Re[2]: Wimax + Freeradius
Hello Alan, Monday, May 18, 2009, 4:03:42 PM, you wrote: > Maxim Vinnichenko wrote: >> Thank you for you answer. I've changed test user and now the server >> sends access-accept but CPE still doesn't connect. > Some NAS equipment will ignore Access-Accept if it doesn't contain the > right magic. The exact definition of this magic is usually found buried > in a footnote on page 400 out of 800 of the vendor documentation. > Go look at the NAS logs, and see if there is any useful messages. If > not, call the NAS vendor, and tell them that their product is defective. > FreeRADIUS works with WiMAX equipment from Nokia, Cisco and Motorola. > (That I've seen.) Other vendors known to have problems include > Alvarion. They don't seem to care that their equipment doesn't work, > and they haven't answered any of my messages about it. > The only solution is to point out publicly that Alvarion is *not* > following the WiMAX specs, and therefore people should buy *real* WiMAX > equipment. > Alan DeKok. Thank You very much. Vendor forces us to buy theirs "unique" TRIAS server aka radius. :) That costs several hundred thousands. Anyway thanks to all of you for help. -- Винниченко Максим Отдел IP телефонии __ ООО "Babilon - T", Таджикистан, г. Душанбе, п-кт Сомони 8. Офис: (992 44) 600 00 83 Мобильный: (992 918) 62 37 22 Эл. почта: ma...@babilon-t.tj - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: Wimax + Freeradius
Hello Ivan, Monday, May 18, 2009, 2:09:39 PM, you wrote: >> We are trying to implement AAA service for WIMAX project and have >> some problems. >> >> Freeradius ver 2.1.3 is installed on Gentoo. The schema is this >> >> CPE >> WASN9770 GW >> RADIUS >> >> At the moment problem is the following >> >> [mschap] No Cleartext-Password configured. Cannot create LM-Password. >> [mschap] No Cleartext-Password configured. Cannot create NT-Password. >> [mschap] Told to do MS-CHAPv2 for 1...@wimax.tj with NT-Password >> [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. >> [mschap] FAILED: MS-CHAP2-Response is incorrect >> >> The test user is listed in users. > Is he? > server inner-tunnel { > +- entering group authorize {...} > ... > ++[files] returns noop > ... Thank you for you answer. I've changed test user and now the server sends access-accept but CPE still doesn't connect. [eap] Freeing handler ++[eap] returns ok +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 47 to 10.155.11.20 port 10001 Service-Type = Framed-User Framed-Protocol = PPP Framed-Routing = Broadcast-Listen Framed-MTU = 1500 MS-MPPE-Recv-Key = 0xc7aba316325d0182e2d6fe42f5592cbef7f5039843cc2166245465ba9d3fb62f MS-MPPE-Send-Key = 0x526fc822f641a56a7fcc024b2cbd5891072192621baf10d2d1efbc52e448127e EAP-Message = 0x03080004 Message-Authenticator = 0x User-Name = "123" Finished request 7. Going to the next request Full log is here http://217.11.185.178:8080/eap2.log > Ivan Kalik > Kalik Informatika ISP -- Винниченко Максим Отдел IP телефонии __ ООО "Babilon - T", Таджикистан, г. Душанбе, п-кт Сомони 8. Офис: (992 44) 600 00 83 Мобильный: (992 918) 62 37 22 Эл. почта: ma...@babilon-t.tj - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html