<div dir="ltr"><div>Hi,</div>
<div> </div>
<div>The users are configured inside /etc/raddb/users (no D.B is used).</div>
<div>All of the Wimax parameters are working fine, it is just the repeated attributes which are failing (not sure this is related to Wimax ?) </div>
<div> </div>
<div>I am attaching the output of the radiusd -X, followed by the user configured in the users file.</div>
<div>Thanks for the help ...</div>
<div> </div>
<div>=================================================</div>
<div>=================================================</div>
<div><font size="1">Listening on authentication address * port 1812<br>Listening on accounting address * port 1813<br>Listening on command file /var/run/radiusd/radiusd.sock<br>Ready to process requests.</font></div>
<div><font size="1"></font> </div>
<div><font size="1"></font> </div>
<div><font size="1"></font> </div>
<div><br><font size="1">rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=95, length=244<br> User-Name = "</font><a href="mailto:%7Bam=1%7D25f49af72f955791d10bec743331c5cc@lab.com"><font size="1">{am=1}25f49af72f955791d10bec743331c5cc@lab.com</font></a><font size="1">"<br>
EAP-Message = 0x02010033017b616d3d317d3235663439616637326639353537393164313062656337343333333163356363406c61622e636f6d<br> Message-Authenticator = 0x0f3f1d311098d83650466889dc8c8be4<br> NAS-Identifier = "ASN-GW"<br>
NAS-IP-Address = 10.10.186.40<br> Calling-Station-Id = "00-10-E7-62-31-6C"<br> WiMAX-BS-Id = 0x020202010102<br> NAS-Port-Type = 27<br> Framed-MTU = 2000<br> Service-Type = Framed-User<br>
WiMAX-GMT-Timezone-offset = 0<br> WiMAX-Release = "1.0"<br> WiMAX-Accounting-Capabilities = IP-Session-Based<br> WiMAX-Hotlining-Capabilities = Hotline-Profile-Id<br> WiMAX-Attr-1793 = 0x0000028a<br>
+- entering group authorize {...}<br>++[preprocess] returns ok<br>[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://10.10.186.40/auth-detail-20110530">10.10.186.40/auth-detail-20110530</a><br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://10.10.186.40/auth-detail-20110530">10.10.186.40/auth-detail-20110530</a><br>[auth_log] expand: %t -> Mon May 30 23:27:49 2011<br>
++[auth_log] returns ok<br>++[mschap] returns noop<br>++[files] returns noop<br>++[wimax] returns ok<br>[eap] EAP packet type response id 1 length 51<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>
++[eap] returns updated<br>++[unix] returns notfound<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>
++[pap] returns noop<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] EAP Identity<br>[eap] processing type tls<br>[tls] Initiate<br>[tls] Start returned 1<br>++[eap] returns handled<br>Sending Access-Challenge of id 95 to 10.10.186.40 port 1812<br>
EAP-Message = 0x010200061520<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x053d4696053f53efd45f1f316c7360de<br>Finished request 0.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=96, length=273<br> User-Name = "</font><a href="mailto:%7Bam=1%7D25f49af72f955791d10bec743331c5cc@lab.com"><font size="1">{am=1}25f49af72f955791d10bec743331c5cc@lab.com</font></a><font size="1">"<br>
EAP-Message = 0x0202003e150016030100330100002f0301000005ac62f536b4e285cf8c87f103e4f71c387c62d870cff93b0831ed3d6590000008002f000a000500040100<br> Message-Authenticator = 0x92bca141cfecbcbc26200c92954fdd00<br>
NAS-Identifier = "ASN-GW"<br> NAS-IP-Address = 10.10.186.40<br> Calling-Station-Id = "00-10-E7-62-31-6C"<br> WiMAX-BS-Id = 0x020202010102<br> NAS-Port-Type = 27<br> Framed-MTU = 2000<br>
Service-Type = Framed-User<br> WiMAX-GMT-Timezone-offset = 0<br> WiMAX-Release = "1.0"<br> WiMAX-Accounting-Capabilities = IP-Session-Based<br> WiMAX-Hotlining-Capabilities = Hotline-Profile-Id<br>
WiMAX-Attr-1793 = 0x0000028a<br> State = 0x053d4696053f53efd45f1f316c7360de<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://10.10.186.40/auth-detail-20110530">10.10.186.40/auth-detail-20110530</a><br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://10.10.186.40/auth-detail-20110530">10.10.186.40/auth-detail-20110530</a><br>[auth_log] expand: %t -> Mon May 30 23:27:49 2011<br>
++[auth_log] returns ok<br>++[mschap] returns noop<br>++[files] returns noop<br>++[wimax] returns ok<br>[eap] EAP packet type response id 2 length 62<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/ttls<br>[eap] processing type ttls<br>[ttls] Authenticate<br>[ttls] processing EAP-TLS<br>[ttls] eaptls_verify returned 7 <br>
[ttls] Done initial handshake<br>[ttls] (other): before/accept initialization <br>[ttls] TLS_accept: before/accept initialization <br>[ttls] <<< TLS 1.0 Handshake [length 0033], ClientHello <br>[ttls] TLS_accept: SSLv3 read client hello A <br>
[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello <br>[ttls] TLS_accept: SSLv3 write server hello A <br>[ttls] >>> TLS 1.0 Handshake [length 085e], Certificate <br>[ttls] TLS_accept: SSLv3 write certificate A <br>
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone <br>[ttls] TLS_accept: SSLv3 write server done A <br>[ttls] TLS_accept: SSLv3 flush data <br>[ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A<br>
In SSL Handshake Phase <br>In SSL Accept mode <br>[ttls] eaptls_process returned 13 <br>++[eap] returns handled<br>Sending Access-Challenge of id 96 to 10.10.186.40 port 1812<br> EAP-Message = 0x0103040015c00000089b160301002a0200002603014de3fdc5d1d28867b0622cc6f5687695696174dd611902e01c2360571181ad6800002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479<br>
EAP-Message = 0x301e170d3131303532363230303133315a170d3132303532353230303133315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b46520833e7c771d35ef2663a7a4a2c5f8f7a14cfc1de3d75565e0d2f53d61220f0ee69cda0ec130512315a0208a1e93b3900ed878d01c52a0866e8ed800<br>
EAP-Message = 0x0dd110881020abe9d580cfcb7afb7212a6c9f14caab6ae90cd62fdac8b457155fb04e0bbc38c96a04ea46d92b1dfbc375f89f448ca43b9b17419e86d741842b428d2f4f91fcffa6a7dc3b49d4b5b6b2561ad071c20c4a22c512d8f25d0ed4375fd802e043ea78535cd60146320ea4a1d8dc075b37c197ae1cfaec10c056271138b36ee40741b453a6a42140a2e18de2dd59f46d10219d040e824f0f3ffbbd72494ffbe79fa6ae6e9dfb0a681867f0ccc6f0dbc27f0483eb6a9217b499604b33cd0750203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101000222b6a16a0622b9d8<br>
EAP-Message = 0xb824f1ef69d354ab1552a5934440f05d150639594ffe06cf7714cc264e714089de76d2920157c1d2d3e378b64884ca3533625a88373b1dd4a6e852da867ed72e915c2bcae0ad0358e9738f588d3238a10c772438d7843d49286cb065dfd1d1aa58446730f67a8804774a257899f0154c12214c2ca9e7e15ce9c145dc3b9aa3a3e9dfb554875817faefef16cf72e4b6a5e16f637f3ca921feaad24cdaf08432773bd3bfdea0667b041b2a60503050cd71788818b7899dc3331e9a9f29ee89905d11796929934e1dbf0367fb4ba1a00b81738dce9229115472f15339f5eaa1d4539a3156ddd80efe65baa0cd974b2611db0471e5f15e085b0004ab308204<br>
EAP-Message = 0xa73082038fa0030201020209<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x053d4696043e53efd45f1f316c7360de<br>Finished request 1.<br>Going to the next request<br>
Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=97, length=217<br> User-Name = "</font><a href="mailto:%7Bam=1%7D25f49af72f955791d10bec743331c5cc@lab.com"><font size="1">{am=1}25f49af72f955791d10bec743331c5cc@lab.com</font></a><font size="1">"<br>
EAP-Message = 0x020300061500<br> Message-Authenticator = 0x54ef7760e3b928dca237285f47387b05<br> NAS-Identifier = "ASN-GW"<br> NAS-IP-Address = 10.10.186.40<br> Calling-Station-Id = "00-10-E7-62-31-6C"<br>
WiMAX-BS-Id = 0x020202010102<br> NAS-Port-Type = 27<br> Framed-MTU = 2000<br> Service-Type = Framed-User<br> WiMAX-GMT-Timezone-offset = 0<br> WiMAX-Release = "1.0"<br>
WiMAX-Accounting-Capabilities = IP-Session-Based<br> WiMAX-Hotlining-Capabilities = Hotline-Profile-Id<br> WiMAX-Attr-1793 = 0x0000028a<br> State = 0x053d4696043e53efd45f1f316c7360de<br>+- entering group authorize {...}<br>
++[preprocess] returns ok<br>[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://10.10.186.40/auth-detail-20110530">10.10.186.40/auth-detail-20110530</a><br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://10.10.186.40/auth-detail-20110530">10.10.186.40/auth-detail-20110530</a><br>[auth_log] expand: %t -> Mon May 30 23:27:49 2011<br>
++[auth_log] returns ok<br>++[mschap] returns noop<br>++[files] returns noop<br>++[wimax] returns ok<br>[eap] EAP packet type response id 3 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/ttls<br>[eap] processing type ttls<br>[ttls] Authenticate<br>[ttls] processing EAP-TLS<br>[ttls] Received TLS ACK<br>[ttls] ACK handshake fragment handler<br>
[ttls] eaptls_verify returned 1 <br>[ttls] eaptls_process returned 13 <br>++[eap] returns handled<br>Sending Access-Challenge of id 97 to 10.10.186.40 port 1812<br> EAP-Message = 0x0104040015c00000089b00831df6a982d018e5300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3131303532363230303133315a170d3132303532353230303133315a308193310b3009060355040613024652310f300d0603550408130652616469757331123010<br>
EAP-Message = 0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100e1a0848d1402797067079584e7a66b3166f43551353d3ed40022e611235740d06d254c1143ef481d184bdf89a6d3019d418dbfa20b0c523728908a55a587c446cffd6289362b11036a93cd43984c72d7f69e650a46b5bab076ec766ec50081daa02ac73248baaa737885cf<br>
EAP-Message = 0xa2b8eefcbcf75083ea333f55e4b322d8ee54a61dc400c03e1ba054a8da360656b5ac4fc6e5e6c37935ce52abb25fbbeadd086732dd2bc5956124a7ab236938e9636bf43c808d891dda71d413cee161cbf1dc3e7fb9894d84c1fd8bfc0b06fd85cf66c50f732dd517c49ab20ba8cef96937116f2032a45db966c8ea98f574ef4fa4898e10d217234b0dd497024141539209e6fa0bef0203010001a381fb3081f8301d0603551d0e0416041496eb3dd1a839b16846b251bbafc06aacb224dff33081c80603551d230481c03081bd801496eb3dd1a839b16846b251bbafc06aacb224dff3a18199a48196308193310b3009060355040613024652310f300d<br>
EAP-Message = 0x060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900831df6a982d018e5300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100a104b252dca5de30e3408fedbf255276180a97ea23e0292a9d04bebd15606707aa43710971c7df459e148ddda98068d026f69d540f37aff1b195d57da7fb7d8a868a9c0355233ae84a4d2a56fc43<br>
EAP-Message = 0x40ebc8c69220f02c5cf8ac5c<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x053d4696073953efd45f1f316c7360de<br>Finished request 2.<br>Going to the next request<br>
Waking up in 4.8 seconds.<br>rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=98, length=217<br> User-Name = "</font><a href="mailto:%7Bam=1%7D25f49af72f955791d10bec743331c5cc@lab.com"><font size="1">{am=1}25f49af72f955791d10bec743331c5cc@lab.com</font></a><font size="1">"<br>
EAP-Message = 0x020400061500<br> Message-Authenticator = 0x5bc9fb67028db3ca75384b250d49f223<br> NAS-Identifier = "ASN-GW"<br> NAS-IP-Address = 10.10.186.40<br> Calling-Station-Id = "00-10-E7-62-31-6C"<br>
WiMAX-BS-Id = 0x020202010102<br> NAS-Port-Type = 27<br> Framed-MTU = 2000<br> Service-Type = Framed-User<br> WiMAX-GMT-Timezone-offset = 0<br> WiMAX-Release = "1.0"<br>
WiMAX-Accounting-Capabilities = IP-Session-Based<br> WiMAX-Hotlining-Capabilities = Hotline-Profile-Id<br> WiMAX-Attr-1793 = 0x0000028a<br> State = 0x053d4696073953efd45f1f316c7360de<br>+- entering group authorize {...}<br>
++[preprocess] returns ok<br>[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://10.10.186.40/auth-detail-20110530">10.10.186.40/auth-detail-20110530</a><br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://10.10.186.40/auth-detail-20110530">10.10.186.40/auth-detail-20110530</a><br>[auth_log] expand: %t -> Mon May 30 23:27:50 2011<br>
++[auth_log] returns ok<br>++[mschap] returns noop<br>++[files] returns noop<br>++[wimax] returns ok<br>[eap] EAP packet type response id 4 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/ttls<br>[eap] processing type ttls<br>[ttls] Authenticate<br>[ttls] processing EAP-TLS<br>[ttls] Received TLS ACK<br>[ttls] ACK handshake fragment handler<br>
[ttls] eaptls_verify returned 1 <br>[ttls] eaptls_process returned 13 <br>++[eap] returns handled<br>Sending Access-Challenge of id 98 to 10.10.186.40 port 1812<br> EAP-Message = 0x010500b915800000089b4a2ecaef24f899dfc6c948b2d9131ea2ad6d4f21bd0e0f940bc66f43d13689ac6058a1bad235de38502575b6cffdaae0c64cde8e3df0819211f94dc769ccdd47b3ca24289e73054b79cb9844d6fe295dab8b0fe4924fc582ae0c16e60723a3b291553437875d97a8b443b7c17fba728dbfa149d6f83d0a287ebaf7f9a911bec0ef925a5ebd8a8ee0df6b4662d10f557136be94a69d8a479866c2adfd90f6b5c119e61035ef7316030100040e000000<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x053d4696063853efd45f1f316c7360de<br>Finished request 3.<br>Going to the next request<br>Waking up in 4.8 seconds.<br>rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=99, length=545<br>
User-Name = "</font><a href="mailto:%7Bam=1%7D25f49af72f955791d10bec743331c5cc@lab.com"><font size="1">{am=1}25f49af72f955791d10bec743331c5cc@lab.com</font></a><font size="1">"<br> EAP-Message = 0x0205014c15001603010106100001020100144bc81228a0051ed5f8f8c4e487da89ccaeea6269e5f29458db08446dbe8ba4dfc9f4e61197587dda7dda5596dfa1e40e37ba81fca5c945e18245b08e928e2181bd3ba917382b93ec7f7a7b57ef02fa0bbdde1d6f23528bbe7fe987780da9290811d214f3bc8e72a2493ca3d4129c1beef9537d8ac542a235b2ddd29633af28a39e25e0decb8d60af09de873eb99cd7c3c4ae4c01a2ef9042f57aeb9a302a5b27a46eab61e6d73d2d2e2971f0f9dd05899954d4fa46c7bbe589c39624cdcf95a860a75db29a9bee717dfadb9280ca8c95b1db821d88d84b7d7ef5d7c7f25bc931de46cba01771e2b1a4e187<br>
EAP-Message = 0xd5ff3c8d571696195f6cdf74149069b61382de601403010001011603010030642012d01bdb07d967c3c732e2624ac232cf66a13c045909f245d1113270c89771f302e8e77b7eb3f14b2434ed728f18<br> Message-Authenticator = 0xa3940c26ad536f4df564151e14a962d1<br>
NAS-Identifier = "ASN-GW"<br> NAS-IP-Address = 10.10.186.40<br> Calling-Station-Id = "00-10-E7-62-31-6C"<br> WiMAX-BS-Id = 0x020202010102<br> NAS-Port-Type = 27<br> Framed-MTU = 2000<br>
Service-Type = Framed-User<br> WiMAX-GMT-Timezone-offset = 0<br> WiMAX-Release = "1.0"<br> WiMAX-Accounting-Capabilities = IP-Session-Based<br> WiMAX-Hotlining-Capabilities = Hotline-Profile-Id<br>
WiMAX-Attr-1793 = 0x0000028a<br> State = 0x053d4696063853efd45f1f316c7360de<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://10.10.186.40/auth-detail-20110530">10.10.186.40/auth-detail-20110530</a><br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://10.10.186.40/auth-detail-20110530">10.10.186.40/auth-detail-20110530</a><br>[auth_log] expand: %t -> Mon May 30 23:27:50 2011<br>
++[auth_log] returns ok<br>++[mschap] returns noop<br>++[files] returns noop<br>++[wimax] returns ok<br>[eap] EAP packet type response id 5 length 253<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/ttls<br>[eap] processing type ttls<br>[ttls] Authenticate<br>[ttls] processing EAP-TLS<br>[ttls] eaptls_verify returned 7 <br>
[ttls] Done initial handshake<br>[ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange <br>[ttls] TLS_accept: SSLv3 read client key exchange A <br>[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] <br>
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished <br>[ttls] TLS_accept: SSLv3 read finished A <br>[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] <br>[ttls] TLS_accept: SSLv3 write change cipher spec A <br>
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished <br>[ttls] TLS_accept: SSLv3 write finished A <br>[ttls] TLS_accept: SSLv3 flush data <br>[ttls] (other): SSL negotiation finished successfully <br>
SSL Connection Established <br>[ttls] eaptls_process returned 13 <br>++[eap] returns handled<br>Sending Access-Challenge of id 99 to 10.10.186.40 port 1812<br> EAP-Message = 0x0106004515800000003b140301000101160301003069b56c3d3948529c615d8d65e533020fef7e7ab7732cd615f9e87055675ebf83a29b5146da4a554bceec25df935f6555<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x053d4696013b53efd45f1f316c7360de<br>Finished request 4.<br>Going to the next request<br>Waking up in 4.5 seconds.<br>rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=100, length=382<br>
User-Name = "</font><a href="mailto:%7Bam=1%7D25f49af72f955791d10bec743331c5cc@lab.com"><font size="1">{am=1}25f49af72f955791d10bec743331c5cc@lab.com</font></a><font size="1">"<br> EAP-Message = 0x020600ab150017030100a0d8688e20c0b0067915213b723edda42fc3344b33496b465422aa8687d9a6727678efac380e96c18d7197c894a329f1fc0bada19e689ccef2f1a37d8e9f25c4a8fee6b7fe623d86b912ca0c03d25c20b25ab4c0950dabbce9236f1bd4fef65f036c78d6b5aa07ad75eca65178f4198c7bd34b881ffdf7c2e57f763ce34951aab3631e0ad0283532fc0c1f1812495c7bb7f79389c4045d4e72067b1333fb77c9ed<br>
Message-Authenticator = 0x6ca3e01fb59e6ab77890bcb48cc2d361<br> NAS-Identifier = "ASN-GW"<br> NAS-IP-Address = 10.10.186.40<br> Calling-Station-Id = "00-10-E7-62-31-6C"<br> WiMAX-BS-Id = 0x020202010102<br>
NAS-Port-Type = 27<br> Framed-MTU = 2000<br> Service-Type = Framed-User<br> WiMAX-GMT-Timezone-offset = 0<br> WiMAX-Release = "1.0"<br> WiMAX-Accounting-Capabilities = IP-Session-Based<br>
WiMAX-Hotlining-Capabilities = Hotline-Profile-Id<br> WiMAX-Attr-1793 = 0x0000028a<br> State = 0x053d4696013b53efd45f1f316c7360de<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://10.10.186.40/auth-detail-20110530">10.10.186.40/auth-detail-20110530</a><br>[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://10.10.186.40/auth-detail-20110530">10.10.186.40/auth-detail-20110530</a><br>
[auth_log] expand: %t -> Mon May 30 23:27:50 2011<br>++[auth_log] returns ok<br>++[mschap] returns noop<br>++[files] returns noop<br>++[wimax] returns ok<br>[eap] EAP packet type response id 6 length 171<br>[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/ttls<br>[eap] processing type ttls<br>[ttls] Authenticate<br>[ttls] processing EAP-TLS<br>
[ttls] eaptls_verify returned 7 <br>[ttls] Done initial handshake<br>[ttls] eaptls_process returned 7 <br>[ttls] Session established. Proceeding to decode tunneled attributes.<br>[ttls] Got tunneled request<br> User-Name = "</font><a href="mailto:explicit_ipcs@lab.com"><font size="1">explicit_ipcs@lab.com</font></a><font size="1">"<br>
MS-CHAP-Challenge = 0x0b7f5bf22bab3eb0e2ac075b2ca5c652<br> MS-CHAP2-Response = 0x090019064d31498f4b510c02e282cdd804080000000000000000eb431e35a460ab50b9cd0b7b76190ff77c3fccb20cfd84d0<br> FreeRADIUS-Proxied-To = 127.0.0.1<br>
[ttls] Sending tunneled request<br> User-Name = "</font><a href="mailto:explicit_ipcs@lab.com"><font size="1">explicit_ipcs@lab.com</font></a><font size="1">"<br> MS-CHAP-Challenge = 0x0b7f5bf22bab3eb0e2ac075b2ca5c652<br>
MS-CHAP2-Response = 0x090019064d31498f4b510c02e282cdd804080000000000000000eb431e35a460ab50b9cd0b7b76190ff77c3fccb20cfd84d0<br> FreeRADIUS-Proxied-To = 127.0.0.1<br> NAS-Identifier = "ASN-GW"<br>
NAS-IP-Address = 10.10.186.40<br> Calling-Station-Id = "00-10-E7-62-31-6C"<br> WiMAX-BS-Id = 0x020202010102<br> NAS-Port-Type = 27<br> Framed-MTU = 2000<br> Service-Type = Framed-User<br>
WiMAX-GMT-Timezone-offset = 0<br> WiMAX-Release = "1.0"<br> WiMAX-Accounting-Capabilities = IP-Session-Based<br> WiMAX-Hotlining-Capabilities = Hotline-Profile-Id<br> WiMAX-Attr-1793 = 0x0000028a<br>
server {<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://10.10.186.40/auth-detail-20110530">10.10.186.40/auth-detail-20110530</a><br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://10.10.186.40/auth-detail-20110530">10.10.186.40/auth-detail-20110530</a><br>[auth_log] expand: %t -> Mon May 30 23:27:50 2011<br>
++[auth_log] returns ok<br>[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'<br>++[mschap] returns ok<br>[files] users: Matched entry </font><a href="mailto:explicit_ipcs@lab.com"><font size="1">explicit_ipcs@lab.com</font></a><font size="1"> at line 212<br>
++[files] returns ok<br>++[wimax] returns ok<br>[eap] No EAP-Message, not doing EAP<br>++[eap] returns noop<br>++[unix] returns notfound<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] Found existing Auth-Type, not changing it.<br>
++[pap] returns noop<br>Found Auth-Type = MSCHAP<br>+- entering group MS-CHAP {...}<br>[mschap] Told to do MS-CHAPv2 for </font><a href="mailto:explicit_ipcs@lab.com"><font size="1">explicit_ipcs@lab.com</font></a><font size="1"> with NT-Password<br>
[mschap] adding MS-CHAPv2 MPPE keys<br>++[mschap] returns ok<br>+- entering group post-auth {...}<br>++[exec] returns noop<br> expand: %{User-Name} -> </font><a href="mailto:explicit_ipcs@lab.com"><font size="1">explicit_ipcs@lab.com</font></a><br>
<font size="1">++[request] returns noop<br>++[reply] returns noop<br>[wimax] No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys.<br>++[wimax] returns noop<br>} # server <br>[ttls] Got tunneled reply code 2<br> Idle-Timeout = 3600<br>
Session-Timeout = 1800<br> Termination-Action = RADIUS-Request<br> R3-IF-Name = "CPE_MGMT_SG"<br> PDFID = 1<br> WiMAX-Packet-Data-Flow-Id = 1<br> WiMAX-Direction = Bi-Directional<br>
WiMAX-Transport-Type = IPv4-CS<br> WiMAX-Uplink-QOS-Id = 1<br> WiMAX-Downlink-QOS-Id = 2<br> Classifier = 0x01030102030004030307051818ff<br> WiMAX-QoS-Id = 1<br> WiMAX-Schedule-Type = Best-Effort<br>
WiMAX-Traffic-Priority = 1<br> WiMAX-Maximum-Sustained-Traffic-Rate = 2000000<br> WiMAX-QoS-Id = 2<br> WiMAX-Schedule-Type = Best-Effort<br> WiMAX-Traffic-Priority = 1<br> WiMAX-Maximum-Sustained-Traffic-Rate = 2000000<br>
R3-IF-Name = "DHCP_Relay_SG"<br> PDFID = 2<br> WiMAX-Packet-Data-Flow-Id = 2<br> WiMAX-Direction = Bi-Directional<br> WiMAX-Transport-Type = IPv4-CS<br> WiMAX-Uplink-QOS-Id = 3<br>
WiMAX-Downlink-QOS-Id = 4<br> Classifier = 0x01030102030004030307050000ff<br> WiMAX-QoS-Id = 3<br> WiMAX-Schedule-Type = Best-Effort<br> WiMAX-Traffic-Priority = 0<br> WiMAX-Maximum-Sustained-Traffic-Rate = 1000000<br>
WiMAX-QoS-Id = 4<br> WiMAX-Schedule-Type = Best-Effort<br> WiMAX-Traffic-Priority = 0<br> WiMAX-Maximum-Sustained-Traffic-Rate = 1000000<br> MS-CHAP2-Success = 0x09533d32374643374430424643444134303643454343324546384236363046414235444138354544414532<br>
MS-MPPE-Recv-Key = 0x3010c1cef4dff3ccbc401e61fe6aba40<br> MS-MPPE-Send-Key = 0xceb06d718258ce7e6b9aed16c80e7f2e<br> MS-MPPE-Encryption-Policy = 0x00000001<br> MS-MPPE-Encryption-Types = 0x00000006<br>
WiMAX-FA-RK-Key = 0x00<br> WiMAX-HA-RK-Key = 0x00<br> WiMAX-IP-Technology = CMIP4<br>[ttls] Got tunneled Access-Accept<br>[ttls] Got MS-CHAP2-Success, tunneling it to the client in a challenge.<br>++[eap] returns handled<br>
Sending Access-Challenge of id 100 to 10.10.186.40 port 1812<br> EAP-Message = 0x0107005f15800000005517030100509aef16d756ed9395371c99b470bac318aceb342970cd8d0d52891ef51b8a9451a5f3227ca14cafcee73235c8aad0401f2a6596ad98a857512c468fe0f7f8be0ac712235fb6767a1590705002fa7816bf<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x053d4696003a53efd45f1f316c7360de<br>Finished request 5.<br>Going to the next request<br>Waking up in 4.4 seconds.<br>rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=101, length=217<br>
User-Name = "</font><a href="mailto:%7Bam=1%7D25f49af72f955791d10bec743331c5cc@lab.com"><font size="1">{am=1}25f49af72f955791d10bec743331c5cc@lab.com</font></a><font size="1">"<br> EAP-Message = 0x020700061500<br>
Message-Authenticator = 0xc30d23caa66a6c953bfe8980cba6ac85<br> NAS-Identifier = "ASN-GW"<br> NAS-IP-Address = 10.10.186.40<br> Calling-Station-Id = "00-10-E7-62-31-6C"<br> WiMAX-BS-Id = 0x020202010102<br>
NAS-Port-Type = 27<br> Framed-MTU = 2000<br> Service-Type = Framed-User<br> WiMAX-GMT-Timezone-offset = 0<br> WiMAX-Release = "1.0"<br> WiMAX-Accounting-Capabilities = IP-Session-Based<br>
WiMAX-Hotlining-Capabilities = Hotline-Profile-Id<br> WiMAX-Attr-1793 = 0x0000028a<br> State = 0x053d4696003a53efd45f1f316c7360de<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://10.10.186.40/auth-detail-20110530">10.10.186.40/auth-detail-20110530</a><br>[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://10.10.186.40/auth-detail-20110530">10.10.186.40/auth-detail-20110530</a><br>
[auth_log] expand: %t -> Mon May 30 23:27:50 2011<br>++[auth_log] returns ok<br>++[mschap] returns noop<br>++[files] returns noop<br>++[wimax] returns ok<br>[eap] EAP packet type response id 7 length 6<br>[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/ttls<br>[eap] processing type ttls<br>[ttls] Authenticate<br>[ttls] processing EAP-TLS<br>
[ttls] Received TLS ACK<br>[ttls] ACK handshake is finished<br>[ttls] eaptls_verify returned 3 <br>[ttls] eaptls_process returned 3 <br>[eap] Freeing handler<br>++[eap] returns ok<br>+- entering group post-auth {...}<br>++[exec] returns noop<br>
expand: %{User-Name} -> </font><a href="mailto:%7Bam=1%7D25f49af72f955791d10bec743331c5cc@lab.com"><font size="1">{am=1}25f49af72f955791d10bec743331c5cc@lab.com</font></a><br><font size="1">++[request] returns noop<br>
++[reply] returns noop<br>[wimax] MIP-RK = 0xaef9d3e53fd7d9bcf6b0f765dca01d76e342f5acd10f5ff4561e6f16c6a14d6c1d6fbc7a2d233f8eb5c4440f07e7fee9285396977715f86584cc91712551f6a5<br>[wimax] MIP-SPI = e7754631<br>[wimax] WARNING: WiMAX-hHA-IP-MIP4 not found. Cannot calculate MN-HA-CMIP4 key<br>
++[wimax] returns updated<br>Sending Access-Accept of id 101 to 10.10.186.40 port 1812<br> Idle-Timeout = 3600<br> Session-Timeout = 1800<br> Termination-Action = RADIUS-Request<br> R3-IF-Name = "CPE_MGMT_SG"<br>
PDFID = 1<br> WiMAX-Packet-Data-Flow-Id = 1<br> WiMAX-Direction = Bi-Directional<br> WiMAX-Transport-Type = IPv4-CS<br> WiMAX-Uplink-QOS-Id = 1<br> WiMAX-Downlink-QOS-Id = 2<br> Classifier = 0x01030102030004030307051818ff<br>
WiMAX-QoS-Id = 1<br> WiMAX-Schedule-Type = Best-Effort<br> WiMAX-Traffic-Priority = 1<br> WiMAX-Maximum-Sustained-Traffic-Rate = 2000000<br> WiMAX-FA-RK-Key = 0xe5c88d100cf04d75e950ea17183fd6a75fdeed2e<br>
WiMAX-HA-RK-Key = 0x00<br> WiMAX-IP-Technology = CMIP4<br> EAP-Message = 0x03070004<br> Message-Authenticator = 0x00000000000000000000000000000000<br> User-Name = "</font><a href="mailto:%7Bam=1%7D25f49af72f955791d10bec743331c5cc@lab.com"><font size="1">{am=1}25f49af72f955791d10bec743331c5cc@lab.com</font></a><font size="1">"<br>
WiMAX-MSK = 0x10526ef39b288de53f21aea35e5d45e426399ce2991dcd3db2e1705d82f57b4c6e90fb19ccfed3621fe7657f657f6124c12a414393689957c0232b39db064f20<br> WiMAX-FA-RK-SPI = 826701287<br>Finished request 6.</font></div>
<div>========================================================================</div>
<div>========================================================================<br></div><span lang="HE"><font size="1"><a href="mailto:explicit_ipcs@lab.com">explicit_ipcs@lab.com</a> Cleartext-Password := "1234"<br>
<br>Idle-Timeout = 3600,<br><br>Session-Timeout = 1800,<br><br>Termination-Action = RADIUS-Request,<br><br>R3-IF-Name += CPE_MGMT_SG,<br><br>PDFID += 1,<br><br>WiMAX-Packet-Data-Flow-Id += 1,<br><br>WiMAX-Direction += Bi-Directional,<br>
<br>WiMAX-Transport-Type += IPv4-CS,<br><br>WiMAX-Uplink-QOS-Id += 1,<br><br>WiMAX-Downlink-QOS-Id += 2,<br><br>Classifier += 0x01030102030004030307051818ff,<br><br>WiMAX-QoS-Id += 1,<br><br>WiMAX-Schedule-Type += Best-Effort,<br>
<br>WiMAX-Traffic-Priority += 1,<br><br>WiMAX-Maximum-Sustained-Traffic-Rate += 2000000,<br><br>WiMAX-QoS-Id += 2,<br><br>WiMAX-Schedule-Type += Best-Effort,<br><br>WiMAX-Traffic-Priority += 1,<br><br>WiMAX-Maximum-Sustained-Traffic-Rate += 2000000,<br>
<br>R3-IF-Name += DHCP_Relay_SG,<br><br>PDFID += 2,<br><br>WiMAX-Packet-Data-Flow-Id += 2,<br><br>WiMAX-Direction += Bi-Directional,<br><br>WiMAX-Transport-Type += IPv4-CS,<br><br>WiMAX-Uplink-QOS-Id += 3,<br><br>WiMAX-Downlink-QOS-Id += 4,<br>
<br>Classifier += 0x01030102030004030307050000ff,<br><br>WiMAX-QoS-Id += 3,<br><br>WiMAX-Schedule-Type += Best-Effort,<br><br>WiMAX-Traffic-Priority +=0,<br><br>WiMAX-Maximum-Sustained-Traffic-Rate += 1000000,<br><br>WiMAX-QoS-Id += 4,<br>
<br>WiMAX-Schedule-Type += Best-Effort,<br><br>WiMAX-Traffic-Priority += 0,<br><br>WiMAX-Maximum-Sustained-Traffic-Rate += 1000000</font>
<div></div></span>======================================================================</div>
<div>======================================================================<br></div>
<div class="gmail_quote">On Mon, May 30, 2011 at 5:16 PM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">Shai Mizrachi wrote:<br>> I a trying to send in the Access-Accept the same attribute twice but<br>> with different values (for Wimax QoS descriptor).<br>
> I am using the += operator but still, the reply message contains only<br>> the first parameter and the second is just ignored.<br><br> It should work. But maybe 2.1.7 doesn't have the required WiMAX magic.<br>
<br> What does the debug output show? Where are the attributes defined?<br><font color="#888888"><br> Alan DeKok.<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</font></blockquote></div><br><br clear="all"><br>-- <br>
<div dir="ltr">
<div><br> ----------------</div>
<div>Shai Mizrachi<br>054-9225408</div></div><br>