Hello David, I followed your format and it worked. Thank you for your help. Regards, Krzysztof On 19/10/11 17:54, David Peterson wrote:
The problem with the 4-Motion system is that it's completely different from the Extreme. The specification they "created" is completely off the WiMax specs which is why Alan had to put in some fixes.
Follow the format I sent you EXACTLY and it should work just fine. I.e. You have classifier ID of 2 coming before 1.
In addition, set delete_mppe_keys = yes in the WiMax module.
David
-----Original Message----- From: freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradius.org [mailto:freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradiu s.org] On Behalf Of Krzysztof Grobelak Sent: Wednesday, October 19, 2011 11:58 AM To: FreeRadius users mailing list Subject: Re: No connection after access-accept.
Thank you for quick reply.
I believe that I am using the correct dictionaries (dictionary.alvarion.wimax.v2_2&& dictionary.wimax.alvarion).
I fixed the TOS range and mask but it still does not connect.
Regards, Krzysztof
On 19/10/11 16:19, David Peterson wrote:
Hi Krzystof,
You need to use the new Alvarion dictionary which is included in the 3.0 version I believe, Alan will undoubtedly correct me.
In addition you will need to change the TOS range and mask values. Here is what I send to set up 1 IPCS flow on an Alvarion 4-Motion ASN.
Alvarion-R3-IF-Name += SGVLAN13 Alvarion-PDFID += 1 WiMAX-Packet-Data-Flow-Id += 1 WiMAX-Service-Data-Flow-Id += 1 WiMAX-Direction += 3 WiMAX-Transport-Type += 1 WiMAX-Uplink-QOS-Id += 1 WiMAX-Downlink-QOS-Id += 1 WiMAX-ClassifierID += 1 WiMAX-Classifier-Priority += 1 WiMAX-Classifier-Direction += 1 WiMAX-IP-TOS-DSCP-Range-and-Mask += 0x1818FF WiMAX-Transport-Type += 1 WiMAX-ClassifierID += 2 WiMAX-Classifier-Priority += 1 WiMAX-Classifier-Direction += 2 WiMAX-IP-TOS-DSCP-Range-and-Mask += 0x0000FF WiMAX-QoS-Id += 1 WiMAX-Schedule-Type += 2 WiMAX-Traffic-Priority += 1 WiMAX-Maximum-Sustained-Traffic-Rate += 256000
David Peterson Senior WiMax Engineer Wireless Connections
-----Original Message----- From: freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradius.org
[mailto:freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradiu
s.org] On Behalf Of Krzysztof Grobelak Sent: Wednesday, October 19, 2011 11:06 AM To: FreeRadius users mailing list Subject: No connection after access-accept.
Hello.
I am trying to configure freeradius to work with Alvarion devices. It is working fine with Extreme but for some reason it does not work with 4motion. I installed the "master" version from git and I edited the dictionary files. My problem is that i see access-accept being sent but the connection is not established and radio keeps trying to authenticate with freeradius. Each attempt ends with access-accept being sent.
Thanks in advance P.S. I am new to freeradius and wimax so please dont eat me alive...
Regards, Krzysztof
Debug:
FreeRADIUS Version 3.0.0, for host i686-pc-linux-gnu, built on Oct 17 2011 at 10:26:54 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2.
Compilation options: Regex flavour: Posix Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/redis including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/sql including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/replicate including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/sqlippool including configuration file /usr/local/etc/raddb/sql/postgresql/ippool.conf including configuration file /usr/local/etc/raddb/modules/opendirectory including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/rediswho including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/eap including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/utf8 including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/soh including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/dynamic_clients including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including configuration file /usr/local/etc/raddb/sites-enabled/control-socket main { security { allow_core_dumps = no } } including dictionary file /usr/local/etc/raddb/dictionary main { name = "radiusd" prefix = "/usr/local" localstatedir = "/usr/local/var" sbindir = "/usr/local/sbin" logdir = "/usr/local/var/log/radius" run_dir = "/usr/local/var/run/radiusd" libdir = "/usr/local/lib" radacctdir = "/usr/local/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/usr/local/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" max_connections = 16 } client 10.190.0.2 { require_message_authenticator = no secret = "pass" shortname = "Testing" nastype = "other" max_connections = 16 }
radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /usr/local/etc/raddb/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /usr/local/etc/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /usr/local/etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /usr/local/etc/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /usr/local/etc/raddb/radiusd.conf modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /usr/local/etc/raddb/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /usr/local/etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no passchange { } allow_retry = yes } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /usr/local/etc/raddb/modules/eap eap { default_eap_type = "ttls" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/usr/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" CA_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/usr/local/etc/raddb/certs/dh" random_file = "/usr/local/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/usr/local/etc/raddb/certs/bootstrap" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess preprocess { huntgroups = "/usr/local/etc/raddb/huntgroups" hints = "/usr/local/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /usr/local/etc/raddb/modules/files files { usersfile = "/usr/local/etc/raddb/users" acctusersfile = "/usr/local/etc/raddb/acct_users" preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" compat = "no" } Module: Checking preacct {...} for more modules to load Module: Loading virtual module acct_unique Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /usr/local/etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_wimax Module: Instantiating module "wimax" from file /usr/local/etc/raddb/modules/wimax wimax { delete_mppe_keys = no } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /usr/local/etc/raddb/modules/unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp radutmp { filename = "/usr/local/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/usr/local/etc/raddb/attrs.accounting_response" key = "%{User-Name}" relaxed = no } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/usr/local/etc/raddb/attrs.access_reject" key = "%{User-Name}" relaxed = no } } # modules } # server server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/usr/local/var/run/radiusd/radiusd.sock" } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Opening new proxy address * port 1814 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=225, length=226 User-Name = "{sm=1}test@company.ie" EAP-Message =
0x0201002a017b736d3d317d6d61676e612e74616c6c616768742e7465737440616972737065
65642e6965 Message-Authenticator = 0xb0e4f53c239e82a5a9424643abac90c5 NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (0) group authorize { (0) - entering group authorize {...} (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) eap : EAP packet type response id 1 length 42 (0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) Found Auth-Type = ? (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (0) group authenticate { (0) - entering group authenticate {...} (0) eap : EAP Identity (0) eap : processing type tls (0) tls : Initiate (0) tls : Start returned 1 (0) [eap] = handled Sending Access-Challenge of id 225 to 10.190.0.2 port 1812 EAP-Message = 0x010200061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4524932a452686bf0e6f9b30d966adf3 (0) Finished request 0. Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=226, length=290 User-Name = "{sm=1}test@company.ie" EAP-Message =
0x0202005815800000004e16030100490100004503014d6f0492446dcf37684a8ba3964276e6 a0af14e11c0c66ba0bfe09bee47296d900001e00390038003500160013000a00330032002f00
15001200090014001100080100 Message-Authenticator = 0x16b9a8766e5ca7d66bd4109f08badf56 NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a State = 0x4524932a452686bf0e6f9b30d966adf3 (1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (1) group authorize { (1) - entering group authorize {...} (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) eap : EAP packet type response id 2 length 88 (1) eap : Continuing tunnel setup. (1) [eap] = ok (1) Found Auth-Type = ? (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (1) group authenticate { (1) - entering group authenticate {...} (1) eap : Request found, released from the list (1) eap : EAP/ttls (1) eap : processing type ttls (1) ttls : Authenticate (1) ttls : processing EAP-TLS TLS Length 78 (1) ttls : Length Included (1) ttls : eaptls_verify returned 11 (1) ttls : (other): before/accept initialization (1) ttls : TLS_accept: before/accept initialization (1) ttls :<<< TLS 1.0 Handshake [length 0049], ClientHello (1) ttls : TLS_accept: SSLv3 read client hello A (1) ttls :>>> TLS 1.0 Handshake [length 002a], ServerHello (1) ttls : TLS_accept: SSLv3 write server hello A (1) ttls :>>> TLS 1.0 Handshake [length 085e], Certificate (1) ttls : TLS_accept: SSLv3 write certificate A (1) ttls :>>> TLS 1.0 Handshake [length 020d], ServerKeyExchange (1) ttls : TLS_accept: SSLv3 write key exchange A (1) ttls :>>> TLS 1.0 Handshake [length 0004], ServerHelloDone (1) ttls : TLS_accept: SSLv3 write server done A (1) ttls : TLS_accept: SSLv3 flush data (1) ttls : TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode (1) ttls : eaptls_process returned 13 (1) [eap] = handled Sending Access-Challenge of id 226 to 10.190.0.2 port 1812 EAP-Message =
0x0103040015c000000aad160301002a0200002603014e9ee50972fa598b689b6f459a90c557 abd4de3970630ee299ae5a309acdf4ec00003900160301085e0b00085a0008570003a6308203 a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355 040613024652310f300d060355040813065261646975733112301006035504071309536f6d65 776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886 f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d457861
6d706c6520436572746966696361746520417574686f72697479 EAP-Message =
0x301e170d3131313031333039353734375a170d3132313031323039353734375a307c310b30 09060355040613024652310f300d0603550408130652616469757331153013060355040a130c 4578616d706c6520496e632e312330210603550403131a4578616d706c652053657276657220 43657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d 706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a028201 0100caef6b9b67bdef4ad8e1e44128bc7e4d59b10f7fea2f25a815df34e36e48223a3812b6b4
c9005ddf99cf79afe5a4645eb7847cdaa444ad11ad858447f05e EAP-Message =
0xbb17624bb71f12a488110b381a1a629f04fe7811e5589b7cfebad4e16d89ce6b982880f28d b5f6817bda4db85b83520a6d47f682e224f70e9a104fc421ca712b8fa4c1b9e6c98329a5db41 50bb6d06fe29729e2842c5ecb6960b89cbdadc1ec91e7eadbdb4288023659fef46b02ec89bb4 7026e86c85aefb37d6df74167a3e12279d32b42199ba04013f8d4985c218365f0f60c3d9af22 7a3949125925db3ffb1bdccf34548f7626dac63e22b0624b6f16669d47fbc7ca4ddf2f794d00 4b901ecb090203010001a317301530130603551d25040c300a06082b06010505070301300d06
092a864886f70d01010405000382010100b676c0afe25190b575 EAP-Message =
0x1fa8ec975b02e09c61c8b25c4e2b7fe96b9275018524ef5bfecace1625ea8a09aaccc1a0b9 cdb2ebe7d1780ecf6a2bf775d639944c27881d5ea4d6fb013799ca759216777b46ee8dbdd9b6 6346ad9ee5b4e1854f04fa495bc64ce62702c50f3ba637d28c835c3113ca9984a94b1b3e6402 8034c73d734af96bdbb3e7bbb427372fb069af913eb2ced4ef9253a87050138334320cd2f563 c457de969f8472fd861282613fb501a0732e1bc2e9a0eb41caa6cb481c773f79737c1a9bc0e9 5e795ee5a0974fb2752d947606422dfba0e2c45b046c834c0553aecdd2b3a37952050de7a2d6
e27be9065dc29bc10b90188a7faf20beed7b904c0004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4524932a442786bf0e6f9b30d966adf3 (1) Finished request 1. Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=227, length=208 User-Name = "{sm=1}test@company.ie" EAP-Message = 0x020300061500 Message-Authenticator = 0x9a77a1ab1819f89e18fb8f7a8d263dbc NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a State = 0x4524932a442786bf0e6f9b30d966adf3 (2) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (2) group authorize { (2) - entering group authorize {...} (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) eap : EAP packet type response id 3 length 6 (2) eap : Continuing tunnel setup. (2) [eap] = ok (2) Found Auth-Type = ? (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (2) group authenticate { (2) - entering group authenticate {...} (2) eap : Request found, released from the list (2) eap : EAP/ttls (2) eap : processing type ttls (2) ttls : Authenticate (2) ttls : processing EAP-TLS (2) ttls : Received TLS ACK (2) ttls : Received TLS ACK (2) ttls : ACK handshake fragment handler (2) ttls : eaptls_verify returned 1 (2) ttls : eaptls_process returned 13 (2) [eap] = handled Sending Access-Challenge of id 227 to 10.190.0.2 port 1812 EAP-Message =
0x0104040015c000000aad00ec1d720e4a7e8a98300d06092a864886f70d0101050500308193 310b3009060355040613024652310f300d060355040813065261646975733112301006035504 071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e312030 1e06092a864886f70d010901161161646d696e406578616d706c652e636f6d31263024060355 0403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d31 31313031333039353734375a170d3132313031323039353734375a308193310b300906035504
0613024652310f300d0603550408130652616469757331123010 EAP-Message =
0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e 632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126 30240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 30820122300d06092a864886f70d01010105000382010f003082010a0282010100be734cc62e cb7177f45d9f49d0dc7c67f1e8f71f9ad048dd67a12de738c98729d524e687e47b801bf912a3 ce76ff5c35cbbae16eed0733b5e51b53633123803af7f8bdb2a456b82f3c022ab8aa75e09e55
f898044a1de747799af4506d191327f3cb2fd28c87d277828b1b EAP-Message =
0x5372af25f28e4dc8ece69051878c673e3036fad0165be210ee1e208c762dbd201af930f8d3 0c2d8e1f112afa92bec4462e0f812d645e0572c991a9f1ff3fb7938f9aa1c92db6464ea6025f c34af023dc152c09ac6074742f3b1766cfca4c352255553bea37de71ea152bb306cd1893e111 19326b7a5bdf957fc90726ffcf49b542285aeda0480ced4f180547fe0449400dfd786fc50203 010001a381fb3081f8301d0603551d0e04160414b57317268d6d7a07453f567b60d8e38ab31a f2a13081c80603551d230481c03081bd8014b57317268d6d7a07453f567b60d8e38ab31af2a1
a18199a48196308193310b3009060355040613024652310f300d EAP-Message =
0x060355040813065261646975733112301006035504071309536f6d65776865726531153013 060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d01090116116164 6d696e406578616d706c652e636f6d312630240603550403131d4578616d706c652043657274 6966696361746520417574686f72697479820900ec1d720e4a7e8a98300c0603551d13040530 030101ff300d06092a864886f70d010105050003820101000145888b12dc92a1ae57d9cf122d 90702ccf6fdeacf92f4e46bdab9773d80bb5373ddacd234f03fd8d8f8587b515ba24b28931ff
ec882ad044f8bc07f3c510b90f86e302639082c1d1fbc9fd9d2b EAP-Message = 0x29f6a43153b63396708d1c2a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4524932a472086bf0e6f9b30d966adf3 (2) Finished request 2. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=228, length=208 User-Name = "{sm=1}test@company.ie" EAP-Message = 0x020400061500 Message-Authenticator = 0xe3f7dbd13796664921230156fd4a7f0b NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a State = 0x4524932a472086bf0e6f9b30d966adf3 (3) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (3) group authorize { (3) - entering group authorize {...} (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) eap : EAP packet type response id 4 length 6 (3) eap : Continuing tunnel setup. (3) [eap] = ok (3) Found Auth-Type = ? (3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (3) group authenticate { (3) - entering group authenticate {...} (3) eap : Request found, released from the list (3) eap : EAP/ttls (3) eap : processing type ttls (3) ttls : Authenticate (3) ttls : processing EAP-TLS (3) ttls : Received TLS ACK (3) ttls : Received TLS ACK (3) ttls : ACK handshake fragment handler (3) ttls : eaptls_verify returned 1 (3) ttls : eaptls_process returned 13 (3) [eap] = handled Sending Access-Challenge of id 228 to 10.190.0.2 port 1812 EAP-Message =
0x010502cb158000000aad6b687c3b13bd2cbcdc94906e01fea4a72a53605631056850f7c340 7a5d7b7a88d58a990667955f91c7e7fd1d4bcc1cb32597585648a06987428bb59b80040251ea 1eb36ca37e6b08d6dcff0bbac544ee590b97dcdd3043216a8d7c43b3b8177a6d50c34a1954b7 97f6ce1b83260aec1f9cd4f49b89bf166b6fcbe2169a6cdfdd381bfdc0210904a4332192d206 d220b4227586268fe877dec3e39b6c9cfa223f5af7f750fd76160301020d0c0002090080f261 ea67ca98641e7618ffeaf9dbfbfeba8524299d1674bbae7d654b45ddb4d4d56cfc334a0d31a3
3b07a51ec227e83c6111384da4c513b3799894ab435ab01f0308 EAP-Message =
0xbae422a62095161d878138f148293e9d8bbdd8e1f17eeb6aea213178d729efd10049433c42 9ea9685564ff39a81b78828cd381e4ebb6ff4a2022e92349230001020080cf073ac84159ffdf 2a3954bc6d8c5b241548eef76ea49c6f5648bf586017e4f8038d6956580fa5bd17a7199c7b05 bec37333162d8c6302c80092a8339aaecdcd44d3f77964b938c579d2fe5f5e2eb90d52b0215d ec2972f639283ac415d95b1aecb8d856e28eababe9ee8f662b385efb60b09741356027269b5a 089c7c85738001004c76e655fcfb777d949b3e64e0018f329eedb978f1294c0f4fe10736b52d
f39df6edf0f5634de3dc17614893582df2e251c5b6acd61276d0 EAP-Message =
0xb71e3de49e55f6775effac0d28046d1510714dbd68c4d55dedb7329f9ba3de55154a4ffd8d 2aad7081dc07b232ff609ca8c19743ba19ccd2d1b3bf35dd1ccd78c1d54f477a4336188fb929 8426a941501972562ed1fca0efad8c451b0ec15674ff86500e67617241c95625ddecc82feefc 41c0eb91cdab0cc56176884e28aab3c850a81bd7736e1ec133d6b83db28db10623c552c5f7a2 d7a6d59e0f1cf362b155e415a274088d2eb875d07acd63236660e40f200f6055bd2c0c934777
c61d55c1a57d7983d867c016030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4524932a462186bf0e6f9b30d966adf3 (3) Finished request 3. Waking up in 0.2 seconds. Waking up in 4.3 seconds. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=229, length=410 User-Name = "{sm=1}test@company.ie" EAP-Message =
0x020500d01580000000c61603010086100000820080e3190ec3957550a29a5f545907823a1e adcd83d25d26b74f1858aae52bac948aef1e3d75bc2adff031a57ad656d2d09066f0cae0630e 0c66d0487abc980cb7d6631a6531f05cba19b4a94f628a6bda9a90aae7e58f33fe204399f1fc d215d007dba697579f7bcb002baa5d67c06a10d82953c53a31b100711f4f0d07e550a3d41403 0100010116030100308a7e900fbfb4f5de1ef3c91092938dee297c5a4b41f537309996762989
cffc3aa2475130e85a6cfcbd3cc5d4f4a38b01 Message-Authenticator = 0x4f4cb9ffdb83cca6564a6d11de9eca5e NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a State = 0x4524932a462186bf0e6f9b30d966adf3 (4) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (4) group authorize { (4) - entering group authorize {...} (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) eap : EAP packet type response id 5 length 208 (4) eap : Continuing tunnel setup. (4) [eap] = ok (4) Found Auth-Type = ? (4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (4) group authenticate { (4) - entering group authenticate {...} (4) eap : Request found, released from the list (4) eap : EAP/ttls (4) eap : processing type ttls (4) ttls : Authenticate (4) ttls : processing EAP-TLS TLS Length 198 (4) ttls : Length Included (4) ttls : eaptls_verify returned 11 (4) ttls :<<< TLS 1.0 Handshake [length 0086], ClientKeyExchange (4) ttls : TLS_accept: SSLv3 read client key exchange A (4) ttls :<<< TLS 1.0 ChangeCipherSpec [length 0001] (4) ttls :<<< TLS 1.0 Handshake [length 0010], Finished (4) ttls : TLS_accept: SSLv3 read finished A (4) ttls :>>> TLS 1.0 ChangeCipherSpec [length 0001] (4) ttls : TLS_accept: SSLv3 write change cipher spec A (4) ttls :>>> TLS 1.0 Handshake [length 0010], Finished (4) ttls : TLS_accept: SSLv3 write finished A (4) ttls : TLS_accept: SSLv3 flush data (4) ttls : (other): SSL negotiation finished successfully SSL Connection Established (4) ttls : eaptls_process returned 13 (4) [eap] = handled Sending Access-Challenge of id 229 to 10.190.0.2 port 1812 EAP-Message =
0x0106004515800000003b14030100010116030100303a882b92af53c50ce085959593e73fca
32ab9a7bd2e2e0a895c165c0a4163a638e8f12fef6f0bc8878a70cfcda0548a8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4524932a412286bf0e6f9b30d966adf3 (4) Finished request 4. Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=230, length=378 User-Name = "{sm=1test@company.ie" EAP-Message =
0x020600b0150017030100201783b2821501d183457ee81425c3bcbfd372c1207cc52b44e4af 3250a771e4181703010080a65edf5e1fddb09f70ebffef22b5811ebb4d7f3143b2d1ecf88e2a f29edd0178dc38aa45de3e8ac0106fa7259392dbb721ed242bf6fd1a79cdc10faad024b583e8 710f2396246d34353b915f3a49771b11ed93e106564b0f94f208631a4f9852c21452c53492d5
302b2571ec8f1b95d0b1abdaf202da0f42b9b68c863653886c Message-Authenticator = 0x064bdfc96ada80a4ac9a92242232b9ae NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a State = 0x4524932a412286bf0e6f9b30d966adf3 (5) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (5) group authorize { (5) - entering group authorize {...} (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) eap : EAP packet type response id 6 length 176 (5) eap : Continuing tunnel setup. (5) [eap] = ok (5) Found Auth-Type = ? (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (5) group authenticate { (5) - entering group authenticate {...} (5) eap : Request found, released from the list (5) eap : EAP/ttls (5) eap : processing type ttls (5) ttls : Authenticate (5) ttls : processing EAP-TLS (5) ttls : eaptls_verify returned 7 (5) ttls : Done initial handshake (5) ttls : eaptls_process returned 7 (5) ttls : Session established. Proceeding to decode tunneled attributes. (5) ttls : Got tunneled request User-Name = "30001020" MS-CHAP-Challenge = 0x967d3f6435e31b63 MS-CHAP-Response =
0xb801000000000000000000000000000000000000000000000000b32723b5ce6e52ba066370
add032fa03fecc6350d759fa7f FreeRADIUS-Proxied-To = 127.0.0.1 (5) ttls : Sending tunneled request User-Name = "30001020" MS-CHAP-Challenge = 0x967d3f6435e31b63 MS-CHAP-Response =
0xb801000000000000000000000000000000000000000000000000b32723b5ce6e52ba066370
add032fa03fecc6350d759fa7f FreeRADIUS-Proxied-To = 127.0.0.1 NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a server inner-tunnel { (5) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (5) group authorize { (5) - entering group authorize {...} (5) [chap] = noop (5) mschap : Found MS-CHAP attributes. Setting 'Auth-Type = mschap' (5) [mschap] = ok (5) eap : No EAP-Message, not doing EAP (5) [eap] = noop (5) files : users: Matched entry 30001020 at line 99 (5) [files] = ok (5) [preprocess] = ok (5) Found Auth-Type = ? (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (5) group MS-CHAP { (5) - entering group MS-CHAP {...} (5) mschap : Told to do MS-CHAPv1 with NT-Password (5) mschap : adding MS-CHAPv1 MPPE keys (5) [mschap] = ok (5) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (5) group post-auth { (5) - entering group post-auth {...} (5) update outer.reply { (5) expand: %{request:User-Name} -> 30001020 (5) } # update outer.reply = noop (5) wimax : No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys. (5) [wimax] = noop } # server inner-tunnel (5) ttls : Got tunneled reply code 2 Alvarion-R3-IF-Name += "CPEL3Mgmt" Alvarion-PDFID += 1 WiMAX-Packet-Data-Flow-Id += 1 WiMAX-Direction += Bi-Directional WiMAX-Transport-Type += IPv4-CS WiMAX-Uplink-QOS-Id += 1 WiMAX-Downlink-QOS-Id += 1 WiMAX-ClassifierID += 2 WiMAX-Classifier-Priority += 1 WiMAX-Classifier-Direction += IN WiMAX-IP-TOS-DSCP-Range-and-Mask += 0x31353739323633 WiMAX-ClassifierID += 1 WiMAX-Classifier-Priority += 1 WiMAX-Classifier-Direction += OUT WiMAX-IP-TOS-DSCP-Range-and-Mask += 0x3635353335 WiMAX-QoS-Id += 1 WiMAX-Schedule-Type += Best-Effort WiMAX-Traffic-Priority += 4 WiMAX-Maximum-Sustained-Traffic-Rate += 512000 WiMAX-IP-Technology += PMIP4 Alvarion-R3-IF-Name += "HazelL2Service" Alvarion-PDFID += 2 WiMAX-Packet-Data-Flow-Id += 2 WiMAX-Direction += Bi-Directional WiMAX-Transport-Type += Ethernet WiMAX-Uplink-QOS-Id += 2 WiMAX-Downlink-QOS-Id += 2 WiMAX-ClassifierID += 1 WiMAX-Classifier-Priority += 1 WiMAX-Classifier-Direction += Bi-Directional WiMAX-VLAN-ID += 175 WiMAX-QoS-Id += 2 WiMAX-Schedule-Type += nrtPS WiMAX-Traffic-Priority += 1 WiMAX-Maximum-Sustained-Traffic-Rate += 4096000 WiMAX-Minimum-Reserved-Traffic-Rate += 1024000 WiMAX-IP-Technology += Ethernet-CS WiMAX-hHA-IP-MIP4 += 12.12.12.12 Session-Timeout = 3600 Reply-Message = "4motion test" MS-CHAP-MPPE-Keys = 0x250838025ed089c5740e1ec19c1d0bedd9776bd85e9fca880000000000000000 MS-MPPE-Encryption-Policy = Encryption-Allowed MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (5) ttls : Got tunneled Access-Accept (5) eap : Freeing handler (5) [eap] = ok (5) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default (5) group post-auth { (5) - entering group post-auth {...} (5) update request { (5) expand: %{User-Name} -> {sm=1}test@company.ie (5) } # update request = noop (5) update reply { (5) expand: %{reply:EAP-MSK} ->
0x1fb12ddd1fa37055e2178c1525d32d189d720d0987006686a6a5306992df472e3c1a0fade5
9132dd591aed447610e20c90a230fa5e7e345461261f8893588691 (5) } # update reply = noop (5) wimax : MIP-RK =
0x34cb0114be346973d5832ba7410516ed882d1fb1fb0ae3ad608e687c48b01ab6948fd63668
f8d0e5fbdb1c3169e676b44aea80064919ae759cc997505584dbf7 (5) wimax : MIP-SPI = dd1974b7 (5) [wimax] = updated Sending Access-Accept of id 230 to 10.190.0.2 port 1812 User-Name = "30001020" Alvarion-R3-IF-Name = "CPEL3Mgmt" Alvarion-PDFID = 1 WiMAX-Packet-Data-Flow-Id = 1 WiMAX-Direction = Bi-Directional WiMAX-Transport-Type = IPv4-CS WiMAX-Uplink-QOS-Id = 1 WiMAX-Downlink-QOS-Id = 1 WiMAX-ClassifierID = 2 WiMAX-Classifier-Priority = 1 WiMAX-Classifier-Direction = IN WiMAX-IP-TOS-DSCP-Range-and-Mask = 0x31353739323633 WiMAX-ClassifierID = 1 WiMAX-Classifier-Priority = 1 WiMAX-Classifier-Direction = OUT WiMAX-IP-TOS-DSCP-Range-and-Mask = 0x3635353335 WiMAX-QoS-Id = 1 WiMAX-Schedule-Type = Best-Effort WiMAX-Traffic-Priority = 4 WiMAX-Maximum-Sustained-Traffic-Rate = 512000 WiMAX-IP-Technology = Ethernet-CS Alvarion-R3-IF-Name = "HazelL2Service" Alvarion-PDFID = 2 WiMAX-Packet-Data-Flow-Id = 2 WiMAX-Direction = Bi-Directional WiMAX-Transport-Type = Ethernet WiMAX-Uplink-QOS-Id = 2 WiMAX-Downlink-QOS-Id = 2 WiMAX-ClassifierID = 1 WiMAX-Classifier-Priority = 1 WiMAX-Classifier-Direction = Bi-Directional WiMAX-VLAN-ID = 175 WiMAX-QoS-Id = 2 WiMAX-Schedule-Type = nrtPS WiMAX-Traffic-Priority = 1 WiMAX-Maximum-Sustained-Traffic-Rate = 4096000 WiMAX-Minimum-Reserved-Traffic-Rate = 1024000 WiMAX-IP-Technology = Ethernet-CS WiMAX-hHA-IP-MIP4 = 12.12.12.12 Session-Timeout = 3600 Reply-Message = "4motion test" MS-CHAP-MPPE-Keys = 0x250838025ed089c5740e1ec19c1d0bedd9776bd85e9fca880000000000000000 MS-MPPE-Encryption-Policy = Encryption-Allowed MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed MS-MPPE-Recv-Key = 0x1fb12ddd1fa37055e2178c1525d32d189d720d0987006686a6a5306992df472e MS-MPPE-Send-Key = 0x3c1a0fade59132dd591aed447610e20c90a230fa5e7e345461261f8893588691 EAP-Message = 0x03060004 Message-Authenticator = 0x00000000000000000000000000000000 WiMAX-MSK =
0x1fb12ddd1fa37055e2178c1525d32d189d720d0987006686a6a5306992df472e3c1a0fade5
9132dd591aed447610e20c90a230fa5e7e345461261f8893588691 (5) Finished request 5. Waking up in 0.1 seconds. Waking up in 0.1 seconds. Waking up in 2.9 seconds. (0) Cleaning up request packet ID 225 with timestamp +85 Waking up in 0.1 seconds. (1) Cleaning up request packet ID 226 with timestamp +85 (2) Cleaning up request packet ID 227 with timestamp +85 (3) Cleaning up request packet ID 228 with timestamp +85 Waking up in 1.2 seconds. (4) Cleaning up request packet ID 229 with timestamp +86 Waking up in 0.1 seconds. (5) Cleaning up request packet ID 230 with timestamp +86 Ready to process requests. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=231, length=226 User-Name = "{sm=1}test@company.ie" EAP-Message =
0x0201002a017b736d3d317d6d61676e612e74616c6c616768742e7465737440616972737065
65642e6965 Message-Authenticator = 0x2304870d06de86fa88b3ccd2de56a789 NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a (6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (6) group authorize { (6) - entering group authorize {...} (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) eap : EAP packet type response id 1 length 42 (6) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (6) [eap] = ok (6) Found Auth-Type = ? (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (6) group authenticate { (6) - entering group authenticate {...} (6) eap : EAP Identity (6) eap : processing type tls (6) tls : Initiate (6) tls : Start returned 1 (6) [eap] = handled Sending Access-Challenge of id 231 to 10.190.0.2 port 1812 EAP-Message = 0x010200061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfdcbcc4afdc9d9fe908aaa2f4bb4f780 (6) Finished request 6. Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=232, length=290 User-Name = "{sm=1}test@company.ie" EAP-Message =
0x0202005815800000004e16030100490100004503014d6f049b50d6ea950c49e9ddac3c33c4 a0477aefbe9119045fd3313c4148aa9300001e00390038003500160013000a00330032002f00
15001200090014001100080100 Message-Authenticator = 0xab2efdd42f1f345c5b0ff3654e5fbeb1 NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a State = 0xfdcbcc4afdc9d9fe908aaa2f4bb4f780 (7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (7) group authorize { (7) - entering group authorize {...} (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) eap : EAP packet type response id 2 length 88 (7) eap : Continuing tunnel setup. (7) [eap] = ok (7) Found Auth-Type = ? (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (7) group authenticate { (7) - entering group authenticate {...} (7) eap : Request found, released from the list (7) eap : EAP/ttls (7) eap : processing type ttls (7) ttls : Authenticate (7) ttls : processing EAP-TLS TLS Length 78 (7) ttls : Length Included (7) ttls : eaptls_verify returned 11 (7) ttls : (other): before/accept initialization (7) ttls : TLS_accept: before/accept initialization (7) ttls :<<< TLS 1.0 Handshake [length 0049], ClientHello (7) ttls : TLS_accept: SSLv3 read client hello A (7) ttls :>>> TLS 1.0 Handshake [length 002a], ServerHello (7) ttls : TLS_accept: SSLv3 write server hello A (7) ttls :>>> TLS 1.0 Handshake [length 085e], Certificate (7) ttls : TLS_accept: SSLv3 write certificate A (7) ttls :>>> TLS 1.0 Handshake [length 020d], ServerKeyExchange (7) ttls : TLS_accept: SSLv3 write key exchange A (7) ttls :>>> TLS 1.0 Handshake [length 0004], ServerHelloDone (7) ttls : TLS_accept: SSLv3 write server done A (7) ttls : TLS_accept: SSLv3 flush data (7) ttls : TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode (7) ttls : eaptls_process returned 13 (7) [eap] = handled Sending Access-Challenge of id 232 to 10.190.0.2 port 1812 EAP-Message =
0x0103040015c000000aad160301002a0200002603014e9ee512e286821d40c5caafa8f5cd1b 8a1ed466ce0608d778ac01ab923d418c00003900160301085e0b00085a0008570003a6308203 a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355 040613024652310f300d060355040813065261646975733112301006035504071309536f6d65 776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886 f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d457861
6d706c6520436572746966696361746520417574686f72697479 EAP-Message =
0x301e170d3131313031333039353734375a170d3132313031323039353734375a307c310b30 09060355040613024652310f300d0603550408130652616469757331153013060355040a130c 4578616d706c6520496e632e312330210603550403131a4578616d706c652053657276657220 43657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d 706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a028201 0100caef6b9b67bdef4ad8e1e44128bc7e4d59b10f7fea2f25a815df34e36e48223a3812b6b4
c9005ddf99cf79afe5a4645eb7847cdaa444ad11ad858447f05e EAP-Message =
0xbb17624bb71f12a488110b381a1a629f04fe7811e5589b7cfebad4e16d89ce6b982880f28d b5f6817bda4db85b83520a6d47f682e224f70e9a104fc421ca712b8fa4c1b9e6c98329a5db41 50bb6d06fe29729e2842c5ecb6960b89cbdadc1ec91e7eadbdb4288023659fef46b02ec89bb4 7026e86c85aefb37d6df74167a3e12279d32b42199ba04013f8d4985c218365f0f60c3d9af22 7a3949125925db3ffb1bdccf34548f7626dac63e22b0624b6f16669d47fbc7ca4ddf2f794d00 4b901ecb090203010001a317301530130603551d25040c300a06082b06010505070301300d06
092a864886f70d01010405000382010100b676c0afe25190b575 EAP-Message =
0x1fa8ec975b02e09c61c8b25c4e2b7fe96b9275018524ef5bfecace1625ea8a09aaccc1a0b9 cdb2ebe7d1780ecf6a2bf775d639944c27881d5ea4d6fb013799ca759216777b46ee8dbdd9b6 6346ad9ee5b4e1854f04fa495bc64ce62702c50f3ba637d28c835c3113ca9984a94b1b3e6402 8034c73d734af96bdbb3e7bbb427372fb069af913eb2ced4ef9253a87050138334320cd2f563 c457de969f8472fd861282613fb501a0732e1bc2e9a0eb41caa6cb481c773f79737c1a9bc0e9 5e795ee5a0974fb2752d947606422dfba0e2c45b046c834c0553aecdd2b3a37952050de7a2d6
e27be9065dc29bc10b90188a7faf20beed7b904c0004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfdcbcc4afcc8d9fe908aaa2f4bb4f780 (7) Finished request 7. Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=233, length=208 User-Name = "{sm=1}test@company.ie" EAP-Message = 0x020300061500 Message-Authenticator = 0xe4548d83804e1e53f53cce5d4e69eede NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a State = 0xfdcbcc4afcc8d9fe908aaa2f4bb4f780 (8) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (8) group authorize { (8) - entering group authorize {...} (8) [preprocess] = ok (8) [chap] = noop (8) [mschap] = noop (8) eap : EAP packet type response id 3 length 6 (8) eap : Continuing tunnel setup. (8) [eap] = ok (8) Found Auth-Type = ? (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (8) group authenticate { (8) - entering group authenticate {...} (8) eap : Request found, released from the list (8) eap : EAP/ttls (8) eap : processing type ttls (8) ttls : Authenticate (8) ttls : processing EAP-TLS (8) ttls : Received TLS ACK (8) ttls : Received TLS ACK (8) ttls : ACK handshake fragment handler (8) ttls : eaptls_verify returned 1 (8) ttls : eaptls_process returned 13 (8) [eap] = handled Sending Access-Challenge of id 233 to 10.190.0.2 port 1812 EAP-Message =
0x0104040015c000000aad00ec1d720e4a7e8a98300d06092a864886f70d0101050500308193 310b3009060355040613024652310f300d060355040813065261646975733112301006035504 071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e312030 1e06092a864886f70d010901161161646d696e406578616d706c652e636f6d31263024060355 0403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d31 31313031333039353734375a170d3132313031323039353734375a308193310b300906035504
0613024652310f300d0603550408130652616469757331123010 EAP-Message =
0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e 632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126 30240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 30820122300d06092a864886f70d01010105000382010f003082010a0282010100be734cc62e cb7177f45d9f49d0dc7c67f1e8f71f9ad048dd67a12de738c98729d524e687e47b801bf912a3 ce76ff5c35cbbae16eed0733b5e51b53633123803af7f8bdb2a456b82f3c022ab8aa75e09e55
f898044a1de747799af4506d191327f3cb2fd28c87d277828b1b EAP-Message =
0x5372af25f28e4dc8ece69051878c673e3036fad0165be210ee1e208c762dbd201af930f8d3 0c2d8e1f112afa92bec4462e0f812d645e0572c991a9f1ff3fb7938f9aa1c92db6464ea6025f c34af023dc152c09ac6074742f3b1766cfca4c352255553bea37de71ea152bb306cd1893e111 19326b7a5bdf957fc90726ffcf49b542285aeda0480ced4f180547fe0449400dfd786fc50203 010001a381fb3081f8301d0603551d0e04160414b57317268d6d7a07453f567b60d8e38ab31a f2a13081c80603551d230481c03081bd8014b57317268d6d7a07453f567b60d8e38ab31af2a1
a18199a48196308193310b3009060355040613024652310f300d EAP-Message =
0x060355040813065261646975733112301006035504071309536f6d65776865726531153013 060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d01090116116164 6d696e406578616d706c652e636f6d312630240603550403131d4578616d706c652043657274 6966696361746520417574686f72697479820900ec1d720e4a7e8a98300c0603551d13040530 030101ff300d06092a864886f70d010105050003820101000145888b12dc92a1ae57d9cf122d 90702ccf6fdeacf92f4e46bdab9773d80bb5373ddacd234f03fd8d8f8587b515ba24b28931ff
ec882ad044f8bc07f3c510b90f86e302639082c1d1fbc9fd9d2b EAP-Message = 0x29f6a43153b63396708d1c2a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfdcbcc4affcfd9fe908aaa2f4bb4f780 (8) Finished request 8.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html