Docstoc

Sebastian Inacker · FMS Internetservice MUM Krakow · 29022008

Document Sample
Sebastian Inacker · FMS Internetservice MUM Krakow · 29022008 Powered By Docstoc
					Introduction Practice Interaction Contact



                             MikroTik UserManager
                           in a (W)ISP environment




               Sebastian Inacker · FMS Internetservice
                     MUM Krakow · 29.02.2008
                        Sebastian Inacker   MikroTik UserManager   1/31
   Introduction Practice Interaction Contact




1 Introduction to UserManager



2 From theory into practice



3 Interaction of UserManager with other applications




                           Sebastian Inacker   MikroTik UserManager   2/31
   Introduction Practice Interaction Contact




1 Introduction to UserManager



2 From theory into practice



3 Interaction of UserManager with other applications




                           Sebastian Inacker   MikroTik UserManager   3/31
     Introduction Practice Interaction Contact

Reasons for UserManager. . .




  Wanted: Central usermanagement (accounting and authentication)
     Setup a RADIUS server + user interface
          Tested servers: FreeRADIUS, XTRadius, Steel-Belted Radius
          Integrate MikroTik RADIUS Dictionary
       Setup MikroTik UserManager




                             Sebastian Inacker   MikroTik UserManager   4/31
    Introduction Practice Interaction Contact

What is UserManager?




      Usable as a RADIUS server
          Hotspot, ppp (pptp, pppoe), dhcp, wireless users, routeros
          users
      Central authentication and accounting
      Service independed (login, accounting)
      Web-Interface
      Paypal / Authorize.Net integration
      Account creation by users possible
      Can serve dierent customers




                            Sebastian Inacker   MikroTik UserManager   5/31
    Introduction Practice Interaction Contact

Usermanager




                            Sebastian Inacker   MikroTik UserManager   6/31
    Introduction Practice Interaction Contact

What do I need?



         Plattforms: x86, MIPS (big and little endian), PowerPC
         Seperate or same MikroTik system for Usermanager and
         service(s)
         Package included in all_packages
         Easy installation
         Supported browsers1 : Opera, Mozilla Firefox, Microsoft
         Internet Explorer, Safari
         Documentation:
         http://wiki.mikrotik.com/wiki/User_Manager
         Online Demo (demo/demo):
         http://userman.mt.lv/userman

    1
        Version information: See Wiki
                            Sebastian Inacker   MikroTik UserManager   7/31
     Introduction Practice Interaction Contact

Licences




       Level 3: 10 active sessions
       Level 4: 20 active sessions
       Level 5: 50 active sessions
       Level 6: Unlimited active sessions




                             Sebastian Inacker   MikroTik UserManager   8/31
     Introduction Practice Interaction Contact

How can it be used by (W)ISP?



       Central accounting and authentication
       Sell accounts on your website or by the UserManager page
       Create individual user categories (trac, online time, . . . )
       Rent UserManager service to other ISPs
       ...
  Be able to. . .
       inform users about used trac, uptime, . . .
       tell them, how they can check themself
       (also with locked account)
       Allow users to change their password/contact information



                             Sebastian Inacker   MikroTik UserManager   9/31
     Introduction Practice Interaction Contact

What can be done?




  Create user accounts with one or more of:
       uptime limit (for example: 5h online time)
       Limited trac amount: Upload, download, total used trac
       speed limitations (with burst, priority and min. rate)
       Validity for a xed time after rst login (credit time)
  Credit: Limit accounts to a xed timeframe for use.




                             Sebastian Inacker   MikroTik UserManager   10/31
     Introduction Practice Interaction Contact

In combination. . .




  For example:
       5h online time (uptime limit)
       within 7 days from rst login (credit time)
       be restricted to 1GB trac
       be able to buy another 7 days (dierent price)




                             Sebastian Inacker   MikroTik UserManager   11/31
   Introduction Practice Interaction Contact




1 Introduction to UserManager



2 From theory into practice



3 Interaction of UserManager with other applications




                           Sebastian Inacker   MikroTik UserManager   12/31
    Introduction Practice Interaction Contact

Real world example




  Customer fr-wlan GmbH:
      http://www.fr-wlan.de/
      Wireless internet, started Feb/2001 (hotel service)
      May/2003: Free of charge internet access
      June/2005: vpn accounts
      Useing our internet backbone and IP-address-space




                            Sebastian Inacker   MikroTik UserManager   13/31
     Introduction Practice Interaction Contact

Real world example




         Volume accounts (2 GB trac/month)
         Flatrate accounts (reduced bandwith after 15 GB trac2 )
         Prepaid accounts
              valid for 30 days from rst login
              500, 1000 and 2000 MB trac limit
  Usable almost without scripting in version 3 (see footnote).




    2
        this is planed by MikroTik as far as I know.
                             Sebastian Inacker   MikroTik UserManager   14/31
    Introduction Practice Interaction Contact

Before UserManager




      FreeBSD based vpn-server
      Accounting system demanded xed IP addresses for users. . .
      Account creation + accounting was complex
      Trac information by mail
      Fixed user passwords
      Prepaid accounts on paper: A lot of work




                            Sebastian Inacker   MikroTik UserManager   15/31
     Introduction Practice Interaction Contact

How to create a new contract customer?




  With UserManager: Simply add a new user account.
       Volume accounts: 2 GB trac/month.
       Flatrate accounts: unlimited/month
       (Script will reduced bandwith after 15 GB of trac)




                             Sebastian Inacker   MikroTik UserManager   16/31
    Introduction Practice Interaction Contact

How to create a new contract customer?




                            Sebastian Inacker   MikroTik UserManager   17/31
     Introduction Practice Interaction Contact

How to create new prepaid accounts?

  Bulk account creation: Users, add batch. . .
       Vouchers can be printed directly from UserManager
       Automated username and password generation
       Ability to set a prex for usernames
       Dene trac/bandwith limits (if needed)




                             Sebastian Inacker   MikroTik UserManager   18/31
     Introduction Practice Interaction Contact

Voucher templates for each customer




                             Sebastian Inacker   MikroTik UserManager   19/31
     Introduction Practice Interaction Contact

Customers future plans




       Replace self developed Hotspot feature with MikroTik Hotspot
       UserManager usable from any hotspot  also dial-in locations
       Additional management of free of charge accounts
       Free of charge access only from selected locations
       Paid service (vpn or paid hotspot accounts) from everywere
  Possible with MikroTik UserManager and some other MikroTik
  RouterOS features




                             Sebastian Inacker   MikroTik UserManager   20/31
   Introduction Practice Interaction Contact




1 Introduction to UserManager



2 From theory into practice



3 Interaction of UserManager with other applications




                           Sebastian Inacker   MikroTik UserManager   21/31
     Introduction Practice Interaction Contact

Create users from your own website



  Import of external created users
         Collect necessary information
         Create script le with MikroTik CLI commands
         /tool user-manager user add subscriber=FMS
         name=johndoe password=foobar email=doe@example.com
         first-name=John last-name=Doe
         transfer-limit=1073741824
         Transfer script3 and import
  Why not UserManager user payments integration?
         User identity verication not depending on other companies



    3
        by scp or /tool fetch  remember security
                             Sebastian Inacker   MikroTik UserManager   22/31
     Introduction Practice Interaction Contact

Export of UserManager accounting information




  Situation:
       Prepaid and monthly paid accounts
       Need for a bill for contract customers (trac/online time)
  Possible, to generate a csv le on the web interface. But:
       Export have to be done each month at midnight. . .
       Export and counter reset contemporary
       Don't reset prepaid accounts by accident




                             Sebastian Inacker   MikroTik UserManager   23/31
     Introduction Practice Interaction Contact

Export information (fragment)


  :local contractusers;
  :set contractusers [/tool user-manager user find \
     credit-price=0 comment!="reset: $year/$mm"];

  /tool user-manager user print from=$contractusers                     \
     file=$filename append;

  :foreach user in $contractusers do={
  :local uname [/tool user-manager user get $user name];
  :local down [/tool user-manager user get $uname download-used];
  :local up [/tool user-manager user get $uname upload-used];
  :log info ("counter-reset for: " . $uname . " (down: " .    \
    $down . " up: " . $up . ")");
  /tool user-manager user reset-counters $user;
  /tool user-manager user set $user comment="reset: $year/$mm"
  }

                             Sebastian Inacker   MikroTik UserManager       24/31
     Introduction Practice Interaction Contact

Script execution

  Script will be run:
         Every rst day of the month4
         At system reboot5
  No problem if run twice.

  :local date;
  :local day;

  :set date [/system clock get date];
  :set day [:pick $date 4 6];

  :if ( [$day] = "01" ) do={
    /system script run export-and-reset;
  }

    4
        run a script each day at midnight and check the date. . .
    5
        create schedule job with start-time=startup
                             Sebastian Inacker   MikroTik UserManager   25/31
     Introduction Practice Interaction Contact

automated communication



  ssh-keygen -t dsa -f usermanager-key

  scp usermanager-key.pub admin@<ip>:

  ssh admin@<ip> "/user ssh-keys import \
      file=usermanager-key.pub user=fms-comm"

  ssh -i usermanager-key fms-comm@<ip>
  scp -i usermanager-key fms-comm@<ip>:file.txt .

  User logins should be secured:
       Group policies: read, ssh (maybe write)
       restricted ssh login

                             Sebastian Inacker   MikroTik UserManager   26/31
     Introduction Practice Interaction Contact

Integration into external billing systems




       Export/save information at UserManager
       Transfer information
       Import data into your billing system backend

  Billing by mail is enough?
  http://wiki.mikrotik.com/wiki/AutomatedBilling




                             Sebastian Inacker   MikroTik UserManager   27/31
    Introduction Practice Interaction Contact

CAO Faktura



      Free (german) billing system
      MySQL backend
      www.cao-faktura.de




                            Sebastian Inacker   MikroTik UserManager   28/31
    Introduction Practice Interaction Contact

CAO Faktura and UserManager




                            Sebastian Inacker   MikroTik UserManager   29/31
    Introduction Practice Interaction Contact

Thank you




                                 Thanks for listening

                                       Questions?




                            Sebastian Inacker   MikroTik UserManager   30/31
     Introduction Practice Interaction Contact

Contact




  Sebastian Inacker
  FMS Internetservice
  Germany

  Mail: inacker@fmsweb.de
  Webpage: http://www.fmsweb.de/
  Onlineshop: http://www.mikrotik-shop.de/




                             Sebastian Inacker   MikroTik UserManager   31/31

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:77
posted:5/27/2010
language:English
pages:31