<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi,<br>
At the section post-auth of the file raddb/sites-enabled/default i put
the next lines <br>
update "reply"{<br>
# WiMAX-MN-NAI = "%{User-Name}"<br>
# WiMAX-IP-Technology = CMIP4<br>
WiMAX-MSK = EAP-MSK<br>
}<br>
wimax<br>
<br>
I don't need MN-HA keys so i comment lines for WiMAX-MN-NAI and
WiMAX-IP-Technology<br>
I need only WiMAX-MSK attribute but at the log i get from radiusd i get<br>
<br>
rad_recv: Access-Request packet from host 192.168.10.3 port 1812,
id=21, length=208<br>
User-Name = <a class="moz-txt-link-rfc2396E" href="mailto:{am=1}anonymous@wintegra.com">"{am=1}anonymous@wintegra.com"</a><br>
EAP-Message = 0x020700061500<br>
Message-Authenticator = 0x39c6753507015df1c48ed97532628e62<br>
NAS-IP-Address = 192.168.10.3<br>
NAS-Port-Type = 27<br>
Calling-Station-Id = "\000!\000\r\302#"<br>
Chargeable-User-Identity = ""<br>
WiMAX-Release = "1.0"<br>
WiMAX-Accounting-Capabilities = IP-Session-Based<br>
WiMAX-Hotlining-Capabilities = Not-Supported<br>
WiMAX-Idle-Mode-Notification-Cap = Supported<br>
WiMAX-Available-In-Client = 3<br>
WiMAX-Session-Termination-Capability = Dynamic-Authorization<br>
WiMAX-GMT-Timezone-offset = 0<br>
WiMAX-BS-Id = 0x0050c21174a4<br>
Service-Type = Framed-User<br>
Framed-MTU = 2000<br>
State = 0x4bf4b8834ef3add9ca036385eef43d1d<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
[suffix] Looking up realm "wintegra.com" for User-Name =
<a class="moz-txt-link-rfc2396E" href="mailto:{am=1}anonymous@wintegra.com">"{am=1}anonymous@wintegra.com"</a><br>
[suffix] No such realm "wintegra.com"<br>
++[suffix] returns noop<br>
[eap] EAP packet type response id 7 length 6<br>
[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>
[eap] EAP/ttls<br>
[eap] processing type ttls<br>
[ttls] Authenticate<br>
[ttls] processing EAP-TLS<br>
[ttls] Received TLS ACK<br>
[ttls] ACK handshake is finished<br>
[ttls] eaptls_verify returned 3 <br>
[ttls] eaptls_process returned 3 <br>
[eap] Freeing handler<br>
++[eap] returns ok<br>
+- entering group post-auth {...}<br>
++[exec] returns noop<br>
++[reply] returns noop<br>
[wimax] MIP-RK =
0xb8e4779af82f3bcf7df08e821f445b11c59c51483023bf167c581717d9ae29e870447876afea76876c13cc7e98be8eea658113c49894e318a96f1c0fd826279b<br>
[wimax] MIP-SPI = 440dccea<br>
[wimax] WARNING: WiMAX-MN-NAI was not found in the request or in the
reply.<br>
[wimax] WARNING: We cannot calculate MN-HA keys.<br>
[wimax] WARNING: WiMAX-IP-Technology not found in reply.<br>
[wimax] WARNING: Not calculating MN-HA keys<br>
++[wimax] returns updated<br>
Sending Access-Accept of id 21 to 192.168.10.3 port 1812<br>
MS-MPPE-Recv-Key =
0x333fa1a21e9db9a1f28a4ebda79c3285249d6b885904a609dbacb7895fc6225f<br>
MS-MPPE-Send-Key =
0x12c8bfb5930801db106aececd858aea13f7cbe54449d937cb1c913f765dd6cbb<br>
EAP-Message = 0x03070004<br>
Message-Authenticator = 0x00000000000000000000000000000000<br>
User-Name = <a class="moz-txt-link-rfc2396E" href="mailto:{am=1}anonymous@wintegra.com">"{am=1}anonymous@wintegra.com"</a><br>
WiMAX-MSK = 0x4541502d4d534b<br>
<br>
<br>
<br>
WiMAX-MSK is not 64 bytes and the ASN-GW doen not accept it...<br>
Do i have to make more changes?<br>
<br>
<br>
<blockquote cite="mid:494F9B93.6010605@deployingradius.com" type="cite">
<pre wrap="">Dimitris Theofilatos wrote:
</pre>
<blockquote type="cite">
<pre wrap="">How can i configure these attributes? The only information i found about
WIMAX is that i have to
type "wimax" at the post-auth section.
</pre>
</blockquote>
<pre wrap=""><!---->
The "raddb/modules/wimax" file clearly states that you may need to
define WiMAX-MN-NAI. It even gives an example of how to do so.
And the debug output shows WARNINGS, not errors. If you do not want
the MN-HA keys, then ignore the warnings.
If you want the MN-HA keys to be calculated, you will need to define
the WiMAX-MN-NAI name, and WiMAX-IP-Technology. See "man unlang" for
how to create attributes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
</pre>
</blockquote>
<br>
</body>
</html>