Repeating the same attribute in reply message
Hi, I am using FreeRadius 2.1.7-7.el5 on CentOS 5.6. The RPM package is the one came with the CentOS system. I a trying to send in the Access-Accept the same attribute twice but with different values (for Wimax QoS descriptor). I am using the += operator but still, the reply message contains only the first parameter and the second is just ignored. I would appriciate some help.... The attributes are: WiMAX-QoS-Id += 1, WiMAX-Schedule-Type += Best-Effort, WiMAX-Traffic-Priority += 1, WiMAX-Maximum-Sustained-Traffic-Rate += 2000000, WiMAX-QoS-Id += 2, WiMAX-Schedule-Type += Best-Effort, WiMAX-Traffic-Priority += 1, WiMAX-Maximum-Sustained-Traffic-Rate += 2000000, but I get only (from the Radius -X): WiMAX-QoS-Id = 1 WiMAX-Schedule-Type = Best-Effort WiMAX-Traffic-Priority = 1 WiMAX-Maximum-Sustained-Traffic-Rate = 2000000 Many Thanks, Shai.
Shai Mizrachi wrote:
I a trying to send in the Access-Accept the same attribute twice but with different values (for Wimax QoS descriptor). I am using the += operator but still, the reply message contains only the first parameter and the second is just ignored.
It should work. But maybe 2.1.7 doesn't have the required WiMAX magic. What does the debug output show? Where are the attributes defined? Alan DeKok.
Hi, The users are configured inside /etc/raddb/users (no D.B is used). All of the Wimax parameters are working fine, it is just the repeated attributes which are failing (not sure this is related to Wimax ?) I am attaching the output of the radiusd -X, followed by the user configured in the users file. Thanks for the help ... ================================================= ================================================= Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Ready to process requests. rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=95, length=244 User-Name = "{am=1}25f49af72f955791d10bec743331c5cc@lab.com" EAP-Message = 0x02010033017b616d3d317d3235663439616637326639353537393164313062656337343333333163356363406c61622e636f6d Message-Authenticator = 0x0f3f1d311098d83650466889dc8c8be4 NAS-Identifier = "ASN-GW" NAS-IP-Address = 10.10.186.40 Calling-Station-Id = "00-10-E7-62-31-6C" WiMAX-BS-Id = 0x020202010102 NAS-Port-Type = 27 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id WiMAX-Attr-1793 = 0x0000028a +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.10.186.40/auth-detail-20110530 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.10.186.40/auth-detail-20110530 [auth_log] expand: %t -> Mon May 30 23:27:49 2011 ++[auth_log] returns ok ++[mschap] returns noop ++[files] returns noop ++[wimax] returns ok [eap] EAP packet type response id 1 length 51 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 95 to 10.10.186.40 port 1812 EAP-Message = 0x010200061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x053d4696053f53efd45f1f316c7360de Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=96, length=273 User-Name = "{am=1}25f49af72f955791d10bec743331c5cc@lab.com" EAP-Message = 0x0202003e150016030100330100002f0301000005ac62f536b4e285cf8c87f103e4f71c387c62d870cff93b0831ed3d6590000008002f000a000500040100 Message-Authenticator = 0x92bca141cfecbcbc26200c92954fdd00 NAS-Identifier = "ASN-GW" NAS-IP-Address = 10.10.186.40 Calling-Station-Id = "00-10-E7-62-31-6C" WiMAX-BS-Id = 0x020202010102 NAS-Port-Type = 27 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id WiMAX-Attr-1793 = 0x0000028a State = 0x053d4696053f53efd45f1f316c7360de +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.10.186.40/auth-detail-20110530 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.10.186.40/auth-detail-20110530 [auth_log] expand: %t -> Mon May 30 23:27:49 2011 ++[auth_log] returns ok ++[mschap] returns noop ++[files] returns noop ++[wimax] returns ok [eap] EAP packet type response id 2 length 62 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 0033], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 085e], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 96 to 10.10.186.40 port 1812 EAP-Message = 0x0103040015c00000089b160301002a0200002603014de3fdc5d1d28867b0622cc6f5687695696174dd611902e01c2360571181ad6800002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3131303532363230303133315a170d3132303532353230303133315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b46520833e7c771d35ef2663a7a4a2c5f8f7a14cfc1de3d75565e0d2f53d61220f0ee69cda0ec130512315a0208a1e93b3900ed878d01c52a0866e8ed800 EAP-Message = 0x0dd110881020abe9d580cfcb7afb7212a6c9f14caab6ae90cd62fdac8b457155fb04e0bbc38c96a04ea46d92b1dfbc375f89f448ca43b9b17419e86d741842b428d2f4f91fcffa6a7dc3b49d4b5b6b2561ad071c20c4a22c512d8f25d0ed4375fd802e043ea78535cd60146320ea4a1d8dc075b37c197ae1cfaec10c056271138b36ee40741b453a6a42140a2e18de2dd59f46d10219d040e824f0f3ffbbd72494ffbe79fa6ae6e9dfb0a681867f0ccc6f0dbc27f0483eb6a9217b499604b33cd0750203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101000222b6a16a0622b9d8 EAP-Message = 0xb824f1ef69d354ab1552a5934440f05d150639594ffe06cf7714cc264e714089de76d2920157c1d2d3e378b64884ca3533625a88373b1dd4a6e852da867ed72e915c2bcae0ad0358e9738f588d3238a10c772438d7843d49286cb065dfd1d1aa58446730f67a8804774a257899f0154c12214c2ca9e7e15ce9c145dc3b9aa3a3e9dfb554875817faefef16cf72e4b6a5e16f637f3ca921feaad24cdaf08432773bd3bfdea0667b041b2a60503050cd71788818b7899dc3331e9a9f29ee89905d11796929934e1dbf0367fb4ba1a00b81738dce9229115472f15339f5eaa1d4539a3156ddd80efe65baa0cd974b2611db0471e5f15e085b0004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x053d4696043e53efd45f1f316c7360de Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=97, length=217 User-Name = "{am=1}25f49af72f955791d10bec743331c5cc@lab.com" EAP-Message = 0x020300061500 Message-Authenticator = 0x54ef7760e3b928dca237285f47387b05 NAS-Identifier = "ASN-GW" NAS-IP-Address = 10.10.186.40 Calling-Station-Id = "00-10-E7-62-31-6C" WiMAX-BS-Id = 0x020202010102 NAS-Port-Type = 27 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id WiMAX-Attr-1793 = 0x0000028a State = 0x053d4696043e53efd45f1f316c7360de +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.10.186.40/auth-detail-20110530 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.10.186.40/auth-detail-20110530 [auth_log] expand: %t -> Mon May 30 23:27:49 2011 ++[auth_log] returns ok ++[mschap] returns noop ++[files] returns noop ++[wimax] returns ok [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 97 to 10.10.186.40 port 1812 EAP-Message = 0x0104040015c00000089b00831df6a982d018e5300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3131303532363230303133315a170d3132303532353230303133315a308193310b3009060355040613024652310f300d0603550408130652616469757331123010 EAP-Message = 0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100e1a0848d1402797067079584e7a66b3166f43551353d3ed40022e611235740d06d254c1143ef481d184bdf89a6d3019d418dbfa20b0c523728908a55a587c446cffd6289362b11036a93cd43984c72d7f69e650a46b5bab076ec766ec50081daa02ac73248baaa737885cf EAP-Message = 0xa2b8eefcbcf75083ea333f55e4b322d8ee54a61dc400c03e1ba054a8da360656b5ac4fc6e5e6c37935ce52abb25fbbeadd086732dd2bc5956124a7ab236938e9636bf43c808d891dda71d413cee161cbf1dc3e7fb9894d84c1fd8bfc0b06fd85cf66c50f732dd517c49ab20ba8cef96937116f2032a45db966c8ea98f574ef4fa4898e10d217234b0dd497024141539209e6fa0bef0203010001a381fb3081f8301d0603551d0e0416041496eb3dd1a839b16846b251bbafc06aacb224dff33081c80603551d230481c03081bd801496eb3dd1a839b16846b251bbafc06aacb224dff3a18199a48196308193310b3009060355040613024652310f300d EAP-Message = 0x060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900831df6a982d018e5300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100a104b252dca5de30e3408fedbf255276180a97ea23e0292a9d04bebd15606707aa43710971c7df459e148ddda98068d026f69d540f37aff1b195d57da7fb7d8a868a9c0355233ae84a4d2a56fc43 EAP-Message = 0x40ebc8c69220f02c5cf8ac5c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x053d4696073953efd45f1f316c7360de Finished request 2. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=98, length=217 User-Name = "{am=1}25f49af72f955791d10bec743331c5cc@lab.com" EAP-Message = 0x020400061500 Message-Authenticator = 0x5bc9fb67028db3ca75384b250d49f223 NAS-Identifier = "ASN-GW" NAS-IP-Address = 10.10.186.40 Calling-Station-Id = "00-10-E7-62-31-6C" WiMAX-BS-Id = 0x020202010102 NAS-Port-Type = 27 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id WiMAX-Attr-1793 = 0x0000028a State = 0x053d4696073953efd45f1f316c7360de +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.10.186.40/auth-detail-20110530 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.10.186.40/auth-detail-20110530 [auth_log] expand: %t -> Mon May 30 23:27:50 2011 ++[auth_log] returns ok ++[mschap] returns noop ++[files] returns noop ++[wimax] returns ok [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 98 to 10.10.186.40 port 1812 EAP-Message = 0x010500b915800000089b4a2ecaef24f899dfc6c948b2d9131ea2ad6d4f21bd0e0f940bc66f43d13689ac6058a1bad235de38502575b6cffdaae0c64cde8e3df0819211f94dc769ccdd47b3ca24289e73054b79cb9844d6fe295dab8b0fe4924fc582ae0c16e60723a3b291553437875d97a8b443b7c17fba728dbfa149d6f83d0a287ebaf7f9a911bec0ef925a5ebd8a8ee0df6b4662d10f557136be94a69d8a479866c2adfd90f6b5c119e61035ef7316030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x053d4696063853efd45f1f316c7360de Finished request 3. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=99, length=545 User-Name = "{am=1}25f49af72f955791d10bec743331c5cc@lab.com" EAP-Message = 0x0205014c15001603010106100001020100144bc81228a0051ed5f8f8c4e487da89ccaeea6269e5f29458db08446dbe8ba4dfc9f4e61197587dda7dda5596dfa1e40e37ba81fca5c945e18245b08e928e2181bd3ba917382b93ec7f7a7b57ef02fa0bbdde1d6f23528bbe7fe987780da9290811d214f3bc8e72a2493ca3d4129c1beef9537d8ac542a235b2ddd29633af28a39e25e0decb8d60af09de873eb99cd7c3c4ae4c01a2ef9042f57aeb9a302a5b27a46eab61e6d73d2d2e2971f0f9dd05899954d4fa46c7bbe589c39624cdcf95a860a75db29a9bee717dfadb9280ca8c95b1db821d88d84b7d7ef5d7c7f25bc931de46cba01771e2b1a4e187 EAP-Message = 0xd5ff3c8d571696195f6cdf74149069b61382de601403010001011603010030642012d01bdb07d967c3c732e2624ac232cf66a13c045909f245d1113270c89771f302e8e77b7eb3f14b2434ed728f18 Message-Authenticator = 0xa3940c26ad536f4df564151e14a962d1 NAS-Identifier = "ASN-GW" NAS-IP-Address = 10.10.186.40 Calling-Station-Id = "00-10-E7-62-31-6C" WiMAX-BS-Id = 0x020202010102 NAS-Port-Type = 27 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id WiMAX-Attr-1793 = 0x0000028a State = 0x053d4696063853efd45f1f316c7360de +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.10.186.40/auth-detail-20110530 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.10.186.40/auth-detail-20110530 [auth_log] expand: %t -> Mon May 30 23:27:50 2011 ++[auth_log] returns ok ++[mschap] returns noop ++[files] returns noop ++[wimax] returns ok [eap] EAP packet type response id 5 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 99 to 10.10.186.40 port 1812 EAP-Message = 0x0106004515800000003b140301000101160301003069b56c3d3948529c615d8d65e533020fef7e7ab7732cd615f9e87055675ebf83a29b5146da4a554bceec25df935f6555 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x053d4696013b53efd45f1f316c7360de Finished request 4. Going to the next request Waking up in 4.5 seconds. rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=100, length=382 User-Name = "{am=1}25f49af72f955791d10bec743331c5cc@lab.com" EAP-Message = 0x020600ab150017030100a0d8688e20c0b0067915213b723edda42fc3344b33496b465422aa8687d9a6727678efac380e96c18d7197c894a329f1fc0bada19e689ccef2f1a37d8e9f25c4a8fee6b7fe623d86b912ca0c03d25c20b25ab4c0950dabbce9236f1bd4fef65f036c78d6b5aa07ad75eca65178f4198c7bd34b881ffdf7c2e57f763ce34951aab3631e0ad0283532fc0c1f1812495c7bb7f79389c4045d4e72067b1333fb77c9ed Message-Authenticator = 0x6ca3e01fb59e6ab77890bcb48cc2d361 NAS-Identifier = "ASN-GW" NAS-IP-Address = 10.10.186.40 Calling-Station-Id = "00-10-E7-62-31-6C" WiMAX-BS-Id = 0x020202010102 NAS-Port-Type = 27 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id WiMAX-Attr-1793 = 0x0000028a State = 0x053d4696013b53efd45f1f316c7360de +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.10.186.40/auth-detail-20110530 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.10.186.40/auth-detail-20110530 [auth_log] expand: %t -> Mon May 30 23:27:50 2011 ++[auth_log] returns ok ++[mschap] returns noop ++[files] returns noop ++[wimax] returns ok [eap] EAP packet type response id 6 length 171 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "explicit_ipcs@lab.com" MS-CHAP-Challenge = 0x0b7f5bf22bab3eb0e2ac075b2ca5c652 MS-CHAP2-Response = 0x090019064d31498f4b510c02e282cdd804080000000000000000eb431e35a460ab50b9cd0b7b76190ff77c3fccb20cfd84d0 FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "explicit_ipcs@lab.com" MS-CHAP-Challenge = 0x0b7f5bf22bab3eb0e2ac075b2ca5c652 MS-CHAP2-Response = 0x090019064d31498f4b510c02e282cdd804080000000000000000eb431e35a460ab50b9cd0b7b76190ff77c3fccb20cfd84d0 FreeRADIUS-Proxied-To = 127.0.0.1 NAS-Identifier = "ASN-GW" NAS-IP-Address = 10.10.186.40 Calling-Station-Id = "00-10-E7-62-31-6C" WiMAX-BS-Id = 0x020202010102 NAS-Port-Type = 27 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id WiMAX-Attr-1793 = 0x0000028a server { +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.10.186.40/auth-detail-20110530 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.10.186.40/auth-detail-20110530 [auth_log] expand: %t -> Mon May 30 23:27:50 2011 ++[auth_log] returns ok [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [files] users: Matched entry explicit_ipcs@lab.com at line 212 ++[files] returns ok ++[wimax] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = MSCHAP +- entering group MS-CHAP {...} [mschap] Told to do MS-CHAPv2 for explicit_ipcs@lab.com with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok +- entering group post-auth {...} ++[exec] returns noop expand: %{User-Name} -> explicit_ipcs@lab.com ++[request] returns noop ++[reply] returns noop [wimax] No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys. ++[wimax] returns noop } # server [ttls] Got tunneled reply code 2 Idle-Timeout = 3600 Session-Timeout = 1800 Termination-Action = RADIUS-Request R3-IF-Name = "CPE_MGMT_SG" PDFID = 1 WiMAX-Packet-Data-Flow-Id = 1 WiMAX-Direction = Bi-Directional WiMAX-Transport-Type = IPv4-CS WiMAX-Uplink-QOS-Id = 1 WiMAX-Downlink-QOS-Id = 2 Classifier = 0x01030102030004030307051818ff WiMAX-QoS-Id = 1 WiMAX-Schedule-Type = Best-Effort WiMAX-Traffic-Priority = 1 WiMAX-Maximum-Sustained-Traffic-Rate = 2000000 WiMAX-QoS-Id = 2 WiMAX-Schedule-Type = Best-Effort WiMAX-Traffic-Priority = 1 WiMAX-Maximum-Sustained-Traffic-Rate = 2000000 R3-IF-Name = "DHCP_Relay_SG" PDFID = 2 WiMAX-Packet-Data-Flow-Id = 2 WiMAX-Direction = Bi-Directional WiMAX-Transport-Type = IPv4-CS WiMAX-Uplink-QOS-Id = 3 WiMAX-Downlink-QOS-Id = 4 Classifier = 0x01030102030004030307050000ff WiMAX-QoS-Id = 3 WiMAX-Schedule-Type = Best-Effort WiMAX-Traffic-Priority = 0 WiMAX-Maximum-Sustained-Traffic-Rate = 1000000 WiMAX-QoS-Id = 4 WiMAX-Schedule-Type = Best-Effort WiMAX-Traffic-Priority = 0 WiMAX-Maximum-Sustained-Traffic-Rate = 1000000 MS-CHAP2-Success = 0x09533d32374643374430424643444134303643454343324546384236363046414235444138354544414532 MS-MPPE-Recv-Key = 0x3010c1cef4dff3ccbc401e61fe6aba40 MS-MPPE-Send-Key = 0xceb06d718258ce7e6b9aed16c80e7f2e MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 WiMAX-FA-RK-Key = 0x00 WiMAX-HA-RK-Key = 0x00 WiMAX-IP-Technology = CMIP4 [ttls] Got tunneled Access-Accept [ttls] Got MS-CHAP2-Success, tunneling it to the client in a challenge. ++[eap] returns handled Sending Access-Challenge of id 100 to 10.10.186.40 port 1812 EAP-Message = 0x0107005f15800000005517030100509aef16d756ed9395371c99b470bac318aceb342970cd8d0d52891ef51b8a9451a5f3227ca14cafcee73235c8aad0401f2a6596ad98a857512c468fe0f7f8be0ac712235fb6767a1590705002fa7816bf Message-Authenticator = 0x00000000000000000000000000000000 State = 0x053d4696003a53efd45f1f316c7360de Finished request 5. Going to the next request Waking up in 4.4 seconds. rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=101, length=217 User-Name = "{am=1}25f49af72f955791d10bec743331c5cc@lab.com" EAP-Message = 0x020700061500 Message-Authenticator = 0xc30d23caa66a6c953bfe8980cba6ac85 NAS-Identifier = "ASN-GW" NAS-IP-Address = 10.10.186.40 Calling-Station-Id = "00-10-E7-62-31-6C" WiMAX-BS-Id = 0x020202010102 NAS-Port-Type = 27 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id WiMAX-Attr-1793 = 0x0000028a State = 0x053d4696003a53efd45f1f316c7360de +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.10.186.40/auth-detail-20110530 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.10.186.40/auth-detail-20110530 [auth_log] expand: %t -> Mon May 30 23:27:50 2011 ++[auth_log] returns ok ++[mschap] returns noop ++[files] returns noop ++[wimax] returns ok [eap] EAP packet type response id 7 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake is finished [ttls] eaptls_verify returned 3 [ttls] eaptls_process returned 3 [eap] Freeing handler ++[eap] returns ok +- entering group post-auth {...} ++[exec] returns noop expand: %{User-Name} -> {am=1}25f49af72f955791d10bec743331c5cc@lab.com ++[request] returns noop ++[reply] returns noop [wimax] MIP-RK = 0xaef9d3e53fd7d9bcf6b0f765dca01d76e342f5acd10f5ff4561e6f16c6a14d6c1d6fbc7a2d233f8eb5c4440f07e7fee9285396977715f86584cc91712551f6a5 [wimax] MIP-SPI = e7754631 [wimax] WARNING: WiMAX-hHA-IP-MIP4 not found. Cannot calculate MN-HA-CMIP4 key ++[wimax] returns updated Sending Access-Accept of id 101 to 10.10.186.40 port 1812 Idle-Timeout = 3600 Session-Timeout = 1800 Termination-Action = RADIUS-Request R3-IF-Name = "CPE_MGMT_SG" PDFID = 1 WiMAX-Packet-Data-Flow-Id = 1 WiMAX-Direction = Bi-Directional WiMAX-Transport-Type = IPv4-CS WiMAX-Uplink-QOS-Id = 1 WiMAX-Downlink-QOS-Id = 2 Classifier = 0x01030102030004030307051818ff WiMAX-QoS-Id = 1 WiMAX-Schedule-Type = Best-Effort WiMAX-Traffic-Priority = 1 WiMAX-Maximum-Sustained-Traffic-Rate = 2000000 WiMAX-FA-RK-Key = 0xe5c88d100cf04d75e950ea17183fd6a75fdeed2e WiMAX-HA-RK-Key = 0x00 WiMAX-IP-Technology = CMIP4 EAP-Message = 0x03070004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "{am=1}25f49af72f955791d10bec743331c5cc@lab.com" WiMAX-MSK = 0x10526ef39b288de53f21aea35e5d45e426399ce2991dcd3db2e1705d82f57b4c6e90fb19ccfed3621fe7657f657f6124c12a414393689957c0232b39db064f20 WiMAX-FA-RK-SPI = 826701287 Finished request 6. ======================================================================== ======================================================================== explicit_ipcs@lab.com Cleartext-Password := "1234" Idle-Timeout = 3600, Session-Timeout = 1800, Termination-Action = RADIUS-Request, R3-IF-Name += CPE_MGMT_SG, PDFID += 1, WiMAX-Packet-Data-Flow-Id += 1, WiMAX-Direction += Bi-Directional, WiMAX-Transport-Type += IPv4-CS, WiMAX-Uplink-QOS-Id += 1, WiMAX-Downlink-QOS-Id += 2, Classifier += 0x01030102030004030307051818ff, WiMAX-QoS-Id += 1, WiMAX-Schedule-Type += Best-Effort, WiMAX-Traffic-Priority += 1, WiMAX-Maximum-Sustained-Traffic-Rate += 2000000, WiMAX-QoS-Id += 2, WiMAX-Schedule-Type += Best-Effort, WiMAX-Traffic-Priority += 1, WiMAX-Maximum-Sustained-Traffic-Rate += 2000000, R3-IF-Name += DHCP_Relay_SG, PDFID += 2, WiMAX-Packet-Data-Flow-Id += 2, WiMAX-Direction += Bi-Directional, WiMAX-Transport-Type += IPv4-CS, WiMAX-Uplink-QOS-Id += 3, WiMAX-Downlink-QOS-Id += 4, Classifier += 0x01030102030004030307050000ff, WiMAX-QoS-Id += 3, WiMAX-Schedule-Type += Best-Effort, WiMAX-Traffic-Priority +=0, WiMAX-Maximum-Sustained-Traffic-Rate += 1000000, WiMAX-QoS-Id += 4, WiMAX-Schedule-Type += Best-Effort, WiMAX-Traffic-Priority += 0, WiMAX-Maximum-Sustained-Traffic-Rate += 1000000 ====================================================================== ====================================================================== On Mon, May 30, 2011 at 5:16 PM, Alan DeKok <aland@deployingradius.com>wrote:
Shai Mizrachi wrote:
I a trying to send in the Access-Accept the same attribute twice but with different values (for Wimax QoS descriptor). I am using the += operator but still, the reply message contains only the first parameter and the second is just ignored.
It should work. But maybe 2.1.7 doesn't have the required WiMAX magic.
What does the debug output show? Where are the attributes defined?
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- ---------------- Shai Mizrachi 054-9225408
Shai Mizrachi wrote:
The users are configured inside /etc/raddb/users (no D.B is used). All of the Wimax parameters are working fine, it is just the repeated attributes which are failing (not sure this is related to Wimax ?)
It would help if you said what was *actually* heppening.
I am attaching the output of the radiusd -X, followed by the user configured in the users file. ... R3-IF-Name += DHCP_Relay_SG, PDFID += 2,
These attributes are NOT in the dictionaries for 2.1.7. If the server doesn't complain about them, it's because you've edited the dictionaries. If you're going to use Alvarion (which is NOT standard WiMAX), you will need to use the "master" branch from http://git.freeradius.org And you will need to: - delete the standard wimax && alvarion dictionaries - enable the non-standard dictionary.wimax.alvarion, and dictionary.alvarion.wimax My $0.02 is that you should probably be asking Alvarion for help. They've gone out of their way to *not* implement the standard. Everything they do is broken, and they don't see a problem with that. Alan DeKok.
Hi, My problem is that the attributes I have entered in the users file (under the specific user) are not present inside the Access-Accept message replied to the ASN-GW/NAS. The scenario is the same also for the regular Wimax attributes. The += parameter just doesn't work, the second attribute which is identical to a previous one (and provisioned with +=) is not being inserted to the Access-Accept message. Thanks, Shai. -----Original Message----- From: freeradius-users-bounces+mizrachi.shai=gmail.com@lists.freeradius.org [mailto:freeradius-users-bounces+mizrachi.shai=gmail.com@lists.freeradius.or g] On Behalf Of Alan DeKok Sent: Tuesday, May 31, 2011 8:19 AM To: FreeRadius users mailing list Subject: Re: Repeating the same attribute in reply message Shai Mizrachi wrote:
The users are configured inside /etc/raddb/users (no D.B is used). All of the Wimax parameters are working fine, it is just the repeated attributes which are failing (not sure this is related to Wimax ?)
It would help if you said what was *actually* heppening.
I am attaching the output of the radiusd -X, followed by the user configured in the users file. ... R3-IF-Name += DHCP_Relay_SG, PDFID += 2,
These attributes are NOT in the dictionaries for 2.1.7. If the server doesn't complain about them, it's because you've edited the dictionaries. If you're going to use Alvarion (which is NOT standard WiMAX), you will need to use the "master" branch from http://git.freeradius.org And you will need to: - delete the standard wimax && alvarion dictionaries - enable the non-standard dictionary.wimax.alvarion, and dictionary.alvarion.wimax My $0.02 is that you should probably be asking Alvarion for help. They've gone out of their way to *not* implement the standard. Everything they do is broken, and they don't see a problem with that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Shai Mizrachi wrote:
My problem is that the attributes I have entered in the users file (under the specific user) are not present inside the Access-Accept message replied to the ASN-GW/NAS.
The problem is that you did not read my response, and you did not follow the instructions in it. If you have no intention of listening to the help we give, don't ask for help. Alan DeKok.
participants (2)
-
Alan DeKok -
Shai Mizrachi