WiMax VSA Support

Anup anupkris at cdactvm.in
Thu Oct 7 07:19:08 CEST 2010


Hi Ben,

Thank you for your response.
When we give the service profile name, that we have already created in 
Alvarion ASN using Alvaristar, in the Filter_Id  attribute from FreeRadius, 
there is no problem and MS is getting registered. But once we try to create 
the service profile from FreeRadius using WiMAX VSAs then the MS is showing 
as error like "EAP Supplicant Transferring error".

The sequence of events happened in FreeRadius is given below. We can't 
understand what the problem is , please help me.

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=100, 
length=162
        User-Name = "{am=1}abcd at LOCAL"
        EAP-Message = 0x02010015017b616d3d317d61626364404c4f43414c
        Message-Authenticator = 0x3541ac93ba7d124888516834ede1203d
        NAS-Identifier = "172.16.0.1"
        NAS-IP-Address = 172.16.0.1
        Calling-Station-Id = "00-17-C4-9B-B5-84"
        WiMAX-BS-Id = 0x020202060606
        NAS-Port-Type = 27
        Framed-MTU = 2000
        Service-Type = Framed-User
        WiMAX-GMT-Timezone-offset = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[wimax] returns ok
[suffix] Looking up realm "LOCAL" for User-Name = "{am=1}abcd at LOCAL"
[suffix] Found realm "LOCAL"
[suffix] Adding Stripped-User-Name = "{am=1}abcd"
[suffix] Adding Realm = "LOCAL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 1 length 21
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication 
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 100 to 172.16.0.1 port 1812
        EAP-Message = 0x01020016041053537331a80b9f8efd10896d82b93c8e
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x07d1252d07d3218fa467b7478824e818
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=101, 
length=165
        User-Name = "{am=1}abcd at LOCAL"
        EAP-Message = 0x020200060315
        Message-Authenticator = 0xea259fffd4374457c675b9ae07f3564b
        NAS-Identifier = "172.16.0.1"
        NAS-IP-Address = 172.16.0.1
        Calling-Station-Id = "00-17-C4-9B-B5-84"
        WiMAX-BS-Id = 0x020202060606
        NAS-Port-Type = 27
        Framed-MTU = 2000
        Service-Type = Framed-User
        WiMAX-GMT-Timezone-offset = 0
        State = 0x07d1252d07d3218fa467b7478824e818
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[wimax] returns ok
[suffix] Looking up realm "LOCAL" for User-Name = "{am=1}abcd at LOCAL"
[suffix] Found realm "LOCAL"
[suffix] Adding Stripped-User-Name = "{am=1}abcd"
[suffix] Adding Realm = "LOCAL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication 
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/ttls
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 101 to 172.16.0.1 port 1812
        EAP-Message = 0x010300061520
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x07d1252d06d2308fa467b7478824e818
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=102, 
length=253
        User-Name = "{am=1}abcd at LOCAL"
        EAP-Message = 
0x0203005e150016030100530100004f03014cad569dd49214ce612a3acfb814a3d8cc64dafe0fd8cddae61c3aa3a615682b00002800390038003500160013000a00330032002f000700050004001500120009001400110008000600030100
        Message-Authenticator = 0x7b87235a1ba9a14b13c1181865331307
        NAS-Identifier = "172.16.0.1"
        NAS-IP-Address = 172.16.0.1
        Calling-Station-Id = "00-17-C4-9B-B5-84"
        WiMAX-BS-Id = 0x020202060606
        NAS-Port-Type = 27
        Framed-MTU = 2000
        Service-Type = Framed-User
        WiMAX-GMT-Timezone-offset = 0
        State = 0x07d1252d06d2308fa467b7478824e818
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[wimax] returns ok
[suffix] Looking up realm "LOCAL" for User-Name = "{am=1}abcd at LOCAL"
[suffix] Found realm "LOCAL"
[suffix] Adding Stripped-User-Name = "{am=1}abcd"
[suffix] Adding Realm = "LOCAL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 3 length 94
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls]     (other): before/accept initialization
[ttls]     TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 0053], ClientHello
[ttls]     TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[ttls]     TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 085e], Certificate
[ttls]     TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
[ttls]     TLS_accept: SSLv3 write key exchange A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls]     TLS_accept: SSLv3 write server done A
[ttls]     TLS_accept: SSLv3 flush data
[ttls]     TLS_accept: Need to read more data: SSLv3 read client certificate 
A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 102 to 172.16.0.1 port 1812
        EAP-Message = 
0x0104040015c000000aad160301002a0200002603014cae2fcd5029ce1df32035c3a06a4087b11edd22d8485e7c412d9be55e4c5c6f00003900160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
        EAP-Message = 
0x301e170d3130303731323232313332315a170d3131303731323232313332315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d7874f3c4e39aae3b3dbe12621c73ee35d5d82173aeda2012d1b079c1e18334ce1e2873ea41f987d8acfb697a80f047adbe42a6e9984e6738b3ea6a38217
        EAP-Message = 
0xf4176bfa579f3eee2a32c69da800eeebc01d55567264313148a074b1cb6dcc03b9f6fbfef5263b5124a436da3855882fc2e4f721093dc28ebb4567a6d0b570adc903a8f852d438c588168cbfc286ccf073a476a585c9c587b3e2f7f63b019fda8e0c1177c1738c4753f0b8b43957fdb7a83590eea91716ac66ed369841f69f79fb12217ca5fc8def15bdf8e2f907a449262968d64b3961c9dd6df44844dd5b3415d053a6925a9ef941ae3857658c0c3ebe136f1cd7d68aedc9dbba4067ebe8a0ff350203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100493cd6fd113622f4cd
        EAP-Message = 
0x4810f92b058c52ae16f06c0ecdc258f64f51a520e78d442a748b965b54d20c17730fda2c9c37dc7650b43d8799886b101ed652e6d409c175f60be76f77db2fd273123c4e66b6c4365589c6598d74b5769643391dae72be3890f014e8e1935e3fba927ea08fe50b0aa48abfeab651f6c7fcd770bf5e7611f0d0097126bfa7995563c37a6be3a45aae356dd45e5df8eb69baff571111166bbdb4d9eff0864e97412db79434d95273e8cf5bf7a7ae46847750b5983c259e262e7c40fbac6402bc2e04db351660a236808992e8a0dd63ef86f4d13f44bd292f8539918c5015618f341137dc1b976763151070e04b564cf8810843d287c8c5a10004ab308204
        EAP-Message = 0xa73082038fa0030201020209
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x07d1252d05d5308fa467b7478824e818
Finished request 2.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=103, 
length=165
        User-Name = "{am=1}abcd at LOCAL"
        EAP-Message = 0x020400061500
        Message-Authenticator = 0xfb886198b9ccbe34096739fc2da309ff
        NAS-Identifier = "172.16.0.1"
        NAS-IP-Address = 172.16.0.1
        Calling-Station-Id = "00-17-C4-9B-B5-84"
        WiMAX-BS-Id = 0x020202060606
        NAS-Port-Type = 27
        Framed-MTU = 2000
        Service-Type = Framed-User
        WiMAX-GMT-Timezone-offset = 0
        State = 0x07d1252d05d5308fa467b7478824e818
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[wimax] returns ok
[suffix] Looking up realm "LOCAL" for User-Name = "{am=1}abcd at LOCAL"
[suffix] Found realm "LOCAL"
[suffix] Adding Stripped-User-Name = "{am=1}abcd"
[suffix] Adding Realm = "LOCAL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 103 to 172.16.0.1 port 1812
        EAP-Message = 
0x0105040015c000000aad009fddc44b4be118b5300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3130303731323232313332315a170d3131303731323232313332315a308193310b3009060355040613024652310f300d0603550408130652616469757331123010
        EAP-Message = 
0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100d276fddff22e7edcb712d868de52cb6063309371e4e8f98843537b4994eee901397351da19d7ebc031a4100582890e3c4af076d30922c9b7759718a9319107d8bdc59036d2e517f5c1686643f870317e0db6cfe05330e4fac7c6482cd0fdcbe1e348881a94e38eb6657de3
        EAP-Message = 
0x3949e38252f67c675b884f72480c88c642b5e4d91d752cb05266b3241c0e999a026b68877c5e3dd462300334d56ebaead860b01f4edf292279eb8c400f835d32e7670ec99406137a27a74d23058c7dd88c367aacd0910b315dcd8b94ceef8165c9cab703f78b6161368fd5ffdced840b70e4195f3db98f412da26dee1a066693391d81d69b1458ce4f3511014abcb276cb0de0d8710203010001a381fb3081f8301d0603551d0e04160414f53150c8ec687788495274d05b5f7dbb1d92ecc93081c80603551d230481c03081bd8014f53150c8ec687788495274d05b5f7dbb1d92ecc9a18199a48196308193310b3009060355040613024652310f300d
        EAP-Message = 
0x060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f726974798209009fddc44b4be118b5300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100b3d280637fb1aafcf00cdedc91bbbcca86e20d3cc00b5f16f0e79611cc28433ac17b23ac9fb0a83088532b50cc2fb779849da3981b650ad734c8a850ed29ee911940b3b7661783fb719e276af281
        EAP-Message = 0x86d55c11ccb90a50597218b2
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x07d1252d04d4308fa467b7478824e818
Finished request 3.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=104, 
length=165
        User-Name = "{am=1}abcd at LOCAL"
        EAP-Message = 0x020500061500
        Message-Authenticator = 0x3a858a07f8318d62f4d077163d71fec5
        NAS-Identifier = "172.16.0.1"
        NAS-IP-Address = 172.16.0.1
        Calling-Station-Id = "00-17-C4-9B-B5-84"
        WiMAX-BS-Id = 0x020202060606
        NAS-Port-Type = 27
        Framed-MTU = 2000
        Service-Type = Framed-User
        WiMAX-GMT-Timezone-offset = 0
        State = 0x07d1252d04d4308fa467b7478824e818
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[wimax] returns ok
[suffix] Looking up realm "LOCAL" for User-Name = "{am=1}abcd at LOCAL"
[suffix] Found realm "LOCAL"
[suffix] Adding Stripped-User-Name = "{am=1}abcd"
[suffix] Adding Realm = "LOCAL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 104 to 172.16.0.1 port 1812
        EAP-Message = 
0x010602cb158000000aadb013d96c28934158e79f3eedb23bba605bf6166496df88c0ef799d79147dccfeaf379f8ede13c6491b44a68bbd19f1a07b0aefbb705fad78ddfa75a685a6143de8c9b0f624d9f27a3fa7c7e1abf6d8b6bf42d80492bbb55ea15af49cacb1e7d0ab53d5f227b18225eb38e6de2b1aacaec55df09eca780664046c0bfab4df89b1aca766b6e7d56e8df9e162440446903f0e33873014f4e45ec66e73a263a14263848c26cd867c160301020d0c0002090080fbab99c6dde7a106dab1558e253b67404ddd33c37ad7e802090c2a8c348fec48646d59d15c159482fd3d0592f5a6e53de5235eda15543eaa1ba7897c3a5e69beaf61
        EAP-Message = 
0xad836c181c0cd34894bb249ea4078ebcf1412cc04a61afa2492373de03d38da87b7b5f612747acee73a2f56b6e9b2b8474507fab8d79259148c821b6ccbb000102008071e0566ca48bd962dfe120f2badc11d6847890fe322b80dd871c55dc3275e1ad992ec2e06edcd751660bbb8fb2fc41efd65b361c8965efd4856f29702fe637898b9a499c72092b5619db6c81e2aa4d8c6939443f551cfb40f96a1ffdff711bb24da56ebf3b527470bac506084d68cd19d78c492b89d7ddee2eeef8e85d83994d01006871910ef4a5f4b658e7cb543404e0e6d9f89e89d771378ed367e57a3a0e1ba15c374acea793a70f56f826b1cabd300ce0a5008ff60e4a8b
        EAP-Message = 
0x99eb0f3b87a6835bf8c15fdcc39fef9d0967df81995ba470a9a332d847938e92e9da5e0f5646b24692107c760ecdee1438ad6aa2b69798abab7a0e2e3b5dd7dc0de9ce1e325a926139c6d893a6974f435c77fa28895fbcb09a59cce4b5c795db71285d2bdf03dd398d7747d3a13c7dfbc920daf98a9d86375f23399a87b2ce301324d411786b5f9404008c74dd2dc62486fba7c7a176fc126385561b5647a2514769251723680dcecd88f2cba999d0c77edf900fa03758bd795dcd69aa18dc7294cab3fddc93a7fd16030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x07d1252d03d7308fa467b7478824e818
Finished request 4.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=105, 
length=363
        User-Name = "{am=1}abcd at LOCAL"
        EAP-Message = 
0x020600cc15001603010086100000820080d83a019202da718d2cf50782fac1ffdc0d6ac63decfef4c729a015c7fea0c0e4ef0a9eaa27eaf80f098f6b198ba93f05fd5ab7af89b49ff94253e991f06115a168908fefc14d0122b55d8c0d497590c6c263887563e6ccf6f5737357813877b800b6353e08d73d527764fe0b77f0d2c732e5f46ba97f44491da57fa7cf3420d114030100010116030100303954bbe60005802786b7654858383c544a3e4b20b72a412837191afbe5d47ad0115cc7b0a3819dcb72131d774ace19cb
        Message-Authenticator = 0xbfc82cffef5fbea2c143a2f2072ebe29
        NAS-Identifier = "172.16.0.1"
        NAS-IP-Address = 172.16.0.1
        Calling-Station-Id = "00-17-C4-9B-B5-84"
        WiMAX-BS-Id = 0x020202060606
        NAS-Port-Type = 27
        Framed-MTU = 2000
        Service-Type = Framed-User
        WiMAX-GMT-Timezone-offset = 0
        State = 0x07d1252d03d7308fa467b7478824e818
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[wimax] returns ok
[suffix] Looking up realm "LOCAL" for User-Name = "{am=1}abcd at LOCAL"
[suffix] Found realm "LOCAL"
[suffix] Adding Stripped-User-Name = "{am=1}abcd"
[suffix] Adding Realm = "LOCAL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 6 length 204
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[ttls]     TLS_accept: SSLv3 read client key exchange A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls]     TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls]     TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls]     TLS_accept: SSLv3 write finished A
[ttls]     TLS_accept: SSLv3 flush data
[ttls]     (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 105 to 172.16.0.1 port 1812
        EAP-Message = 
0x0107004515800000003b1403010001011603010030c41b64e6395d1bb11d44f10d2cc51b2629d94072d9317e8713a8ee5136fad3d919a9ec4913cfa0d939b5adbc84efffb5
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x07d1252d02d6308fa467b7478824e818
Finished request 5.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=106, 
length=271
        User-Name = "{am=1}abcd at LOCAL"
        EAP-Message = 
0x0207007015001703010020fae7febef31d7dd67dcb8f8f5ca814e164f24a4febbf76508ba9581bf11d631d1703010040263cdf6938b6a85e496b5be24309873c71ede6592ff13c6368dcda032f80c308cf3a2cc6780bc64cc8f6235fa7c60cace93d92fd31a2c92c6bb0630736e32af5
        Message-Authenticator = 0x2851a17a76b970711166f19a3a99523d
        NAS-Identifier = "172.16.0.1"
        NAS-IP-Address = 172.16.0.1
        Calling-Station-Id = "00-17-C4-9B-B5-84"
        WiMAX-BS-Id = 0x020202060606
        NAS-Port-Type = 27
        Framed-MTU = 2000
        Service-Type = Framed-User
        WiMAX-GMT-Timezone-offset = 0
        State = 0x07d1252d02d6308fa467b7478824e818
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[wimax] returns ok
[suffix] Looking up realm "LOCAL" for User-Name = "{am=1}abcd at LOCAL"
[suffix] Found realm "LOCAL"
[suffix] Adding Stripped-User-Name = "{am=1}abcd"
[suffix] Adding Realm = "LOCAL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 7 length 112
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] eaptls_process returned 7
[ttls] Session established.  Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
        User-Name = "test"
        User-Password = "test"
        FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
        User-Name = "test"
        User-Password = "test"
        FreeRADIUS-Proxied-To = 127.0.0.1
        NAS-Identifier = "172.16.0.1"
        NAS-IP-Address = 172.16.0.1
        Calling-Station-Id = "00-17-C4-9B-B5-84"
        WiMAX-BS-Id = 0x020202060606
        NAS-Port-Type = 27
        Framed-MTU = 2000
        Service-Type = Framed-User
        WiMAX-GMT-Timezone-offset = 0
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "test"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[control] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry test at line 110
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "test"
[pap] Using clear text password "test"
[pap] User authenticated successfully
++[pap] returns ok
  WARNING: Empty post-auth section.  Using default return values.
} # server inner-tunnel
[ttls] Got tunneled reply code 2
        Auth-Type = Local
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Address = 192.168.0.33
        Framed-IP-Netmask = 255.255.255.0
        WiMAX-QoS-Id := 101
        WiMAX-Service-Class-Name := "DATA"
        WiMAX-Schedule-Type := Best-Effort
        WiMAX-Traffic-Priority := 1
        WiMAX-Maximum-Sustained-Traffic-Rate := 512000
        WiMAX-Reduced-Resources-Code := 1
[ttls] Got tunneled Access-Accept
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
[sql_log] Processing sql_log_postauth
[sql_log]       expand: %{User-Name} -> {am=1}abcd at LOCAL
[sql_log]       expand: %{%{User-Name}:-DEFAULT} -> {am=1}abcd at LOCAL
[sql_log] sql_set_user escaped user --> '{am=1}abcd at LOCAL'
[sql_log] WARNING: Deprecated conditional expansion ":-".  See "man unlang" 
for details
[sql_log]       ... expanding second conditional
[sql_log]       expand: Chap-Password -> Chap-Password
[sql_log]       expand: INSERT INTO radpostauth 
(username, pass, reply, authdate) VALUES 
('%{User-Name}', '%{User-Password:-Chap-Password}', 
'%{reply:Packet-Type}', '%S'); -> INSERT INTO radpostauth 
(username, pass, reply, authdate) VALUES 
('{am=1}abcd at LOCAL', 'Chap-Password',           'Access-Accept', '2010-10-07 
16:38:37');
[sql_log]       expand: /usr/local/var/log/radius/radacct/sql-relay -> 
/usr/local/var/log/radius/radacct/sql-relay
++[sql_log] returns ok
++[exec] returns noop
[wimax] MIP-RK = 
0xef87c598c604f52d8887df1b5dbf19c0a5d5b038d5f2cc05a4040b6550d6dfdbd86632053845cc46e7daf620649d4418751f7e0ee9ff3ff8b3a0a9a8f865b61c
[wimax] MIP-SPI = bf1b4edd
[wimax] WARNING: WiMAX-MN-NAI was not found in the request or in the reply.
[wimax] WARNING: We cannot calculate MN-HA keys.
[wimax] WARNING: WiMAX-IP-Technology not found in reply.
[wimax] WARNING: Not calculating MN-HA keys
++[wimax] returns updated
++? if (updated)
? Evaluating (updated) -> TRUE
++? if (updated) -> TRUE
++- entering if (updated) {...}
+++[reply] returns updated
++- if (updated) returns updated
Sending Access-Accept of id 106 to 172.16.0.1 port 1812
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Address = 192.168.0.33
        Framed-IP-Netmask = 255.255.255.0
        WiMAX-QoS-Id = 101
        WiMAX-Service-Class-Name = "DATA"
        WiMAX-Schedule-Type = Best-Effort
        WiMAX-Traffic-Priority = 1
        WiMAX-Maximum-Sustained-Traffic-Rate = 512000
        WiMAX-Reduced-Resources-Code = 1
        EAP-Message = 0x03070004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "{am=1}abcd"
        WiMAX-MSK = 
0x58fd064ed193962abcd676849e5d350bce02cdd98153a2577f05a2727221d6368200c817698638447d9964dd5bb1aab61c706753cf6b784bd31eef4c479f689c
Finished request 6.
Going to the next request
Waking up in 4.2 seconds.




Regards
Anup
--------------------------------------------------
From: "Ben Wiechman" <wiechman.lists at gmail.com>
Sent: Wednesday, October 06, 2010 10:59 PM
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Subject: RE: WiMax VSA Support

> That service profile does not look at all correct. It's a mixed bag of
> pre-provisioned services and AAA provisioned services.
>
> Here is a sample service definition that works with our ASN-GW:
> WiMAX-QoS-Id  :=  101
> WiMAX-Service-Class-Name := DATA
> WiMAX-Schedule-Type := Best-Effort
> WiMAX-Traffic-Priority := 1
> WiMAX-Maximum-Sustained-Traffic-Rate := 512000
> WiMAX-Reduced-Resources-Code := 1
> WiMAX-QoS-Id += 102
> WiMAX-Service-Class-Name += DATA
> WiMAX-Schedule-Type += Best-Effort
> WiMAX-Traffic-Priority += 1
> WiMAX-Maximum-Sustained-Traffic-Rate += 20971520
> WiMAX-Reduced-Resources-Code += 1
>
> We're using Wichorus, but in working with other vendors and service
> providers in the past who were using the Alvarion ASN-GW I don't recall 
> that
> there were significant differences in QOS assignment at least. Looking 
> back
> through my notes it does appear that most of them were using the 
> proprietary
> Filter-ID method of service assignment. Using the Filter-Id might help 
> rule
> out any strange EAP issues.
>
> Studying the table of attributes in the WiMAX forum stage three docs 
> (Tables
> in section 5) also helps explain which TLVs are required and which are not
> when generating the appropriate responses.
>
> Ben
>
>> -----Original Message-----
>> From: freeradius-users-
>> bounces+wiechman.lists=gmail.com at lists.freeradius.org
>> [mailto:freeradius-users-
>> bounces+wiechman.lists=gmail.com at lists.freeradius.org] On Behalf Of
>> Anup krishnan A
>> Sent: Wednesday, October 06, 2010 3:11 AM
>> To: FreeRadius users mailing list
>> Subject: Re: WiMax VSA Support
>>
>>
>> Hi Alan,
>>
>> Thank you for your quick response.
>>
>> We have already checked the dictionary and found that wimax dictionary
>> is
>> available in the freeradius server.
>>
>> Actually we are using Freeradius server 2.1.9 and Alvarion base-station
>> and Alvarion ASN GW. Initially we created a service profile in Alvarion
>> ASN GW for the user "test" using their management software
>> 'AlvariStar'.
>> And 'users' file in the freeradius has been updated to add the user
>> "test"
>> as follows,
>>
>> test Cleartext-Password := "test"
>>  Auth-Type = Local,
>> Service-Type = Framed-User,
>> Framed-Protocol = PPP,
>> Framed-IP-Address = 192.168.0.33,
>> Framed-IP-Netmask = 255.255.255.0,
>> Framed-Routing = Broadcast-Listen,
>> Filter-Id = "servprof2"
>>
>> where "servprof2" is the name of the service profile created in
>> Alvarion
>> ASN GW. In this case the authentication was successful and MS has got
>> the
>> IP as well.
>>
>> Then we tried to create the service profile for the user "test" from
>> the
>> Freeradius by using WiMAX attributes found in the file
>> dictionary.wimax'.The entries for the user in the 'users' file is as
>> shown
>> below.
>>
>> test Cleartext-Password := "test"
>>  Auth-Type = Local,
>> Service-Type = Framed-User,
>> Framed-Protocol = PPP,
>> Framed-IP-Address = 192.168.0.33,
>> Framed-IP-Netmask = 255.255.255.0,
>> WiMAX-Service-Profile-Id=1,
>> WiMAX-Media-Flow-Type=Streaming-Video,
>> WiMAX-Schedule-Type = Best-Effort,
>> WiMAX-QoS-Id=01,
>> WiMAX-Media-Flow-Type=Robust-Browser,
>> WiMAX-Traffic-Priority=0,
>> WiMAX-Maximum-Sustained-Traffic-Rate=512000
>>
>> In this case Freeradius has sent the Access-Accept, but the
>> authentication
>> process is not successful and MS is showing an error message as "EAP
>> supplicant transferring error".
>>
>> I hope you understand the problem
>>
>> Regards,
>> Anup
>>
>>
>>
>> > Anup wrote:
>> >> Hi,
>> >> I would like to know whether latest Freeradius version has the
>> support
>> >> for WiMax VSAs?
>> >
>> >   The server comes with documentation and dictionary files.  Please
>> read
>> > them.
>> >
>> >> Also please tell me how to send the WiMAX Qos
>> >> Descriptors in Access-Accept
>> >
>> >   VSAs are just attributes.  They can be added / edited like anything
>> > else.
>> >
>> >   Alan DeKok.
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> >
>>
>>
>>
>> -----------------------------------------
>> This email was sent using SquirrelMail.
>>    "Webmail for nuts!"
>> http://squirrelmail.org/
>>
>>
>> ______________________________________
>> Scanned and protected by Email scanner
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html 


______________________________________
Scanned and protected by Email scanner



More information about the Freeradius-Users mailing list