Alan, I followed the following steps for configuring microsoft attributes and other vendor attributes:
1. created and configured the vendor attributes (MN-HA-MIP4-KEY, MN-HA-MIP4-SPI) in dictionary.wimax, with option "encrypt=2", the values are getting encrypted. 2. Configured in file "users" to check for Nas-Identifier and Nas-Port-Type and configured the attributes for access-accept as below: -------------------------------------------------------------------------------------------------------------------------------------------------------------- govardhana Nas-Identifier == nas, Nas-Port-Type == 15 CUI = cui, Class = class, State = state, Framed-MTU = 1400, Framed-Ip-Address = 1.2.3.4, Service-Type = Framed-User, session-timeout = 30, MS-MPPE-Send-Key = msk, MS-MPPE-Recv-Key = recvmsk, AAA-Session-Id = multisessionid, HA-IP-MIP4 = 1.1.1.1, Dhcpv4-Server = 2.2.2.2, MN-HA-MIP4-KEY = mipkey, MN-HA-MIP4-SPI = mipspi, DHCP-RK = dhcprk, DHCP-RK-KEY-ID = dhcpkey, DHCP-RK-LIFETIME = 20 -------------------------------------------------------------------------------------------------------------------------------------------------------------- 3. Below is the snapshot from client: -------------------------------------------------------------------------------------------------------------------------------------------------------------- cheux301:/home/govardhana# radclient -x localhost auth jrcsecret < access-request Sending Access-Request of id 173 to 127.0.0.1 port 1812 User-Name = "govardhana" User-Password = "govardhana" NAS-Identifier = "nas" NAS-Port-Type = Ethernet CUI = "0" Service-Type = Framed-User Framed-MTU = 1400 Calling-Station-Id = "1:1:1:1:1:1" rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=173, length=305 CUI = "cui" Class = 0x6a7263636c617373 State = 0x6a72637374617465 Framed-MTU = 1400 Framed-IP-Address = 1.2.3.4 Service-Type = Framed-User Session-Timeout = 30 MS-MPPE-Send-Key = 0x6a72636d736b MS-MPPE-Recv-Key = 0x6a7263726563766d736b AAA-Session-Id = "multisessionid" HA-IP-MIP4 = "1.1.1.1" DHCPv4-Server = "2.2.2.2" MN-HA-MIP4-KEY = "\225~\035\235\354\363\203\316Z\377\327\2174\360\330r\30" MN-HA-MIP4-SPI = "\234V.\326\014_\363fn\253_K\355-([\326\020" DHCP-RK = "dhcprk" DHCP-RK-KEY-ID = "dhcpkey" DHCP-RK_LIFETIME = "20" -------------------------------------------------------------------------------------------------------------------------------------------------------------- 5. Below is snap from Server -------------------------------------------------------------------------------------------------------------------------------------------------------------- rad_recv: Access-Request packet from host 127.0.0.1:32813, id=173, length=92 User-Name = "govardhana" User-Password = "govardhana" NAS-Identifier = "jrcnas" NAS-Port-Type = Ethernet CUI = "0" Service-Type = Framed-User Framed-MTU = 1400 Calling-Station-Id = "1:1:1:1:1:1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "govardhana", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry govardhana at line 177 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module "unix" returns ok for request 0 modcall: leaving group authenticate (returns ok) for request 0 Login OK: [govardhana] (from client localhost port 0 cli 1:1:1:1:1:1) Sending Access-Accept of id 173 to 127.0.0.1 port 32813 CUI = "jrccui" Class = 0x6a7263636c617373 State = 0x6a72637374617465 Framed-MTU = 1400 Framed-IP-Address = 1.2.3.4 Service-Type = Framed-User Session-Timeout = 30 WiMAX-Capability = "Accounting-Capability" MS-MPPE-Send-Key = 0x6a72636d736b MS-MPPE-Recv-Key = 0x6a7263726563766d736b AAA-Session-Id = "jrcmultisessionid" HA-IP-MIP4 = "1.1.1.1" DHCPv4-Server = "2.2.2.2" MN-HA-MIP4-KEY = "jrcmipkey" MN-HA-MIP4-SPI = "jrcmipspi" DHCP-RK = "jrcdhcprk" DHCP-RK-KEY-ID = "jrcdhcpkey" DHCP-RK-LIFETIME = "20" Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 173 with timestamp 469b7797 Nothing to do. Sleeping until we see a request. -------------------------------------------------------------------------------------------------------------------------- As I am new to Radius, based on the study I configured these parameters. Is there any thing else need to be configured? I also made sure that the option "encrypt=2" is present for Microsoft keys. After studying man page for dictionary. I configured some attributes (MN-HA-MIP4-KEY, MN-HA-MIP4-SPI) with "encrypt=2" option in the corresponding dictionary file (dictinary.wimax). these attributes are getting encrypted as you can see in debug log, but Microsoft keys are still not encrypted. Thanks & Regards, Govardhana K N On 7/16/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
Govardhana K N wrote: > I need one more help, I tried to include microsoft attributes > (MS-MPPE-Send-Key, MS-MPPE-Recv-Key) for which the encryption type is > already set to 2, but the attribute values are not getting encrypted in > Access-Accept? how can i slove this problem? Post the debug log, as suggested in the FAQ, README, INSTALL, and many other places. Are you *sure* the attributes are not being encrypted? Or maybe it's just you're not familiar with the process? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- With Regards, Govardhana K N
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html