girts, HarvSki, Janisk, MwdNx0, Normis, Vitell, Xhimimavraj, Xm0Vlj User Manager/Hotspot Example Source: http://wiki.mikrotik.com/index.php?oldid=17669 Contributors: Girts, Nest, Normis, SergejsB, Vitell User Manager/PPP Example Source: http://wiki.mikrotik.com/index.php?oldid=15590 Contributors: Bney, Cmit, Girts, SergejsB User Manager/DHCP Example Source: http://wiki.mikrotik.com/index.php?oldid=15592 Contributors: Girts, SergejsB User Manager/Wireless Example Source: http://wiki.mikrotik.com/index.php?oldid=15595 Contributors: Girts, MarkSorensen, SergejsB User Manager/RouterOS user Example Source: http://wiki.mikrotik.com/index.php?oldid=15596 Contributors: Girts, SergejsB User Manager/Customers Source: http://wiki.mikrotik.com/index.php?oldid=12156 Contributors: Girts, Mw0Jme, Normis User Manager/Users Source: http://wiki.mikrotik.com/index.php?oldid=10912 Contributors: Girts, Vitell User Manager/Routers Source: http://wiki.mikrotik.com/index.php?oldid=3511 Contributors: Girts, SergejsB User Manager/Sessions Source: http://wiki.mikrotik.com/index.php?oldid=3875 Contributors: Girts User Manager/Payments Source: http://wiki.mikrotik.com/index.php?oldid=3857 Contributors: Girts User Manager/Logs Source: http://wiki.mikrotik.com/index.php?oldid=12383 Contributors: Girts User Manager/Permissions Source: http://wiki.mikrotik.com/index.php?oldid=3837 Contributors: Girts User Manager/Character constants Source: http://wiki.mikrotik.com/index.php?oldid=12153 Contributors: Girts, Linkwave User Manager/Active sessions Source: http://wiki.mikrotik.com/index.php?oldid=17499 Contributors: Girts, Nest User Manager/Public ID Source: http://wiki.mikrotik.com/index.php?oldid=5237 Contributors: Girts, Normis, NzvKqo, Vw3Bfw, Yo8Zyo User Manager/MAC binding Source: http://wiki.mikrotik.com/index.php?oldid=19530 Contributors: Girts, Myrrhman User Manager/Languages Source: http://wiki.mikrotik.com/index.php?oldid=20409 Contributors: Anjunior, Girts, Josemari, Medianet, Normis, SergejsB User Manager/Search patterns Source: http://wiki.mikrotik.com/index.php?oldid=15556 Contributors: Girts User Manager/Tables Source: http://wiki.mikrotik.com/index.php?oldid=5254 Contributors: Girts, Lv0Egm, Normis User Manager/Customer page Source: http://wiki.mikrotik.com/index.php?oldid=12984 Contributors: Girts, Infoservi, Normis, WpyOj4, Xhimimavraj User Manager/User page Source: http://wiki.mikrotik.com/index.php?oldid=20401 Contributors: Ahmed allam, Girts, Mala, MollyRodriguez, Prence iraq, SergejsB User Manager/User sign up Source: http://wiki.mikrotik.com/index.php?oldid=4567 Contributors: Girts, SergejsB User Manager/User payments Source: http://wiki.mikrotik.com/index.php?oldid=14296 Contributors: Girts, Nest, Normis, Sdischer, SergejsB, Stutteringp0et, WruAqo Centralized Authentication for Hotspot user Source: http://wiki.mikrotik.com/index.php?oldid=10129 Contributors: Ashish, Normis User Manager/QA/How to make MAC authentication Source: http://wiki.mikrotik.com/index.php?oldid=5229 Contributors: Girts, LvsJl6, Normis, RurA4z, SergejsB, ZmzGwx User Manager/QA/How to turn off logging for specific Routers Source: http://wiki.mikrotik.com/index.php?oldid=3473 Contributors: Girts User Manager/QA/How to create timed Voucher Source: http://wiki.mikrotik.com/index.php?oldid=15632 Contributors: Girts, Normis
73
Image Sources, Licenses and Contributors
Image Sources, Licenses and Contributors Image:Icon-note.png Source: http://wiki.mikrotik.com/index.php?title=File:Icon-note.png License: unknown Contributors: Marisb, Route Image: UserManLogDetails.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManLogDetails.png License: unknown Contributors: Girts Image:Version.png Source: http://wiki.mikrotik.com/index.php?title=File:Version.png License: unknown Contributors: Normis Image:UserMan4MACBind.png Source: http://wiki.mikrotik.com/index.php?title=File:UserMan4MACBind.png License: unknown Contributors: Girts Image:UserManSorting.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSorting.png License: unknown Contributors: Girts Image:UserManSearch.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSearch.png License: unknown Contributors: Girts Image:UserManPerPage.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPerPage.png License: unknown Contributors: Girts Image:UserManPageSel.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPageSel.png License: unknown Contributors: Girts Image:UserManTotal.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManTotal.png License: unknown Contributors: Girts Image:UserManCheckboxes.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCheckboxes.png License: unknown Contributors: Girts Image:UserManSelectAll.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSelectAll.png License: unknown Contributors: Girts Image:UserManSelCount.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSelCount.png License: unknown Contributors: Girts Image:UserManOptions.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManOptions.png License: unknown Contributors: Girts Image:UserManTableMinimize.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManTableMinimize.png License: unknown Contributors: Girts Image:UserManTableLinks.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManTableLinks.png License: unknown Contributors: Girts Image:UserManTableMultiLinks.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManTableMultiLinks.png License: unknown Contributors: Girts Image:UserManCustMenu.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustMenu.png License: unknown Contributors: Binhtanngo2003, Girts Image:UserManSearchUsers.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSearchUsers.png License: unknown Contributors: Girts Image: UserManActiveUsers.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManActiveUsers.png License: unknown Contributors: Girts Image: UserManActiveSessions.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManActiveSessions.png License: unknown Contributors: Girts Image: UserManBatchAdd.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManBatchAdd.png License: unknown Contributors: Girts Image: UserManRouters.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManRouters.png License: unknown Contributors: Girts Image: UserManRouterAdd.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManRouterAdd.png License: unknown Contributors: Girts Image: UserManCredits.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCredits.png License: unknown Contributors: Girts Image: UserManCreditAdd.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCreditAdd.png License: unknown Contributors: Girts Image: UserManUsers.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUsers.png License: unknown Contributors: Girts Image: UserManEditUser.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManEditUser.png License: unknown Contributors: Girts Image: UserManUserPrivInfo.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserPrivInfo.png License: unknown Contributors: Girts Image: UserManUserCredDet.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserCredDet.png License: unknown Contributors: Girts Image: UserManUserExtend.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserExtend.png License: unknown Contributors: Girts Image: UserManUserAdd.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserAdd.png License: unknown Contributors: Girts Image: UserManSessions.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSessions.png License: unknown Contributors: Girts Image: UserManEditSession.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManEditSession.png License: unknown Contributors: Girts Image: UserManCustomers.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustomers.png License: unknown Contributors: Girts Image: UserManEditCustomer.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManEditCustomer.png License: unknown Contributors: Girts Image: UserManCustPrivInfo.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustPrivInfo.png License: unknown Contributors: Girts Image: UserManCustSubsFields.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustSubsFields.png License: unknown Contributors: Girts Image: UserManCustUseHttps.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustUseHttps.png License: unknown Contributors: Girts Image: UserManCustSensitiveFieldTitles.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustSensitiveFieldTitles.png License: unknown Contributors: Girts Image: UserManCustomerAdd.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustomerAdd.png License: unknown Contributors: Girts Image: UserManReport.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManReport.png License: unknown Contributors: Girts Image: UserManLogs.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManLogs.png License: unknown Contributors: Girts Image:UserManUserMenu.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserMenu.png License: unknown Contributors: Girts Image:UserManUserStatus.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserStatus.png License: unknown Contributors: Girts Image:UserManUserCredits.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserCredits.png License: unknown Contributors: Girts Image:UserManUserSessions.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserSessions.png License: unknown Contributors: Girts Image:UserManUserPayments.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserPayments.png License: unknown Contributors: Girts Image:UserManPaymentDetail.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPaymentDetail.png License: unknown Contributors: Girts Image:UserManBuyCredit.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManBuyCredit.png License: unknown Contributors: Girts Image:UserManUserSettings.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserSettings.png License: unknown Contributors: Girts Image:UserManSignupForm.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSignupForm.png License: unknown Contributors: Girts Image: UserManSignupConfirm.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSignupConfirm.png License: unknown Contributors: Girts Image: UserManCustAuthNet.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustAuthNet.png License: unknown Contributors: Girts Image: UserManCustCurrency.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustCurrency.png License: unknown Contributors: Girts Image: UserManCustPublicHost.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustPublicHost.png License: unknown Contributors: Girts Image: UserManUserBuyCredit.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCredit.png License: unknown Contributors: Girts Image: UserManHttpsWarning.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManHttpsWarning.png License: unknown Contributors: Girts Image: UserManUserBuyCreditCredit.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditCredit.png License: unknown Contributors: Girts Image: UserManUserBuyCreditBalance.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditBalance.png License: unknown Contributors: Girts Image: UserManUserBuyCreditMethodAuthnet.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditMethodAuthnet.png License: unknown Contributors: Girts Image: UserManUserBuyCreditButton.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditButton.png License: unknown Contributors: Girts Image: UserManAuthNetPaymentForm.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManAuthNetPaymentForm.png License: unknown Contributors: Girts Image: UserManAuthNetFormFilled.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManAuthNetFormFilled.png License: unknown Contributors: Girts Image: UserManAuthNetFormSubmit.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManAuthNetFormSubmit.png License: unknown Contributors: Girts Image: UserManPaymentSuccess.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPaymentSuccess.png License: unknown Contributors: Girts Image: UserManPaymentReturnButton.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPaymentReturnButton.png License: unknown Contributors: Girts Image: UserManUserPayments.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserPayments.png License: unknown Contributors: Girts Image: UserManCustPayPal.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustPayPal.png License: unknown Contributors: Girts
74
Image Sources, Licenses and Contributors Image: UserManUserBuyCreditMethodPayPal.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditMethodPayPal.png License: unknown Contributors: Girts Image: UserManUserBuyCreditButtonPP.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditButtonPP.png License: unknown Contributors: Girts Image: UserManPayPalPaymentForm.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPayPalPaymentForm.png License: unknown Contributors: Girts Image: UserManPayPalFormLogged.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPayPalFormLogged.png License: unknown Contributors: Girts Image: UserManPayPalSuccess.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPayPalSuccess.png License: unknown Contributors: Girts Image: UserManPayPalPaymentProcess.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPayPalPaymentProcess.png License: unknown Contributors: Girts Image:usermanager.jpg Source: http://wiki.mikrotik.com/index.php?title=File:Usermanager.jpg License: unknown Contributors: Ashish Image: UserManLogsOff.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManLogsOff.png License: unknown Contributors: Girts Image: UserManGenPrintPage.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManGenPrintPage.png License: unknown Contributors: Girts Image: UserManBatchAddUsers.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManBatchAddUsers.png License: unknown Contributors: Girts
75