Access Req from HA rejected

Kiran Kumar k.k.balasubramanyam at ftel.co.uk
Thu Jun 18 11:58:29 CEST 2009 

Hi All,

 

I am using the Free Radius to test Proxy Authentication from H-AAA, the initial Authentication (proxied through H-AAA) goes through fine. But the HA then triggers an Access Request message (we are using PMIP), but this fails at the Free radius. I suspect this is because the HA root keys etc are not generated by Free radius but by the H-AAA. Can you please let me know what configuration needs to be done to get this scenario working.

 

Sending Access-Accept of id 161 to 10.142.139.65 port 52687

        MS-MPPE-Recv-Key = 0x6ef829271559b13ef642c20c60522275590132e27a5b64d744e77799f12508b0

        MS-MPPE-Send-Key = 0x3b0dfc2d198cebbd3fe32e9b3a8e1fad36f26f1b8595ea5cd1698eb52d29d872

        EAP-Message = 0x03080004

        Message-Authenticator = 0x00000000000000000000000000000000

        User-Name = "user at isp2.wimaxlab.com"

Finished request 7.

Going to the next request

Waking up in 4.3 seconds.

rad_recv: Access-Request packet from host 10.142.139.65 port 52687, id=162, length=201

        User-Name = "user at isp2.wimaxlab.com"

        NAS-IP-Address = 10.142.139.68

        Service-Type = Framed-User

        Framed-IP-Address = 0.0.0.0

        Vendor-Specific = 0x00001fe4180600000003

        Vendor-Specific = 0x00001fe4a9060a8e8b46

        WiMAX-Release = "1.0"

        WiMAX-Accounting-Capabilities = 3

        WiMAX-GMT-Timezone-offset = 3600

        WiMAX-hHA-IP-MIP4 = 10.142.139.70

        WiMAX-MN-hHA-MIP4-SPI = 512

        WiMAX-HA-RK-SPI = 512

        NAS-Identifier = "HA_ISP1"

        Event-Timestamp = "Jun 18 2009 09:36:50 GMT"

        Message-Authenticator = 0x7fc30b3f450c08556a469367efb2d166

        Chargeable-User-Identity = "NUL"

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

[suffix] Looking up realm "isp2.wimaxlab.com" for User-Name = "user at isp2.wimaxlab.com"

[suffix] No such realm "isp2.wimaxlab.com"

++[suffix] returns noop

[eap] No EAP-Message, not doing EAP

++[eap] returns noop

++[unix] returns notfound

[files] users: Matched entry user at isp2.wimaxlab.com at line 205

++[files] returns ok

++[expiration] returns noop

++[logintime] returns noop

[pap] No clear-text password in the request.  Not performing PAP.

++[pap] returns noop

WARNING: Please update your configuration, and remove 'Auth-Type = Local'

WARNING: Use the PAP or CHAP modules instead.

No User-Password or CHAP-Password attribute in the request.

Cannot perform authentication.

Failed to authenticate the user.

Using Post-Auth-Type Reject

+- entering group REJECT {...}

[attr_filter.access_reject]     expand: %{User-Name} -> user at isp2.wimaxlab.com

 attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] returns updated

Delaying reject of request 8 for 1 seconds

Going to the next request

Waking up in 0.1 seconds.

 

 

 

 

Thanks and Regards,

Kiran Kumar.B

WiMAX Test Engineer

Fujitsu Telecommunications Europe

Solihull Parkway, Birmingham B37 7YU

Work Phone: +44 (0) 121 717 6299

Mobile: +44 (0) 7549 203 655

 

    

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090618/3da9cda8/attachment.html>

More information about the Freeradius-Users mailing list