<div>Alan,</div>
<div> </div>
<div>I followed the following steps for configuring microsoft attributes and other vendor attributes:</div>
<div> </div>
<div>1. created and configured the vendor attributes (MN-HA-MIP4-KEY, MN-HA-MIP4-SPI) in dictionary.wimax, with option "encrypt=2", the </div>
<div> values are getting encrypted.</div>
<div> </div>
<div>2. Configured in file "users" to check for Nas-Identifier and Nas-Port-Type and configured the attributes for access-accept as below:</div>
<div>--------------------------------------------------------------------------------------------------------------------------------------------------------------</div>
<div> govardhana Nas-Identifier == nas, Nas-Port-Type == 15<br> CUI = cui,<br> Class = class,<br> State = state,<br> Framed-MTU = 1400,<br> Framed-Ip-Address =
<a href="http://1.2.3.4">1.2.3.4</a>,<br> Service-Type = Framed-User,<br> session-timeout = 30,<br> MS-MPPE-Send-Key = msk,<br> MS-MPPE-Recv-Key = recvmsk,<br> AAA-Session-Id = multisessionid,
<br> HA-IP-MIP4 = <a href="http://1.1.1.1">1.1.1.1</a>,<br> Dhcpv4-Server = <a href="http://2.2.2.2">2.2.2.2</a>,<br> MN-HA-MIP4-KEY = mipkey,<br> MN-HA-MIP4-SPI = mipspi,<br> DHCP-RK = dhcprk,
<br> DHCP-RK-KEY-ID = dhcpkey,<br> DHCP-RK-LIFETIME = 20</div>
<div>--------------------------------------------------------------------------------------------------------------------------------------------------------------</div>
<div><br>3. Below is the snapshot from client:</div>
<div>--------------------------------------------------------------------------------------------------------------------------------------------------------------</div>
<div> cheux301:/home/govardhana# radclient -x localhost auth jrcsecret < access-request<br> Sending Access-Request of id 173 to <a href="http://127.0.0.1">127.0.0.1</a> port 1812<br> User-Name = "govardhana"
<br> User-Password = "govardhana"<br> NAS-Identifier = "nas"<br> NAS-Port-Type = Ethernet<br> CUI = "0"<br> Service-Type = Framed-User<br> Framed-MTU = 1400
<br> Calling-Station-Id = "1:1:1:1:1:1"<br> rad_recv: Access-Accept packet from host <a href="http://127.0.0.1:1812">127.0.0.1:1812</a>, id=173, length=305<br> CUI = "cui"<br> Class = 0x6a7263636c617373
<br> State = 0x6a72637374617465<br> Framed-MTU = 1400<br> Framed-IP-Address = <a href="http://1.2.3.4">1.2.3.4</a><br> Service-Type = Framed-User<br> Session-Timeout = 30<br> MS-MPPE-Send-Key = 0x6a72636d736b
<br> MS-MPPE-Recv-Key = 0x6a7263726563766d736b<br> AAA-Session-Id = "multisessionid"<br> HA-IP-MIP4 = "<a href="http://1.1.1.1">1.1.1.1</a>"<br> DHCPv4-Server = "<a href="http://2.2.2.2">
2.2.2.2</a>"<br> MN-HA-MIP4-KEY = "\225~\035\235\354\363\203\316Z\377\327\2174\360\330r\30"<br> MN-HA-MIP4-SPI = "\234V.\326\014_\363fn\253_K\355-([\326\020"<br> DHCP-RK = "dhcprk"
<br> DHCP-RK-KEY-ID = "dhcpkey"<br> DHCP-RK_LIFETIME = "20"</div>
<div>--------------------------------------------------------------------------------------------------------------------------------------------------------------<br> </div>
<div>5. Below is snap from Server</div>
<div>--------------------------------------------------------------------------------------------------------------------------------------------------------------</div>
<div>rad_recv: Access-Request packet from host <a href="http://127.0.0.1:32813">127.0.0.1:32813</a>, id=173, length=92<br> User-Name = "govardhana"<br> User-Password = "govardhana"<br> NAS-Identifier = "jrcnas"
<br> NAS-Port-Type = Ethernet<br> CUI = "0"<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> Calling-Station-Id = "1:1:1:1:1:1"<br> Processing the authorize section of
radiusd.conf<br>modcall: entering group authorize for request 0<br> modcall[authorize]: module "preprocess" returns ok for request 0<br> modcall[authorize]: module "chap" returns noop for request 0<br>
modcall[authorize]: module "mschap" returns noop for request 0<br> rlm_realm: No <a href="mailto:'@'">'@'</a> in User-Name = "govardhana", looking up realm NULL<br> rlm_realm: No such realm "NULL"
<br> modcall[authorize]: module "suffix" returns noop for request 0<br> rlm_eap: No EAP-Message, not doing EAP<br> modcall[authorize]: module "eap" returns noop for request 0<br> users: Matched entry DEFAULT at line 152
<br> users: Matched entry govardhana at line 177<br> modcall[authorize]: module "files" returns ok for request 0<br>modcall: leaving group authorize (returns ok) for request 0<br> rad_check_password: Found Auth-Type System
<br>auth: type "System"<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group authenticate for request 0<br> modcall[authenticate]: module "unix" returns ok for request 0
<br>modcall: leaving group authenticate (returns ok) for request 0<br>Login OK: [govardhana] (from client localhost port 0 cli 1:1:1:1:1:1)<br>Sending Access-Accept of id 173 to <a href="http://127.0.0.1">127.0.0.1</a> port 32813
<br> CUI = "jrccui"<br> Class = 0x6a7263636c617373<br> State = 0x6a72637374617465<br> Framed-MTU = 1400<br> Framed-IP-Address = <a href="http://1.2.3.4">1.2.3.4</a><br> Service-Type = Framed-User
<br> Session-Timeout = 30<br> WiMAX-Capability = "Accounting-Capability"<br> MS-MPPE-Send-Key = 0x6a72636d736b<br> MS-MPPE-Recv-Key = 0x6a7263726563766d736b<br> AAA-Session-Id = "jrcmultisessionid"
<br> HA-IP-MIP4 = "<a href="http://1.1.1.1">1.1.1.1</a>"<br> DHCPv4-Server = "<a href="http://2.2.2.2">2.2.2.2</a>"<br> MN-HA-MIP4-KEY = "jrcmipkey"<br> MN-HA-MIP4-SPI = "jrcmipspi"
<br> DHCP-RK = "jrcdhcprk"<br> DHCP-RK-KEY-ID = "jrcdhcpkey"<br> DHCP-RK-LIFETIME = "20"<br>Finished request 0<br>Going to the next request<br>--- Walking the entire request list ---
<br>Waking up in 6 seconds...<br>--- Walking the entire request list ---<br>Cleaning up request 0 ID 173 with timestamp 469b7797<br>Nothing to do. Sleeping until we see a request.</div>
<div>--------------------------------------------------------------------------------------------------------------------------</div>
<div> </div>
<div>As I am new to Radius, based on the study I configured these parameters. Is there any thing else need to be configured?</div>
<div>I also made sure that the option "encrypt=2" is present for Microsoft keys. After studying man page for dictionary. I configured some attributes (MN-HA-MIP4-KEY, MN-HA-MIP4-SPI) with "encrypt=2" option in the corresponding dictionary file (
dictinary.wimax). these attributes are getting encrypted as you can see in debug log, but Microsoft keys are still not encrypted.</div>
<div> </div>
<div> </div>
<div> </div>
<div>Thanks & Regards,</div>
<div>Govardhana K N</div>
<div> </div>
<div> </div>
<div><span class="gmail_quote">On 7/16/07, <b class="gmail_sendername">Alan DeKok</b> <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Govardhana K N wrote:<br>> I need one more help, I tried to include microsoft attributes<br>> (MS-MPPE-Send-Key, MS-MPPE-Recv-Key) for which the encryption type is
<br>> already set to 2, but the attribute values are not getting encrypted in<br>> Access-Accept? how can i slove this problem?<br><br>Post the debug log, as suggested in the FAQ, README, INSTALL, and many<br>other places.
<br><br>Are you *sure* the attributes are not being encrypted? Or maybe it's<br>just you're not familiar with the process?<br><br>Alan DeKok.<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">
http://www.freeradius.org/list/users.html</a><br></blockquote></div><br><br clear="all"><br>-- <br>With Regards,<br>Govardhana K N