RADIUS MANAGER 4
Contents
1. Clients CONi iaie ah a i 71 Tools Start ar a oe adar a E iA 71 Tools stop DHCP SERVBE A lee 71 Tools Restart DACP padasan aa ideo iei derd panida er a EEEE 71 Tools Rebuild 1 1 5 kk 71 USER CONTROL PANEL UCP 5 2505 p tte akadi aeaa iaiaaeaia dadaan Kaan R 73 ama da eben eee 73 DE Scription Of MENU TUNGUONS 1444110 need a du ce da Maa a testes eels 73 HOME ama Ti 73 73 List INVOICES jaan deh da 73 Change pass WOTA ririri kaema pada a A 73 REGEEM VOUCHER 11512040 301 ee eae AR ee ee MLA 73 Purchase SEVICE Aaa T3 t na i aE add 74 Edit personal dat 41 ie donee cl 74 Kole den maana take date LAAR Beas n e aka 74 710 15 2187 ee ee TT 75 CUSTOMIZING THE INVOICE 77 CUSTOMIZING the SMa TOn Sson o aaa aa vaja 78 Database maintenance 45345001 40 toki 79 Cumulating the old accounting data 00 mrnerrennnereenanneeenennennannannnanenennna 79 Deleting the old accounting d2. Prefix PIN length 8 Password length 4 Requires verification Associated service Card download limit 128 k v Download limit 500 MB Upload limit 0 MB Total limit 0 MB Online time limit 0 minute s Ee piretont Defined by valid till Calculated from card activation Available time from card activation 24 hour s Simultaneous use 1 Fields are mandatory Manager admin Date 2012 02 10 Version 4 0 0 RADIUS server OK DHCP server NOT RUNNING If everything is correct press Generate cards button again Now You can list the new card series using the option Card system List card series Use hyperlink CSV to view and print the card codes for the newly generated series The output will DMA Softlab LLC Page 23 VERSION 4 0 RADIUS MANAGER be similar to this id pin password 000000000006 22839965 5264 000000000007 49422662 8575 000000000008 39749969 0997 000000000009 86978864 2962 000000000010 29341225 0362 The first column is the card serial number The second column is the secret card code PIN what users will use as login name and as refill card number depending on the type of the card The third column stores the passwords of cards available for Classic prepaid cards only In our example the first card s secret code is 39759183 password is 2403 the second card
3. ermmraaa 52 Configuring the API ssis e 53 Restrictions of using the special bandwidth feature ttearna 53 SEFVICES NEW SERVICE chasis anna shaka Services Scheduled Chage Services Service Change MISLORV Managers List IMAMAGEMS Managers List managers Edit manager Managers List managers Edit manager Financial 58 Managers NGW M anaQer 10145 caste 59 NAS LISt 60 NAS Edit NAS a k e 60 61 APJ Pas Tata 61 APA ma E ama a 61 AP NEW 62 CMTS List CMTS 62 CMTS Edit CMTS A es Ned nds ee aie 62 CMTS ei 65 IP POOlS 63 IP pools Edit POO nid este pein ee aada Ja dette 63 IP pools NOW pOOl iss etude epi Sad Eat Aad ede ie 63 Financials ise sviawei tenia ike onions atria ie 64 Financials Generate postpaid 5 64 Card system
4. IP pool name Select a specified IP pool via the Framed Pool RADIUS attribute It is a Mikrotik and Cisco specific feature Next master service Define the next master service It is activated when the original master service gets expired It is very useful in such situations when a user account is expired but You want to allow the user to use the Internet with limited bandwidth Define a new flat service with limited bandwidth and select it from the dropdown list Next daily service Define the next daily service It gets activated if the user has no more available daily quota Ignore static IP Do not use the CPE static IP defined in edit user dialog Custom RADIUS attributes Allows entering user definable RADIUS attributes The system will send these attributes to NAS in Access accept messages Generate TFTP boot file Generate the DOCSIS compliant TFTP boot file automatically The TFTP file template is located in the config directory Advanced CM configuration Define a source code of custom TFTP boot file Allowed NASs Select the NAS devices where this service is available Available for managers Select the managers who can use this service Price definitions Postpaid price calculation downloaded traffic uploaded traffic online time Define which traffic or time is used in the price calculation Monthly account Defines the account monthly It is required for auto renew Auto renew
5. Select this checkbox to enable renewing the accounts automatically by the system Page 50 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 Postpaid monthly accounts are renewed on the specific day in the month The day is selectable in ACP System settings Prepaid monthly accounts are checked daily once and they get renewed if required They have to hold enough deposit to cover the renew fee Reset counters if date expired If the account s date is expired and credits were added reset the traffic counters to zero before adding the new credits Enable additional credits Enable additional credit mode monthly accounts only Net unit price Define the price of one unit without VAT Gross unit price Define the price of one unit with VAT Net additional unit price This filed is used by monthly accounts If defined users can purchase additional credits if the date is not expired yet but the account has no more available traffic left VAT is not included Gross additional unit price This filed is used by monthly accounts If defined users can purchase additional credits if the date is not expired yet but the account has no more available traffic left VAT is included Date addition mode reset expiration date prolong expiration date prolong expiration date with correction Select how to add days to service Reset always adds new days or months to the current date It is used mainly by combined packages 1 month
6. System settings On this screen You can define the global options used by both the administration interface ACP and user interface UCP General settings Default system language Select the default interface language New languages can be added by installing language definition files Disconnection method NAS remote Select a disconnection method to use 1 NAS This disconnection mode is supported by Chillispot DD WRT Mikrotik and pfSense It has some drawbacks it cannot control combined traffic accounting daily quotas and special accounting periods If You want to use some of the listed features switch the disconnection mode to Remote 2 Remote Remote disconnection method is supported by Mikrotik StarOS Cisco and Chillispot It supports combined traffic accounting daily quotas and special accounting periods Remote disconnection method has some limitations StarOS and Chillispot only You have to set Simultaneous use 1 for every user in Radius Manager ACP Edit user StarOS and Chillispot disconnect users based on the username and not on IP address If the same user name has multiple online sessions only one instance will be disconnected while others remain online Pay attention to this Remote disconnection method is also required if You want to disconnect prepaid users in proper time who use services with special pricing periods enabled DMA Softlab LLC Page 37 VERSION 4 0 RADIUS MANAGER The N
7. x MB Prolong adds time to the expiration date found in the user data Prolong with correction adds time to the expiration date found in the user profile but it will use the current date if expiration is in the past Time addition mode reset online time prolong online time Define how to add online time to accounts always add to zero or add to the remaining value Traffic addition mode reset traffic counters additive Define how to add traffic to accounts always add to zero or add to the remaining value Expiration date unit days months Define the amount of one date unit days or months Online time unit minutes hours Define the amount of one time unit Download traffic unit Define the amount of one download traffic unit Upload traffic unit Define the amount of one upload traffic unit Total traffic unit Define the amount of one total download upload traffic unit Initial expiration date Define the initial expiration Applicable for self registered users only Initial online time amount Define the initial online time of self registered users Applicable for self registered users and for auto renewal Initial download traffic amount Define the initial download traffic of self registered users Applicable for self registered users and for auto renewal DMA Softlab LLC Page 51 VERSION 4 0 RADIUS MANAGER Initial upload traffic amount Define the initial upload traffic of
8. You can see the request date the user name the schedule date the requested service name and who have requested the service change Page 56 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 Services Service change history This list is used to check the activated services You can see the request date the user name the schedule date the requested service name and who have requested the service change The status field can be scheduled completed or cancelled Managers List managers Using this option You can list the managers available in the system You can select certain managers select and deselect all managers You can do the following actions with the selected items Enable To enable the selected manager s Disable To disable the selected manager s Disabled managers cannot log on to the ACP Delete Select this option to delete the selected manager s The default manager admin cannot be deleted Managers List managers Edit manager Using this function You can edit manager s data Enable Enable or disable the current manager Password Enter a new password The allowed characters are defined in system_cfg php Confirm password Enter the same password again Change password Click to enable changing the password First name Enter the first name Last family name Enter the family name Company name Enter the name of the company if applicable Address Enter the postal a
9. Define the country for the user State Define the state for the user Phone number Define the phone number for the user Mobile number Define the mobile number for the user Email address Associate the email address with the user This address will be used for receiving email messages from the system If You don t specify email address and still want to use the email notification system the destination email address will be constructed automatically username AG domain where domain is defined in system cfg php and in radiusmanager cfg VAT ID Tax identifier Service Select the associated service of user Download limit The available download Bytes of the user Upload limit The available upload Bytes ofthe user Total limit The available total Bytes DL UL of the user Account expiry The expiration date of the user in a form YYYY MM DD Available online time The available online time of the user in a form HH MM SS Deposit The available money deposit of the user Contract ID You can use this field for storing the contract identification code Geolocation lat long Enter the GPS coordinates of the user It is reguired by law in certain countries to store a such data DMA Softlab LLC Page 47 VERSION 4 0 RADIUS MANAGER Comment An optional comment User group Select a group of the user Custom RADIUS attributes Define extra RADIUS attributes which are sen
10. Enable the write off function enter negative amounts in Add credits form Access invoices Manager can access the invoicing functions Access all invoices Access all invoices not only only own Shown invoice totals Display the sums in List invoices Edit invoices Manager can edit postpaid invoices payment date Access all users Manager can access all users in the system not his own users only e List online users Manager can list online users Logout users Manager can log out the users using the web interface Card system and IAS Manager can access the card and IAS template systems Connection report Grant access to CTS functions Traffic report Grant access to traffic report Maintain APs Grant access to AP functions NAS List NAS Display the available NAS Network Access Server devices in the system NAS Edit NAS Clicking the NAS name in the list You can edit it s parameters NAS name Define the name of the NAS IP address Define the IP address of the NAS Type Mikrotik StarOS Chillispot Cisco pfSense other Define the type of the NAS Secret The RADIUS secret defined in NAS Required by all NASs Password The password of the NAS Used by StarOS only Enable Mikrotik API Enable the Mikrotik API access It is used by the dynamic bandwidth system API user name Enter the API user name Page 60 DMA Softlab LLC RADIUS MANAGER VERSION
11. additional credits Enable additional credit mode monthly accounts only Net unit price Define the price of one unit without VAT Gross unit price Define the price of one unit with VAT Net additional unit price This filed is used by monthly accounts If defined users can purchase additional credits if the date is not expired yet but the account has no more available traffic left VAT is not included Gross additional unit price This filed is used by monthly accounts If defined users can purchase additional credits if the date is not expired yet but the account has no more available traffic left VAT is included DMA Softlab LLC Page 55 VERSION 4 0 RADIUS MANAGER Date addition mode reset expiration date prolong expiration date prolong expiration date with correction Select how to add days to service Reset always adds new days or months to the current date It is used mainly by combined packages 1 month x MB Prolong adds time to the expiration date found in the user data Prolong with correction adds time to the expiration date found in the user profile but it will use the current date if expiration is in the past Time addition mode reset online time prolong online time Define how to add online time to accounts always add to zero or add to the remaining value Traffic addition mode reset traffic counters additive Define how to add traffic to accounts always add to zero or add to t
12. classic prepaid cards Not required by refill cards Online time limit Define the available online time of classic prepaid cards Not required by refill cards Expiration Defined by valid till Calculated from card activation Define the account expiration mode When Defined by valid till is selected the account will expire on the date which is defined by the Valid till field If You use option Calculated from card activation You will generate cards which will expire after the predefined time which is calculated from the activation of the card first use Available time from card activation Define the time amount if You are using option Calculated from card activation Simultaneous use This field defines how many concurrent connections are allowed for a certain card For regular use enter 1 If You are using pfSense enter 2 otherwise the reauthentication feature will not function properly Card system Card statistics Display various statistical data of available cards in the system IAS List IAS users List all IAS users like regular users IAS List IAS templates Use this option to list the Instant Access Service templates available in the system Click on the IAS template name to edit it s parameters Instant access service name Define the name of the Instant Access Service template Enable IAS Enable or disable the IAS in purchase IAS list Price The gross price o
13. direct PayPal access and for the Radius Manager host hotspot walled garden add dst host www paypal com dst port 443 action allow lip hotspot walled garden add dst host content paypalobjects com dst port 443 action allow ip hotspot walled garden add dst host akamaiedge net action allow On Mikrotik v3 define the following walled garden entries and for the Radius Manager host Page 30 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 ip hotspot walled garden add dst host 4www paypal com dst port 443 action allow hotspot walled garden add dst host content paypalobjects com dst port 443 action allow ip hotspot walled garden add dst host akamaiedge net action allow The described setup is country dependent In some countries it is required to customize this setup PayPal uses different servers in almost every country The URL of IAS purchase page is http yourhost radiusmanager buyias php See the appropriate part of the reference manual for setting up the IAS templates WARNING Be sure to use HTTPS layer for the Credit Card processing system Install Radius Manager system on a SSL enabled web server if You want to accept payments online DMA Softlab LLC Page 31 VERSION 4 0 RADIUS MANAGER Self registration The self registration feature allows to create a fully automated Internet Service Provider management system Using this feature u
14. invoices in two easy steps directly from your WEB browser In the first step You have to define the billing parameters From date Beginning ofthe billing period Page 64 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 To date End of the billing period User group Process the selected group only Payment type Cash Bank transfer Define the type of the payment for all invoices After a confirmation the system will begin to generate the invoices for all postpaid users matching the predefined criteria When the operation is finished You can browse and print the generated invoices using the ACP Financials List invoices menu Card system List card series List the available card series both refill and Classic Prepaid Card in the system CSV and PDF export is also available The CSV file looks like this id pin password 000000000006 22839965 5264 000000000007 49422662 8575 000000000008 39749969 0997 000000000009 86978864 2962 000000000010 29341225 0362 The first column is the internal serial number of the card The second is the PIN code while the third column is the password of the card if available The PDF export feature creates A4 pages with freely definable number of cards per page This feature is very useful for smaller series You can customize the amount of PIN codes per page the position the typeface the font size the background picture etc in system_cfg php You can select certa
15. is 89750108 etc You can try to log in to NAS with username 39759183 with password 2403 There are various options to control the generated cards Normally You can t delete the series which were already sold to customers But in some cases maybe You ll need to disable some cards or a complete series the user returns the card etc In this case use option Card system Revoke card or the action Revoke series Revoked cards aren t deleted from the system You can reactivate the revoked series using the Activate series function There is also a Delete series available Use it with attention We recommend to delete the card series only if You are testing the card system In production environment use revoke operation to disable particular cards or the entire series and never delete cards or card series Page 24 DMA Softlab LLC RADIUS MANAGER USER CONTROL PANEL UCP Getting started The default URL of the User Control Panel is http yourhost radiusmanager user php Rapi us MANAGER VERSION 4 0 User s details General information User name user Account type regular Account status Static IP address nfa Allowed MAC address nfa Deposit 4 860 00 USD Personal data O Home O Traffic report List invoices O Change password O Redeem voucher Purchase credits O Change service Service data Active service Prepaid MB Service type prepaid Download datarate 3500 kbps Upload datarate 768 k
16. predefined time interval You can select on which days the current period will get activated Click the update button to store the changes of the item Services Edit service Special bandwidth periods editor Special bandwidth periods are a great feature of Radius Manager You can define the time of a day when a special bandwidth will get activated for a online session without a need to reconnect the user The bandwidth change is made on the fly using the Mikrotik API Clicking the edit link under the special bandwidth periods on Edit service screen the special bandwidth period editor will open in a new browser window Here You can create modify and delete the special bandwidth periods Click the pencil icon to open the editor for the selected item In the edit form You can define the start and end time of the interval the data rate download upload Page 52 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 enable the burts mode and set it s parameters You can select on which days the current period will get activated Click the update button to store the changes of the item In the next paragraph You will find a detailed description how to configure the API access in order to use the special bandwidth feature Configuring the API e Enable the API service in Mikrotik in IP Services menu port 8728 e Create the API user in Mikrotik user name api is recommended with any password Radius Manager will use this use
17. run radiusd radiusd sock Listening on proxy address port 1814 Ready to process requests If there are errors displayed FreeRadius is not configured properly Consult the Installation Manual to locate and fix the FreeRadius related problems After a successful PPP or Hotspot authentication You have to see the active user and a newly created simple queue of the user Queues Simple queues in Winbox If the simple queue is not there the bandwidth limitation is not working or You have set unlimited bandwidth in the service definition When a test user has been connected successfully You have to see him in the online user list in ACP Reports Online users with the used online time start time consumed traffic time etc The used NAS is also displayed in this page The last thing You have to do is to test the remote disconnection feature Select the user in the ACP online list and select the action Logout users from the dropdown box This command has DMA Softlab LLC Page 13 VERSION 4 0 RADIUS MANAGER to disconnect the user immediately Check the Winbox log for the incoming disconnection packet The remote disconnection must work with all supported NAS types pfSense is exception it uses reauthentication instead of POD If it is not working You cannot use the auto disconnection feature and many extra features of Radius Manager Managers The system supports multiple resellers called managers There is only one super
18. self registered users Applicable for self registered users and for auto renewal Initial total traffic amount Define the initial total traffic of self registered user Applicable for self registered users and for auto renewal Minimal base amount Define the minimal base amount which users can purchase Additional traffic unit Define the additional traffic unit in MB Minimal additional amount Define the minimal additional amount which users can purchase The special accounting periods and special bandwidth periods are also available on this screen You can click the Edit link to invoke the appropriate special period editor Use the Delete service link to delete the current service Services Edit service Special accounting periods editor The accounting periods are special feature of Radius Manager You can define the time of a day when a special accounting will occur so You can easily create a nightly service where only half of traffic or time is accounted etc Clicking the edit link under the special accounting periods on Edit service screen the special accounting period editor will open in a new browser window Here You can create modify and delete the special accounting periods Click the pencil icon to open the editor for the selected item In the edit form You can define the start and end time of the interval the ratio time download upload There is a flag which allows or disallows the connection in the
19. the IP address mode of CPE When NAS pool or DHCP is selected the NAS will assign the IP address to CPE automatically In IP pool mode the RADIUS server will assign the IP address to the CPE using the RADIUS IP pools When Static IP is selected theuser defined static IP address will be assigned to the CPE For DOCSIS CPE the MAC address must be defined in order to use the static IP mode Simultaneous use Define how many concurrent sessions are allowed for the current user simultaneous logins with a same user name Leave this field empty or enter 0 for unlimited number of concurrent sessions First name Define the first name of the user Last family name Define the last family name of the user Company name Define the name of the company if applicable Address Define the address for the user City Define the city for the user ZIP Define the ZIP code for the user Country Define the country for the user State Define the state for the user Phone number Define the phone number for the user Mobile number Define the mobile number for the user Email address Associate the email address with the user This address will be used for receiving email messages from the system If You don t specify email address and still want to use the email notification system the destination email address will be constructed automatically username AG domain where domain is defined in system cfg php and
20. when adding credits minutes or hours e Download traffic unit How many traffic to add at once For MegaByte based services enter value 1 while for monthly traffic limited services enter the available monthly traffic amount For example if You offer 1 GB month enter 1024 in this field e Upload traffic unit This is the same as the download traffic unit but it defines the amount for the upload e Total traffic unit This is the same as the download traffic unit but it defines the total amount e Minimal base amount Define the minimal amount of base traffic the user can purchase at once in UCP Minimal additional amount Define the minimal amount of additional traffic the user can purchase at once in UCP The initial fields are used to set the initial amount of data time of the self registered users and for the auto renew feature You can also define on which NAS is the current service available Managers who are allowed to use the current service are also selectable Special accounting periods are also available You can access the Special accounting period editor from the ACP List services Edit service screen In the special accounting period editor You can define the used accounting rate for any period of a day Connections can also be allowed or denied for a certain time Days of week are also supported After You have defined the new service use the Store service button to save it in the database DMA Soft
21. 4 0 API password Enter the API password Cisco bandwidth support None Rate limit Policy map Select a bandwidth controlling method You would like to use with Cisco Description Add a comment NAS New NAS Register a new NAS in the system The available fields are NAS name Define the name of the NAS IP address Define the IP address of the NAS Type Mikrotik StarOS Chillispot Cisco pfSense other Define the type of the NAS Secret The RADIUS secret defined in NAS Required by all NASs Password The password of the NAS Used by StarOS only Enable Mikrotik API Enable the Mikrotik API access It is used by the dynamic bandwidth system API user name Enter the API user name API password Enter the API password Cisco bandwidth support None Rate limit Policy map Select a bandwidth controlling method You would like to use with Cisco Description Add a comment AP List AP List the registered APs Access points in the system AP Edit AP Clicking the AP name in the list You can the following parameters Enable Enable the current AP The system access enabled APs only Name Enter the name of the AP IP address Enter the IP address of the AP DMA Softlab LLC Page 61 VERSION 4 0 RADIUS MANAGER Access mode SNMP Mikrotik API Select the desired access mode SNMP supports wireless signal level only but it is more stable and faste
22. AS disconnection method consumes less resource and more stable than Remote method while Remote method supports all features of Radius Manager When using Remote disconnection method ensure rmpoller daemon is running all the time Reset counters upon service changes If checked the counters will reset when a scheduled service change occurs download limit upload limit total limit online time limit Hide limits in user list view performance Show or hide the limits in the user list view to speed up the listing of users Day to renew postpaid accounts Select a day of month to renew the postpaid accounts Billing and payments Currency Define the default system currency VAT percent Define the VAT percent used in the system Payment option Define the grace period of postpaid invoices The deadline is calculated using the following formula invoice payment option current date payment option in days If the invoice has not yet been paid within the grace period the account will get disabled by the system Beginning day of the billing period Select the beginning day of the monthly postpaid invoice Disable users due to unpaid invoices When the money transfer payment is not realized till the deadline the system will disable the corresponding RADIUS and UNIX accounts automatically Available payment gateways internal PayPal Website Payments Standard PayPal Website Payments Pro PayPal Express Checko
23. Check this option if You want to use the burst mode Burst limit DL UL Define the burst limit of download and or upload This is the peak of the traffic the user can achieve Burst limit is always greater or equal than the nominal data rate Burst threshold DL UL Define the threshold of download and or upload If the user overloads this limit after a predefined time the limitation will begin and the actual higher data rate will be set to the nominal value defined in Set data rates Normally use higher burst limit than nominal data rates Burst time DL UL Define the timeout after the limitation will begin if the client overloads the defined threshold limits Experiment with this value some Mikrotik versions don t interpret it properly Test the timeout and if needed add a correctional value to it Priority Define the priority of packets in dynamic queue IP pool name Select a specified IP pool via the Framed Pool RADIUS attribute It is a Mikrotik and Cisco specific feature Next master service Define the next master service It is activated when the original master service gets expired Page 54 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 It is very useful in such situations when a user account is expired but You want to allow the user to use the Internet with limited bandwidth Define a new flat service with limited bandwidth and select it from the dropdown list Next daily service Define th
24. List users Edit user Traffic report Here You can check the traffic report of the currently selected user Users List users Edit user Connection report List connection of the current user if the CTS system is available and enabled Users List users Edit user Add credits Add prepaid credits for the user and create invoice Select the credit addition mode for monthly accounts normal or additional Define the payment mode cash payment or bank transfer and the amount The total price is calculated automatically upon entering the amount You can also change the total price manually if You want to offer discount You can define a remark text which will be printed on the invoice and the internal comment A negative amount can be used to write off incorrect invoices Page 42 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 Various reverse calculations are also available if You check the checkboxes Lock unit price and Lock amount Clicking the Next button the confirmation screen will appear Here You can review and modify the credit data if required The modification of data is controllable by the permission Allow discount prices in ACP Edit manager Clicking the Finish button You will get informed about a successful payment You can view and print the invoice using the WEB browser s print function Users List users Edit user Add deposit This function increases the user s internal deposit and creates invoice De
25. Listicafd SOMES sisia arara aaria iaa a o a EEn 65 Card system List calssic prepaid Cards iisti eee cece ee eeeeeeeneeeeeeeeeeeneeeeeneeeseeeeetnneeenena 65 Card system 66 Card systemi Find refill Cards 66 Card system Generate Cards 66 Page 4 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 Card system Card StatistlGS x haaa 67 145 LISHIAS USFS stats 67 67 IAS New TAS template a 150 68 Reports ONNE USCIS is chen NEA 68 Reports Registered cable m deMs 69 Reports Trate repor araea a take alad 69 Reports FInd traffic data sheeted nates dest Sisal peas klaad ka duke aa kaklus eha ka 69 REPOS Trafic SUMMA ssena ava veeda s dade aaa hm da khaani ik 69 Reports Connection report 1 51403e 4 deka ed kind 69 Reports Last syslog eyentS 4 Anlamani ania 70 REPOS 7 BIOWSESYSIOG rsicho aaa 70 Repofts SystemiintorM tlof 41 70 Repots SystemistatistiGS 11544510 70 Tools Send email anaana nianna R ekat dam 70 TOols Start RADIUS SENET MEN 71 Tools Stop x 110 71 Tools Restart RADIUS SCIEN 71
26. Manager can access the invoicing functions e Access all invoices Access all invoices not only only own e Shown invoice totals Display the sums in List invoices e Edit invoices Manager can edit postpaid invoices payment date e Access all users Manager can access all users in the system not his own users only e List online users Manager can list online users e Logout users Manager can log out the users using the web interface Card system and IAS Manager can access the card and IAS template systems e Connection report Grant access to CTS functions e Traffic report Grant access to traffic report e Maintain APs Grant access to AP functions Managers List managers Edit manager Financial informations Here You can see the account balance of the current manager Available balance The balance of current manager This field is read only Page 58 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 Amount Enter the amount to credit or debit the manager Payment type cash bank transfer Select the payment type Managers New manager Register new manager in the system Enable manager Enable or disable the current manager Password Enter a new password The allowed characters are defined in system cfg php Confirm password Enter the same password again Change password Click to enable changing the password First name Enter the first name Last fami
27. RADIUS MANAGER 4 USER MANUAL Version 4 0 DMA Softlab LLC 02 13 2012 RADIUS MANAGER VERSION 4 0 TABLE OF CONTENTS PORE acc 7 GENERAL DESCRIPTION isti cisecccatasiucedeessdececdoseiveducevadde did idast andunud id 9 ADMINISTRATION CONTROL PANEL ACP n2iinnnrnnnennnnenannnnananannenannananenaanananne 11 Getting started 441 14 RADIUS authentication and accounting FUNCTIONS 0 ee eee cence cere eeneeeeseneeeseeeeeeenteeeeeaes 12 Managers iden a ale A tds 14 Services DIMNA PIAMS SA 14 EXAM ple SORVICES MN as 18 Prepaid Card SySt2M 1 viieni dees tiene voh A a 21 Before YOu DeGIN rse E 21 Setting up the Card Services 1244411 indented aaa kei icant iden ae Vanda a Ba 21 Generating cards ereda cece Piast he 21 USER CONTROL PANEL UCP 0nnnvannennnnannnnannnanaanennnnannnnnnanannanennanannnnnnnnennannnnnea 25 va dees david keda E teenies 25 Editingipersomald t i 15 sini cid Miata lA eda iid ee 26 Examining the traffic report nrerin di seein didi ean eae anne 26 Listing THE MNVOICES data 26 WSING refill CARAS 26 27 Purchasing prepaid le tkd na a
28. a fixed fee Be sure to enable the Monthly service checkbox e Postpaid monthly flat quotas It is the same flat service as the previous but it has daily download limits of 100 MB Be sure to enable the checkbox Monthly service You can create invoices for postpaid accounts based on used traffic and online time for any period not only for the previous month but it is the most common way of postpaid billing Page 20 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 Prepaid card system Radius Manager Pro and higher license levels have a integrated prepaid card module The following card types are available 1 Classic prepaid cards With these cards users can log on and use the Internet service entering the card s PIN code and password The cards support caps like regular prepaid accounts online time traffic expiration date fixed date or calculated from the activation of the card etc 2 Refill cards This card type is a value only card and cannot be used to log on to the system The PIN code can be entered in the UCP to increase the available credits of a prepaid regular user Before You begin The first thing You have to do is to clarify what card type You need Classic prepaid or refill cards e For hotels airports and other places with public Internet access generate classic prepaid cards e For Internet service providers the refill cards are ideal You can sell refill cards for registered users what they can us
29. above The parameters in the form are Send new password to email address mobile number SMS Select which method to use for recovering a lost password Email address Enter the registered email addres if the user selected email verification mode Mobile number Enter the registered mobile number if the user selected SMS verification mode There is a limit of the maximal number of sent SMS messages Once the verification code has been sent to the registered email address the user has to click the URL got in email to approve the new password In the next step a new password is generated and emailed to the same email address If SMS mode is used and the verification code has been sent in SMS the user has to enter the code on the following screen If the entered code is valid the system will generate and send the new password to the same mobile number Page 34 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 REFERENCE DMA Softlab LLC Page 35 VERSION 4 0 RADIUS MANAGER Page 36 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 ADMINISTRATION CONTROL PANEL ACP Overview The Administration Control Panel ACP is used by system administrators to set various system parameters manage NASs users IAS templates services generate prepaid cards etc You can access the ACP using the following URL http yourhost radiusmanager admin php Description of menu functions System Home Navigate to home page System
30. address from the username and the domain name defined in system_cfg php The available fields are Send to Preview user only All users select to whom You would like to send the email It is always recommended to send a preview of message to your email address first before You begin the mass mailing operation Subject Enter the subject of message Message Type the text of email Page 70 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 Tools Start RADIUS server Select this option to start the RADIUS server Tools Stop RADIUS server Select this option to stop the RADIUS server Tools Restart RADIUS server Select this option to restart the RADIUS server Tools Rebuild clients conf Synchronize raddb clients conf with the registered NASs in one step Tools Start DHCP server Select this option to start the DHCP server Tools Stop DHCP server Select this option to stop the DHCP server Tools Restart DHCP server Select this option to restart the DHCP server Tools Rebuild dhcpd conf Synchronize etc dhcpd conf with CM accounts registered in the system DMA Softlab LLC Page 71 VERSION 4 0 RADIUS MANAGER Page 72 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 USER CONTROL PANEL UCP Overview The User Control Panel UCP is used by regular users to check their traffic personal data invoice details etc You can access the UCP using the following URL http yourhost radius
31. after a unsuccessful auto renewal mailforgotpsw_tpl txt Verification link email for password recovery function mailiasreg_tpl txt Sent for managers when new IAS account is registered mailnewpsw_tpl txt Sent for users when new password is activated mailselfreg_tpl txt Self registered user notification sent for managers mailsrvchg_tpl txt This email is sent upon changing the current service mailwarnexp_tpl txt This email template is used to send warning messages before the account expiration date e mailwarntraff_tpl txt This template is used to send email warnings about reaching the traffic limits e mailwelcomeuser_tpl txt The email which will be sent when administrator registers a new user You can edit these files easily using your favorite UTF 8 compatible HTML editor Page 78 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 Database maintenance Cumulating the old accounting data You can use the supplied cumulate sq script to cumulate the accounting data in RADIUS database The accounting data is stored in the radacct table The steps of cumulating particular year s accounting data are 1 Define the correct year in cumulate sql script 2 Execute the cumulate sq script using mysql command line client In the example above the MySQL user name is radius and the password is radius123 Be sure to use no space between the p flag and password The script will cumulate the data to December 31
32. at Uh kesise edna antares 27 ACCOUNE VOM CAT ON oe 21520 a 27 Hints Tor setting MUP the YEP ssc ces eee dese kast aias eh ke naen A a a aa ka 28 ADDITIONAL FUNCTIONS anniennennnnannnnnnannnnanannanannnnnaannnnanannnnannnnnnannnnanannnnnnnnannannnnana 29 Instant Access Services IAS 2 1 miisemetsetmebnehte e aled kaput naela data va 29 4212119 210 153172 11 0 1 32 Account e eai jae dance 33 PASSWOMd TECOVEMY AEA 34 35 ADMINISTRATION CONTROL PANEL ACP 0nnnnnnnannnnnnannnnannnnanannnnanannnnannnnnnannnnana 37 E Si A ea ie 37 Description Of MENU ccc cncesscccestectepecenpeces peneenteenslsbenensgesersceee cased ndu aa t deb nak 37 FONG eea kami dU km a pu ak 37 System System setting inea aka tada ahead aata m emari kaa va 37 System TATA A A ec 40 Users LISHUSENS 15 ee A aaa 40 Users Listiuusers ct n rune peida ka 40 Users List users Edit user Traffic report 6 eeeeeereenaneenenennananenaenanaenan annae 42 Users List users Edit user Connection report 66 erteneernenannneennnnenaeenana 42 Users List users Edit user Ad
33. atassa tahaplaanile 79 LEGAL NOTE 81 DMA Softlab LLC Page 5 VERSION 4 0 RADIUS MANAGER Page 6 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 FOREWORD Radius Manager is an easy to use RADIUS and DOCSIS accounting and billing solution designed for Linux system It is based on a free stable RADIUS server FreeRadius 2 and MySQL database backend IRN OMDNOARWN gt Basic features RADIUS account support PPPoE L2tP Hotspot DOCSIS account support cable modems Traffic accounting download upload online time Prepaid and postpaid billing invoicing UNIX mailbox user synchronization Payment tracking Financial reports Prepaid card system and IAS Online payments Special features Connection Tracking System CTS Signal level monitoring wireless DOCSIS Self registration Instant Access Services IAS Support for online payment gateways e PayPal Express Checkout PayPal Website Payments Standard PayPal Website Payments Pro Netcash Authorize Net DPS Payment Express 2Checkout PayPal Express Checkout and Website Payments Standard works with premier and business accounts but PayPal Website Payments Pro requires US UK Pro or better account NAS compatibility 1 Mikrotik 2 8 Use final releases only the usage of RC release candidate versions are not recommended The supported main features are PPPoE PPtP L2tP Hotspot an
34. ay Define the daily available download traffic in MegaBytes Enter 0 if You want to disable this feature Upload quota per day Define the daily available upload traffic in MegaBytes Enter 0 if You want to disable this feature Total quota per day Define the daily available total traffic in MegaBytes Enter 0 if You want to disable this feature Time quota per day Define the daily available online time in HH MM SS format Enter 0 if You want to disable this feature Enable burst mode Check this option if You want to use the burst mode DMA Softlab LLC Page 49 VERSION 4 0 RADIUS MANAGER Burst limit DL UL Define the burst limit of download and or upload This is the peak of the traffic the user can achieve Burst limit is always greater or equal than the nominal data rate Burst threshold DL UL Define the threshold of download and or upload If the user overloads this limit after a predefined time the limitation will begin and the actual higher data rate will be set to the nominal value defined in Set data rates Normally use higher burst limit than nominal data rates Burst time DL UL Define the timeout after the limitation will begin if the client overloads the defined threshold limits Experiment with this value some Mikrotik versions don t interpret it properly Test the timeout and if needed add a correctional value to it Priority Define the priority of packets in dynamic queue
35. bps Next service change date nfa Scheduled service name nfa Limits and quotas DMA Softlab LLC User user Date 2012 02 10 Version 4 0 0 First name John Available download 2 6 GB Last name Smith Available upload Address West road 1343 Available total traffic City Tampa Available online time ZIP 32434 Account expiry Country United States Today s download quota State California Today s upload quota Phone 4912546865 Today s total quota Mobile number 123456 Today s time quota Email viktork localhost Company R amp C company VAT id eC 9 WiFi details Used AP RT 01 NOC Signal level 55 dBm SNR nfa cca nfa no limit no limit no limit never 8 8 nfa nja O Edit personal data Logout Page 25 VERSION 4 0 RADIUS MANAGER The user will be asked for the user name and password For new installation the default user name password combination is user 1111 If the login was successful the UCP home screen will appear The users can access various system functions clicking the appropriate hyperlink The main screen contains an account data overview of logged user These data are grouped in the following categories General information Personal data Service data Limits and quotas WiFi details IRUN Using the menu options the user can list the invoices overview the traffic data enter refill card numbers purchase services and define the type of the serv
36. can overview the account information change services purchase credits and can do other common tasks The main advantages of this method are 1 Register users without administrators 2 The users can purchase credits online using the available payment gateways The new user registration URL or Radius Manager host IP has to be put in the walled garden on the Hotspot server to allow access to the self registration form for unauthenticated users The URL of new user registration page is http yourhost radiusmanager reg php Account verification Radius Manager self registration system has an advanced security measurement account verification by SMS or by other user definable method definable in api php The default Radius Manager setup calls the Clickatell com HTTP to SMS gateway to send the verification code to the user s mobile phone While user doesn t enter the correct verification code in UCP he she can t use the Internet PPP Hotspot login is disabled The feature is configurable from ACP system settings See the Radius Manager installation manual for more information about api php DMA Softlab LLC Page 33 VERSION 4 0 RADIUS MANAGER Password recovery Radius Manager offers automatized password recovery function for users It can send the verification code to email address or in SMS The URL of the password recovery function is http yourhost radiusmanager passwd php Any registered user can use the URL
37. ccounting functions You have to complete the following tasks to set up the basic RADIUS authentication and accounting functions Define a NAS Define a service Register a new account Assign service to user as OHNE Defining the NAS is the first step You have to do to be able to accept RADIUS requests from the NAS Use the function NAS New NAS to begin this operation 1 Define the NAS name IP address NAS type shared secret and NAS password for StarOS only Radius Manager 3 8 automatically manages the raddb clients conf file After updating any NAS in the system restarting of FreeRadius server is required It can be done from Unix shell or directly in the ACP Tools menu Click Add NAS button to store the newly defined NAS in the system Be sure You have selected the correct NAS type 2 The next step is to define the service billing plan To do it select option Services New service Enter the name of the service For the most simple service use the following parameters e Enable service checked e Type of the service Prepaid regular e Set data rate 512 128 It defines a simple prepaid service with data rate limitation enabled download bandwidth 512 kbps upload bandwidth 128 kbps without any traffic limits consumed MegaBytes Click the Store service button to save the service data 3 To register a new user select option Users New user The required data are User name define the name of the user Enable use
38. ckbox to enable or disable the current service Disabled services cannot be assigned to users Available in UCP Enable listing of service in UCP Type of service prepaid regular prepaid card or IAS postpaid email access list entry Define the service type Prepaid regular services can be assigned to prepaid regular users only Prepaid card services or IAS services can be assigned to classic prepaid cards and IAS templates only Postpaid services can be assigned to postpaid users only Email accounts cannot log on to NAS they can use their UNIX mailbox only Access list entries are used with Mikrotik and StarOS to allow specific CPE to connect Limit download Bytes Enable the capping of download traffic Limit upload Bytes Enable the capping of upload traffic Limit total traffic Enable the capping of total download upload traffic Limit expiration Enable the expiration date capping Limit online time Enable the online time capping You can create classic dial up services with predefined available online time Set data rates DL UL Define the download and upload data rates in kbps 0 means no data rate limitation is enabled Cisco policy map DL Set the name of the download policy map defined in Cisco Compatible with Cisco policy map feature Cisco policy map UL Set the name of the upload policy map defined in Cisco Compatible with Cisco policy map feature Download quota per d
39. d Wireless Access List authentication 2 Chillispot running on Linux or on various DD WRT devices You can download a tested version from our download portal 3 StarOS v2 or v3 server Supported features are complete PPPoE and limited RADIUS Wireless Access List support 4 Cisco NAS with correct IOS version VPDN and Virtual template support is necessary to accept RADIUS authenticated PPPoE PPtP and L2tP connections 5 pfSense Hotspot server CMTS compatibility Both route and bridge mode CMTSs are supported A partial list of supported CMTSs are DMA Softlab LLC Page 7 VERSION 4 0 RADIUS MANAGER e Route mode Motorola BSR series Cisco UBR series etc e Bridge mode Arris series etc Please note this is not a CMTS configuration manual You can find the CMTS configuration details in the manual which was shipped with your CMTS The manual consists of two global parts 1 General description 2 Reference manual To achieve the best results with Radius Manager billing system we strongly recommend to read this user manual entirely Page 8 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 GENERAL DESCRIPTION Radius Manager consists of two main WEB interfaces 1 ACP Administration Control Panel 2 UCP User Control Panel There are more interfaces available in the system 1 New user registration self register 2 Purchase Instant Access Service IAS 3 Password recovery ACP is used by system administrators
40. d credits a ir indinin 42 Users List users Edit user Add dep sito a a ATi 43 Users List users Edit user Postpaid 43 DMA Softlab LLC Page 3 VERSION 4 0 RADIUS MANAGER Users Listusers Editiuser List INVOICES 154110444 nea diate aar eha mia ad 43 Users List users Edit user Change 5 44 Users List users Edit user Service history 0 0 0 eee aangee 44 Wsers Listiusers Editiuser DISCOMMECE 14 45 4455 1000 t dne vihtaatid esta ee hetmaniks e Ma 44 Users List users Edituser Delete user 1 0 00etnnneneentmeneet 44 Users FING USCIS rikete aada aad 44 NOW USC e 46 TASANE MULT e 48 Users NEW USER QROUP E oiai ae A aaaeei 48 Users Edit USER GFOUP 1 11051414 eave can dE m lu dk kaa aated 48 Services na et ae Gani ela 48 Services List services Edit service rnnmesemrnmemra 49 Services Edit service Special accounting periods editor n se 52 Services Edit service Special bandwidth periods editor
41. ddress City Enter the city ZIP Enter the ZIP code Country Select a country State Select a state Phone number Enter the phone number Mobile number Enter the mobile number DMA Softlab LLC Page 57 VERSION 4 0 RADIUS MANAGER Email Enter the email address VAT ID Enter the tax identifier Comment An optional comment Permissions e List users Manager can list users e Register users Manager can register new users e Edit users Manager can edit basic user data name address etc e Edit privileged user data Allow editing the privileged fields credits static IP e Delete users Manager can delete users e List managers Manager can list managers e Register managers Manager can register new managers e Edit managers Manager can edit managers Delete managers Manager can delete managers e List services Manager can list services e Register services Manager can register new services e Edit services Manager can edit services e Delete services Manager can delete services e Billing functions Manager can generate invoices e Allow negative balance Manager can add prepaid credits if his account is in negative e Allow discount prices Manager can freely form the price of service offer discount e Enable write off Enable the write off function enter negative amounts in Add credits form e Access invoices
42. dds time or calculates the new Page 16 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 expiration when adding credits for the user e Reset online time or expiration date If You select this option the time will be added to the current time It is useful for monthly accounts when You add 1 month to the current date Prolong time or expiration date It is mainly used by dial up like accounts and services when a user purchases hours The hours will be added to the remaining hours For example he has bought 10 hours in the past and left him 2 hours When he buys again 10 hours he will have totally 12 hours available e Prolong expiration date with correction Additional mode with exception if the date is in the past the new expiry will be added to the current date instead of the original date Define the traffic addition mode e Reset traffic counters When You add credits the system will reset the currently available Bytes It is useful for monthly traffic limited accounts For example the user has 1 GB month combined plan and the account expired date but he has 100 MB remaining traffic When he next time buys Internet his 100 MB will be lost and gets again 1GB month service subscription e Additive New traffic will be added to the remaining traffic Now define the credit addition units e Expiration date unit Define the date unit when adding credits days or months e Online time unit Define the time unit
43. defined Valid till Define the expiration date of the card series e Classic prepaid cards if the service has expiration date capping the card cannot be used after the specified date e Refill cards the expired card cannot be used for refilling credits after the predefined date PIN length The length of generated PIN codes Password length The length of generated passwords Only Classic prepaid cards have password Blank passwords are also allowed but not recommended Requires verification Enable this if You want to force users to verify their identity via SMS code Associated service Define the service name to be associated with the new card series For classic prepaid cards only Download limit Define the available download traffic in MegaBytes For classic prepaid cards only Upload limit Define the available upload traffic in MegaBytes Total limit Define the available total traffic in MegaBytes For classic prepaid cards only Online time limit Define the available online time in hours For classic prepaid cards only Expiration Select the expiration date time mode e Defined by valid till cards will be usable up to date which is defined in Valid till field e Calculated from card activation Define the available time in Available time from card activation field Select this if You want to sell cards with 24 hour Internet access calculated from the card activation Available time f
44. e MAC address iS XX XX XX XX XX XX MAC address CPE Search for the MAC address of the user not MAC Hotspot users if You want to find a MAC Hotspot user use the User name or MAC field instead The correct format of the MAC address is XX XX XX XX XX XX Static CPE IP Search for static CPE IP address First name Search for first name of user Last family name Search for last name of user Company name Search for company name Address Search for postal address City Search for city ZIP Search for ZIP code Country Select a country State Select a state Phone number Search for phone number Mobile number Search for mobile number Email Enter the email address You are looking for Contract ID Search for contract identification code Comment Search for comments Edit user DMA Softlab LLC Page 45 VERSION 4 0 RADIUS MANAGER User name MAC PIN You can access the user edit screen directly of the entered regular Hotspot MAC or prepaid card PIN user Users New user Register a new account The parameters are User name or MAC address Define the user name of regular user or a MAC address of Hotspot MAC authenticated user Mikrotik accepts MAC addresses in the form while StarOS requires form The allowed characters are defined in system_cfg php Enabled Define a status of the newly register
45. e change Users List users Edit user Disconnect Logs out the current user from the NAS if POD is configured properly or restart the DOCSIS compatible cable modem Users List users Edit user Delete user With this option You can delete the current user from the database Users Find users On this screen You can define the filtering criteria of list user s view and initiate a direct user edit e Filter parameters User name or MAC Enter the name of the user You can search for all supported account types Account type Regular Hotspot MAC DOCSIS classic prepaid card instant access service Mikrotik access list StarOS access list Select the type of the account You want to include in the user list Page 44 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 Service type any prepaid postpaid email access list entry Select the type of the service You want to include in the user list Account status any active expired enabled disabled Select the status of the accounts You are seeking for Usage information any used unused Display all or only those users who have or don t have accounting info available in the system Group List only those users who belong to the selected group Owner Search by account owner Service name List only those users who use the selected service MAC address CM Search for the MAC address of cable modem The correct format of th
46. e next daily service It gets activated if the user has no more available daily quota Ignore static IP Do not use the CPE static IP defined in edit user dialog Custom RADIUS attributes Allows entering user definable RADIUS attributes The system will send these attributes to NAS in Access accept messages Generate TFTP boot file Generate the DOCSIS compliant TFTP boot file automatically The TFTP file template is located in the config directory Advanced CM configuration Define a source code of custom TFTP boot file Allowed NASs Select the NAS devices where this service is available Available for managers Select the managers who can use this service e Price definitions Postpaid price calculation downloaded traffic uploaded traffic online time Define which traffic or time is used in the price calculation Monthly account Defines the account monthly It is required for auto renew Auto renew Select this checkbox to enable renewing the accounts automatically by the system Postpaid monthly accounts are renewed on the specific day in the month The day is selectable in ACP System settings Prepaid monthly accounts are checked daily once and they get renewed if required They have to hold enough deposit to cover the renew fee Reset counters if date expired If the account s date is expired and credits were added reset the traffic counters to zero before adding the new credits Enable
47. e time limit The available online time of the IAS in hours Expiration Defined by expiration date Calculated from account activation Select the IAS expiration method Available time from account activation Defines the available time calculated from the IAS activation from first use Simultaneous use Define how many concurrent connections are allowed for a certain IAS account For regular use enter 1 If You are using pfSense enter 2 otherwise the reauthentication feature will not function properly Reports Online users Use this function to display the online users list Possible actions are Page 68 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 Disconnect users Use this function to remotely disconnect the selected users from a NAS Close sessions Closes the selected session s without disconnecting the user s Reports Registered cable modems List the registered cable modems in all CMTSs This list is updated in every 5 minutes see the cron job Reports Traffic report You can check the all time traffic report for all users Reports Find traffic data Filter the traffic data by parameters User name Define the user name whose traffic data is important for You Framed IP address You can also search for the IP address which was assigned to a certain user Calling station ID Search for user s MAC address Use selected interval Turn this option on to use the specified in
48. e to increase the amount of the deposited money and purchase services in the UCP Setting up the card services To generate classic prepaid cards You have to define the card service For refill cards the service definition isn t required Select option Service New service You can also use the predefined card services Set checkbox Prepaid card or IAS and set Time limit mode to Limit expiration With these options You create a card service which has predefined expiration date The method of using the expiration date will be defined on the card generating screen Classic prepaid cards always have caps online time expiration available traffic or combination of them When a card expires it cannot be used anymore Users have to purchase new card to use the Internet service again Define additional options if required bandwidth daily quota burst mode etc Leave the price definitions unchanged use zero values Store data and continue the card generation procedure Generating cards Select option Card system Generate cards in ACP to generate various card series On this screen define the following parameters to create the card series successfully DMA Softlab LLC Page 21 VERSION 4 0 RADIUS MANAGER Card type Classic prepaid or Refill card Quantity Enter the amount of cards You want to generate Gross card value It is the printed value on the card You sell the card for this value It includes taxes if they are
49. eckbox to manually switch the account into verified state Warning sent Account expiry warning was emailed to the user Password Enter the new password The allowed characters are defined in system_cfg php Confirm password Reenter the same password Change password Select the checkbox to allow entering new password MAC address of CM Define the MAC address of cable modem Required by DOCSIS accounts IP address mode CM IP pool static IP Select the used IP address mode of cable modem IP pool mode assigns a free IP to CM automatically while in Static IP mode You can enter a unused IP address manually which will be assigned to the CM MAC address of CPE Define the MAC address of the user s LAN or WLAN card CPE This option gives You an extra authenticity verification When enabled the system will check the user name the password and the MAC address of the CPE upon login Be sure to enter the correct MAC address of CPE if You enable this option Page 40 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 It is necessary to fill this field if You want to assign a static IP to a DOCSIS CPE Some WLAN devices depending on the configuration see MAC cloning will not emit the real MAC address of the WLAN card You have to configure the CPE properly in order to use this feature Allow this MAC only Enable or disable the MAC address checking IP address mode CPE NAS pool or DHCP IP pool static IP Define
50. ed user Account type Regular Hotspot MAC DOCSIS Mikrotik ACL StarOS ACL Define the type of the new user There are several types of users in Radius Manager e Regular users have both username and password e Hotspot MAC users have only user name in fact it is the MAC address of the LAN WLAN card The Mikrotik Hotspot system will automatically log on these Hotspot MAC users without requesting the user name password e DOCSIS is used by DOCSIS compliant cable modems e Mikrotik ACL is used to allow the connection of specific WLAN CPE using a Mikrotik AP e StarOS ACL is used to allow the connection of specific WLAN CPE using StarOS AP Password Enter the new password The allowed characters are defined in system_cfg php Confirm password Reenter the same password Change password Select the checkbox to allow entering new password MAC address of CM Define the MAC address of cable modem Required by DOCSIS accounts IP address mode CM IP pool static IP Select the used IP address mode of cable modem IP pool mode assigns a free IP to CM automatically while in Static IP mode You can enter a unused IP address manually which will be assigned to the CM MAC address of CPE Define the MAC address of the user s LAN or WLAN card CPE This option gives You an extra authenticity verification When enabled the system will check the user name the password and the MAC address of the CPE upon login Be sure
51. er can log on to the system even if he has no more available MegaBytes In this case the next service will be used The Next master service can define lower shared bandwidth or anything else You need After entering the basic parameters the price definition follows You have to define the price parameters precisely if You want to use Radius Manager for creating invoices and use it for precise financial accounting The first thing to define is the price calculation method of postpaid users If the current service is not postpaid do not check the following checkboxes You can also combine the various calculation methods e Downloaded traffic The price of the downloaded traffic will be added to the total price when creating postpaid invoice e Uploaded traffic The price of the uploaded traffic will be added to the total price when creating postpaid invoice e Online time The price of the used online time will be added to the total price when creating postpaid invoice If the account is monthly set the monthly checkbox Monthly accounts has the most complicated service type They are based on one month and can combine upload download or total traffic limits If the user reaches one of these limits the account will expire Enable auto renew option to renew the accounts automatically Postpaid accounts will be renewed on a fixed day in each month see ACP system settings while prepaid accounts on the day when they expire i
52. f the service Service name The associated service Download limit The download limit of the IAS in MegaBytes Upload limit The upload limit of the IAS in MegaBytes Total limit The total limit of the IAS in MegaBytes DMA Softlab LLC Page 67 VERSION 4 0 RADIUS MANAGER Expiration The predefined expiration date fixed date of the IAS Online time limit The available online time of the IAS in hours Expiration Defined by expiration date Calculated from account activation Select the IAS expiration method Available time from account activation Defines the available time calculated from the IAS activation from first use Simultaneous use Define how many concurrent connections are allowed for a certain IAS account For regular use enter 1 If You are using pfSense enter 2 otherwise the reauthentication feature will not function properly IAS New IAS template Define new IAS template The fields are Instant access service name Define the name of the Instant Access Service template Enable IAS Enable or disable the IAS in purchase IAS list Price The gross price of the service Service name The associated service Download limit The download limit of the IAS in MegaBytes Upload limit The upload limit of the IAS in MegaBytes Total limit The total limit of the IAS in MegaBytes Expiration The predefined expiration date fixed date of the IAS Onlin
53. f the service So if the service is a monthly service You have to enter 1 to purchase a one month prepaid Internet service The user can purchase additional MegaBytes if the current month is not expired yet but all available prepaid traffic is consumed The system will handle these transactions automatically and displays a message about the actual mode upon purchasing credits Account verification Self registered and card accounts can be forced to verify their identity entering a secret code in UCP sent in SMS The function is configurable in ACP System settings and in prepaid card generator module If a unverified account logs to the UCP a verification link appears beside the account status Click on this link to initiate the account verification procedure DMA Softlab LLC Page 27 VERSION 4 0 RADIUS MANAGER Hints for setting up the UCP It is recommended to grant access to UCP for unauthenticated users It is useful if the users have no more credits available and cannot connect to the system via Hotspot or PPP We will describe a method which is easy to realize 1 Register a account in ACP which never expires for example username info password info 2 Create service info with predefined IP pool pool name pool info without capping 3 Assign this service to info account 4 Define the firewall in your router to allow the pool info to access only the Radius Manager server and block the Internet access for those addresse
54. f they have enough deposit available which covers the renewal cost In a same time an email will be sent for all renewed users There is one more special option used by the monthly service enable additional credits It is used in combined monthly services For example You sell 1 GB month When a user reaches the traffic limit in the middle of the month consumes 1 GB the accounts gets expired The user can purchase additional MegaBytes while the original expiration date will remain unchanged Reset counters if date expired is a special option It is useful if You have date capped service with traffic capping enabled combined monthly service Using this option when You add credits and the account expiry date has been reached the system will reset the remaining credits of the user It is useful in situations when You sell for example 10 GB for 3 months If all 3 months have been passed and the user hasn t used all his 10 GB next time when he will buy credits he will get again 10 GB and the new expiration date will be calculated from the date of the new purchase Define the net unit price for the service For example You sell 1 MB of traffic for 0 1 Define the net price of 0 1 The system will automatically calculate the gross price and the tax for the unit In a same manner define the price of the additional units It is used by monthly services only with additional credits enabled The time and date addition modes describe how the system a
55. ffic This isn t limited anymore by the end of the month If You need to add multiple months at once turn off the Monthly account checkbox and set Limit expiration checkbox Set the Time addition mode to Additive Now You can add prolong the subscription with any number of months The Time unit has to be 1 month With this setup You can add multiple months at once If You combine this service with traffic limits depending on the setup the traffic will be added to the remaining value or added to zero Page 18 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 Usual problem is when a user forgets to purchase a new monthly subscription and his service is expired In our example administrators cannot add new monthly service before the october 13 only after the service has been expired But what to do in a period from 00 00 hours to normal working hours when the office is open and users can purchase again a new monthly service The solution is the Money deposit system Managers can enter deposit for any account Users can purchase additional credits for their deposited money using the UCP any time They can renew their monthly service when the current monthly service has been expired In our example the new monthly service can be bought after 00 00 hours on october 13 Automatic renewal is also available for prepaid accounts The account going to renew has to hold enough deposit which covers the monthly service fee The system handles these subscri
56. fine the payment mode cash or bank transfer the gross price the remark text which will be displayed on the invoice form and the comment it will not printed on the invoice form A negative amount can be used to write off incorrect invoices When the payment is confirmed You can print the invoice from your WEB browser Users List users Edit user Postpaid billing Postpaid billing is semi automated function for generating postpaid monthly invoices the period is definable freely usage of one month at once is strongly recommended The following postpaid billing methods are supported 1 Traffic based billing simple MegaBytes The price is calculated using the download upload or total traffic The parameters of price calculation are defined in the service definition 2 Online time based billing classic dial up The price is calculated based on used online time The parameters of price calculation are defined in the service definition 3 Monthly billing The price calculation formula is price monthly fixed fee added traffic The parameters of price calculation are defined in the service definition First You have to define the billing period from and to date defaults are the last month Clicking Next will open a confirmation screen where You can define the payment method the item description which will be printed on the invoice edit the calculated net and gross price if it is not correct the price depends on many
57. g on they can use their UNIX mailbox only Access list entries are used with Mikrotik and StarOS to allow specific CPE to connect DMA Softlab LLC Page 53 VERSION 4 0 RADIUS MANAGER Limit download Bytes Enable the capping of download traffic Limit upload Bytes Enable the capping of upload traffic Limit total traffic Enable the capping of total download upload traffic Limit expiration Enable the expiration date capping Limit online time Enable the online time capping You can create classic dial up services with predefined available online time Set data rates DL UL Define the download and upload data rate in kbps 0 no limit Cisco policy map DL Set the name of the download policy map defined in Cisco Compatible with Cisco policy map feature Cisco policy map UL Set the name of the upload policy map defined in Cisco Compatible with Cisco policy map feature Download quota per day Define the daily available download traffic in MegaBytes Enter 0 if You want to disable this feature Upload quota per day Define the daily available upload traffic in MegaBytes Enter 0 if You want to disable this feature Total quota per day Define the daily available total traffic in MegaBytes Enter 0 if You want to disable this feature Time quota per day Define the daily available online time in HH MM SS format Enter 0 if You want to disable this feature Enable burst mode
58. he traffic the user can achieve Burst limit is always greater or equal than the nominal data rate e Burst threshold DL UL Define the threshold of download and upload If the user uses higher data rate than this value after a predefined time the data rate will be reduced to the nominal level see Set data rates e Burst time DL UL Define the timeout in seconds after the data rate will drop if the client uses higher data rate than the nominal Experiment with this value Some Mikrotik versions don t interpret the value properly Measure the time more times and add correction factor to it e Priority Define the priority of simple dynamic queue In the service You can also enter the IP pool name from which the user gets the IP address Enter the pool name which already exists in Mikrotik If the pool doesn t exist in Mikrotik the user will not be able to auhenticate no IP address will be assigned The Next master service dropdown list is used to select the service which is activated when current service limits have been reached DMA Softlab LLC Page 15 VERSION 4 0 RADIUS MANAGER Next daily service is activated when the daily quota is exceeded The next service is useful in certain situations Example The user has a combined monthly service 1 GB month and You don t want to disable the user in a middle of the month if he reaches the traffic limits If You select the Next master service the us
59. he remaining value Expiration date unit days months Define the amount of one date unit days or months Online time unit minutes hours Define the amount of one time unit Download traffic unit Define the amount of one download traffic unit Upload traffic unit Define the amount of one upload traffic unit Total traffic unit Define the amount of one total download upload traffic unit Initial expiration date Define the initial expiration Applicable for self registered users only Initial online time amount Define the initial online time of self registered users Applicable for self registered users and for auto renewal Initial download traffic amount Define the initial download traffic of self registered users Applicable for self registered users and for auto renewal Initial upload traffic amount Define the initial upload traffic of self registered users Applicable for self registered users and for auto renewal Initial total traffic amount Define the initial total traffic of self registered user Applicable for self registered users and for auto renewal Minimal base amount Define the minimal base amount which users can purchase Additional traffic unit Define the additional traffic unit in MB Minimal additional amount Define the minimal additional amount which users can purchase Services Scheduled changes Use this function to list the scheduled service changes
60. ice to use Editing personal data Use option Edit personal data to edit the logged on user s personal data if the function is enabled in ACP System settings Examining the traffic report To track the used traffic and time use the option Traffic report in UCP With the help of this function the user has overview to his yearly monthly and daily traffic consumption He can see all his logins logouts used time per session uploaded downloaded and total traffic usage In detailed traffic report he can also examine the MAC address of the CPE and the assigned IP addresses Listing the invoices To track the payments use option List invoices It will list all payments of the current user the invoice numbers the date of payments the added traffic and time The users will also has an overview to his financial standing internal credits he can track the credit refills and the actual balance Using refill cards Refill cards are used to increase the user s internal money deposit The available deposit is displayed in the General information group If the users wants to increase his available deposit he has to select Redeem voucher option and enter the correct refill card PIN code By default the user has 3 tries until the account gets locked and only managers can unlock it When the correct PIN code was entered the main UCP screen will reflect the new deposit immediately Page 26 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 The
61. ikroTikls corporation FreeRadius is copyright C 2000 2012 The FreeRADIUS server project Licensed under GPL Chillispot is copyright 2002 2005 Mondru AB Licensed under GPL StarOS is a trademark of Valemount Networks Corporation MySql is released under the GNU General Public License Cisco is a trademark of Cisco Systems Inc DMA Softlab LLC Page 81
62. in radiusmanager cfg VAT ID Tax identifier Service Select the associated service of user Download limit The available download Bytes of the user Upload limit The available upload Bytes of the user Total limit The available total Bytes DL UL of the user DMA Softlab LLC Page 41 VERSION 4 0 RADIUS MANAGER Account expiry The expiration date of the user in a form YYYY MM DD Available online time The available online time of the user in a form HH MM SS Deposit The available money deposit of the user Contract ID You can use this field for storing the contract identification code Geolocation lat long Enter the GPS coordinates of the user It is required by law in certain countries to store a such data Comment An optional comment User group Select a group of the user Account owner Select the owner of the account Password activation SMS sent How many times the user tried to retrieve his forgotten password Account verification SMS sent How many times was the verification code sent to user Wrong verification code entered This counter increases every time when a user enters a wrong verification code Wrong refill card PIN entered This counter increases every time when a user enters a wrong PIN code to refill his account Custom RADIUS attributes Define extra RADIUS attributes which are sent in successful authentication responses Users
63. in series select and deselect all card series The permitted operations with selected series are Revoke series Use this function to disable the selected series Activate series Use this function to enable the selected series Delete series Use this function to delete the selected series WARNING Deleting of cards is not recommended If You delete a card from the system Radius Manager will know nothing about it when You generate later a new series and it can generate the same PIN code again Pay attention to this Use the Revoke series instead of deleting the cards Card system List calssic prepaid cards DMA Softlab LLC Page 65 VERSION 4 0 RADIUS MANAGER List the classic prepaid cards registered in the system Card system List refill cards List the available refill cards Card system Find refill cards Find refill cards using the following parameters PIN Enter the PIN code of refill card You are looking form Series Enter the series of refill card You are looking form Activated by Enter the name of the user to list all cards he activated Activated on Enter the date of activation Status any active expired revoked Select the status of the cards to list Card system Generate cards Use this function to generate scratch cards The parameters are Card type classic prepaid refill There are two card types available 1 Classic prepaid cards They define traffic and
64. in the specified year Be sure to cumulate only past years and not the current Cumulating the accounting data will delete the detailed accounting information from the radacct table and creates one accounting entry for every user in the predefined period The decreased number of accounting information will speed up the system and reduce the database size WARNING Always create a full database backup before You begin any database maintenance Deleting the old accounting data You can use the supplied delo dyears sq script to delete the old accounting data from the RADIUS database The accounting data is stored in the radacct table The steps of deleting particular year s accounting data are 1 Define the correct year in deloldyears sql script 2 Execute the deloldyears sq script using mysql command line client In the example above the MySQL user name is radius and the password is radius123 Be sure to use no space between the p flag and password DMA Softlab LLC Page 79 VERSION 4 0 RADIUS MANAGER Deletion the old accounting data will speed up the system and reduce the database size dramatically WARNING Always back up the COMPLETE DATABASE before You begin a database maintenance Page 80 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 LEGAL NOTE Radius Manager software and trade mark are copyright 2004 2012 DMA Softlab LLC ionCube is copyright 2002 2012 ionCube Ltd MikroTik is a registered trademark of M
65. it the available total traffic of the user When the limit is reached the account disconnects automatically Define the time limits of the account Limit expiration This is classic date based limitation You can define the expiration date of the account Limit online time Select this cap if You want to create classic dial up like service It limits the available online time of the user for example 10 hours Internet etc Define the data rate of service Set the download and upload data rates in kbps Enter 0 if You don t want to limit the bandwidth at all For Cisco You can define the policy maps here if your Cisco doesn t support rate limit directive Daily quotas are also supported It is the daily available traffic or time of the user They work even if download upload is not capped To enable daily quotas enter a number larger than 0 Download quota per day Define the daily available download traffic in Bytes Upload quota per day Define the daily available upload traffic in Bytes Total quota per day Define the daily available total traffic in Bytes Time quota per day Define the daily available time in format HH MM SS You can also configure the burst mode Mikrotik in the service definition To enable the burst mode check Enable burst mode It will enable the numeric fields to enter the parameters e Burst limit DL UL Define the burst limit of download and upload This is the peak of t
66. king for To invoice number Specify the ending number of invoice You are looking for Payment gateway transaction ID Online payment transaction ID Issued by Enter the name of the account who has created the invoice Issued to Enter the name of the account for whom the invoice was issued Account owner Filter by account owner Comment Search for comment Type all transactions only invoices Select which records to display Transaction of users managers List transactions of users and managers resellers Payment type cash bank transfer internal transfer credit refill with card PayPal Website Payments Standard PayPal Website Payments Pro PayPal Express Checkout Netcash Authorize Net DPS Payment Express 2Checkout Set the filter of the payment method When listing the transactions You can display and print a certain invoice clicking the icon in the Action column Click on the invoice number to edit the invoice The available fields are Payment completed on Enter the date when the money transfer has been realized It is used to disconnect the users automatically due to unpaid invoices if the option is enabled in System settings menu See also the grace period Comment An internal comment of invoice Financials Generate postpaid invoices This is a classic batch billing function for postpaid accounts With the help of this You can generate and print thousands of
67. lab LLC Page 17 VERSION 4 0 RADIUS MANAGER Example services In this chapter You can find details about the most widely used services included in default installation They are e Prepaid It is a standard prepaid service The user pays for the Internet service in advance and he can use the Internet while he has enough MegaBytes available When the user consumes all the available traffic he will get disconnected from the system and can t reconnect while he hasn t prolonged the subscription purchased MegaBytes You can define the traffic limitations in any combination download only upload only both or total traffic In this service definition the Traffic add mode is Additive and the Combined traffic unit is 1 MB You can define the Minimal amount of MegaBytes the users can purchase at once In our example itis 1 MB You can increase the Minimal amount to be 10 MB or 50 MB or any value You like e Prepaid online time This service limits the available online time of the user It is a classic prepaid dial up tariff plan the user pays in advance for the available time The Limit online time checkbox is set in the service definition When the user has no more time available he will get disconnected automatically and can t reconnect while he hasn t purchased additional time The Time addition mode is set to Prolong online time The Time unit is 1 hour The Minimal amount is 1 hour e Prepaid monthly This plan defines a monthl
68. lete regular UNIX accounts in sync with RADIUS users This feature is useful if You want to control your UNIX account based email server by Radius Manager sendmail postfix etc UNIX account disk quota management If checked the disk quota will be set automatically for newly registered UNIX users prerequisites are to allow disk quotas on the file system and create a disk quota template UNIX user This option is very useful for mail accounts with limited disk usage Disk quota UNIX template user Define the name of the UNIX disk quota template user Synchronize UNIX account on Localhost Remote host using RSH Define the method of reaching the host You want to synchronize Remote UNIX host The IP address of the host to synchronize Notifications Notify manager upon self registration email When enabled notification emails are sent to the system administrator indicating new user registration Welcome message email Controls sending welcome emails to newly registered users Welcome message SMS Controls sending welcome SMS to newly registered users New service activated email Controls sending emails to when a new service is activated Account renewal email Controls sending emails when an account is renewed Account expiry email Controls sending emails to users indicating their account is going to expire Warning level fixed value percentage Select which warning level to use D
69. ly name Enter the family name Company name Enter the name of the company if applicable Address Enter the postal address City Enter the city ZIP Enter the ZIP code Country Select a country State Select a state Phone number Enter the phone number Mobile number Enter the mobile number Email Enter the email address VAT ID Enter the tax identifier Comment An optional comment Permissions List users Manager can list users Register users Manager can register new users Edit users Manager can edit basic user data name address etc Edit privileged user data Allow editing the privileged fields credits static IP Delete users Manager can delete users e List managers Manager can list managers DMA Softlab LLC Page 59 VERSION 4 0 RADIUS MANAGER e Register managers Manager can register new managers e Edit managers Manager can edit managers Delete managers Manager can delete managers List services Manager can list services Register services Manager can register new services Edit services Manager can edit services Delete services Manager can delete services Billing functions Manager can generate invoices Allow negative balance Manager can add prepaid credits if his account is in negative Allow discount prices Manager can freely form the price of service offer discount Enable write off
70. manager user php Description of menu functions Home Navigate to the home page Users can get overview of account data Traffic report Users can check their traffic report in a well organized form List invoices Users can access their invoices stored in the system Change password With the help of this function users can change their passwords themselves They have to enter the old password for verification and the new password two times to complete the operation Redeem voucher With this function users can enter the refill card s PIN code to increase the internal deposit After three unsuccessful tries the system will disable the function Purchase service The user can purchase service using his internal deposit or any other payment system available Clicking the Purchase service link the system shows the current service data The user has to enter the amount of units he wants to purchase The system checks for the available credits and notifies the user about a successful or unsuccessful transaction DMA Softlab LLC Page 73 VERSION 4 0 RADIUS MANAGER Monthly combined accounts are special only one month can be added at once If a monthly combined account is not yet expired date user can purchase additional MegaBytes on a special price Negative amount cannot be entered Change service Users can choose which prepaid service to use They can select the appropriate service form the list After confirmation the s
71. or online time limits Users can log on to the system using the card s PIN code and password 2 Refill cards They hold a value only With these cards users cannot log on to the system They are used to refill registered accounts in UCP Quantity The number of cards to generate Be sure to enter an amount what your system can handle easily On fast server You can generate millions of cards in one step without getting a PHP script execution timeout error Gross card value Enter the value of card with tax included You sell the card for this value Valid till Enter the date of expiration of the card in form YYYY MM DD After the predefined date nobody can use these cards PIN length The length of generated PIN codes are definable for each series Password length The length of generated passwords are definable for each series Only Classic prepaid cards can have password Blank passwords are also allowed but not recommended Requires verification Enable this if the generated cards have to get activated by an SMS code Associated service Select the service used by classic prepaid cards Not required by refill cards Download limit Define the download limit of classic prepaid cards Not required by refill cards Page 66 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 Upload limit Define the upload limit of classic prepaid cards Not required by refill cards Total limit Define the total traffic limit of
72. ownload warning Define the remaining download MegaBytes or a percentage value when the system sends a warning email for the user Upload warning Define the remaining upload MegaBytes or a percentage value when the system sends a warning email for the user Total traffic warning Define the remaining total MegaBytes download upload or a percentage value when the system sends a warning email for the user DMA Softlab LLC Page 39 VERSION 4 0 RADIUS MANAGER Online time warning Define the remaining online time HH MM SS or a percentage value when the system sends a warning email for the user Expiry warning Define the remaining days when the system sends a warning email for the user System Logout Log out the current user Users List users Display the list of the users available in the system with limits You can select certain users select all users and clear the selection You can do the following actions with the selected users e Enable To enable accounts e Disable To disable accounts Disabled users cannot access the RADIUS controlled network and their UNIX mailboxes They can log on to the User Control Panel e Delete Delete both RADIUS and UNIX users e Disconnect Disconnect selected users or CMs You can sort the list clicking the small arrows in the header Users List users Edit user Edit a user Enable Define the status of the user Verified Select this ch
73. parameters and optionally You can enter a internal comment and remark text of invoice Users List users Edit user List invoices You can list the invoices of the current user The available invoice types are C Cash payment T Bank transfer O Online payment I Internal transfer P Prepaid card DMA Softlab LLC Page 43 VERSION 4 0 RADIUS MANAGER You can also view the balance of deposited money the remaining traffic and time of the user The total transactions are calculated on the following way TOTAL TRANSACTIONS COMPLETED TRANSACTIONS PENDING TRANSACTIONS Internal transactions are not calculated in the sum Credit refills with cards are not calculated in the sum and they are informative Users List users Edit user Change service Using this function administrators can change the service of the selected user There are 2 parameters required the new service name and the date when the service change should occur You can change the prepaid service unlimited times on a same day but only one postpaid service can be assigned daily to a certain user Users List users Edit user Service history This list is used to check the service type changes of the current user You can see the request date the user name the schedule date and the requested service name If the Status flag shows completed the service has been changed successfully You can click the cancel link to cancel a scheduled servic
74. perties of users It 15 like a user group You can assign one service to multiple accounts You need to completely understand the structure of services billing plans in Radius Manager Please read the following part carefully Select option Services New service to add a new service Define the name of the service Define the type of the service e Prepaid regular Used by prepaid regular users e Prepaid card or IAS Used by Classic Prepaid Cards and Instant Access Services IAS Refill cards don t need services e Postpaid Used by postpaid users They are billed monthly for the freely definable past period Page 14 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 e Email only When this is assigned to user he cannot log on to NAS PPP Hotspot only Unix account is created if enabled see the UNIX host synchronization for storing emails personal WEB presentations etc e Access list entry Special account types supporting Mikrotik and StarOS wireless access list Select the correct capping type if the account requires capping e Limit download Bytes Enable it if You want to limit the available download Bytes of the user When the limit is reached the account disconnects automatically Limit upload Bytes Enable it if You want to limit the available upload Bytes of the user When the limit is reached the account disconnects automatically Limit total traffic Enable it if You want to lim
75. ption renewals automatically and notifies the user in email about the renewal In our example service separate prices are defined for the base unit the price of the monthly service and for the additional MegaBytes The Time unit is 1 month while the Download traffic unit is 1000 MB Time addition mode is Reset time while Traffic add mode is Reset traffic counters The Minimal amount is 1 month e Prepaid monthly flat service with daily quota only 1 month This is a monthly service with no traffic limitation It has a validity of 1 month with limited daily usage In Prepaid monthly flat quotas the daily download limit is 100 MB while the available daily online time is 2 hours Time unit is 1 month minimal amount is 1 e Postpaid traffic A standard postpaid services The user will never gets disconnected He can use the Internet service in the whole month The administrator will create bill for the previous monthly usage in the first period of the new current month For example on december 1 5 You will create invoices for all postpaid users for the period november 1 30 Print these invoices from your browser and mail them to users Postpaid users have a grace period defined is ACP System settings to pay their invoices You will check your banking account each day for the realised payments and define the payment date in Radius Manager when a money has arrived To accomplish this use option List invoices Edit invoice The sy
76. r checked User type regular user Password enter the desired password Service select the previously added service Finally press the Add user button to store the account data Now if You select Users List users You will see the newly registered user marked with green color The green color code represents an active account You will also see the name of the service assigned to the user and the actual limits In our example there are no cappings set for the user download upload combined expiry online time so You should see n a for each capping type Now configure the PPP or Hotspot service in your Mikrotik NAS and try to log on PPPoE PPtP Hotspot the newly registered user If the login operation fails You can also try the default username and password combination user 1111 By default user user is available in every Radius Manager installations Page 12 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 If You still cannot log on try to debug the RADIUS communication enabling the FreeRadius debug mode First stop the running daemon Fedora On Debian Or use the universal method Be sure to kill the proper process In our example the PID is 32442 Now start radiusd in debug mode You have to see the following output if FreeRadius and MySql are working properly Listening on authentication address port 1812 Listening on accounting address port 1813 Listening on command file usr local var
77. r than Mikrotik API mode Mikrotik API mode supports wireless signal level CCQ and SNR The recommended selection is SNMP SNMP community Enter the SNMP community defined in the AP Required by SNMP mode only API username Enter the Mikrotik API user name Required by API mode only API password Enter the Mikrotik API password Required by API mode only Description Enter a free description AP New AP Define a new access point Enable Enable the current AP The system access enabled APs only Name Enter the name of the AP IP address Enter the IP address of the AP Access mode SNMP Mikrotik API Select the desired access mode SNMP supports wireless signal level only but it is more stable and faster than Mikrotik API mode Mikrotik API mode supports wireless signal level CCQ and SNR The recommended selection is SNMP SNMP community Enter the SNMP community defined in the AP Required by SNMP mode only API username Enter the Mikrotik API user name Required by API mode only API password Enter the Mikrotik API password Required by API mode only Description Enter a free description CMTS List CMTS List all registered CMTSs in the system CMTS Edit CMTS Edit the following parameters of the CMTS Name Enter the name of the CMTS IP address Enter the IP address of the CMTS SNMP community Enter the SNMP community defined in your CMTS Description En
78. r to log on to Mikrotik to change the bandwidth on the fly e Enter the same user name and password in ACP Edit NAS and enable the API in the same form If the API is configured properly and enabled in ACP Edit NAS form You will see the API user in Mikrotik log as he logs in and out in every 1 5 minutes depending on radiusmanager cfg The API is available in Mikrotik v 3 or newer versions only Older versions are not capable of controlling the bandwidth on the fly Restrictions of using the special bandwidth feature Do not use 1 suffix in user names when You register users in ACP otherwise the system will unable to identify the simple dynamic queues and the special bandwidth feature will not function for a such named accounts Services New service Use this option to create new service e Basic parameters Service name Define the service name Enable service Select this checkbox to enable or disable the current service Disabled services cannot be assigned to users Available in UCP Enable listing of service in UCP Type of service prepaid regular prepaid card or IAS postpaid email access list entry Define the service type Prepaid regular services can be assigned to prepaid regular users only Prepaid card services or IAS services can be assigned to classic prepaid cards and IAS templates only Postpaid services can be assigned to postpaid users only Email only accounts will not be able to lo
79. rom card activation Define the time available after the activation of the card if option Calculated from card activation has been selected Simultaneous use Allow more than one connection in a same time Useful for MB and online time limited cards PfSense always reguires Sim use 2 to allow the reauthentication to check the validity of the account regured by automatic disconnection Let s create an example classic prepaid card series We will generate cards which can be used up to 24 hours after the activation of the card and hold 300 MB of downloadable traffic The card expiration will be set to 2015 12 31 Set the following values Page 22 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 Card type Classic prepaid Quantity 5 Gross card value 10 Valid till 2015 12 31 PIN length 8 Password length 4 Requires verification no Associated service Card download limit 128k Download limit 500 MB Expiration mode Calculated from card activation Available time from card activation 24 hours Simultaneous use 1 When You have entered all parameters press the button Generate cards On the next screen You will see the overview of the parameters Rapius MANAGER System Users Services Managers HAS AP CMTS IPpools Financials Cardsystem IAS Reports Tools Prepaid card generator Classic prepaid O Refill Quantity 5 cards Gross card value usp valid till 2015 12 31 5
80. s With this setup You permit users to check their status using UCP even if they have no more available credits left You can also select the info service as next master service in all services With this step all expired accounts will be shifted automatically to pool info and the expired users will be able to access the UCP without Internet Page 28 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 ADDITIONAL FUNCTIONS Instant Access Services IAS Instant Access Services IAS are ideal for customers who don t want to register a regular account to use the Internet service for one time access IAS accounts are like prepaid cards they use PIN code as username The main advantage of IAS over the prepaid cards is the simplicity they can be purchased online directly on the Hotspot login page using CC or other supported payment methods The system currently supports the following payment gateways PayPal Express Checkout PayPal Website Payments Pro PayPal Website Payments Standard Netcash Authorize Net DPS Payment Express 2Checkout NOaARWN gt Need instant access without registration 10 hours uptime 5 00 USD 500 MB 10 00 USD 2 days 10 00 USD A typical Hotspot login screen looks like this The Hotspot login page contains the following elements DMA Softlab LLC Page 29 VERSION 4 0 RADIUS MANAGER 1 User name and password entry field 2 Link for new account registration self registration 3 Link
81. sers can register themselves in the system After a successful registration they can purchase credits select services like regular users If enabled the new user registration is accessible from the Hotspot login page and has all the regular fields required by the new user registration Rapius MANAGER Register account Language English User name 4 32 characters Password 4 32 characters Confirm password 4 32 characters First name Last family name Address City ZIP Country x State or province v Phone number Numbers only Example 496548156875 Mobile number Numbers only Example 495427436785 Email address VAT id Initial prepaid service Prepaid expiration amp online time Fields are mandatory ATTENTION PLEASE READ THESE TERMS CAREFULLY BEFORE USING a THIS WEBSITE BY USING THIS SITE YOU AGREE TO BE BOUND BY THESE TERMS AND CONDITIONS IF YOU DO NOT ACCEPT THESE TERMS TERNS DO NOT USE THIS WEBSITE 5 C 1 accept the Terms amp Conditions Register account Date 2012 02 10 Version 4 0 0 When a user enters all the required information and they are accepted by the system he will be redirected to the User Control Panel login page Page 32 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 In UCP he
82. stem checks the issued postpaid invoices each day If the grace period is expired and the user hasn t paid the service fee the account will get disabled To create a postpaid service select Postpaid mode and disable traffic and time limitations Set the bandwidth freely Select the Price calculation method to fit your requirements In our example it is Download traffic When creating invoices the system will add the price of the downloaded MegaBytes to the total price You can also add the price of the uploaded traffic the used hours or combine all the available methods for example 100 MB download 10 00 10 MB upload 1 00 11 00 total Every fractional MegaByte 0 1 MB etc is calculated as one whole MegaByte It is important to define postpaid service prices precisely otherwise You will generate incorrect invoices e Postpaid online time Postpaid hours are like postpaid MegaBytes but the consumed online time is used for calculating the total price If the user has spent 30 hours online in the previous billing period month he will get invoice for the price of the 30 hours The gross price of one hour is 1 18 DMA Softlab LLC Page 19 VERSION 4 0 RADIUS MANAGER so the price of the 30 hours will be 30 x 1 18 35 40 Every started hour counts as one whole hour e Postpaid monthly flat This is a standard flat service The user can use the Internet without limitations in a whole month and he will get the invoice with
83. stomer s city ZIP The customer s ZIP code COUNTRY The customer s country STATE The customer s state PHONE Phone number MOBILE Mobile number VATID The customer s tax identification number INVID Invoice number YEAR 1 Invoice creation year Invoice creation month DAY1 Invoice creation day YEAR2 Payment option year MONTH2 Payment option month DAY2 Payment option day SERVICE The name of the service AMOUNT The amount of the service sold NETPRICE Unit price without tax VATPERCENT VAT in percents PRICE The price of the service without tax VAT VAT amount TOTALPRICE Total price with or without tax CURRENCY System wide currency PAYMODE Payment mode can be cash payment or money transfer REMARK Remark field DMA Softlab LLC Page 77 VERSION 4 0 RADIUS MANAGER Customizing the email forms Radius Manager can send email notifications for users before they reach their limits account expiration date traffic limits or upon completion of various operations like changing services etc The system sends emails in plain text format These email templates are located in ang directory The files are e mailaccrenewed_tpl txt The user gets this email after his account has been renewed successfully auto renew mailaccrenewfail_tpl txt The user gets this email
84. t in successful authentication responses Users List user groups List the available user groups in the system You can multi select the groups and delete more than one group at once The default group cannot be deleted Click on the group name to edit the group parameters User group name Define the group name Description Enter the description of this group or leave it blank Delete Click on this link to delete the selected user groups Users New user group Users Edit user group Edit the selected user group Group name Define the group name Description Enter the description of this group or leave it blank Services List services List the registered services in the system You can select certain services select or deselect all services You can do the following actions with the selected services Enable To enable the selected services Disable To disable the selected services Disabled services are not listed in service selector list boxes Delete Select this option to delete the selected services The default service cannot be deleted If an already assigned service has been deleted the default service will get assigned automatically instead of the current Page 48 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 Services List services Edit service Use this option to edit a service Basic parameters Service name Define the service name Enable Select this che
85. ter a free description here Page 62 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 CMTS New CMTS Define a new CMTS Name Enter the name of the CMTS IP address Enter the IP address of the CMTS SNMP community Enter the SNMP community defined in your CMTS Description Enter a free description here IP pools List pools List the available IP pools IP pools Edit pool Edit the following parameters of the IP pool Pool name Enter the IP pool name First IP Set the first address in this IP pool Last IP Set the last address in this IP pool Next pool Select the next cascaded pool Description Enter a free description here IP pools New pool Define a new IP pool Type DOCSIS RADIUS Select the type of the IP pool DOCSIS is used by CMTS only while RADIUS is required by RADIUS IP pool support Pool name Enter the IP pool name First IP Set the first address in this IP pool Last IP Set the last address in this IP pool Next pool Select the next cascaded pool Description Enter a free description here DMA Softlab LLC Page 63 VERSION 4 0 RADIUS MANAGER Financials List invoices List and filter the invoices available in the system From date Define a date from which You want to list the invoices To date Define the date to which You want to list the invoices From invoice number Specify the starting number of invoice You are loo
86. terval in traffic listing From date Beginning of interval End date End of interval You can also leave all fields empty or combine them Joker characters are not allowed Reports Traffic summary Use this function to overview the used traffic of all users in the given period The generated report is exportable to CSV From The beginning date of report To The ending date of report Reports Connection report Filter the connection data Parameters are User name Define the name of the user DMA Softlab LLC Page 69 VERSION 4 0 RADIUS MANAGER Source IP and port Define the source IP address and port of the connection Destination IP and port Define the destination IP address and port of the connection Protocol any TCP UDP Select the used protocol From date Define the beginning date of the listing To date Define the ending date of the listing From time Define the beginning time of the listing To time Define the ending time of the listing Reports Last syslog events Display the last 50 system log events Reports Browse syslog Browse all time system log events Reports System informations Display license and module details Reports System statistics Display the account statistics Tools Send email to all users You can send email to all users If the email address isn t defined for a certain user the system will construct the email
87. to enter the correct MAC address of CPE if You enable this option It is necessary to fill this field if You want to assign a static IP to a DOCSIS CPE Some WLAN devices depending on the configuration see MAC cloning will not emit the real MAC address of the WLAN card You have to configure the CPE properly in order to use this feature Allow this MAC only Enable or disable the MAC address checking IP address mode CPE NAS pool or DHCP IP pool static IP Define the IP address mode of CPE When NAS pool or DHCP is selected the NAS will assign the IP address to CPE automatically In IP pool mode the RADIUS server will assign the IP address to the CPE using the RADIUS IP pools Page 46 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 When Static IP is selected theuser defined static IP address will be assigned to the CPE For DOCSIS CPE the MAC address must be defined in order to use the static IP mode Simultaneous use Define how many concurrent sessions are allowed for the current user simultaneous logins with a same user name Leave this field empty or enter 0 for unlimited number of concurrent sessions First name Define the first name of the user Last family name Define the last family name of the user Company name Define the name of the company if applicable Address Define the address for the user City Define the city for the user ZIP Define the ZIP code for the user Country
88. to manage users services billing etc while UCP is used by regular RADIUS users In UCP users can track their traffic data payments purchase credits etc In the following chapters You will find detailed information about both Control Panels CP and extra functions DMA Softlab LLC Page 9 VERSION 4 0 RADIUS MANAGER Page 10 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 ADMINISTRATION CONTROL PANEL ACP Getting started When You first time use Radius Manager try to log on to ACP You can access the ACP with your favorite Javascript enabled browser The URL of ACP is assuming default installation http yourhost radiusmanager admin php You will be asked for the username and password The default login data are User name admin Password 1111 If the login was successful You will find yourself on the main screen of ACP Rapius MANAGER System Users Services Managers HAS AP CMTS IPpools Financials Cardsystem IAS Reports Tools Home DAAA Ranwa Mamnesa version 4 0 0 Copyright 2004 2012 DMA Softlab All rights reserved Unauthorized duplication or use of this software is prohibited END USER LICENSE AGREEMENT The license expires on 2012 12 31 Manager admin Date 2012 02 10 Version 4 0 0 RADIUS server OK DHCP server NOT RUNNING You can access various system functions via the drop down menus DMA Softlab LLC Page 11 VERSION 4 0 RADIUS MANAGER RADIUS authentication and a
89. to purchase Instant Access Services When a user decides to purchase an IAS he has to click the appropriate IAS link and select the payment method Completing the checkout the system returns a PIN code and a password which can be used to log on to the Hotspot PPP system The IAS templates are defined in ACP These are like regular prepaid card accounts except they are generated by users and not by managers Superuser defines the characteristics of these accounts template IAS accounts have associated service like regular and card accounts and various caps can be enabled available online time download upload total traffic etc When a user successfully purchases an IAS code the system generates a new IAS account using the template and stores it in the database You have to put the IAS HTTP server URL into walled garden on the Hotspot server to be able to access these pages directly from the Hotspot login page without unauthentication Also the PayPal site has to be put in the walled garden to be able to accept PayPal payments Grant Internet connection for Radius Manager server for successful communication with the payment gateway The following PayPal URLs have to be added into walled garden on Mikrotik NAS www sandbox paypal com for testing developer paypal com for testing www paypal com for live system and the address of the Radius Manager host On Mikrotik v2 9 You have to define the following walled garden entries for
90. user can also track the credit refills using the option List invoices as it was described before Selecting services In Radius Manager UCP the user can select a prepaid service he would like to use if service selection is enabled in ACP System settings To select a new service use option Change service from the menu It will list the available prepaid services Select the desired service You want to use and click button Change service On the next screen You have to confirm the service selection If the actual service was not a monthly the service change will be completed immediately If the actual service was a monthly service the service change will be scheduled to the date when the current monthly service expires Purchasing prepaid credits Radius Manager has a special feature if enabled users can select and purchase prepaid services using the internal deposit or other supported payment methods To use this feature do the following 1 Select option Purchase credits 2 On the next page You will see the current service description 3 Enter the amount You want to purchase For example if it is a MegaByte based service enter the amount of MegaBytes 4 Select the payment method on the next page 5 Follow the on screen instructions and the system will add the purchased MegaBytes and or time to your account You can track all transactions in List invoices menu The term amount is universal and it means the amount o
91. user in the system admin while unlimited number of regular managers can be registered The super user cannot be deleted while You can freely add edit and delete other managers When You add managers with function Managers New managers You can define the following data manager name password personal data and permissions With defining correct permissions You can specify what manager can do Multiple resellers are useful in certain situations A such example is You have NASs on multiple locations different regions etc with one reseller in each region The local manager can register new users and add credits for them but he cannot delete the users and cannot modify the user data With this method You ensure the sensitive user data will always be correct and cannot be altered by anyone limits expiration etc without logging the changes Whena local manager refills a user the user pays for the service and gives the money to the manager the action will be logged and the super user can track the purchased credits and can see the amount of money collected by the manager Resellers have precise accounting in Radius Manager system every credit and debit is trackable in ACP List invoices You can credit or debit a certain manager in ACP Manager Edit manager form Services billing plans One of the most complicated thing in Radius Manager is setting up the services properly Using the service system You can define various pro
92. ut NetCash Authorize Net DPS Payment Express 2Checkout Enable or disable the selected payment gateways Account settings Enable self registration Enable or disable the self registration feature Self registered amp IAS accounts require verification Set this checkbox to force the verification of self registered and card accounts before they can be used for accessing the Internet service Self registration mandatory fields first name last name address city ZIP country state or province phone mobile email VAT ID Select the required fields to complete the self registration process IAS mandatory fields email mobile Set the required fields in IAS pruchase process Lock first seen MAC address When enabled the first detected MAC address is locked to account Enable user data edit UCP Enable or disable editing the personal data of users in UCP Enable service change UCP never only when expired any time Controls selecting the services in User Control Panel UCP Page 38 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 Enable password change UCP Enable or disable changing the password in UCP Enable voucher redemption UCP Enable or disable the Redeem voucher option in UCP Enable credit purchase UCP Enable or disable the Purchase credits option in UCP Account synchronization Synchronize UNIX accounts If checked the system will create edit de
93. y prepaid flat service Only date capping is enabled e Prepaid monthly 1 GB dl It is capped service 1 GB month The user purchases a monthly Internet service and gets one month time and 1 GB available traffic calculated form the date of purchase The Limit download Bytes checkbox is enabled The checkbox Monthly account defines monthly account type In this example the additional credits are also set When a user has no more available traffic initially he has got 1 GB but the account is not yet expired date the user can purchase additional MegaBytes for special price while the expiration date remains unchanged The system handles the additional credits in UCP automatically If additional credits are enabled and the user selects the option Purchase service in UCP the system will inform him about the additional credits mode Managers have to manually select the credit addition mode normal or additional New combined month can added after the current month has expired Prepaid monthly accounts can begin on any day of month Example The client purchases a monthly service on september 13 He has to purchase a new monthly subscription again on october 13 The old subscription will expire at 00 00 hours on october 13 Only one combined month can be added at once Why If You offer 1 GB month combined Internet service and if You set amount 2 when You refill an account the account will get expired after 2 months and has 2 GB of tra
94. ystem will change the service immediately Edit personal data Users can edit their personal data if the feature is enabled in ACP System settings The available fields are First name Define the first name of the user Last family name Define the last family name of the user Address Define the address of the user City Define the city of the user ZIP Define the ZIP of the user Country Define the country of the user State Define the state of the user Phone Define the phone number Mobile Define the mobile number Email Define the email address of the user Company Define the company name if applicable VAT id Define the tax identifier Logout Log out the current user from the UCP Page 74 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 APPENDICES DMA Softlab LLC Page 75 VERSION 4 0 RADIUS MANAGER Page 76 DMA Softlab LLC RADIUS MANAGER VERSION 4 0 Customizing the invoice form The invoice form customization is a very easy procedure You need only a UTF 8 compatible HTML editor or a text editor with UTF 8 support The file name of the invoice is invoice_tpl htm the logo image name is invoice logo gif The following tags can be used on the invoice form MANAGERNAME Name of the manager who created this invoice FULLNAME The customer s full name USERNAME Name of the user ADDRESS The customer s address CITY The cu
Download Pdf Manuals
Related Search