How To Remove Expired Users In Usermanager In Mikrotik Solved
Automating Non Payment Reminder for User Manager Expired Accounts
How to add expired user hotspot on usermanDownloadd Script: https://mega.nz/#!OGpWkQZR!s7-G7TG6uE1UmITzFzF4yctqs3IY6JaG1BDp4litQ. Sep 22, 2015 Mikrotik ‘User Manager‘ is a free and builtin package of mikrotik which provides basic level of radius / billing capabilities.Its good for smaller networks but form its introduction till the latest version, it always contains few bugs that can be sometimes annoying for the admin and surely not suitable for large production environment like ISP’s.
How to add expired user hotspot on usermanDownloadd Script: https://mega.nz/#!OGpWkQZR!s7-G7TG6uE1UmITzFzF4yctqs3IY6JaG1BDp4litQ. Two scripts here, one to set a comment on users at first login to the hotspot. The comment contains the date of the fist login. The second script should be run daily.
A friend of mine asked me on howto display non payment reminder to users, once there account have been expired on USER MANAGER. By default when any account expired, he gets user id password error, or if hotspot setup, then it shows profile not found. But rather then showing these UN friendly messages, we can display more meaningful message giving confirmation to user that his account is expired and he should pay in order to continue with the service.
To achieve this we have to follow this.
1. In user manager, we have to create another profile name ‘expired-users-profile’ and and either give it a limited uptime like 7 days, or 1 month or for ever. It depends on your policies. Also you have to define an IP POOL name ‘expired-users-pool’
2. In Mikrotik, First create IP pool name ‘expired-users-pool‘ and then create a NAT rule that redirects port 80 request to local proxy or squid proxy server. If using SQUID proxy, then you dont need to enable mikrotik web proxy, simply redirect the expired pool to squid proxy, and in squid proxy, create an ACL for this range and deny it, and in deny_info redirect it to local web page. as i showed on ‘howto block ads in squid’ article.
If you dont have SQUID proxy, then You can enable Mikrotik web proxy and redirect request to it. Then create another firewall rule that blocks all traffic coming from this ‘expired-users-pool’ traffic except port 80. OR in default NAT rule, in src-address add only valid series.
3. In Web Proxy, create a rule that deny all traffic coming from the ‘expired-users-pool‘ and in redirect, point it to any web page showing your non payment advertisement page.
Ok here we go . . .
I assume you have a Mikrotik PPPoE server with User Manager already configured and working.
Example:
LAN = 10.0.0.0/8
WAN = 192.168.1.0/24
PPPoE Pool = 172.16.0.1 – 172.16.0.255
PPPoE Expired Pool = 172.16.1.1-172.16.1.255
WEB Server = 101.11.11.240
↓
↓
USER MANAGER SECTION
Login to User Manager,
Goto Profiles / Limitations
Add new Limitation and name it “expired-users-profile”
As showed in the image below . . .
Now add user and add any profile , for example 512k , and save.
As showed int he image below . . .
Open that User Properties again, and in ‘All profiles’ select ‘expired-users-profile” and click on + sign to add it. and click on SAVE.
As showed int he image below . . .
User Manager Section done. Now moving to Mikrotik section.
↓
↓
MIKROTIK SECTION
Connect to Mikrotik via Winbox,
Goto IP / Pools and add new pool and name it ‘expired-pool‘ (or same as you defined in User manager expired profiles section)
As showed in the image below . . .
↓
↓
How To Remove Expired Users In User Manager In Mikrotik Solved Notes
Now enable Web-proxy [Or you can redirect these requests to another proxy server like squid proxy and block the expired-pool series there)
As showed in the image below . . .
↓
↓
Now click on ACCESS button and add a new rule (by clicking on + sign)
> in Src. Address, enter ip range of expired-pool (that you defined in mikrotik earlier, so that request coming from ONLY this ip series should be denied)
> in Dst. Address , click on invert sign, and enter your web server (this is to make sure that request going to your web server where non payment reminder is placed dont get blocked.
> in Action, select DENY
> in Redirect to, Enter your web server full path where the non payment advertisement pag eis located. It can be your local web server like IIS/Apache or it can be remote server too (but for remote Internet server, you ahve to allow the URLs before this deny rule)
As showed in the images below . . .
↓
↓
Now create a NAT rule that will redirect port 80 request to local web proxy, which will already have the rule to deny all requests for expired-users pool.
OR CLI version . ..
All Done !
☺
TESTING . . .
Once the main profile(for example 512k) expire after 30 days , next profile (expired-users-profile) will automatically get active and user will get IP from the EXPIRED pool and mikrotik will redirect it to local web proxy and it will will deny all the request and redirect it to your defined non payment page.
As showed in the image below . . .
☺
and at client you will be seeing this,
.
.
When you want to activate this account again, simply take user properties, and remove its profiles by pressing minus sign on each profile, and add 512k or required profile again.
another guide for manual controlling ↓
How To Remove Expired Users In User Manager In Mikrotik Solved Paper
Regard’s
Syed Jahanzaib