Re: Configuration trouble (2.1.8 for use with WiMAX)
Sumedh Sathaye wrote: > Thanks for pointing out what I am doing wrong. Being a newbie to the > whole field of AAA, can you give me a few pointers where/what I can read > up to configure EAP for the TLS method (rather than MD5)? I appreciate > your help. See the Wiki && my web page: deployingradius.com My web page gives complete "end to end" instructions for testing EAP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuration trouble (2.1.8 for use with WiMAX)
Hi Alan, Thanks for pointing out what I am doing wrong. Being a newbie to the whole field of AAA, can you give me a few pointers where/what I can read up to configure EAP for the TLS method (rather than MD5)? I appreciate your help. Best Regards, Sumedh Sathaye |> | From: | |> >--| |Alan DeKok | >--| |> | To:| |> >--| |FreeRadius users mailing list | >--| |> | Date: | |> >--| |05/13/2010 01:05 AM | >--| |> | Subject: | |> >------------------| |Re: Configuration trouble (2.1.8 for use with WiMAX) | >--| |> | Sent by: | |> >--| |freeradius-users-bounces+sathaye=us.ibm@lists.freeradius.org | >--| Sumedh Sathaye wrote: > Run-log from "radiusd -X" is also included at the end of this message. > Here is the message that indicates that EAP is not computing MSK and EMSK: > [wimax] No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys. You're using an EAP method that doesn't provide the MSK. Use something mandated by the WiMAX spec instead of EAP-MD5. e.g. EAP-TLS, PEAP, or TTLS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <><>- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuration trouble (2.1.8 for use with WiMAX)
It seems that it could not generate EAP-MSK first,maybe you can check that. On Thu, May 13, 2010 at 2:49 AM, Sumedh Sathaye wrote: > Dear all, > > I am trying to use FreeRadius 2.1.8 for AAA in a wimax network. The problem > I am facing is that the WiMAX-MSK keys are not generated by FreeRadius. Can > someone help me figure out what I am not doing OR doing incorrectly? > > I have configured the "raddb/sites-available/default" and > "raddb/modules/wimax" files per instructions included in the files > themselves. For reference, here are the configuration stanzas in the > post-auth section of "default": > > update request { >WiMAX-MN-NAI = "%{User-Name}" > } > update reply { > WiMAX-FA-RK-Key = 0x00 > WiMAX-MSK = "%{EAP-MSK}" > } > wimax > > Run-log from "radiusd -X" is also included at the end of this message. Here > is the message that indicates that EAP is not computing MSK and EMSK: > [wimax] No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys. > > Thank you in advance, and I apologize if this question has been answered > before -- I did not find answers/pointers in the FAQ or the Wiki. > > Best Regards, > Sumedh > > -- > FreeRADIUS Version 2.1.8, for host x86_64-unknown-linux-gnu, built on May > 11 2010 at 23:50:30 > Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. > There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A > PARTICULAR PURPOSE. > You may redistribute copies of FreeRADIUS under the terms of the > GNU General Public License v2. > Starting - reading configuration files ... > including configuration file /usr/local/etc/raddb/radiusd.conf > including configuration file /usr/local/etc/raddb/proxy.conf > including configuration file /usr/local/etc/raddb/clients.conf > including files in directory /usr/local/etc/raddb/modules/ > including configuration file /usr/local/etc/raddb/modules/acct_unique > including configuration file /usr/local/etc/raddb/modules/always > including configuration file /usr/local/etc/raddb/modules/attr_filter > including configuration file /usr/local/etc/raddb/modules/attr_rewrite > including configuration file /usr/local/etc/raddb/modules/chap > including configuration file /usr/local/etc/raddb/modules/checkval > including configuration file /usr/local/etc/raddb/modules/counter > including configuration file /usr/local/etc/raddb/modules/cui > including configuration file /usr/local/etc/raddb/modules/detail > including configuration file /usr/local/etc/raddb/modules/ > detail.example.com > including configuration file /usr/local/etc/raddb/modules/detail.log > including configuration file /usr/local/etc/raddb/modules/digest > including configuration file /usr/local/etc/raddb/modules/echo > including configuration file /usr/local/etc/raddb/modules/etc_group > including configuration file /usr/local/etc/raddb/modules/exec > including configuration file /usr/local/etc/raddb/modules/expiration > including configuration file /usr/local/etc/raddb/modules/expr > including configuration file /usr/local/etc/raddb/modules/files > including configuration file /usr/local/etc/raddb/modules/inner-eap > including configuration file /usr/local/etc/raddb/modules/ippool > including configuration file /usr/local/etc/raddb/modules/krb5 > including configuration file /usr/local/etc/raddb/modules/ldap > including configuration file /usr/local/etc/raddb/modules/linelog > including configuration file /usr/local/etc/raddb/modules/logintime > including configuration file /usr/local/etc/raddb/modules/mac2ip > including configuration file /usr/local/etc/raddb/modules/mac2vlan > including configuration file /usr/local/etc/raddb/modules/mschap > including configuration file /usr/local/etc/raddb/modules/ntlm_auth > including configuration file /usr/local/etc/raddb/modules/otp > including configuration file /usr/local/etc/raddb/modules/pam > including configuration file /usr/local/etc/raddb/modules/pap > including configuration file /usr/local/etc/raddb/modules/passwd > including configuration file /usr/local/etc/raddb/modules/perl > including configuration file /usr/local/etc/raddb/modules/policy > including configuration file /usr/local/etc/raddb/modules/preprocess > including configuration file /usr/local/etc/raddb/modules/radutmp > including configuration file /usr/local/etc/raddb/modules/realm > including configuration file /usr/local/etc/raddb/modules/smbpasswd > including configuration file /usr/local/etc/raddb/modules/smsotp > including configuration file /usr/local/etc/raddb/modules/sql_log > including configuration file > /usr/local/etc/raddb/modules/sqlcounter_expire_on_login > including configuration file /usr/local/etc/raddb/modules/sradutmp > including configuration file /usr/local/etc/raddb/modules/unix > including configuration file /usr/local/etc/raddb/modules/wimax > including configuration file /usr/local/etc/raddb/eap.conf > including configuration file /usr/local/etc/raddb/policy.conf > including
Re: Configuration trouble (2.1.8 for use with WiMAX)
Sumedh Sathaye wrote: > Run-log from "radiusd -X" is also included at the end of this message. > Here is the message that indicates that EAP is not computing MSK and EMSK: > [wimax] No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys. You're using an EAP method that doesn't provide the MSK. Use something mandated by the WiMAX spec instead of EAP-MD5. e.g. EAP-TLS, PEAP, or TTLS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Configuration trouble (2.1.8 for use with WiMAX)
I have looked into BOC-WIMAX and it looks interesting but fairly incomplete. I have not tried to get it working 100% so I have only a little experience. Some of the NAS simply want to talk to FR via EAP-TTLS and receive only a Framed-Filter-Id response. Is there a manufacturer you are looking to work with in particular or is this an attempt to get BOC-WiMax working as your ASN? David From: freeradius-users-bounces+david.peterson=acc-corp@lists.freeradius.org [mailto:freeradius-users-bounces+david.peterson=acc-corp@lists.freeradiu s.org] On Behalf Of Sumedh Sathaye Sent: Wednesday, May 12, 2010 3:43 PM To: David Peterson-WirelessConnections; FreeRadius users mailing list Subject: RE: Configuration trouble (2.1.8 for use with WiMAX) David, thanks for your reply. I am using a simulated WIMAX ASN gateway from the BOC-WiMAX distribution. It's available at: http://opensource.bolloretelecom.eu/projects/boc-wimax/ Sounds like you have insights into keys that NAS equipment does not send to FreeRadius. Can you share that information with me? Best Regards, Sumedh Inactive hide details for "David Peterson" ---05/12/2010 03:23:47 PM---Which product are you using? Some WiMax NAS do not send"David Peterson" ---05/12/2010 03:23:47 PM---Which product are you using? Some WiMax NAS do not send the proper keys to Freeradius. I have gott From: "David Peterson" To: "'FreeRadius users mailing list'" Date: 05/12/2010 03:23 PM Subject: RE: Configuration trouble (2.1.8 for use with WiMAX) Sent by: freeradius-users-bounces+sathaye=us.ibm@lists.freeradius.org _ Which product are you using? Some WiMax NAS do not send the proper keys to Freeradius. I have gotten FR to work with pretty much all of the major brands of WiMax we sell. David From: freeradius-users-bounces+david.peterson=acc-corp@lists.freeradius.org [mailto:freeradius-users-bounces+david.peterson=acc-corp@lists.freeradiu s.org] On Behalf Of Sumedh Sathaye Sent: Wednesday, May 12, 2010 2:50 PM To: FreeRadius users mailing list Subject: Configuration trouble (2.1.8 for use with WiMAX) Dear all, I am trying to use FreeRadius 2.1.8 for AAA in a wimax network. The problem I am facing is that the WiMAX-MSK keys are not generated by FreeRadius. Can someone help me figure out what I am not doing OR doing incorrectly? I have configured the "raddb/sites-available/default" and "raddb/modules/wimax" files per instructions included in the files themselves. For reference, here are the configuration stanzas in the post-auth section of "default": update request { WiMAX-MN-NAI = "%{User-Name}" } update reply { WiMAX-FA-RK-Key = 0x00 WiMAX-MSK = "%{EAP-MSK}" } wimax Run-log from "radiusd -X" is also included at the end of this message. Here is the message that indicates that EAP is not computing MSK and EMSK: [wimax] No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys. Thank you in advance, and I apologize if this question has been answered before -- I did not find answers/pointers in the FAQ or the Wiki. Best Regards, Sumedh -- FreeRADIUS Version 2.1.8, for host x86_64-unknown-linux-gnu, built on May 11 2010 at 23:50:30 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/expiration including configurati
RE: Configuration trouble (2.1.8 for use with WiMAX)
David, thanks for your reply. I am using a simulated WIMAX ASN gateway from the BOC-WiMAX distribution. It's available at: http://opensource.bolloretelecom.eu/projects/boc-wimax/ Sounds like you have insights into keys that NAS equipment does not send to FreeRadius. Can you share that information with me? Best Regards, Sumedh |> | From: | |> >--| |"David Peterson" | >--| |> | To:| |> >--| |"'FreeRadius users mailing list'" | >--| |> | Date: | |> >--| |05/12/2010 03:23 PM | >--| |> | Subject: | |> >----------------------| |RE: Configuration trouble (2.1.8 for use with WiMAX) | >--| |> | Sent by: | |> >--| |freeradius-users-bounces+sathaye=us.ibm@lists.freeradius.org | >--| Which product are you using? Some WiMax NAS do not send the proper keys to Freeradius. I have gotten FR to work with pretty much all of the major brands of WiMax we sell. David From: freeradius-users-bounces +david.peterson=acc-corp@lists.freeradius.org [ mailto:freeradius-users-bounces +david.peterson=acc-corp@lists.freeradius.org] On Behalf Of Sumedh Sathaye Sent: Wednesday, May 12, 2010 2:50 PM To: FreeRadius users mailing list Subject: Configuration trouble (2.1.8 for use with WiMAX) Dear all, I am trying to use FreeRadius 2.1.8 for AAA in a wimax network. The problem I am facing is that the WiMAX-MSK keys are not generated by FreeRadius. Can someone help me figure out what I am not doing OR doing incorrectly? I have configured the "raddb/sites-available/default" and "raddb/modules/wimax" files per instructions included in the files themselves. For reference, here are the configuration stanzas in the post-auth section of "default": update request { WiMAX-MN-NAI = "%{User-Name}" } update reply { WiMAX-FA-RK-Key = 0x00 WiMAX-MSK = "%{EAP-MSK}" } wimax Run-log from "radiusd -X" is also included at the end of this message. Here is the message that indicates that EAP is not computing MSK and EMSK: [wimax] No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys. Thank you in advance, and I apologize if this question has been answered before -- I did not find answers/pointers in the FAQ or the Wiki. Best Regards, Sumedh -- FreeRADIUS Version 2.1.8, for host x86_64-unknown-linux-gnu, built on May 11 2010 at 23:50:30 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/lo
RE: Configuration trouble (2.1.8 for use with WiMAX)
Which product are you using? Some WiMax NAS do not send the proper keys to Freeradius. I have gotten FR to work with pretty much all of the major brands of WiMax we sell. David From: freeradius-users-bounces+david.peterson=acc-corp@lists.freeradius.org [mailto:freeradius-users-bounces+david.peterson=acc-corp@lists.freeradiu s.org] On Behalf Of Sumedh Sathaye Sent: Wednesday, May 12, 2010 2:50 PM To: FreeRadius users mailing list Subject: Configuration trouble (2.1.8 for use with WiMAX) Dear all, I am trying to use FreeRadius 2.1.8 for AAA in a wimax network. The problem I am facing is that the WiMAX-MSK keys are not generated by FreeRadius. Can someone help me figure out what I am not doing OR doing incorrectly? I have configured the "raddb/sites-available/default" and "raddb/modules/wimax" files per instructions included in the files themselves. For reference, here are the configuration stanzas in the post-auth section of "default": update request { WiMAX-MN-NAI = "%{User-Name}" } update reply { WiMAX-FA-RK-Key = 0x00 WiMAX-MSK = "%{EAP-MSK}" } wimax Run-log from "radiusd -X" is also included at the end of this message. Here is the message that indicates that EAP is not computing MSK and EMSK: [wimax] No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys. Thank you in advance, and I apologize if this question has been answered before -- I did not find answers/pointers in the FAQ or the Wiki. Best Regards, Sumedh -- FreeRADIUS Version 2.1.8, for host x86_64-unknown-linux-gnu, built on May 11 2010 at 23:50:30 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/
Configuration trouble (2.1.8 for use with WiMAX)
Dear all, I am trying to use FreeRadius 2.1.8 for AAA in a wimax network. The problem I am facing is that the WiMAX-MSK keys are not generated by FreeRadius. Can someone help me figure out what I am not doing OR doing incorrectly? I have configured the "raddb/sites-available/default" and "raddb/modules/wimax" files per instructions included in the files themselves. For reference, here are the configuration stanzas in the post-auth section of "default": update request { WiMAX-MN-NAI = "%{User-Name}" } update reply { WiMAX-FA-RK-Key = 0x00 WiMAX-MSK = "%{EAP-MSK}" } wimax Run-log from "radiusd -X" is also included at the end of this message. Here is the message that indicates that EAP is not computing MSK and EMSK: [wimax] No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys. Thank you in advance, and I apologize if this question has been answered before -- I did not find answers/pointers in the FAQ or the Wiki. Best Regards, Sumedh -- FreeRADIUS Version 2.1.8, for host x86_64-unknown-linux-gnu, built on May 11 2010 at 23:50:30 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including configuration file /usr/local/etc/raddb/sites-enabled/control-socket main {