Freeradius + Alvarion 4Motion specify filter-id value inaccess-accept from value in user conf file ?

Hahusseau, Thomas thomas.hahusseau at cassidian.com
Mon Jun 6 18:38:53 CEST 2011


Hello,

I tried using only "Framed-Filter-Id" and "Filter-Id" in users conf file and deleting the line Filter-Id = "Profile1" from my site-ennabled/default conf file but it doesn't work. When processing the post-authentication section it doesn't add atributes provided in users conf to the access-accept. I added the "files" line in post-authent section of default conf file (I suposed this way it parse the users conf file when processing the post authent section) but it doesn't work.

Could you give me a sample of your site-ennabled/default conf file ?

Here is the Radiusd -X output of my server :

FreeRADIUS Version 3.0.0, for host i686-pc-linux-gnu, built on May 31 2011 at 08:06:19
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License v2. 
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/soh
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/perl
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/redis
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/replicate
including configuration file /usr/local/etc/raddb/modules/opendirectory
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/eap
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/sql
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/rediswho
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/sqlippool
including configuration file /usr/local/etc/raddb/sql/postgresql/ippool.conf
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/dynamic_clients
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/control-socket
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
including configuration file /usr/local/etc/raddb/sites-enabled/default
main {
 security {
	allow_core_dumps = no
 }
}
including dictionary file /usr/local/etc/raddb/dictionary
main {
	name = "radiusd"
	prefix = "/usr/local"
	localstatedir = "/usr/local/var"
	sbindir = "/usr/local/sbin"
	logdir = "/usr/local/var/log/radius"
	run_dir = "/usr/local/var/run/radiusd"
	libdir = "/usr/local/lib"
	radacctdir = "/usr/local/var/log/radius/radacct"
	hostname_lookups = no
	max_request_time = 30
	cleanup_delay = 5
	max_requests = 1024
	pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
	checkrad = "/usr/local/sbin/checkrad"
	debug_level = 0
	proxy_requests = yes
 log {
	stripped_names = no
	auth = no
	auth_badpass = no
	auth_goodpass = no
 }
 security {
	max_attributes = 200
	reject_delay = 1
	status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
	retry_delay = 5
	retry_count = 3
	default_fallback = no
	dead_time = 120
	wake_all_if_all_dead = no
 }
 home_server localhost {
	ipaddr = 127.0.0.1
	port = 1812
	type = "auth"
	secret = "testing123"
	response_window = 20
	max_outstanding = 65536
	require_message_authenticator = yes
	zombie_period = 40
	status_check = "status-server"
	ping_interval = 30
	check_interval = 30
	num_answers_to_alive = 3
	num_pings_to_alive = 3
	revive_interval = 120
	status_check_timeout = 4
  coa {
	irt = 2
	mrt = 16
	mrc = 5
	mrd = 30
  }
  limit {
	max_connections = 16
	max_requests = 0
	lifetime = 0
	idle_timeout = 0
  }
 }
 home_server_pool my_auth_failover {
	type = fail-over
	home_server = localhost
 }
 realm example.com {
	auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd: #### Loading Clients ####
 client localhost {
	ipaddr = 127.0.0.1
	require_message_authenticator = no
	secret = "testing123"
	nastype = "other"
	proto = "*"
	max_connections = 16
 }
 client 192.168.100.10 {
	require_message_authenticator = no
	secret = "wimaxeads"
	max_connections = 16
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating module "exec" from file /usr/local/etc/raddb/modules/exec
  exec {
	wait = no
	input_pairs = "request"
	shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating module "expr" from file /usr/local/etc/raddb/modules/expr
 Module: Linked to module rlm_expiration
 Module: Instantiating module "expiration" from file /usr/local/etc/raddb/modules/expiration
  expiration {
	reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating module "logintime" from file /usr/local/etc/raddb/modules/logintime
  logintime {
	reply-message = "You are calling outside your allowed timespan  "
	minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server { # from file /usr/local/etc/raddb/radiusd.conf
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating module "pap" from file /usr/local/etc/raddb/modules/pap
  pap {
	encryption_scheme = "auto"
	auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating module "chap" from file /usr/local/etc/raddb/modules/chap
 Module: Linked to module rlm_mschap
 Module: Instantiating module "mschap" from file /usr/local/etc/raddb/modules/mschap
  mschap {
	use_mppe = yes
	require_encryption = no
	require_strong = no
	with_ntdomain_hack = no
   passchange {
   }
	allow_retry = yes
  }
 Module: Linked to module rlm_digest
 Module: Instantiating module "digest" from file /usr/local/etc/raddb/modules/digest
 Module: Linked to module rlm_unix
 Module: Instantiating module "unix" from file /usr/local/etc/raddb/modules/unix
  unix {
	radwtmp = "/usr/local/var/log/radius/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating module "eap" from file /usr/local/etc/raddb/modules/eap
  eap {
	default_eap_type = "md5"
	timer_expire = 60
	ignore_unknown_eap_types = no
	cisco_accounting_username_bug = no
	max_sessions = 4096
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
	challenge = "Password: "
	auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
	rsa_key_exchange = no
	dh_key_exchange = yes
	rsa_key_length = 512
	dh_key_length = 512
	verify_depth = 0
	CA_path = "/usr/local/etc/raddb/certs"
	pem_file_type = yes
	private_key_file = "/usr/local/etc/raddb/certs/server.pem"
	certificate_file = "/usr/local/etc/raddb/certs/server.pem"
	CA_file = "/usr/local/etc/raddb/certs/ca.pem"
	private_key_password = "whatever"
	dh_file = "/usr/local/etc/raddb/certs/dh"
	random_file = "/usr/local/etc/raddb/certs/random"
	fragment_size = 1024
	include_length = yes
	check_crl = no
	cipher_list = "DEFAULT"
	make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
    cache {
	enable = no
	lifetime = 24
	max_entries = 255
    }
    verify {
    }
    ocsp {
	enable = no
	override_cert_url = yes
	url = "http://127.0.0.1/ocsp/"
    }
   }
 Module: Linked to sub-module rlm_eap_ttls
 Module: Instantiating eap-ttls
   ttls {
	default_eap_type = "md5"
	copy_request_to_tunnel = no
	use_tunneled_reply = no
	virtual_server = "inner-tunnel"
	include_length = yes
   }
 Module: Linked to sub-module rlm_eap_peap
 Module: Instantiating eap-peap
   peap {
	default_eap_type = "mschapv2"
	copy_request_to_tunnel = no
	use_tunneled_reply = no
	proxy_tunneled_request_as_eap = yes
	virtual_server = "inner-tunnel"
	soh = no
   }
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
	with_ntdomain_hack = no
	send_error = no
   }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess
  preprocess {
	huntgroups = "/usr/local/etc/raddb/huntgroups"
	hints = "/usr/local/etc/raddb/hints"
	with_ascend_hack = no
	ascend_channels_per_line = 23
	with_ntdomain_hack = no
	with_specialix_jetstream_hack = no
	with_cisco_vsa_hack = no
	with_alvarion_vsa_hack = no
  }
 Module: Linked to module rlm_wimax
 Module: Instantiating module "wimax" from file /usr/local/etc/raddb/modules/wimax
  wimax {
	delete_mppe_keys = no
  }
 Module: Linked to module rlm_realm
 Module: Instantiating module "suffix" from file /usr/local/etc/raddb/modules/realm
  realm suffix {
	format = "suffix"
	delimiter = "@"
	ignore_default = no
	ignore_null = no
  }
 Module: Linked to module rlm_files
 Module: Instantiating module "files" from file /usr/local/etc/raddb/modules/files
  files {
	usersfile = "/usr/local/etc/raddb/users"
	acctusersfile = "/usr/local/etc/raddb/acct_users"
	preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
	compat = "no"
  }
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating module "acct_unique" from file /usr/local/etc/raddb/modules/acct_unique
  acct_unique {
	key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating module "detail" from file /usr/local/etc/raddb/modules/detail
  detail {
	detailfile = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
	header = "%t"
	detailperm = 384
	dirperm = 493
	locking = no
	log_packet_header = no
  }
 Module: Linked to module rlm_radutmp
 Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp
  radutmp {
	filename = "/usr/local/var/log/radius/radutmp"
	username = "%{User-Name}"
	case_sensitive = yes
	check_with_nas = yes
	perm = 384
	callerid = yes
  }
 Module: Linked to module rlm_attr_filter
 Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_filter
  attr_filter attr_filter.accounting_response {
	attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
	key = "%{User-Name}"
  }
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter
  attr_filter attr_filter.access_reject {
	attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
	key = "%{User-Name}"
  }
 } # modules
} # server
server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Checking authorize {...} for more modules to load
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
	type = "auth"
	ipaddr = *
	port = 0
}
listen {
	type = "acct"
	ipaddr = *
	port = 0
}
listen {
	type = "control"
 listen {
	socket = "/usr/local/var/run/radiusd/radiusd.sock"
 }
}
listen {
	type = "auth"
	ipaddr = 127.0.0.1
	port = 18120
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Opening new proxy address * port 1814
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.100.10 port 1812, id=87, length=161
	User-Name = "{am=1}cpe4 at eads.com"

	EAP-Message = 0x02010018017b616d3d317d6370653440656164732e636f6d

	Message-Authenticator = 0xd4e62c828085e35dc5b8eab904862b64

	NAS-Identifier = "NPU"

	NAS-IP-Address = 192.168.100.10

	Calling-Station-Id = "00-19-15-C8-99-9D"

	WiMAX-BS-Id = 0x214e00010101

	NAS-Port-Type = Wireless-802.16

	Framed-MTU = 2000

	Service-Type = Framed-User

	WiMAX-GMT-Timezone-offset = 256

(0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(0)   group authorize {
(0)  - entering group authorize {...}
(0)   [preprocess] = ok
(0)   [chap] = noop
(0)   [mschap] = noop
(0)   [digest] = noop
(0)   [wimax] = ok
(0) suffix : Looking up realm "eads.com" for User-Name = "{am=1}cpe4 at eads.com"
(0) suffix : No such realm "eads.com"
(0)   [suffix] = noop
(0) eap : EAP packet type response id 1 length 24
(0) eap : No EAP Start, assuming it's an on-going EAP conversation
(0)   [eap] = updated
(0)   [files] = noop
(0)   [expiration] = noop
(0)   [logintime] = noop
(0) pap : WARNING! No "known good" password found for the user.  Authentication may fail because of this.
(0)   [pap] = noop
(0) Found Auth-Type = ?
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0)   group authenticate {
(0)  - entering group authenticate {...}
(0) eap : EAP Identity
(0) eap : processing type md5
rlm_eap_md5: Issuing Challenge
(0)   [eap] = handled
Sending Access-Challenge of id 87 to 192.168.100.10 port 1812
	EAP-Message = 0x0102001604106254767f35e41ca8d379aa26b1844710

	Message-Authenticator = 0x00000000000000000000000000000000

	State = 0x88ac768388ae720233427f0cb1a81ea1

(0) Finished request 0.
rad_recv: Access-Request packet from host 192.168.100.10 port 1812, id=88, length=161
	User-Name = "{am=1}cpe4 at eads.com"

	EAP-Message = 0x020200060315

	Message-Authenticator = 0x968d21ad084bd80cb7fd2b7b91f77643

	NAS-Identifier = "NPU"

	NAS-IP-Address = 192.168.100.10

	Calling-Station-Id = "00-19-15-C8-99-9D"

	WiMAX-BS-Id = 0x214e00010101

	NAS-Port-Type = Wireless-802.16

	Framed-MTU = 2000

	Service-Type = Framed-User

	WiMAX-GMT-Timezone-offset = 256

	State = 0x88ac768388ae720233427f0cb1a81ea1

(1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(1)   group authorize {
(1)  - entering group authorize {...}
(1)   [preprocess] = ok
(1)   [chap] = noop
(1)   [mschap] = noop
(1)   [digest] = noop
(1)   [wimax] = ok
(1) suffix : Looking up realm "eads.com" for User-Name = "{am=1}cpe4 at eads.com"
(1) suffix : No such realm "eads.com"
(1)   [suffix] = noop
(1) eap : EAP packet type response id 2 length 6
(1) eap : No EAP Start, assuming it's an on-going EAP conversation
(1)   [eap] = updated
(1)   [files] = noop
(1)   [expiration] = noop
(1)   [logintime] = noop
(1) pap : WARNING! No "known good" password found for the user.  Authentication may fail because of this.
(1)   [pap] = noop
(1) Found Auth-Type = ?
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1)   group authenticate {
(1)  - entering group authenticate {...}
(1) eap : Request found, released from the list
(1) eap : EAP NAK
(1) eap : EAP-NAK asked for EAP-Type/ttls
(1) eap : processing type tls
(1) tls : Initiate
(1) tls : Start returned 1
(1)   [eap] = handled
Sending Access-Challenge of id 88 to 192.168.100.10 port 1812
	EAP-Message = 0x010300061520

	Message-Authenticator = 0x00000000000000000000000000000000

	State = 0x88ac768389af630233427f0cb1a81ea1

(1) Finished request 1.
rad_recv: Access-Request packet from host 192.168.100.10 port 1812, id=89, length=235
	User-Name = "{am=1}cpe4 at eads.com"

	EAP-Message = 0x0203005015001603010045010000410301587b2c9d26ea19e33cc96c713e27e86d48e7f90bba9078be4787a3b58865b7e000001a0015001600330009000a002f000700670039006b003c0035003d0100

	Message-Authenticator = 0x900a66df9e8f1a8617b067c7e151f41d

	NAS-Identifier = "NPU"

	NAS-IP-Address = 192.168.100.10

	Calling-Station-Id = "00-19-15-C8-99-9D"

	WiMAX-BS-Id = 0x214e00010101

	NAS-Port-Type = Wireless-802.16

	Framed-MTU = 2000

	Service-Type = Framed-User

	WiMAX-GMT-Timezone-offset = 256

	State = 0x88ac768389af630233427f0cb1a81ea1

(2) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(2)   group authorize {
(2)  - entering group authorize {...}
(2)   [preprocess] = ok
(2)   [chap] = noop
(2)   [mschap] = noop
(2)   [digest] = noop
(2)   [wimax] = ok
(2) suffix : Looking up realm "eads.com" for User-Name = "{am=1}cpe4 at eads.com"
(2) suffix : No such realm "eads.com"
(2)   [suffix] = noop
(2) eap : EAP packet type response id 3 length 80
(2) eap : Continuing tunnel setup.
(2)   [eap] = ok
(2) Found Auth-Type = ?
(2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(2)   group authenticate {
(2)  - entering group authenticate {...}
(2) eap : Request found, released from the list
(2) eap : EAP/ttls
(2) eap : processing type ttls
(2) ttls : Authenticate
(2) ttls : processing EAP-TLS
(2) ttls : eaptls_verify returned 7 
(2) ttls : Done initial handshake
(2) ttls :     (other): before/accept initialization
(2) ttls :     TLS_accept: before/accept initialization
(2) ttls : <<< TLS 1.0 Handshake [length 0045], ClientHello  
(2) ttls :     TLS_accept: SSLv3 read client hello A
(2) ttls : >>> TLS 1.0 Handshake [length 002a], ServerHello  
(2) ttls :     TLS_accept: SSLv3 write server hello A
(2) ttls : >>> TLS 1.0 Handshake [length 085e], Certificate  
(2) ttls :     TLS_accept: SSLv3 write certificate A
(2) ttls : >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange  
(2) ttls :     TLS_accept: SSLv3 write key exchange A
(2) ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
(2) ttls :     TLS_accept: SSLv3 write server done A
(2) ttls :     TLS_accept: SSLv3 flush data
(2) ttls :     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase 
In SSL Accept mode  
(2) ttls : eaptls_process returned 13 
(2)   [eap] = handled
Sending Access-Challenge of id 89 to 192.168.100.10 port 1812
	EAP-Message = 0x0104040015c000000aad160301002a0200002603014de628f49d0a58418112208d644ced77bf239b5cd0ac542da3e0f4e7c6389a7500001500160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479

	EAP-Message = 0x301e170d3131303533313132313032365a170d3132303533303132313032365a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b6eec957d8b9ccf58cac8aca0c22e429e9e50bae985fbd09fa49ca80c296b255ab2ddcdc9604e5827097a4913e040ed16d2e03278ba495997d0970f0dc8a

	EAP-Message = 0x3de2d19742df29ae5d8964b0eea69f8098cad478d47a1303ee0623059c9fdea155849921fef4896370ad551a4cb0c6907e3309da2fbd4c8464836f9dde6ad78724c8094dd74ec5aae4bdb656f9c2eba830148a8e3083af941e8a27ddf3e4dd76a6f380a82203e569e7033d9d11c5edd1e934dfdc59a79189264ab4092b59f25bf69a0a8270c5a4f60f46c4b4bac24efca3a3fba357e55ca82a54b9df7af4cc0a1334155ba14590039dcde4502cd0a65149613948e22af911de4f887f9773ee12b2070203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010001c18581de2951f923

	EAP-Message = 0x6ecb42edc56b67eaff5f29f9d96350cc431fa58e575e5829b84e2d2d61ea4047b493d3ba028618067f191ab467414158fb41b0f33f9de13d48dd94c5f6d4060b687617532ba2e90814084708a895331416c460d709a97eb1125885244dce77795c064b9a2e3b0027bc02a629ccf2b6424af17318994415fffba3543ffefa6e06f17ec82c9ce722e901602cc2ce23b60ad1c4deed6959d7e912a21fecaad1547da914e046a9760eb70eb8426a65bf2b7d9d124d9365311ce78f9977af941f39d8c33a84b03e883cdad3e8645604f7d3e4c8fd840a9dade2258835ec2b44214c88d32be9f7137005fb07a42052f30e555fbcb20d3c76a3eb0004ab308204

	EAP-Message = 0xa73082038fa0030201020209

	Message-Authenticator = 0x00000000000000000000000000000000

	State = 0x88ac76838aa8630233427f0cb1a81ea1

(2) Finished request 2.
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.100.10 port 1812, id=90, length=161
	User-Name = "{am=1}cpe4 at eads.com"

	EAP-Message = 0x020400061500

	Message-Authenticator = 0xbfc9c710af8c98f1b1ee9e248bdeb6ec

	NAS-Identifier = "NPU"

	NAS-IP-Address = 192.168.100.10

	Calling-Station-Id = "00-19-15-C8-99-9D"

	WiMAX-BS-Id = 0x214e00010101

	NAS-Port-Type = Wireless-802.16

	Framed-MTU = 2000

	Service-Type = Framed-User

	WiMAX-GMT-Timezone-offset = 256

	State = 0x88ac76838aa8630233427f0cb1a81ea1

(3) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(3)   group authorize {
(3)  - entering group authorize {...}
(3)   [preprocess] = ok
(3)   [chap] = noop
(3)   [mschap] = noop
(3)   [digest] = noop
(3)   [wimax] = ok
(3) suffix : Looking up realm "eads.com" for User-Name = "{am=1}cpe4 at eads.com"
(3) suffix : No such realm "eads.com"
(3)   [suffix] = noop
(3) eap : EAP packet type response id 4 length 6
(3) eap : Continuing tunnel setup.
(3)   [eap] = ok
(3) Found Auth-Type = ?
(3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(3)   group authenticate {
(3)  - entering group authenticate {...}
(3) eap : Request found, released from the list
(3) eap : EAP/ttls
(3) eap : processing type ttls
(3) ttls : Authenticate
(3) ttls : processing EAP-TLS
(3) ttls : Received TLS ACK
(3) ttls : Received TLS ACK
(3) ttls : ACK handshake fragment handler
(3) ttls : eaptls_verify returned 1 
(3) ttls : eaptls_process returned 13 
(3)   [eap] = handled
Sending Access-Challenge of id 90 to 192.168.100.10 port 1812
	EAP-Message = 0x0105040015c000000aad00e43e5f1a392e6ac9300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3131303533313132313032365a170d3132303533303132313032365a308193310b3009060355040613024652310f300d0603550408130652616469757331123010

	EAP-Message = 0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100cf346800f1aade9a56e7acd4ae20d6f4c442c2e02cb633731e046cba744d808e1b97dae3d524a3c631296cacaef6d729d828fa2a7d5ad929ddb8b8ac871207f85b8f514ceeb1c2771da86742b4badc5b5daf8ec60be1ea7050c3bb5987c14ead65a7ad3f06b4ebb09b922d

	EAP-Message = 0x8cb8ca3531ce62c372f3adc0e7ad16dc9bb0062323edebd0555c7049d6bbf01fc5240d02693eddc5822905c6d53e930ee728fdb9ba2172138681a570bc34ab5de5064632ec1259008b75ddbac455c4c5760da9f3bcc3ab0d40cd431d22dcb1b6b11c168c3e4687dc7c19a5871760874fb50c3b27d4f28a74b9c669f786acbfd50c5c2a25ca08d606d05dda85df59825b33192a2ad50203010001a381fb3081f8301d0603551d0e041604142ff21cc1b61981cd1928a70ffb9dfd7ddaf1700e3081c80603551d230481c03081bd80142ff21cc1b61981cd1928a70ffb9dfd7ddaf1700ea18199a48196308193310b3009060355040613024652310f300d

	EAP-Message = 0x060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900e43e5f1a392e6ac9300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100a903db5d9e4a396307c9589ace378d253014c5b561000c4bd057d2e430f9f5e91bf8ae3dbc2a689463af2a8bbf585fc17eebda0d5ab7e4a5d0d60a3b9b344ff413d81cff50e0245daaa2830ee2bf

	EAP-Message = 0xea6af9fce68b957d225106a2

	Message-Authenticator = 0x00000000000000000000000000000000

	State = 0x88ac76838ba9630233427f0cb1a81ea1

(3) Finished request 3.
rad_recv: Access-Request packet from host 192.168.100.10 port 1812, id=91, length=161
	User-Name = "{am=1}cpe4 at eads.com"

	EAP-Message = 0x020500061500

	Message-Authenticator = 0xf19ff52dcaff5594d6d2d0e8cf99d0a5

	NAS-Identifier = "NPU"

	NAS-IP-Address = 192.168.100.10

	Calling-Station-Id = "00-19-15-C8-99-9D"

	WiMAX-BS-Id = 0x214e00010101

	NAS-Port-Type = Wireless-802.16

	Framed-MTU = 2000

	Service-Type = Framed-User

	WiMAX-GMT-Timezone-offset = 256

	State = 0x88ac76838ba9630233427f0cb1a81ea1

(4) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(4)   group authorize {
(4)  - entering group authorize {...}
(4)   [preprocess] = ok
(4)   [chap] = noop
(4)   [mschap] = noop
(4)   [digest] = noop
(4)   [wimax] = ok
(4) suffix : Looking up realm "eads.com" for User-Name = "{am=1}cpe4 at eads.com"
(4) suffix : No such realm "eads.com"
(4)   [suffix] = noop
(4) eap : EAP packet type response id 5 length 6
(4) eap : Continuing tunnel setup.
(4)   [eap] = ok
(4) Found Auth-Type = ?
(4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(4)   group authenticate {
(4)  - entering group authenticate {...}
(4) eap : Request found, released from the list
(4) eap : EAP/ttls
(4) eap : processing type ttls
(4) ttls : Authenticate
(4) ttls : processing EAP-TLS
(4) ttls : Received TLS ACK
(4) ttls : Received TLS ACK
(4) ttls : ACK handshake fragment handler
(4) ttls : eaptls_verify returned 1 
(4) ttls : eaptls_process returned 13 
(4)   [eap] = handled
Sending Access-Challenge of id 91 to 192.168.100.10 port 1812
	EAP-Message = 0x010602cb158000000aadb869abceda0becac1d49627234002680125f5c23d91fb12fc57f5fb7be4628aa24f9f9e7cb78622962b56a3163be5c57ee2cca8fecfc9934e88a730d936bbe302a401dad2d5bc6f8a7a9a892f180a41d765ca260f362686f3663f43630c84972f19c528213a96135f0a4252f8da9f302b566173642c000b0a86a8761ce46127162624b7f0c28d93ab2f3cb56f8b79aa98a0c41c2100c313bd175e0d390464073f1067ed5e189160301020d0c0002090080e185943179de0da8ba01aaa3bc08b2c683e10e9826a0394bd9eb4058162d1d215bf969738cbe13f1cf86db0473474bd9c888ac4c88e289330af9ed8ec45af8d0f1e0

	EAP-Message = 0x4ebdc684ec29bc0f91052ca6c7efd0b92edd4e399023cf62d09050018ea64b1130c705b9e742d73947972e2b4694109b43e66d858bdc8f7eac3737ebbcd300010200800c932aecbabc428714e8461a9fb6e20f20ff475d8b2f5d4d81713181158f19cfc814dd7d04d94cec3e4ec8a83c4c298a33c89cedaec13d13e4606971bdf94d3d9b84d38bf4515f405122896527ba163bde1031d3a307e5dcfafad7cc3c08cafe4c53882ea682264698d7c0cda10ce698f3fd8d5fddfe4f55e6f92ad230c5c6420100872b25ec64264c5a3f5ffea79b8e52d54f63d4ff23b4422ff105e8aeff5be7d94fe92fa3c865aacb8d7fb46a76080caef24b07a13b330fed

	EAP-Message = 0x0076acca2294ffaee380bbdc9746fca807f085fb9b6d3971438a8688c901b75b31e8897f55642e7b9acfbf90119ae796f7a557b5c0100660545fcbd6874729c3e7dd3e47eb9ec8124628721429836af9317cda8e2ce5779b1893c511c0dc3fc223d3d8caf69d84277c4251aef8e6cc5f568782aa211094b1e06b46991c5c951c5f87a9f7efc705a66f8ae53d48343523eddabe2626ce77976602f75749665cc525a04fb14ffd1323f013f9c29120a67c03fcc396199cf2cf382ea4cf0ccb1e80164fea44bf35e97916030100040e000000

	Message-Authenticator = 0x00000000000000000000000000000000

	State = 0x88ac76838caa630233427f0cb1a81ea1

(4) Finished request 4.
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 192.168.100.10 port 1812, id=92, length=351
	User-Name = "{am=1}cpe4 at eads.com"

	EAP-Message = 0x020600c41500160301008610000082008001455425498d4e781bd0c39a4e506674a7025212fc72155fe8fd97090665dca0ba0b5e2f4d1154a7f8503627c074a0eee463d1bfd472ed04adb091136688948c02061fa969179f5e6073802554260a1da1993f421bf1c0bb5bc56e4e12ae0b2d825d17915ca089244c7643e5d5538b609bfbca8e657cbb3bca2801fe1e575d971403010001011603010028d4dd4af67d9ca7167cc8f634677f8ea78b2236861684655711098fb54fc26cc28166d0525f30f9a0

	Message-Authenticator = 0x32f7680d343e93a36d54cf2ffe5b5637

	NAS-Identifier = "NPU"

	NAS-IP-Address = 192.168.100.10

	Calling-Station-Id = "00-19-15-C8-99-9D"

	WiMAX-BS-Id = 0x214e00010101

	NAS-Port-Type = Wireless-802.16

	Framed-MTU = 2000

	Service-Type = Framed-User

	WiMAX-GMT-Timezone-offset = 256

	State = 0x88ac76838caa630233427f0cb1a81ea1

(5) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(5)   group authorize {
(5)  - entering group authorize {...}
(5)   [preprocess] = ok
(5)   [chap] = noop
(5)   [mschap] = noop
(5)   [digest] = noop
(5)   [wimax] = ok
(5) suffix : Looking up realm "eads.com" for User-Name = "{am=1}cpe4 at eads.com"
(5) suffix : No such realm "eads.com"
(5)   [suffix] = noop
(5) eap : EAP packet type response id 6 length 196
(5) eap : Continuing tunnel setup.
(5)   [eap] = ok
(5) Found Auth-Type = ?
(5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(5)   group authenticate {
(5)  - entering group authenticate {...}
(5) eap : Request found, released from the list
(5) eap : EAP/ttls
(5) eap : processing type ttls
(5) ttls : Authenticate
(5) ttls : processing EAP-TLS
(5) ttls : eaptls_verify returned 7 
(5) ttls : Done initial handshake
(5) ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange  
(5) ttls :     TLS_accept: SSLv3 read client key exchange A
(5) ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001]  
(5) ttls : <<< TLS 1.0 Handshake [length 0010], Finished  
(5) ttls :     TLS_accept: SSLv3 read finished A
(5) ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001]  
(5) ttls :     TLS_accept: SSLv3 write change cipher spec A
(5) ttls : >>> TLS 1.0 Handshake [length 0010], Finished  
(5) ttls :     TLS_accept: SSLv3 write finished A
(5) ttls :     TLS_accept: SSLv3 flush data
(5) ttls :     (other): SSL negotiation finished successfully
SSL Connection Established 
(5) ttls : eaptls_process returned 13 
(5)   [eap] = handled
Sending Access-Challenge of id 92 to 192.168.100.10 port 1812
	EAP-Message = 0x0107003d15800000003314030100010116030100280fffe283805736eb626decd011756e22b5496fe15710da0d7dc8c7207a32289778b92d5885e652b5

	Message-Authenticator = 0x00000000000000000000000000000000

	State = 0x88ac76838dab630233427f0cb1a81ea1

(5) Finished request 5.
Waking up in 4.1 seconds.
rad_recv: Access-Request packet from host 192.168.100.10 port 1812, id=93, length=310
	User-Name = "{am=1}cpe4 at eads.com"

	EAP-Message = 0x0207009b150017030100909f84a66746c7cf3974afd8ab6157301d4c97f00339053b36c9a59fe819dfcd482a3d72823753dff7ab3f791a526df518c81ccaa49f7e8fd40a3d297d9093f08a58c0fd480f26509a9388336da43929d15921a211eae621619bb965904f2ee3e87efbb8f49674c61f203110abadf99c11afda6a0e490f9130597067ea549496cefeb2118c76dea0203f80737a9e7417cd

	Message-Authenticator = 0xe81dfa7d5f4d3996555392a68d3f04d7

	NAS-Identifier = "NPU"

	NAS-IP-Address = 192.168.100.10

	Calling-Station-Id = "00-19-15-C8-99-9D"

	WiMAX-BS-Id = 0x214e00010101

	NAS-Port-Type = Wireless-802.16

	Framed-MTU = 2000

	Service-Type = Framed-User

	WiMAX-GMT-Timezone-offset = 256

	State = 0x88ac76838dab630233427f0cb1a81ea1

(6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(6)   group authorize {
(6)  - entering group authorize {...}
(6)   [preprocess] = ok
(6)   [chap] = noop
(6)   [mschap] = noop
(6)   [digest] = noop
(6)   [wimax] = ok
(6) suffix : Looking up realm "eads.com" for User-Name = "{am=1}cpe4 at eads.com"
(6) suffix : No such realm "eads.com"
(6)   [suffix] = noop
(6) eap : EAP packet type response id 7 length 155
(6) eap : Continuing tunnel setup.
(6)   [eap] = ok
(6) Found Auth-Type = ?
(6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(6)   group authenticate {
(6)  - entering group authenticate {...}
(6) eap : Request found, released from the list
(6) eap : EAP/ttls
(6) eap : processing type ttls
(6) ttls : Authenticate
(6) ttls : processing EAP-TLS
(6) ttls : eaptls_verify returned 7 
(6) ttls : Done initial handshake
(6) ttls : eaptls_process returned 7 
(6) ttls : Session established.  Proceeding to decode tunneled attributes.
(6) ttls : Got tunneled request
	User-Name = "cpe4 at eads.com"
	MS-CHAP-Challenge = 0x524783588ddc1bb5df1da04af1ee2d5d
	MS-CHAP2-Response = 0x1600e0e47d06ce97ea0a60567c9e7d640bc600000000000000003b46f4aca33bc647209dab6d064d7b623a5df0c8fab3c2f3
	FreeRADIUS-Proxied-To = 127.0.0.1
(6) ttls : Sending tunneled request
	User-Name = "cpe4 at eads.com"
	MS-CHAP-Challenge = 0x524783588ddc1bb5df1da04af1ee2d5d
	MS-CHAP2-Response = 0x1600e0e47d06ce97ea0a60567c9e7d640bc600000000000000003b46f4aca33bc647209dab6d064d7b623a5df0c8fab3c2f3
	FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
(6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(6)   group authorize {
(6)  - entering group authorize {...}
(6)   [chap] = noop
(6) mschap : Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
(6)   [mschap] = ok
(6) suffix : Looking up realm "eads.com" for User-Name = "cpe4 at eads.com"
(6) suffix : No such realm "eads.com"
(6)   [suffix] = noop
(6)   update control {
(6)   } # update control = noop
(6) eap : No EAP-Message, not doing EAP
(6)   [eap] = noop
(6) files : users: Matched entry cpe4 at eads.com at line 91
(6)   [files] = ok
(6)   [expiration] = noop
(6)   [logintime] = noop
(6) pap : WARNING: Auth-Type already set.  Not setting to PAP
(6)   [pap] = noop
(6) Found Auth-Type = ?
(6) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(6)   group MS-CHAP {
(6)  - entering group MS-CHAP {...}
(6) mschap : Creating challenge hash with username: cpe4 at eads.com
(6) mschap : Told to do MS-CHAPv2 for cpe4 at eads.com with NT-Password
(6) mschap : adding MS-CHAPv2 MPPE keys
(6)   [mschap] = ok
(6)   WARNING: Empty post-auth section.  Using default return values.
(6) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
} # server inner-tunnel
(6) ttls : Got tunneled reply code 2
	Session-Timeout = 3600
	Filter-Id = "test"
	MS-CHAP2-Success = 0x16533d41324545333844363945383731384645363242384535453837444134433345383237333134303442
	MS-MPPE-Recv-Key = 0x5ac2e372bf3085350ea9e377e10fa0b6
	MS-MPPE-Send-Key = 0xd77e84ffdba7c7c94aaedf504955c3c7
	MS-MPPE-Encryption-Policy = Encryption-Allowed
	MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(6) ttls : Got tunneled Access-Accept
(6) ttls : Got MS-CHAP2-Success, tunneling it to the client in a challenge.
(6)   [eap] = handled
Sending Access-Challenge of id 93 to 192.168.100.10 port 1812
	EAP-Message = 0x0108005f15800000005517030100501665535a9fbbb9d91b0116452b2c92ca86fec3e26123d3fd0f2c90b430a6c352d48a3a8eec084e20666296a57b63c157f4a969930fc7ac3f016592b9b9e9fc20e4fc0fb1f65ef70de45d8e8f9d02be6a

	Message-Authenticator = 0x00000000000000000000000000000000

	State = 0x88ac76838ea4630233427f0cb1a81ea1

(6) Finished request 6.
rad_recv: Access-Request packet from host 192.168.100.10 port 1812, id=94, length=161
	User-Name = "{am=1}cpe4 at eads.com"

	EAP-Message = 0x020800061500

	Message-Authenticator = 0x01c1e4c8092af309452a074fbf85d797

	NAS-Identifier = "NPU"

	NAS-IP-Address = 192.168.100.10

	Calling-Station-Id = "00-19-15-C8-99-9D"

	WiMAX-BS-Id = 0x214e00010101

	NAS-Port-Type = Wireless-802.16

	Framed-MTU = 2000

	Service-Type = Framed-User

	WiMAX-GMT-Timezone-offset = 256

	State = 0x88ac76838ea4630233427f0cb1a81ea1

(7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(7)   group authorize {
(7)  - entering group authorize {...}
(7)   [preprocess] = ok
(7)   [chap] = noop
(7)   [mschap] = noop
(7)   [digest] = noop
(7)   [wimax] = ok
(7) suffix : Looking up realm "eads.com" for User-Name = "{am=1}cpe4 at eads.com"
(7) suffix : No such realm "eads.com"
(7)   [suffix] = noop
(7) eap : EAP packet type response id 8 length 6
(7) eap : Continuing tunnel setup.
(7)   [eap] = ok
(7) Found Auth-Type = ?
(7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(7)   group authenticate {
(7)  - entering group authenticate {...}
(7) eap : Request found, released from the list
(7) eap : EAP/ttls
(7) eap : processing type ttls
(7) ttls : Authenticate
(7) ttls : processing EAP-TLS
(7) ttls : Received TLS ACK
(7) ttls : Received TLS ACK
(7) ttls : ACK handshake is finished
(7) ttls : eaptls_verify returned 3 
(7) ttls : eaptls_process returned 3 
(7) ttls : Using saved attributes from the original Access-Accept
(7) eap : Freeing handler
(7)   [eap] = ok
(7) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
(7)   group post-auth {
(7)  - entering group post-auth {...}
(7)   [exec] = noop
(7)   update request {
(7) 	expand: %{User-Name} -> {am=1}cpe4 at eads.com
(7)   } # update request = noop
(7)   update reply {
(7) 	expand: %{reply:EAP-MSK} -> 0x136e9f4e17d5d9c152c761683b9ff583dad202cf52ff3eb015875fac682c3b3e6a513e57ca1c54f30f765467a88dc959ad9b5fa8e209a9d99b27ddad51e8b619
(7)   } # update reply = noop
(7) wimax : MIP-RK = 0xfe49ecf2e917155067c599b3fccb51beb0fcec8d8546f48d2d64bcd7fe600ee1fffc1bc29818070a6e9a6a344ae5cafcf9fbba52de6098bb0e2aaf17fc63937c
(7) wimax : MIP-SPI = 67d71c9b
(7) wimax : WARNING: WiMAX-IP-Technology not found in reply.
(7) wimax : WARNING: Not calculating MN-HA keys
(7)   [wimax] = updated
Sending Access-Accept of id 94 to 192.168.100.10 port 1812
	MS-MPPE-Recv-Key = 0x136e9f4e17d5d9c152c761683b9ff583dad202cf52ff3eb015875fac682c3b3e

	MS-MPPE-Send-Key = 0x6a513e57ca1c54f30f765467a88dc959ad9b5fa8e209a9d99b27ddad51e8b619

	EAP-Message = 0x03080004

	Message-Authenticator = 0x00000000000000000000000000000000

	User-Name = "{am=1}cpe4 at eads.com"

	WiMAX-FA-RK-Key = 0xecc5305cab2138e96974262acfd5e80e9eb5000a

	WiMAX-MSK = 0x136e9f4e17d5d9c152c761683b9ff583dad202cf52ff3eb015875fac682c3b3e6a513e57ca1c54f30f765467a88dc959ad9b5fa8e209a9d99b27ddad51e8b619

	WiMAX-FA-RK-SPI = 2602358631

(7) Finished request 7.
Waking up in 3.9 seconds.
(0) Cleaning up request packet ID 87 with timestamp +5
(1) Cleaning up request packet ID 88 with timestamp +5
Waking up in 0.1 seconds.
(2) Cleaning up request packet ID 89 with timestamp +5
(3) Cleaning up request packet ID 90 with timestamp +5
(4) Cleaning up request packet ID 91 with timestamp +6
Waking up in 0.4 seconds.
(5) Cleaning up request packet ID 92 with timestamp +6
(6) Cleaning up request packet ID 93 with timestamp +6
(7) Cleaning up request packet ID 94 with timestamp +6
Ready to process requests.

-----Message d'origine-----
De : freeradius-users-bounces+thomas.hahusseau=cassidian.com at lists.freeradius.org [mailto:freeradius-users-bounces+thomas.hahusseau=cassidian.com at lists.freeradius.org] De la part de David Peterson
Envoyé : mercredi 1 juin 2011 14:07
À : FreeRadius users mailing list
Objet : RE: Freeradius + Alvarion 4Motion specify filter-id value inaccess-accept from value in user conf file ?

I just use Framed-Filter-Id = "profilename" in the reply.  

When you added:
	update reply {
			WiMAX-FA-RK-Key = 0x00
			WiMAX-MSK = "%{reply:EAP-MSK}"
			Filter-Id = "Profile1"
		}

That replies with only 1 filter ID.  Take the Filter-Id out and keep it in the users file:

cpe1 at eads.com Cleartext-Password := "cpe1"
        Session-Timeout = 3600,
        Termination-Action = Radius-Request,
        Filter-Id = "Profile1"

David

-----Original Message-----
From: Hahusseau, Thomas [mailto:thomas.hahusseau at cassidian.com]
Sent: Wednesday, June 01, 2011 5:12 AM
To: David Peterson-WirelessConnections; FreeRadius users mailing list
Subject: RE: Freeradius + Alvarion 4Motion specify filter-id value in access-accept from value in user conf file ?

Hello,

My Wimax device require MPPE keys to be sent in access accept if I change that setting in module/wimax from no to yes the wimax don't connect anymore.
My problem is not getting my Wimax device connected it's already done.
My problem is that I want specific values of "Filter-Id" attribute sent in access-accept according to the user-name sent in access-request. 

Filter-ID = "Profile1" when user CPE1 at eads.com is trying to connect.
Filter-ID = "Profile2" when user CPE2 at eads.com is trying to connect.

Regards,
Thomas

PS : Uncomment "wimax" lines in site-enable and inner-tunnel conf files already done.

-----Message d'origine-----
De :
freeradius-users-bounces+thomas.hahusseau=cassidian.com at lists.freeradius
freeradius-users-bounces+.org
[mailto:freeradius-users-bounces+thomas.hahusseau=cassidian.com at lists.freera
dius.org] De la part de David Peterson Envoyé : mardi 31 mai 2011 19:31 À :
'FreeRadius users mailing list'
Objet : RE: Freeradius + Alvarion 4Motion specify filter-id valueinaccess-accept from value in user conf file ?

Make sure you configure FR to delete the MPPE keys.  This can be found in the /modules/wimax file.  Set the value from No to Yes.  

As well, you need to configure the server to use the inner-tunnel.  I would start from the default FR settings, uncomment the wimax entries you see in sites-available/default and sites-available/inner-tunnel, make the change in the /modules/wimax file and make sure your profile names match as this is case sensitive.

David

-----Original Message-----
From:
freeradius-users-bounces+david.peterson=acc-corp.net at lists.freeradius.or
freeradius-users-bounces+g
[mailto:freeradius-users-bounces+david.peterson=acc-corp.net at lists.freeradiu
s.org] On Behalf Of Hahusseau, Thomas
Sent: Tuesday, May 31, 2011 1:18 PM
To: freeradius-users at lists.freeradius.org
Subject: Freeradius + Alvarion 4Motion specify filter-id value inaccess-accept from value in user conf file ?

Hello,

I'm running latest version form Master Branch of Freeradius. I managed to connect an Alvarion CPE to an Alvarion 4M BS with Freeradius server as authenticator. Everything works well except that I directly specified in my /site-enable/default configuration file the value of "Filter-Id" attribute required by the base station.

----------- /site-enabled/default
post-auth {

	exec
		update request {
		       WiMAX-MN-NAI = "%{User-Name}"
		}
	
	 	update reply {
			WiMAX-FA-RK-Key = 0x00
			WiMAX-MSK = "%{reply:EAP-MSK}"
			Filter-Id = "Profile1"
		}
	wimax
	Post-Auth-Type REJECT {
		# log failed authentications in SQL, too.
#		sql
		attr_filter.access_reject
	}
}
-----------
I would like to use different value of attribute "Filter-Id" for different users (specific QoS setting in Alvarion ASN-GW for each Filter-Id). I would like to use the "Filter-ID"'s value specified in my users conf file :
----------- users
#standard customer
cpe1 at eads.com Cleartext-Password := "cpe1"
        Session-Timeout = 3600,
        Termination-Action = Radius-Request,
        Filter-Id = "Profile1"
#VIP customer
cpe2 at eads.com Cleartext-Password := "cpe2"
        Session-Timeout = 3600,
        Termination-Action = Radius-Request,
        Filter-Id = "Profile2"
-----------
I tried to use the same syntax as for WiMAX-MSK attribute: Filter-ID ="%{Filter-Id}" but it doesn't work (Filter-ID value in access-accept is empty). I googled "Filter-Id freeradius" and found nothing relevant.

Is it possible to use Filter-ID value form users conf file in access-accept ?

Here is an example on access-accept message with filter-id specified directly in site-enable/default conf file.
----------- radiusd -X
(7) Found Auth-Type = ?
(7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(7)   group authenticate {
(7)  - entering group authenticate {...}
(7) eap : Request found, released from the list
(7) eap : EAP/ttls
(7) eap : processing type ttls
(7) ttls : Authenticate
(7) ttls : processing EAP-TLS
(7) ttls : Received TLS ACK
(7) ttls : Received TLS ACK
(7) ttls : ACK handshake is finished
(7) ttls : eaptls_verify returned 3
(7) ttls : eaptls_process returned 3
(7) ttls : Using saved attributes from the original Access-Accept
(7) eap : Freeing handler
(7)   [eap] = ok
(7) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
(7)   group post-auth {
(7)  - entering group post-auth {...}
(7)   [exec] = noop
(7)   update request {
(7) 	expand: %{User-Name} ->
{am=1}791d05915a25400ca9d1a3cb1a2c7ffa at eads.com
(7)   } # update request = noop
(7)   update reply {
(7) 	expand: %{reply:EAP-MSK} ->
0x0473dcd65638bc4ef089945467f25e24f252b53f34e4d2f220d157c3d1192528cb185a0437
d0a641fd5434d28738eae8f013d4b0308662a0e1b365d8ad542ce0
(7)   } # update reply = noop
(7) wimax : MIP-RK =
0x9ec871a65c3033e03c0d77ed55a1517d4b7dbbbeb2d782bcf369635861e64925c5db13c362
86e2032c789ad6fe2c09cd21eda782a9a4758e9ce73f8f384c46b6
(7) wimax : MIP-SPI = bb9d949a
(7) wimax : WARNING: WiMAX-IP-Technology not found in reply.
(7) wimax : WARNING: Not calculating MN-HA keys
(7)   [wimax] = updated
Sending Access-Accept of id 246 to 192.168.100.10 port 1812
	MS-MPPE-Recv-Key =
0x0473dcd65638bc4ef089945467f25e24f252b53f34e4d2f220d157c3d1192528

	MS-MPPE-Send-Key =
0xcb185a0437d0a641fd5434d28738eae8f013d4b0308662a0e1b365d8ad542ce0

	EAP-Message = 0x03080004

	Message-Authenticator = 0x00000000000000000000000000000000

	User-Name = "{am=1}791d05915a25400ca9d1a3cb1a2c7ffa at eads.com"

	WiMAX-FA-RK-Key = 0xb37b0b5832687e02c31b94319b2ba3077479411f

	WiMAX-MSK =
0x0473dcd65638bc4ef089945467f25e24f252b53f34e4d2f220d157c3d1192528cb185a0437
d0a641fd5434d28738eae8f013d4b0308662a0e1b365d8ad542ce0

	Filter-Id = "Profile1"

	WiMAX-FA-RK-SPI = 2593430971

(7) Finished request 7.  
-----------

Regards,
Mr Thomas Hahusseau,
Ingénieur réseau
Cassidian (EADS)

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list