<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
tt
{mso-style-priority:99;
font-family:"Courier New";}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Which product are you using? Some WiMax NAS do not send the
proper keys to Freeradius. I have gotten FR to work with pretty much all of
the major brands of WiMax we sell.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>David<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradius.org [mailto:freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradius.org]
<b>On Behalf Of </b>Sumedh Sathaye<br>
<b>Sent:</b> Wednesday, May 12, 2010 2:50 PM<br>
<b>To:</b> FreeRadius users mailing list<br>
<b>Subject:</b> Configuration trouble (2.1.8 for use with WiMAX)<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p>Dear all,<br>
<br>
I am trying to use FreeRadius 2.1.8 for AAA in a wimax network. The problem I
am facing is that the WiMAX-MSK keys are not generated by FreeRadius. Can
someone help me figure out what I am not doing OR doing incorrectly?<br>
<br>
I have configured the "raddb/sites-available/default" and
"raddb/modules/wimax" files per instructions included in the files
themselves. For reference, here are the configuration stanzas in the post-auth
section of "default":<br>
<br>
<tt><span style='font-size:10.0pt'>update request {</span></tt><span
style='font-size:10.0pt;font-family:"Courier New"'><br>
<tt> WiMAX-MN-NAI = "%{User-Name}"</tt><br>
<tt>}</tt></span><br>
<tt><span style='font-size:10.0pt'>update reply {</span></tt><span
style='font-size:10.0pt;font-family:"Courier New"'><br>
<tt>WiMAX-FA-RK-Key = 0x00</tt><br>
<tt>WiMAX-MSK = "%{EAP-MSK}"</tt><br>
<tt>}</tt></span><br>
<tt><span style='font-size:10.0pt'>wimax</span></tt><br>
<br>
Run-log from "radiusd -X" is also included at the end of this
message. Here is the message that indicates that EAP is not computing MSK and
EMSK:<br>
<tt><span style='font-size:10.0pt'>[wimax] No EAP-MSK or EAP-EMSK. Cannot
create WiMAX keys.</span></tt><br>
<br>
Thank you in advance, and I apologize if this question has been answered before
-- I did not find answers/pointers in the FAQ or the Wiki.<br>
<br>
Best Regards,<br>
Sumedh<br>
<br>
----------------------------------------------<br>
<tt><span style='font-size:10.0pt'>FreeRADIUS Version 2.1.8, for host
x86_64-unknown-linux-gnu, built on May 11 2010 at 23:50:30</span></tt><span
style='font-size:10.0pt;font-family:"Courier New"'><br>
<tt>Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. </tt><br>
<tt>There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A </tt><br>
<tt>PARTICULAR PURPOSE. </tt><br>
<tt>You may redistribute copies of FreeRADIUS under the terms of the </tt><br>
<tt>GNU General Public License v2. </tt><br>
<tt>Starting - reading configuration files ...</tt><br>
<tt>including configuration file /usr/local/etc/raddb/radiusd.conf</tt><br>
<tt>including configuration file /usr/local/etc/raddb/proxy.conf</tt><br>
<tt>including configuration file /usr/local/etc/raddb/clients.conf</tt><br>
<tt>including files in directory /usr/local/etc/raddb/modules/</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/acct_unique</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/always</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/attr_filter</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/attr_rewrite</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/chap</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/checkval</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/counter</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/cui</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/detail</tt><br>
<tt>including configuration file
/usr/local/etc/raddb/modules/detail.example.com</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/detail.log</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/digest</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/echo</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/etc_group</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/exec</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/expiration</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/expr</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/files</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/inner-eap</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/ippool</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/krb5</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/ldap</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/linelog</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/logintime</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/mac2ip</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/mac2vlan</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/mschap</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/ntlm_auth</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/otp</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/pam</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/pap</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/passwd</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/perl</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/policy</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/preprocess</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/radutmp</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/realm</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/smbpasswd</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/smsotp</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/sql_log</tt><br>
<tt>including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/sradutmp</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/unix</tt><br>
<tt>including configuration file /usr/local/etc/raddb/modules/wimax</tt><br>
<tt>including configuration file /usr/local/etc/raddb/eap.conf</tt><br>
<tt>including configuration file /usr/local/etc/raddb/policy.conf</tt><br>
<tt>including files in directory /usr/local/etc/raddb/sites-enabled/</tt><br>
<tt>including configuration file /usr/local/etc/raddb/sites-enabled/default</tt><br>
<tt>including configuration file
/usr/local/etc/raddb/sites-enabled/inner-tunnel</tt><br>
<tt>including configuration file
/usr/local/etc/raddb/sites-enabled/control-socket</tt><br>
<tt>main {</tt><br>
<tt>allow_core_dumps = no</tt><br>
<tt>}</tt><br>
<tt>including dictionary file /usr/local/etc/raddb/dictionary</tt><br>
<tt>main {</tt><br>
<tt>prefix = "/usr/local"</tt><br>
<tt>localstatedir = "/var"</tt><br>
<tt>logdir = "/var/log/radius"</tt><br>
<tt>libdir = "/usr/local/lib"</tt><br>
<tt>radacctdir = "/var/log/radius/radacct"</tt><br>
<tt>hostname_lookups = no</tt><br>
<tt>max_request_time = 30</tt><br>
<tt>cleanup_delay = 5</tt><br>
<tt>max_requests = 1024</tt><br>
<tt>pidfile = "/var/run/radiusd/radiusd.pid"</tt><br>
<tt>checkrad = "/usr/local/sbin/checkrad"</tt><br>
<tt>debug_level = 0</tt><br>
<tt>proxy_requests = yes</tt><br>
<tt>log {</tt><br>
<tt>stripped_names = no</tt><br>
<tt>auth = no</tt><br>
<tt>auth_badpass = no</tt><br>
<tt>auth_goodpass = no</tt><br>
<tt>}</tt><br>
<tt>security {</tt><br>
<tt>max_attributes = 200</tt><br>
<tt>reject_delay = 1</tt><br>
<tt>status_server = yes</tt><br>
<tt>}</tt><br>
<tt>}</tt><br>
<tt>radiusd: #### Loading Realms and Home Servers ####</tt><br>
<tt>proxy server {</tt><br>
<tt>retry_delay = 5</tt><br>
<tt>retry_count = 3</tt><br>
<tt>default_fallback = no</tt><br>
<tt>dead_time = 120</tt><br>
<tt>wake_all_if_all_dead = no</tt><br>
<tt>}</tt><br>
<tt>home_server localhost {</tt><br>
<tt>ipaddr = 127.0.0.1</tt><br>
<tt>port = 1812</tt><br>
<tt>type = "auth"</tt><br>
<tt>secret = "testing123"</tt><br>
<tt>response_window = 20</tt><br>
<tt>max_outstanding = 65536</tt><br>
<tt>require_message_authenticator = no</tt><br>
<tt>zombie_period = 40</tt><br>
<tt>status_check = "status-server"</tt><br>
<tt>ping_interval = 30</tt><br>
<tt>check_interval = 30</tt><br>
<tt>num_answers_to_alive = 3</tt><br>
<tt>num_pings_to_alive = 3</tt><br>
<tt>revive_interval = 120</tt><br>
<tt>status_check_timeout = 4</tt><br>
<tt>irt = 2</tt><br>
<tt>mrt = 16</tt><br>
<tt>mrc = 5</tt><br>
<tt>mrd = 30</tt><br>
<tt>}</tt><br>
<tt>home_server_pool my_auth_failover {</tt><br>
<tt>type = fail-over</tt><br>
<tt>home_server = localhost</tt><br>
<tt>}</tt><br>
<tt>realm example.com {</tt><br>
<tt>auth_pool = my_auth_failover</tt><br>
<tt>}</tt><br>
<tt>realm LOCAL {</tt><br>
<tt>}</tt><br>
<tt>radiusd: #### Loading Clients ####</tt><br>
<tt>client localhost {</tt><br>
<tt>ipaddr = 127.0.0.1</tt><br>
<tt>require_message_authenticator = no</tt><br>
<tt>secret = "testing123"</tt><br>
<tt>nastype = "other"</tt><br>
<tt>}</tt><br>
<tt>radiusd: #### Instantiating modules ####</tt><br>
<tt>instantiate {</tt><br>
<tt>Module: Linked to module rlm_exec</tt><br>
<tt>Module: Instantiating exec</tt><br>
<tt> exec {</tt><br>
<tt>wait = no</tt><br>
<tt>input_pairs = "request"</tt><br>
<tt>shell_escape = yes</tt><br>
<tt> }</tt><br>
<tt>Module: Linked to module rlm_expr</tt><br>
<tt>Module: Instantiating expr</tt><br>
<tt>Module: Linked to module rlm_expiration</tt><br>
<tt>Module: Instantiating expiration</tt><br>
<tt> expiration {</tt><br>
<tt>reply-message = "Password Has Expired "</tt><br>
<tt> }</tt><br>
<tt>Module: Linked to module rlm_logintime</tt><br>
<tt>Module: Instantiating logintime</tt><br>
<tt> logintime {</tt><br>
<tt>reply-message = "You are calling outside your allowed timespan
"</tt><br>
<tt>minimum-timeout = 60</tt><br>
<tt> }</tt><br>
<tt>}</tt><br>
<tt>radiusd: #### Loading Virtual Servers ####</tt><br>
<tt>server inner-tunnel {</tt><br>
<tt>modules {</tt><br>
<tt>Module: Checking authenticate {...} for more modules to load</tt><br>
<tt>Module: Linked to module rlm_pap</tt><br>
<tt>Module: Instantiating pap</tt><br>
<tt> pap {</tt><br>
<tt>encryption_scheme = "auto"</tt><br>
<tt>auto_header = no</tt><br>
<tt> }</tt><br>
<tt>Module: Linked to module rlm_chap</tt><br>
<tt>Module: Instantiating chap</tt><br>
<tt>Module: Linked to module rlm_mschap</tt><br>
<tt>Module: Instantiating mschap</tt><br>
<tt> mschap {</tt><br>
<tt>use_mppe = yes</tt><br>
<tt>require_encryption = no</tt><br>
<tt>require_strong = no</tt><br>
<tt>with_ntdomain_hack = no</tt><br>
<tt> }</tt><br>
<tt>Module: Linked to module rlm_unix</tt><br>
<tt>Module: Instantiating unix</tt><br>
<tt> unix {</tt><br>
<tt>radwtmp = "/var/log/radius/radwtmp"</tt><br>
<tt> }</tt><br>
<tt>Module: Linked to module rlm_eap</tt><br>
<tt>Module: Instantiating eap</tt><br>
<tt> eap {</tt><br>
<tt>default_eap_type = "md5"</tt><br>
<tt>timer_expire = 60</tt><br>
<tt>ignore_unknown_eap_types = no</tt><br>
<tt>cisco_accounting_username_bug = no</tt><br>
<tt>max_sessions = 4096</tt><br>
<tt> }</tt><br>
<tt>Module: Linked to sub-module rlm_eap_md5</tt><br>
<tt>Module: Instantiating eap-md5</tt><br>
<tt>Module: Linked to sub-module rlm_eap_leap</tt><br>
<tt>Module: Instantiating eap-leap</tt><br>
<tt>Module: Linked to sub-module rlm_eap_gtc</tt><br>
<tt>Module: Instantiating eap-gtc</tt><br>
<tt> gtc {</tt><br>
<tt>challenge = "Password: "</tt><br>
<tt>auth_type = "PAP"</tt><br>
<tt> }</tt><br>
<tt>Module: Linked to sub-module rlm_eap_tls</tt><br>
<tt>Module: Instantiating eap-tls</tt><br>
<tt> tls {</tt><br>
<tt>rsa_key_exchange = no</tt><br>
<tt>dh_key_exchange = yes</tt><br>
<tt>rsa_key_length = 512</tt><br>
<tt>dh_key_length = 512</tt><br>
<tt>verify_depth = 0</tt><br>
<tt>pem_file_type = yes</tt><br>
<tt>private_key_file = "/usr/local/etc/raddb/certs/server.pem"</tt><br>
<tt>certificate_file = "/usr/local/etc/raddb/certs/server.pem"</tt><br>
<tt>CA_file = "/usr/local/etc/raddb/certs/ca.pem"</tt><br>
<tt>private_key_password = "whatever"</tt><br>
<tt>dh_file = "/usr/local/etc/raddb/certs/dh"</tt><br>
<tt>random_file = "/usr/local/etc/raddb/certs/random"</tt><br>
<tt>fragment_size = 1024</tt><br>
<tt>include_length = yes</tt><br>
<tt>check_crl = no</tt><br>
<tt>cipher_list = "DEFAULT"</tt><br>
<tt>make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"</tt><br>
<tt> cache {</tt><br>
<tt>enable = no</tt><br>
<tt>lifetime = 24</tt><br>
<tt>max_entries = 255</tt><br>
<tt> }</tt><br>
<tt> }</tt><br>
<tt>Module: Linked to sub-module rlm_eap_ttls</tt><br>
<tt>Module: Instantiating eap-ttls</tt><br>
<tt> ttls {</tt><br>
<tt>default_eap_type = "md5"</tt><br>
<tt>copy_request_to_tunnel = no</tt><br>
<tt>use_tunneled_reply = no</tt><br>
<tt>virtual_server = "inner-tunnel"</tt><br>
<tt>include_length = yes</tt><br>
<tt> }</tt><br>
<tt>Module: Linked to sub-module rlm_eap_peap</tt><br>
<tt>Module: Instantiating eap-peap</tt><br>
<tt> peap {</tt><br>
<tt>default_eap_type = "mschapv2"</tt><br>
<tt>copy_request_to_tunnel = no</tt><br>
<tt>use_tunneled_reply = no</tt><br>
<tt>proxy_tunneled_request_as_eap = yes</tt><br>
<tt>virtual_server = "inner-tunnel"</tt><br>
<tt> }</tt><br>
<tt>Module: Linked to sub-module rlm_eap_mschapv2</tt><br>
<tt>Module: Instantiating eap-mschapv2</tt><br>
<tt> mschapv2 {</tt><br>
<tt>with_ntdomain_hack = no</tt><br>
<tt> }</tt><br>
<tt>Module: Checking authorize {...} for more modules to load</tt><br>
<tt>Module: Linked to module rlm_realm</tt><br>
<tt>Module: Instantiating suffix</tt><br>
<tt> realm suffix {</tt><br>
<tt>format = "suffix"</tt><br>
<tt>delimiter = "@"</tt><br>
<tt>ignore_default = no</tt><br>
<tt>ignore_null = no</tt><br>
<tt> }</tt><br>
<tt>Module: Linked to module rlm_files</tt><br>
<tt>Module: Instantiating files</tt><br>
<tt> files {</tt><br>
<tt>usersfile = "/usr/local/etc/raddb/users"</tt><br>
<tt>acctusersfile = "/usr/local/etc/raddb/acct_users"</tt><br>
<tt>preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"</tt><br>
<tt>compat = "no"</tt><br>
<tt> }</tt><br>
<tt>Module: Checking session {...} for more modules to load</tt><br>
<tt>Module: Linked to module rlm_radutmp</tt><br>
<tt>Module: Instantiating radutmp</tt><br>
<tt> radutmp {</tt><br>
<tt>filename = "/var/log/radius/radutmp"</tt><br>
<tt>username = "%{User-Name}"</tt><br>
<tt>case_sensitive = yes</tt><br>
<tt>check_with_nas = yes</tt><br>
<tt>perm = 384</tt><br>
<tt>callerid = yes</tt><br>
<tt> }</tt><br>
<tt>Module: Checking post-proxy {...} for more modules to load</tt><br>
<tt>Module: Checking post-auth {...} for more modules to load</tt><br>
<tt>Module: Linked to module rlm_attr_filter</tt><br>
<tt>Module: Instantiating attr_filter.access_reject</tt><br>
<tt> attr_filter attr_filter.access_reject {</tt><br>
<tt>attrsfile = "/usr/local/etc/raddb/attrs.access_reject"</tt><br>
<tt>key = "%{User-Name}"</tt><br>
<tt> }</tt><br>
<tt>} # modules</tt><br>
<tt>} # server</tt><br>
<tt>server {</tt><br>
<tt>modules {</tt><br>
<tt>Module: Checking authenticate {...} for more modules to load</tt><br>
<tt>Module: Checking authorize {...} for more modules to load</tt><br>
<tt>Module: Linked to module rlm_preprocess</tt><br>
<tt>Module: Instantiating preprocess</tt><br>
<tt> preprocess {</tt><br>
<tt>huntgroups = "/usr/local/etc/raddb/huntgroups"</tt><br>
<tt>hints = "/usr/local/etc/raddb/hints"</tt><br>
<tt>with_ascend_hack = no</tt><br>
<tt>ascend_channels_per_line = 23</tt><br>
<tt>with_ntdomain_hack = no</tt><br>
<tt>with_specialix_jetstream_hack = no</tt><br>
<tt>with_cisco_vsa_hack = no</tt><br>
<tt>with_alvarion_vsa_hack = no</tt><br>
<tt> }</tt><br>
<tt>Module: Checking preacct {...} for more modules to load</tt><br>
<tt>Module: Linked to module rlm_acct_unique</tt><br>
<tt>Module: Instantiating acct_unique</tt><br>
<tt> acct_unique {</tt><br>
<tt>key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"</tt><br>
<tt> }</tt><br>
<tt>Module: Checking accounting {...} for more modules to load</tt><br>
<tt>Module: Linked to module rlm_detail</tt><br>
<tt>Module: Instantiating detail</tt><br>
<tt> detail {</tt><br>
<tt>detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"</tt><br>
<tt>header = "%t"</tt><br>
<tt>detailperm = 384</tt><br>
<tt>dirperm = 493</tt><br>
<tt>locking = no</tt><br>
<tt>log_packet_header = no</tt><br>
<tt> }</tt><br>
<tt>Module: Instantiating attr_filter.accounting_response</tt><br>
<tt> attr_filter attr_filter.accounting_response {</tt><br>
<tt>attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"</tt><br>
<tt>key = "%{User-Name}"</tt><br>
<tt> }</tt><br>
<tt>Module: Checking session {...} for more modules to load</tt><br>
<tt>Module: Checking post-proxy {...} for more modules to load</tt><br>
<tt>Module: Checking post-auth {...} for more modules to load</tt><br>
<tt>Module: Linked to module rlm_wimax</tt><br>
<tt>Module: Instantiating wimax</tt><br>
<tt> wimax {</tt><br>
<tt>delete_mppe_keys = no</tt><br>
<tt> }</tt><br>
<tt>} # modules</tt><br>
<tt>} # server</tt><br>
<tt>radiusd: #### Opening IP addresses and Ports ####</tt><br>
<tt>listen {</tt><br>
<tt>type = "auth"</tt><br>
<tt>ipaddr = *</tt><br>
<tt>port = 0</tt><br>
<tt>}</tt><br>
<tt>listen {</tt><br>
<tt>type = "acct"</tt><br>
<tt>ipaddr = *</tt><br>
<tt>port = 0</tt><br>
<tt>}</tt><br>
<tt>listen {</tt><br>
<tt>type = "control"</tt><br>
<tt>listen {</tt><br>
<tt>socket = "/var/run/radiusd/radiusd.sock"</tt><br>
<tt>}</tt><br>
<tt>}</tt><br>
<tt>Listening on authentication address * port 1812</tt><br>
<tt>Listening on accounting address * port 1813</tt><br>
<tt>Listening on command file /var/run/radiusd/radiusd.sock</tt><br>
<tt>Listening on proxy address * port 1814</tt><br>
<tt>Ready to process requests.</tt><br>
<tt>rad_recv: Access-Request packet from host 127.0.0.1 port 33946, id=0,
length=99</tt><br>
<tt>NAS-IP-Address = 127.0.0.1</tt><br>
<tt>NAS-Port = 0</tt><br>
<tt>Service-Type = Authenticate-Only</tt><br>
<tt>User-Name = "00:11:22:33:44:55"</tt><br>
<tt>EAP-Message = 0x020100160130303a31313a32323a33333a34343a3535</tt><br>
<tt>Message-Authenticator = 0xfd69faa6c99f7a3370053df2352bf710</tt><br>
<tt>+- entering group authorize {...}</tt><br>
<tt>++[preprocess] returns ok</tt><br>
<tt>++[chap] returns noop</tt><br>
<tt>++[mschap] returns noop</tt><br>
<tt>[suffix] No '@' in User-Name = "00:11:22:33:44:55", looking up
realm NULL</tt><br>
<tt>[suffix] No such realm "NULL"</tt><br>
<tt>++[suffix] returns noop</tt><br>
<tt>[eap] EAP packet type response id 1 length 22</tt><br>
<tt>[eap] No EAP Start, assuming it's an on-going EAP conversation</tt><br>
<tt>++[eap] returns updated</tt><br>
<tt>++[unix] returns notfound</tt><br>
<tt>[files] users: Matched entry 00:11:22:33:44:55 at line 50</tt><br>
<tt>++[files] returns ok</tt><br>
<tt>++[expiration] returns noop</tt><br>
<tt>++[logintime] returns noop</tt><br>
<tt>[pap] Found existing Auth-Type, not changing it.</tt><br>
<tt>++[pap] returns noop</tt><br>
<tt>Found Auth-Type = EAP</tt><br>
<tt>+- entering group authenticate {...}</tt><br>
<tt>[eap] EAP Identity</tt><br>
<tt>[eap] processing type md5</tt><br>
<tt>rlm_eap_md5: Issuing Challenge</tt><br>
<tt>++[eap] returns handled</tt><br>
<tt>Sending Access-Challenge of id 0 to 127.0.0.1 port 33946</tt><br>
<tt>EAP-Message = 0x0102001604106bbf07a4c14f3a8827abfc156663de53</tt><br>
<tt>Message-Authenticator = 0x00000000000000000000000000000000</tt><br>
<tt>State = 0x6657d5226655d142401be8626f19b077</tt><br>
<tt>Finished request 0.</tt><br>
<tt>Going to the next request</tt><br>
<tt>Waking up in 4.9 seconds.</tt><br>
<tt>rad_recv: Access-Request packet from host 127.0.0.1 port 33946, id=1,
length=117</tt><br>
<tt>NAS-IP-Address = 127.0.0.1</tt><br>
<tt>NAS-Port = 0</tt><br>
<tt>Service-Type = Authenticate-Only</tt><br>
<tt>User-Name = "00:11:22:33:44:55"</tt><br>
<tt>State = 0x6657d5226655d142401be8626f19b077</tt><br>
<tt>EAP-Message = 0x020200160410c5ef19bc837126c1f52cff9375b3dfbd</tt><br>
<tt>Message-Authenticator = 0x4bd0892e19ab27690245b2a54eb0039a</tt><br>
<tt>+- entering group authorize {...}</tt><br>
<tt>++[preprocess] returns ok</tt><br>
<tt>++[chap] returns noop</tt><br>
<tt>++[mschap] returns noop</tt><br>
<tt>[suffix] No '@' in User-Name = "00:11:22:33:44:55", looking up
realm NULL</tt><br>
<tt>[suffix] No such realm "NULL"</tt><br>
<tt>++[suffix] returns noop</tt><br>
<tt>[eap] EAP packet type response id 2 length 22</tt><br>
<tt>[eap] No EAP Start, assuming it's an on-going EAP conversation</tt><br>
<tt>++[eap] returns updated</tt><br>
<tt>++[unix] returns notfound</tt><br>
<tt>[files] users: Matched entry 00:11:22:33:44:55 at line 50</tt><br>
<tt>++[files] returns ok</tt><br>
<tt>++[expiration] returns noop</tt><br>
<tt>++[logintime] returns noop</tt><br>
<tt>[pap] Found existing Auth-Type, not changing it.</tt><br>
<tt>++[pap] returns noop</tt><br>
<tt>Found Auth-Type = EAP</tt><br>
<tt>+- entering group authenticate {...}</tt><br>
<tt>[eap] Request found, released from the list</tt><br>
<tt>[eap] EAP/md5</tt><br>
<tt>[eap] processing type md5</tt><br>
<tt>[eap] Freeing handler</tt><br>
<tt>++[eap] returns ok</tt><br>
<tt>+- entering group post-auth {...}</tt><br>
<tt>++[exec] returns noop</tt><br>
<tt>expand: %{User-Name} -> 00:11:22:33:44:55</tt><br>
<tt>++[request] returns noop</tt><br>
<tt>expand: %{EAP-MSK} -> </tt><br>
<tt>++[reply] returns noop</tt><br>
<tt>[wimax] No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys.</tt><br>
<tt>++[wimax] returns noop</tt><br>
<tt>Sending Access-Accept of id 1 to 127.0.0.1 port 33946</tt><br>
<tt>EAP-Message = 0x03020004</tt><br>
<tt>Message-Authenticator = 0x00000000000000000000000000000000</tt><br>
<tt>User-Name = "00:11:22:33:44:55"</tt><br>
<tt>WiMAX-FA-RK-Key = 0x00</tt><br>
<tt>WiMAX-MSK = 0x</tt><br>
<tt>Finished request 1.</tt><br>
<tt>Going to the next request</tt><br>
<tt>Waking up in 4.9 seconds.</tt><br>
<tt>Cleaning up request 0 ID 0 with timestamp +119</tt><br>
<tt>Cleaning up request 1 ID 1 with timestamp +119</tt><br>
<tt>Ready to process requests.</tt></span><o:p></o:p></p>
</div>
</body>
</html>