Hi Ben,
Thank you for your response.
When we give the service profile name, that we have already created in
Alvarion ASN using Alvaristar, in the Filter_Id attribute from FreeRadius,
there is no problem and MS is getting registered. But once we try to create
the service profile from FreeRadius using WiMAX VSAs then the MS is showing
as error like "EAP Supplicant Transferring error".
The sequence of events happened in FreeRadius is given below. We can't
understand what the problem is , please help me.
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=100,
length=162
User-Name = "{am=1}a...@local"
EAP-Message = 0x02010015017b616d3d317d61626364404c4f43414c
Message-Authenticator = 0x3541ac93ba7d124888516834ede1203d
NAS-Identifier = "172.16.0.1"
NAS-IP-Address = 172.16.0.1
Calling-Station-Id = "00-17-C4-9B-B5-84"
WiMAX-BS-Id = 0x020202060606
NAS-Port-Type = 27
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[wimax] returns ok
[suffix] Looking up realm "LOCAL" for User-Name = "{am=1}a...@local"
[suffix] Found realm "LOCAL"
[suffix] Adding Stripped-User-Name = "{am=1}abcd"
[suffix] Adding Realm = "LOCAL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 1 length 21
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 100 to 172.16.0.1 port 1812
EAP-Message = 0x01020016041053537331a80b9f8efd10896d82b93c8e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07d1252d07d3218fa467b7478824e818
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=101,
length=165
User-Name = "{am=1}a...@local"
EAP-Message = 0x020200060315
Message-Authenticator = 0xea259fffd4374457c675b9ae07f3564b
NAS-Identifier = "172.16.0.1"
NAS-IP-Address = 172.16.0.1
Calling-Station-Id = "00-17-C4-9B-B5-84"
WiMAX-BS-Id = 0x020202060606
NAS-Port-Type = 27
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 0
State = 0x07d1252d07d3218fa467b7478824e818
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[wimax] returns ok
[suffix] Looking up realm "LOCAL" for User-Name = "{am=1}a...@local"
[suffix] Found realm "LOCAL"
[suffix] Adding Stripped-User-Name = "{am=1}abcd"
[suffix] Adding Realm = "LOCAL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/ttls
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 101 to 172.16.0.1 port 1812
EAP-Message = 0x010300061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07d1252d06d2308fa467b7478824e818
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=102,
length=253
User-Name = "{am=1}a...@local"
EAP-Message =
0x0203005e150016030100530100004f03014cad569dd49214ce612a3acfb814a3d8cc64dafe0fd8cddae61c3aa3a615682b00002800390038003500160013000a00330032002f000700050004001500120009001400110008000600030100
Message-Authenticator = 0x7b87235a1ba9a14b13c1181865331307
NAS-Identifier = "172.16.0.1"
NAS-IP-Address = 172.16.0.1
Calling-Station-Id = "00-17-C4-9B-B5-84"
WiMAX-BS-Id = 0x020202060606
NAS-Port-Type = 27
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 0
State = 0x07d1252d06d2308fa467b7478824e818
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[wimax] returns ok
[suffix] Looking up realm "LOCAL" for User-Name = "{am=1}a...@local"
[suffix] Found realm "LOCAL"
[suffix] Adding Stripped-User-Name = "{am=1}abcd"
[suffix] Adding Realm = "LOCAL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 3 length 94
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 0053], ClientHello
[ttls] TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[ttls] TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 085e], Certificate
[ttls] TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
[ttls] TLS_accept: SSLv3 write key exchange A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls] TLS_accept: SSLv3 write server done A
[ttls] TLS_accept: SSLv3 flush data
[ttls] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 102 to 172.16.0.1 port 1812
EAP-Message =
0x0104040015c000000aad160301002a0200002603014cae2fcd5029ce1df32035c3a06a4087b11edd22d8485e7c412d9be55e4c5c6f00003900160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
EAP-Message =
0x301e170d3130303731323232313332315a170d3131303731323232313332315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d7874f3c4e39aae3b3dbe12621c73ee35d5d82173aeda2012d1b079c1e18334ce1e2873ea41f987d8acfb697a80f047adbe42a6e9984e6738b3ea6a38217
EAP-Message =
0xf4176bfa579f3eee2a32c69da800eeebc01d55567264313148a074b1cb6dcc03b9f6fbfef5263b5124a436da3855882fc2e4f721093dc28ebb4567a6d0b570adc903a8f852d438c588168cbfc286ccf073a476a585c9c587b3e2f7f63b019fda8e0c1177c1738c4753f0b8b43957fdb7a83590eea91716ac66ed369841f69f79fb12217ca5fc8def15bdf8e2f907a449262968d64b3961c9dd6df44844dd5b3415d053a6925a9ef941ae3857658c0c3ebe136f1cd7d68aedc9dbba4067ebe8a0ff350203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100493cd6fd113622f4cd
EAP-Message =
0x4810f92b058c52ae16f06c0ecdc258f64f51a520e78d442a748b965b54d20c17730fda2c9c37dc7650b43d8799886b101ed652e6d409c175f60be76f77db2fd273123c4e66b6c4365589c6598d74b5769643391dae72be3890f014e8e1935e3fba927ea08fe50b0aa48abfeab651f6c7fcd770bf5e7611f0d0097126bfa7995563c37a6be3a45aae356dd45e5df8eb69baff571111166bbdb4d9eff0864e97412db79434d95273e8cf5bf7a7ae46847750b5983c259e262e7c40fbac6402bc2e04db351660a236808992e8a0dd63ef86f4d13f44bd292f8539918c5015618f341137dc1b976763151070e04b564cf8810843d287c8c5a10004ab308204
EAP-Message = 0xa73082038fa0030201020209
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07d1252d05d5308fa467b7478824e818
Finished request 2.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=103,
length=165
User-Name = "{am=1}a...@local"
EAP-Message = 0x020400061500
Message-Authenticator = 0xfb886198b9ccbe34096739fc2da309ff
NAS-Identifier = "172.16.0.1"
NAS-IP-Address = 172.16.0.1
Calling-Station-Id = "00-17-C4-9B-B5-84"
WiMAX-BS-Id = 0x020202060606
NAS-Port-Type = 27
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 0
State = 0x07d1252d05d5308fa467b7478824e818
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[wimax] returns ok
[suffix] Looking up realm "LOCAL" for User-Name = "{am=1}a...@local"
[suffix] Found realm "LOCAL"
[suffix] Adding Stripped-User-Name = "{am=1}abcd"
[suffix] Adding Realm = "LOCAL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 103 to 172.16.0.1 port 1812
EAP-Message =
0x0105040015c000000aad009fddc44b4be118b5300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3130303731323232313332315a170d3131303731323232313332315a308193310b3009060355040613024652310f300d0603550408130652616469757331123010
EAP-Message =
0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100d276fddff22e7edcb712d868de52cb6063309371e4e8f98843537b4994eee901397351da19d7ebc031a4100582890e3c4af076d30922c9b7759718a9319107d8bdc59036d2e517f5c1686643f870317e0db6cfe05330e4fac7c6482cd0fdcbe1e348881a94e38eb6657de3
EAP-Message =
0x3949e38252f67c675b884f72480c88c642b5e4d91d752cb05266b3241c0e999a026b68877c5e3dd462300334d56ebaead860b01f4edf292279eb8c400f835d32e7670ec99406137a27a74d23058c7dd88c367aacd0910b315dcd8b94ceef8165c9cab703f78b6161368fd5ffdced840b70e4195f3db98f412da26dee1a066693391d81d69b1458ce4f3511014abcb276cb0de0d8710203010001a381fb3081f8301d0603551d0e04160414f53150c8ec687788495274d05b5f7dbb1d92ecc93081c80603551d230481c03081bd8014f53150c8ec687788495274d05b5f7dbb1d92ecc9a18199a48196308193310b3009060355040613024652310f300d
EAP-Message =
0x060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f726974798209009fddc44b4be118b5300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100b3d280637fb1aafcf00cdedc91bbbcca86e20d3cc00b5f16f0e79611cc28433ac17b23ac9fb0a83088532b50cc2fb779849da3981b650ad734c8a850ed29ee911940b3b7661783fb719e276af281
EAP-Message = 0x86d55c11ccb90a50597218b2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07d1252d04d4308fa467b7478824e818
Finished request 3.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=104,
length=165
User-Name = "{am=1}a...@local"
EAP-Message = 0x020500061500
Message-Authenticator = 0x3a858a07f8318d62f4d077163d71fec5
NAS-Identifier = "172.16.0.1"
NAS-IP-Address = 172.16.0.1
Calling-Station-Id = "00-17-C4-9B-B5-84"
WiMAX-BS-Id = 0x020202060606
NAS-Port-Type = 27
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 0
State = 0x07d1252d04d4308fa467b7478824e818
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[wimax] returns ok
[suffix] Looking up realm "LOCAL" for User-Name = "{am=1}a...@local"
[suffix] Found realm "LOCAL"
[suffix] Adding Stripped-User-Name = "{am=1}abcd"
[suffix] Adding Realm = "LOCAL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 104 to 172.16.0.1 port 1812
EAP-Message =
0x010602cb158000000aadb013d96c28934158e79f3eedb23bba605bf6166496df88c0ef799d79147dccfeaf379f8ede13c6491b44a68bbd19f1a07b0aefbb705fad78ddfa75a685a6143de8c9b0f624d9f27a3fa7c7e1abf6d8b6bf42d80492bbb55ea15af49cacb1e7d0ab53d5f227b18225eb38e6de2b1aacaec55df09eca780664046c0bfab4df89b1aca766b6e7d56e8df9e162440446903f0e33873014f4e45ec66e73a263a14263848c26cd867c160301020d0c0002090080fbab99c6dde7a106dab1558e253b67404ddd33c37ad7e802090c2a8c348fec48646d59d15c159482fd3d0592f5a6e53de5235eda15543eaa1ba7897c3a5e69beaf61
EAP-Message =
0xad836c181c0cd34894bb249ea4078ebcf1412cc04a61afa2492373de03d38da87b7b5f612747acee73a2f56b6e9b2b8474507fab8d79259148c821b6ccbb000102008071e0566ca48bd962dfe120f2badc11d6847890fe322b80dd871c55dc3275e1ad992ec2e06edcd751660bbb8fb2fc41efd65b361c8965efd4856f29702fe637898b9a499c72092b5619db6c81e2aa4d8c6939443f551cfb40f96a1ffdff711bb24da56ebf3b527470bac506084d68cd19d78c492b89d7ddee2eeef8e85d83994d01006871910ef4a5f4b658e7cb543404e0e6d9f89e89d771378ed367e57a3a0e1ba15c374acea793a70f56f826b1cabd300ce0a5008ff60e4a8b
EAP-Message =
0x99eb0f3b87a6835bf8c15fdcc39fef9d0967df81995ba470a9a332d847938e92e9da5e0f5646b24692107c760ecdee1438ad6aa2b69798abab7a0e2e3b5dd7dc0de9ce1e325a926139c6d893a6974f435c77fa28895fbcb09a59cce4b5c795db71285d2bdf03dd398d7747d3a13c7dfbc920daf98a9d86375f23399a87b2ce301324d411786b5f9404008c74dd2dc62486fba7c7a176fc126385561b5647a2514769251723680dcecd88f2cba999d0c77edf900fa03758bd795dcd69aa18dc7294cab3fddc93a7fd16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07d1252d03d7308fa467b7478824e818
Finished request 4.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=105,
length=363
User-Name = "{am=1}a...@local"
EAP-Message =
0x020600cc15001603010086100000820080d83a019202da718d2cf50782fac1ffdc0d6ac63decfef4c729a015c7fea0c0e4ef0a9eaa27eaf80f098f6b198ba93f05fd5ab7af89b49ff94253e991f06115a168908fefc14d0122b55d8c0d497590c6c263887563e6ccf6f5737357813877b800b6353e08d73d527764fe0b77f0d2c732e5f46ba97f44491da57fa7cf3420d114030100010116030100303954bbe60005802786b7654858383c544a3e4b20b72a412837191afbe5d47ad0115cc7b0a3819dcb72131d774ace19cb
Message-Authenticator = 0xbfc82cffef5fbea2c143a2f2072ebe29
NAS-Identifier = "172.16.0.1"
NAS-IP-Address = 172.16.0.1
Calling-Station-Id = "00-17-C4-9B-B5-84"
WiMAX-BS-Id = 0x020202060606
NAS-Port-Type = 27
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 0
State = 0x07d1252d03d7308fa467b7478824e818
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[wimax] returns ok
[suffix] Looking up realm "LOCAL" for User-Name = "{am=1}a...@local"
[suffix] Found realm "LOCAL"
[suffix] Adding Stripped-User-Name = "{am=1}abcd"
[suffix] Adding Realm = "LOCAL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 6 length 204
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[ttls] TLS_accept: SSLv3 read client key exchange A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 write finished A
[ttls] TLS_accept: SSLv3 flush data
[ttls] (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 105 to 172.16.0.1 port 1812
EAP-Message =
0x0107004515800000003b1403010001011603010030c41b64e6395d1bb11d44f10d2cc51b2629d94072d9317e8713a8ee5136fad3d919a9ec4913cfa0d939b5adbc84efffb5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07d1252d02d6308fa467b7478824e818
Finished request 5.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=106,
length=271
User-Name = "{am=1}a...@local"
EAP-Message =
0x0207007015001703010020fae7febef31d7dd67dcb8f8f5ca814e164f24a4febbf76508ba9581bf11d631d1703010040263cdf6938b6a85e496b5be24309873c71ede6592ff13c6368dcda032f80c308cf3a2cc6780bc64cc8f6235fa7c60cace93d92fd31a2c92c6bb0630736e32af5
Message-Authenticator = 0x2851a17a76b970711166f19a3a99523d
NAS-Identifier = "172.16.0.1"
NAS-IP-Address = 172.16.0.1
Calling-Station-Id = "00-17-C4-9B-B5-84"
WiMAX-BS-Id = 0x020202060606
NAS-Port-Type = 27
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 0
State = 0x07d1252d02d6308fa467b7478824e818
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[wimax] returns ok
[suffix] Looking up realm "LOCAL" for User-Name = "{am=1}a...@local"
[suffix] Found realm "LOCAL"
[suffix] Adding Stripped-User-Name = "{am=1}abcd"
[suffix] Adding Realm = "LOCAL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 7 length 112
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
User-Name = "test"
User-Password = "test"
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
User-Name = "test"
User-Password = "test"
FreeRADIUS-Proxied-To = 127.0.0.1
NAS-Identifier = "172.16.0.1"
NAS-IP-Address = 172.16.0.1
Calling-Station-Id = "00-17-C4-9B-B5-84"
WiMAX-BS-Id = 0x020202060606
NAS-Port-Type = 27
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 0
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "test"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[control] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry test at line 110
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "test"
[pap] Using clear text password "test"
[pap] User authenticated successfully
++[pap] returns ok
WARNING: Empty post-auth section. Using default return values.
} # server inner-tunnel
[ttls] Got tunneled reply code 2
Auth-Type = Local
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 192.168.0.33
Framed-IP-Netmask = 255.255.255.0
WiMAX-QoS-Id := 101
WiMAX-Service-Class-Name := "DATA"
WiMAX-Schedule-Type := Best-Effort
WiMAX-Traffic-Priority := 1
WiMAX-Maximum-Sustained-Traffic-Rate := 512000
WiMAX-Reduced-Resources-Code := 1
[ttls] Got tunneled Access-Accept
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
[sql_log] Processing sql_log_postauth
[sql_log] expand: %{User-Name} -> {am=1}a...@local
[sql_log] expand: %{%{User-Name}:-DEFAULT} -> {am=1}a...@local
[sql_log] sql_set_user escaped user --> '{am=1}a...@local'
[sql_log] WARNING: Deprecated conditional expansion ":-". See "man unlang"
for details
[sql_log] ... expanding second conditional
[sql_log] expand: Chap-Password -> Chap-Password
[sql_log] expand: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES
('%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', '%S'); -> INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES
('{am=1}a...@local', 'Chap-Password', 'Access-Accept', '2010-10-07
16:38:37');
[sql_log] expand: /usr/local/var/log/radius/radacct/sql-relay ->
/usr/local/var/log/radius/radacct/sql-relay
++[sql_log] returns ok
++[exec] returns noop
[wimax] MIP-RK =
0xef87c598c604f52d8887df1b5dbf19c0a5d5b038d5f2cc05a4040b6550d6dfdbd86632053845cc46e7daf620649d4418751f7e0ee9ff3ff8b3a0a9a8f865b61c
[wimax] MIP-SPI = bf1b4edd
[wimax] WARNING: WiMAX-MN-NAI was not found in the request or in the reply.
[wimax] WARNING: We cannot calculate MN-HA keys.
[wimax] WARNING: WiMAX-IP-Technology not found in reply.
[wimax] WARNING: Not calculating MN-HA keys
++[wimax] returns updated
++? if (updated)
? Evaluating (updated) -> TRUE
++? if (updated) -> TRUE
++- entering if (updated) {...}
+++[reply] returns updated
++- if (updated) returns updated
Sending Access-Accept of id 106 to 172.16.0.1 port 1812
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 192.168.0.33
Framed-IP-Netmask = 255.255.255.0
WiMAX-QoS-Id = 101
WiMAX-Service-Class-Name = "DATA"
WiMAX-Schedule-Type = Best-Effort
WiMAX-Traffic-Priority = 1
WiMAX-Maximum-Sustained-Traffic-Rate = 512000
WiMAX-Reduced-Resources-Code = 1
EAP-Message = 0x03070004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "{am=1}abcd"
WiMAX-MSK =
0x58fd064ed193962abcd676849e5d350bce02cdd98153a2577f05a2727221d6368200c817698638447d9964dd5bb1aab61c706753cf6b784bd31eef4c479f689c
Finished request 6.
Going to the next request
Waking up in 4.2 seconds.
Regards
Anup
--------------------------------------------------
From: "Ben Wiechman" <wiechman.li...@gmail.com>
Sent: Wednesday, October 06, 2010 10:59 PM
To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
Subject: RE: WiMax VSA Support
That service profile does not look at all correct. It's a mixed bag of
pre-provisioned services and AAA provisioned services.
Here is a sample service definition that works with our ASN-GW:
WiMAX-QoS-Id := 101
WiMAX-Service-Class-Name := DATA
WiMAX-Schedule-Type := Best-Effort
WiMAX-Traffic-Priority := 1
WiMAX-Maximum-Sustained-Traffic-Rate := 512000
WiMAX-Reduced-Resources-Code := 1
WiMAX-QoS-Id += 102
WiMAX-Service-Class-Name += DATA
WiMAX-Schedule-Type += Best-Effort
WiMAX-Traffic-Priority += 1
WiMAX-Maximum-Sustained-Traffic-Rate += 20971520
WiMAX-Reduced-Resources-Code += 1
We're using Wichorus, but in working with other vendors and service
providers in the past who were using the Alvarion ASN-GW I don't recall
that
there were significant differences in QOS assignment at least. Looking
back
through my notes it does appear that most of them were using the
proprietary
Filter-ID method of service assignment. Using the Filter-Id might help
rule
out any strange EAP issues.
Studying the table of attributes in the WiMAX forum stage three docs
(Tables
in section 5) also helps explain which TLVs are required and which are not
when generating the appropriate responses.
Ben
-----Original Message-----
From: freeradius-users-
bounces+wiechman.lists=gmail....@lists.freeradius.org
[mailto:freeradius-users-
bounces+wiechman.lists=gmail....@lists.freeradius.org] On Behalf Of
Anup krishnan A
Sent: Wednesday, October 06, 2010 3:11 AM
To: FreeRadius users mailing list
Subject: Re: WiMax VSA Support
Hi Alan,
Thank you for your quick response.
We have already checked the dictionary and found that wimax dictionary
is
available in the freeradius server.
Actually we are using Freeradius server 2.1.9 and Alvarion base-station
and Alvarion ASN GW. Initially we created a service profile in Alvarion
ASN GW for the user "test" using their management software
'AlvariStar'.
And 'users' file in the freeradius has been updated to add the user
"test"
as follows,
test Cleartext-Password := "test"
Auth-Type = Local,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.0.33,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Filter-Id = "servprof2"
where "servprof2" is the name of the service profile created in
Alvarion
ASN GW. In this case the authentication was successful and MS has got
the
IP as well.
Then we tried to create the service profile for the user "test" from
the
Freeradius by using WiMAX attributes found in the file
dictionary.wimax'.The entries for the user in the 'users' file is as
shown
below.
test Cleartext-Password := "test"
Auth-Type = Local,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.0.33,
Framed-IP-Netmask = 255.255.255.0,
WiMAX-Service-Profile-Id=1,
WiMAX-Media-Flow-Type=Streaming-Video,
WiMAX-Schedule-Type = Best-Effort,
WiMAX-QoS-Id=01,
WiMAX-Media-Flow-Type=Robust-Browser,
WiMAX-Traffic-Priority=0,
WiMAX-Maximum-Sustained-Traffic-Rate=512000
In this case Freeradius has sent the Access-Accept, but the
authentication
process is not successful and MS is showing an error message as "EAP
supplicant transferring error".
I hope you understand the problem
Regards,
Anup
> Anup wrote:
>> Hi,
>> I would like to know whether latest Freeradius version has the
support
>> for WiMax VSAs?
>
> The server comes with documentation and dictionary files. Please
read
> them.
>
>> Also please tell me how to send the WiMAX Qos
>> Descriptors in Access-Accept
>
> VSAs are just attributes. They can be added / edited like anything
> else.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-----------------------------------------
This email was sent using SquirrelMail.
"Webmail for nuts!"
http://squirrelmail.org/
______________________________________
Scanned and protected by Email scanner
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
______________________________________
Scanned and protected by Email scanner
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
