Hi, I would like to know whether latest Freeradius version has the support for WiMax VSAs? Also please tell me how to send the WiMAX Qos Descriptors in Access-Accept Regards Anup ______________________________________ Scanned and protected by Email scanner
Anup wrote:
Hi, I would like to know whether latest Freeradius version has the support for WiMax VSAs?
The server comes with documentation and dictionary files. Please read them.
Also please tell me how to send the WiMAX Qos Descriptors in Access-Accept
VSAs are just attributes. They can be added / edited like anything else. Alan DeKok.
Hi Alan, Thank you for your quick response. We have already checked the dictionary and found that wimax dictionary is available in the freeradius server. Actually we are using Freeradius server 2.1.9 and Alvarion base-station and Alvarion ASN GW. Initially we created a service profile in Alvarion ASN GW for the user "test" using their management software 'AlvariStar'. And 'users' file in the freeradius has been updated to add the user "test" as follows, test Cleartext-Password := "test" Auth-Type = Local, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 192.168.0.33, Framed-IP-Netmask = 255.255.255.0, Framed-Routing = Broadcast-Listen, Filter-Id = "servprof2" where "servprof2" is the name of the service profile created in Alvarion ASN GW. In this case the authentication was successful and MS has got the IP as well. Then we tried to create the service profile for the user "test" from the Freeradius by using WiMAX attributes found in the file dictionary.wimax'.The entries for the user in the 'users' file is as shown below. test Cleartext-Password := "test" Auth-Type = Local, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 192.168.0.33, Framed-IP-Netmask = 255.255.255.0, WiMAX-Service-Profile-Id=1, WiMAX-Media-Flow-Type=Streaming-Video, WiMAX-Schedule-Type = Best-Effort, WiMAX-QoS-Id=01, WiMAX-Media-Flow-Type=Robust-Browser, WiMAX-Traffic-Priority=0, WiMAX-Maximum-Sustained-Traffic-Rate=512000 In this case Freeradius has sent the Access-Accept, but the authentication process is not successful and MS is showing an error message as "EAP supplicant transferring error". I hope you understand the problem Regards, Anup
Anup wrote:
Hi, I would like to know whether latest Freeradius version has the support for WiMax VSAs?
The server comes with documentation and dictionary files. Please read them.
Also please tell me how to send the WiMAX Qos Descriptors in Access-Accept
VSAs are just attributes. They can be added / edited like anything else.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
----------------------------------------- This email was sent using SquirrelMail. "Webmail for nuts!" http://squirrelmail.org/ ______________________________________ Scanned and protected by Email scanner
Anup, You have to configure the radius server to use the inner-tunnel. Which version of the 4-Motion software are you using on your system? David -----Original Message----- From: freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradius.org [mailto:freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradiu s.org] On Behalf Of Anup krishnan A Sent: Wednesday, October 06, 2010 4:11 AM To: FreeRadius users mailing list Subject: Re: WiMax VSA Support Hi Alan, Thank you for your quick response. We have already checked the dictionary and found that wimax dictionary is available in the freeradius server. Actually we are using Freeradius server 2.1.9 and Alvarion base-station and Alvarion ASN GW. Initially we created a service profile in Alvarion ASN GW for the user "test" using their management software 'AlvariStar'. And 'users' file in the freeradius has been updated to add the user "test" as follows, test Cleartext-Password := "test" Auth-Type = Local, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 192.168.0.33, Framed-IP-Netmask = 255.255.255.0, Framed-Routing = Broadcast-Listen, Filter-Id = "servprof2" where "servprof2" is the name of the service profile created in Alvarion ASN GW. In this case the authentication was successful and MS has got the IP as well. Then we tried to create the service profile for the user "test" from the Freeradius by using WiMAX attributes found in the file dictionary.wimax'.The entries for the user in the 'users' file is as shown below. test Cleartext-Password := "test" Auth-Type = Local, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 192.168.0.33, Framed-IP-Netmask = 255.255.255.0, WiMAX-Service-Profile-Id=1, WiMAX-Media-Flow-Type=Streaming-Video, WiMAX-Schedule-Type = Best-Effort, WiMAX-QoS-Id=01, WiMAX-Media-Flow-Type=Robust-Browser, WiMAX-Traffic-Priority=0, WiMAX-Maximum-Sustained-Traffic-Rate=512000 In this case Freeradius has sent the Access-Accept, but the authentication process is not successful and MS is showing an error message as "EAP supplicant transferring error". I hope you understand the problem Regards, Anup
Anup wrote:
Hi, I would like to know whether latest Freeradius version has the support for WiMax VSAs?
The server comes with documentation and dictionary files. Please read them.
Also please tell me how to send the WiMAX Qos Descriptors in Access-Accept
VSAs are just attributes. They can be added / edited like anything else.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
----------------------------------------- This email was sent using SquirrelMail. "Webmail for nuts!" http://squirrelmail.org/ ______________________________________ Scanned and protected by Email scanner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi David, 1) You have to configure the radius server to use the inner-tunnel. Following are the entries in the eap.conf file. ttls { default_eap_type = md5 copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "inner-tunnel" } I hope this is what you meant by configure inner-tunnel in radius server. Actually, the FreeRadius server is sending the Access-Accept with all WiMAX Attributes for the user as we have given in the "users" file. But I think the Alvarion ASN Gateway is not handling or recognizing what we are sending 2) Which version of the 4-Motion software are you using on your system? We are using 4motion Release 2.5M1. Regards Anup
Anup,
You have to configure the radius server to use the inner-tunnel. Which version of the 4-Motion software are you using on your system?
David
-----Original Message----- From: freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradius.org [mailto:freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradiu s.org] On Behalf Of Anup krishnan A Sent: Wednesday, October 06, 2010 4:11 AM To: FreeRadius users mailing list Subject: Re: WiMax VSA Support
Hi Alan,
Thank you for your quick response.
We have already checked the dictionary and found that wimax dictionary is available in the freeradius server.
Actually we are using Freeradius server 2.1.9 and Alvarion base-station and Alvarion ASN GW. Initially we created a service profile in Alvarion ASN GW for the user "test" using their management software 'AlvariStar'. And 'users' file in the freeradius has been updated to add the user "test" as follows,
test Cleartext-Password := "test" Auth-Type = Local, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 192.168.0.33, Framed-IP-Netmask = 255.255.255.0, Framed-Routing = Broadcast-Listen, Filter-Id = "servprof2"
where "servprof2" is the name of the service profile created in Alvarion ASN GW. In this case the authentication was successful and MS has got the IP as well.
Then we tried to create the service profile for the user "test" from the Freeradius by using WiMAX attributes found in the file dictionary.wimax'.The entries for the user in the 'users' file is as shown below.
test Cleartext-Password := "test" Auth-Type = Local, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 192.168.0.33, Framed-IP-Netmask = 255.255.255.0, WiMAX-Service-Profile-Id=1, WiMAX-Media-Flow-Type=Streaming-Video, WiMAX-Schedule-Type = Best-Effort, WiMAX-QoS-Id=01, WiMAX-Media-Flow-Type=Robust-Browser, WiMAX-Traffic-Priority=0, WiMAX-Maximum-Sustained-Traffic-Rate=512000
In this case Freeradius has sent the Access-Accept, but the authentication process is not successful and MS is showing an error message as "EAP supplicant transferring error".
I hope you understand the problem
Regards, Anup
Anup wrote:
Hi, I would like to know whether latest Freeradius version has the support for WiMax VSAs?
The server comes with documentation and dictionary files. Please read them.
Also please tell me how to send the WiMAX Qos Descriptors in Access-Accept
VSAs are just attributes. They can be added / edited like anything else.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
----------------------------------------- This email was sent using SquirrelMail. "Webmail for nuts!" http://squirrelmail.org/
______________________________________ Scanned and protected by Email scanner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
----------------------------------------- This email was sent using SquirrelMail. "Webmail for nuts!" http://squirrelmail.org/ ______________________________________ Scanned and protected by Email scanner
I have not had any issues with 2.5 though 3.0 is giving me fits. Your eap configuration looks ok, check sites-available/inner-tunnel and make sure you have all of the wimax entries uncommented. David -----Original Message----- From: Anup krishnan A [mailto:anupkris@cdactvm.in] Sent: Wednesday, October 06, 2010 8:07 AM To: David Peterson-WirelessConnections; FreeRadius users mailing list Subject: RE: WiMax VSA Support Hi David, 1) You have to configure the radius server to use the inner-tunnel. Following are the entries in the eap.conf file. ttls { default_eap_type = md5 copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "inner-tunnel" } I hope this is what you meant by configure inner-tunnel in radius server. Actually, the FreeRadius server is sending the Access-Accept with all WiMAX Attributes for the user as we have given in the "users" file. But I think the Alvarion ASN Gateway is not handling or recognizing what we are sending 2) Which version of the 4-Motion software are you using on your system? We are using 4motion Release 2.5M1. Regards Anup
Anup,
You have to configure the radius server to use the inner-tunnel. Which version of the 4-Motion software are you using on your system?
David
-----Original Message----- From: freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradius. freeradius-users-bounces+org [mailto:freeradius-users-bounces+david.peterson=acc-corp.net@lists.fre eradiu s.org] On Behalf Of Anup krishnan A Sent: Wednesday, October 06, 2010 4:11 AM To: FreeRadius users mailing list Subject: Re: WiMax VSA Support
Hi Alan,
Thank you for your quick response.
We have already checked the dictionary and found that wimax dictionary is available in the freeradius server.
Actually we are using Freeradius server 2.1.9 and Alvarion base-station and Alvarion ASN GW. Initially we created a service profile in Alvarion ASN GW for the user "test" using their management software 'AlvariStar'. And 'users' file in the freeradius has been updated to add the user "test" as follows,
test Cleartext-Password := "test" Auth-Type = Local, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 192.168.0.33, Framed-IP-Netmask = 255.255.255.0, Framed-Routing = Broadcast-Listen, Filter-Id = "servprof2"
where "servprof2" is the name of the service profile created in Alvarion ASN GW. In this case the authentication was successful and MS has got the IP as well.
Then we tried to create the service profile for the user "test" from the Freeradius by using WiMAX attributes found in the file dictionary.wimax'.The entries for the user in the 'users' file is as shown below.
test Cleartext-Password := "test" Auth-Type = Local, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 192.168.0.33, Framed-IP-Netmask = 255.255.255.0, WiMAX-Service-Profile-Id=1, WiMAX-Media-Flow-Type=Streaming-Video, WiMAX-Schedule-Type = Best-Effort, WiMAX-QoS-Id=01, WiMAX-Media-Flow-Type=Robust-Browser, WiMAX-Traffic-Priority=0, WiMAX-Maximum-Sustained-Traffic-Rate=512000
In this case Freeradius has sent the Access-Accept, but the authentication process is not successful and MS is showing an error message as "EAP supplicant transferring error".
I hope you understand the problem
Regards, Anup
Anup wrote:
Hi, I would like to know whether latest Freeradius version has the support for WiMax VSAs?
The server comes with documentation and dictionary files. Please read them.
Also please tell me how to send the WiMAX Qos Descriptors in Access-Accept
VSAs are just attributes. They can be added / edited like anything else.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
----------------------------------------- This email was sent using SquirrelMail. "Webmail for nuts!" http://squirrelmail.org/
______________________________________ Scanned and protected by Email scanner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
----------------------------------------- This email was sent using SquirrelMail. "Webmail for nuts!" http://squirrelmail.org/ ______________________________________ Scanned and protected by Email scanner
Anup krishnan A wrote:
Then we tried to create the service profile for the user "test" from the Freeradius by using WiMAX attributes found in the file dictionary.wimax'.The entries for the user in the 'users' file is as shown below. ... In this case Freeradius has sent the Access-Accept, but the authentication process is not successful and MS is showing an error message as "EAP supplicant transferring error".
Well.. blame the NAS. If the Access-Accept is returned and the user isn't accepted on the network, it is *not* the fault of the RADIUS server. Some versions of Alvarion had "inventive" ways of implementing the standards. i.e. they didn't work. Newer versions (last 4-6 months) should be better. Alan DeKok.
That service profile does not look at all correct. It's a mixed bag of pre-provisioned services and AAA provisioned services. Here is a sample service definition that works with our ASN-GW: WiMAX-QoS-Id := 101 WiMAX-Service-Class-Name := DATA WiMAX-Schedule-Type := Best-Effort WiMAX-Traffic-Priority := 1 WiMAX-Maximum-Sustained-Traffic-Rate := 512000 WiMAX-Reduced-Resources-Code := 1 WiMAX-QoS-Id += 102 WiMAX-Service-Class-Name += DATA WiMAX-Schedule-Type += Best-Effort WiMAX-Traffic-Priority += 1 WiMAX-Maximum-Sustained-Traffic-Rate += 20971520 WiMAX-Reduced-Resources-Code += 1 We're using Wichorus, but in working with other vendors and service providers in the past who were using the Alvarion ASN-GW I don't recall that there were significant differences in QOS assignment at least. Looking back through my notes it does appear that most of them were using the proprietary Filter-ID method of service assignment. Using the Filter-Id might help rule out any strange EAP issues. Studying the table of attributes in the WiMAX forum stage three docs (Tables in section 5) also helps explain which TLVs are required and which are not when generating the appropriate responses. Ben
-----Original Message----- From: freeradius-users- bounces+wiechman.lists=gmail.com@lists.freeradius.org [mailto:freeradius-users- bounces+wiechman.lists=gmail.com@lists.freeradius.org] On Behalf Of Anup krishnan A Sent: Wednesday, October 06, 2010 3:11 AM To: FreeRadius users mailing list Subject: Re: WiMax VSA Support
Hi Alan,
Thank you for your quick response.
We have already checked the dictionary and found that wimax dictionary is available in the freeradius server.
Actually we are using Freeradius server 2.1.9 and Alvarion base-station and Alvarion ASN GW. Initially we created a service profile in Alvarion ASN GW for the user "test" using their management software 'AlvariStar'. And 'users' file in the freeradius has been updated to add the user "test" as follows,
test Cleartext-Password := "test" Auth-Type = Local, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 192.168.0.33, Framed-IP-Netmask = 255.255.255.0, Framed-Routing = Broadcast-Listen, Filter-Id = "servprof2"
where "servprof2" is the name of the service profile created in Alvarion ASN GW. In this case the authentication was successful and MS has got the IP as well.
Then we tried to create the service profile for the user "test" from the Freeradius by using WiMAX attributes found in the file dictionary.wimax'.The entries for the user in the 'users' file is as shown below.
test Cleartext-Password := "test" Auth-Type = Local, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 192.168.0.33, Framed-IP-Netmask = 255.255.255.0, WiMAX-Service-Profile-Id=1, WiMAX-Media-Flow-Type=Streaming-Video, WiMAX-Schedule-Type = Best-Effort, WiMAX-QoS-Id=01, WiMAX-Media-Flow-Type=Robust-Browser, WiMAX-Traffic-Priority=0, WiMAX-Maximum-Sustained-Traffic-Rate=512000
In this case Freeradius has sent the Access-Accept, but the authentication process is not successful and MS is showing an error message as "EAP supplicant transferring error".
I hope you understand the problem
Regards, Anup
Anup wrote:
Hi, I would like to know whether latest Freeradius version has the support for WiMax VSAs?
The server comes with documentation and dictionary files. Please read them.
Also please tell me how to send the WiMAX Qos Descriptors in Access-Accept
VSAs are just attributes. They can be added / edited like anything else.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
----------------------------------------- This email was sent using SquirrelMail. "Webmail for nuts!" http://squirrelmail.org/
______________________________________ Scanned and protected by Email scanner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Ben, Thank you for your response. When we give the service profile name, that we have already created in Alvarion ASN using Alvaristar, in the Filter_Id attribute from FreeRadius, there is no problem and MS is getting registered. But once we try to create the service profile from FreeRadius using WiMAX VSAs then the MS is showing as error like "EAP Supplicant Transferring error". The sequence of events happened in FreeRadius is given below. We can't understand what the problem is , please help me. Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=100, length=162 User-Name = "{am=1}abcd@LOCAL" EAP-Message = 0x02010015017b616d3d317d61626364404c4f43414c Message-Authenticator = 0x3541ac93ba7d124888516834ede1203d NAS-Identifier = "172.16.0.1" NAS-IP-Address = 172.16.0.1 Calling-Station-Id = "00-17-C4-9B-B5-84" WiMAX-BS-Id = 0x020202060606 NAS-Port-Type = 27 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[wimax] returns ok [suffix] Looking up realm "LOCAL" for User-Name = "{am=1}abcd@LOCAL" [suffix] Found realm "LOCAL" [suffix] Adding Stripped-User-Name = "{am=1}abcd" [suffix] Adding Realm = "LOCAL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 1 length 21 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 100 to 172.16.0.1 port 1812 EAP-Message = 0x01020016041053537331a80b9f8efd10896d82b93c8e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x07d1252d07d3218fa467b7478824e818 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=101, length=165 User-Name = "{am=1}abcd@LOCAL" EAP-Message = 0x020200060315 Message-Authenticator = 0xea259fffd4374457c675b9ae07f3564b NAS-Identifier = "172.16.0.1" NAS-IP-Address = 172.16.0.1 Calling-Station-Id = "00-17-C4-9B-B5-84" WiMAX-BS-Id = 0x020202060606 NAS-Port-Type = 27 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 State = 0x07d1252d07d3218fa467b7478824e818 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[wimax] returns ok [suffix] Looking up realm "LOCAL" for User-Name = "{am=1}abcd@LOCAL" [suffix] Found realm "LOCAL" [suffix] Adding Stripped-User-Name = "{am=1}abcd" [suffix] Adding Realm = "LOCAL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 101 to 172.16.0.1 port 1812 EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x07d1252d06d2308fa467b7478824e818 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=102, length=253 User-Name = "{am=1}abcd@LOCAL" EAP-Message = 0x0203005e150016030100530100004f03014cad569dd49214ce612a3acfb814a3d8cc64dafe0fd8cddae61c3aa3a615682b00002800390038003500160013000a00330032002f000700050004001500120009001400110008000600030100 Message-Authenticator = 0x7b87235a1ba9a14b13c1181865331307 NAS-Identifier = "172.16.0.1" NAS-IP-Address = 172.16.0.1 Calling-Station-Id = "00-17-C4-9B-B5-84" WiMAX-BS-Id = 0x020202060606 NAS-Port-Type = 27 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 State = 0x07d1252d06d2308fa467b7478824e818 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[wimax] returns ok [suffix] Looking up realm "LOCAL" for User-Name = "{am=1}abcd@LOCAL" [suffix] Found realm "LOCAL" [suffix] Adding Stripped-User-Name = "{am=1}abcd" [suffix] Adding Realm = "LOCAL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 3 length 94 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 0053], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 085e], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange [ttls] TLS_accept: SSLv3 write key exchange A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 102 to 172.16.0.1 port 1812 EAP-Message = 0x0104040015c000000aad160301002a0200002603014cae2fcd5029ce1df32035c3a06a4087b11edd22d8485e7c412d9be55e4c5c6f00003900160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3130303731323232313332315a170d3131303731323232313332315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d7874f3c4e39aae3b3dbe12621c73ee35d5d82173aeda2012d1b079c1e18334ce1e2873ea41f987d8acfb697a80f047adbe42a6e9984e6738b3ea6a38217 EAP-Message = 0xf4176bfa579f3eee2a32c69da800eeebc01d55567264313148a074b1cb6dcc03b9f6fbfef5263b5124a436da3855882fc2e4f721093dc28ebb4567a6d0b570adc903a8f852d438c588168cbfc286ccf073a476a585c9c587b3e2f7f63b019fda8e0c1177c1738c4753f0b8b43957fdb7a83590eea91716ac66ed369841f69f79fb12217ca5fc8def15bdf8e2f907a449262968d64b3961c9dd6df44844dd5b3415d053a6925a9ef941ae3857658c0c3ebe136f1cd7d68aedc9dbba4067ebe8a0ff350203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100493cd6fd113622f4cd EAP-Message = 0x4810f92b058c52ae16f06c0ecdc258f64f51a520e78d442a748b965b54d20c17730fda2c9c37dc7650b43d8799886b101ed652e6d409c175f60be76f77db2fd273123c4e66b6c4365589c6598d74b5769643391dae72be3890f014e8e1935e3fba927ea08fe50b0aa48abfeab651f6c7fcd770bf5e7611f0d0097126bfa7995563c37a6be3a45aae356dd45e5df8eb69baff571111166bbdb4d9eff0864e97412db79434d95273e8cf5bf7a7ae46847750b5983c259e262e7c40fbac6402bc2e04db351660a236808992e8a0dd63ef86f4d13f44bd292f8539918c5015618f341137dc1b976763151070e04b564cf8810843d287c8c5a10004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x07d1252d05d5308fa467b7478824e818 Finished request 2. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=103, length=165 User-Name = "{am=1}abcd@LOCAL" EAP-Message = 0x020400061500 Message-Authenticator = 0xfb886198b9ccbe34096739fc2da309ff NAS-Identifier = "172.16.0.1" NAS-IP-Address = 172.16.0.1 Calling-Station-Id = "00-17-C4-9B-B5-84" WiMAX-BS-Id = 0x020202060606 NAS-Port-Type = 27 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 State = 0x07d1252d05d5308fa467b7478824e818 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[wimax] returns ok [suffix] Looking up realm "LOCAL" for User-Name = "{am=1}abcd@LOCAL" [suffix] Found realm "LOCAL" [suffix] Adding Stripped-User-Name = "{am=1}abcd" [suffix] Adding Realm = "LOCAL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 103 to 172.16.0.1 port 1812 EAP-Message = 0x0105040015c000000aad009fddc44b4be118b5300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3130303731323232313332315a170d3131303731323232313332315a308193310b3009060355040613024652310f300d0603550408130652616469757331123010 EAP-Message = 0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100d276fddff22e7edcb712d868de52cb6063309371e4e8f98843537b4994eee901397351da19d7ebc031a4100582890e3c4af076d30922c9b7759718a9319107d8bdc59036d2e517f5c1686643f870317e0db6cfe05330e4fac7c6482cd0fdcbe1e348881a94e38eb6657de3 EAP-Message = 0x3949e38252f67c675b884f72480c88c642b5e4d91d752cb05266b3241c0e999a026b68877c5e3dd462300334d56ebaead860b01f4edf292279eb8c400f835d32e7670ec99406137a27a74d23058c7dd88c367aacd0910b315dcd8b94ceef8165c9cab703f78b6161368fd5ffdced840b70e4195f3db98f412da26dee1a066693391d81d69b1458ce4f3511014abcb276cb0de0d8710203010001a381fb3081f8301d0603551d0e04160414f53150c8ec687788495274d05b5f7dbb1d92ecc93081c80603551d230481c03081bd8014f53150c8ec687788495274d05b5f7dbb1d92ecc9a18199a48196308193310b3009060355040613024652310f300d EAP-Message = 0x060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f726974798209009fddc44b4be118b5300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100b3d280637fb1aafcf00cdedc91bbbcca86e20d3cc00b5f16f0e79611cc28433ac17b23ac9fb0a83088532b50cc2fb779849da3981b650ad734c8a850ed29ee911940b3b7661783fb719e276af281 EAP-Message = 0x86d55c11ccb90a50597218b2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x07d1252d04d4308fa467b7478824e818 Finished request 3. Going to the next request Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=104, length=165 User-Name = "{am=1}abcd@LOCAL" EAP-Message = 0x020500061500 Message-Authenticator = 0x3a858a07f8318d62f4d077163d71fec5 NAS-Identifier = "172.16.0.1" NAS-IP-Address = 172.16.0.1 Calling-Station-Id = "00-17-C4-9B-B5-84" WiMAX-BS-Id = 0x020202060606 NAS-Port-Type = 27 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 State = 0x07d1252d04d4308fa467b7478824e818 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[wimax] returns ok [suffix] Looking up realm "LOCAL" for User-Name = "{am=1}abcd@LOCAL" [suffix] Found realm "LOCAL" [suffix] Adding Stripped-User-Name = "{am=1}abcd" [suffix] Adding Realm = "LOCAL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 104 to 172.16.0.1 port 1812 EAP-Message = 0x010602cb158000000aadb013d96c28934158e79f3eedb23bba605bf6166496df88c0ef799d79147dccfeaf379f8ede13c6491b44a68bbd19f1a07b0aefbb705fad78ddfa75a685a6143de8c9b0f624d9f27a3fa7c7e1abf6d8b6bf42d80492bbb55ea15af49cacb1e7d0ab53d5f227b18225eb38e6de2b1aacaec55df09eca780664046c0bfab4df89b1aca766b6e7d56e8df9e162440446903f0e33873014f4e45ec66e73a263a14263848c26cd867c160301020d0c0002090080fbab99c6dde7a106dab1558e253b67404ddd33c37ad7e802090c2a8c348fec48646d59d15c159482fd3d0592f5a6e53de5235eda15543eaa1ba7897c3a5e69beaf61 EAP-Message = 0xad836c181c0cd34894bb249ea4078ebcf1412cc04a61afa2492373de03d38da87b7b5f612747acee73a2f56b6e9b2b8474507fab8d79259148c821b6ccbb000102008071e0566ca48bd962dfe120f2badc11d6847890fe322b80dd871c55dc3275e1ad992ec2e06edcd751660bbb8fb2fc41efd65b361c8965efd4856f29702fe637898b9a499c72092b5619db6c81e2aa4d8c6939443f551cfb40f96a1ffdff711bb24da56ebf3b527470bac506084d68cd19d78c492b89d7ddee2eeef8e85d83994d01006871910ef4a5f4b658e7cb543404e0e6d9f89e89d771378ed367e57a3a0e1ba15c374acea793a70f56f826b1cabd300ce0a5008ff60e4a8b EAP-Message = 0x99eb0f3b87a6835bf8c15fdcc39fef9d0967df81995ba470a9a332d847938e92e9da5e0f5646b24692107c760ecdee1438ad6aa2b69798abab7a0e2e3b5dd7dc0de9ce1e325a926139c6d893a6974f435c77fa28895fbcb09a59cce4b5c795db71285d2bdf03dd398d7747d3a13c7dfbc920daf98a9d86375f23399a87b2ce301324d411786b5f9404008c74dd2dc62486fba7c7a176fc126385561b5647a2514769251723680dcecd88f2cba999d0c77edf900fa03758bd795dcd69aa18dc7294cab3fddc93a7fd16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x07d1252d03d7308fa467b7478824e818 Finished request 4. Going to the next request Waking up in 4.5 seconds. rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=105, length=363 User-Name = "{am=1}abcd@LOCAL" EAP-Message = 0x020600cc15001603010086100000820080d83a019202da718d2cf50782fac1ffdc0d6ac63decfef4c729a015c7fea0c0e4ef0a9eaa27eaf80f098f6b198ba93f05fd5ab7af89b49ff94253e991f06115a168908fefc14d0122b55d8c0d497590c6c263887563e6ccf6f5737357813877b800b6353e08d73d527764fe0b77f0d2c732e5f46ba97f44491da57fa7cf3420d114030100010116030100303954bbe60005802786b7654858383c544a3e4b20b72a412837191afbe5d47ad0115cc7b0a3819dcb72131d774ace19cb Message-Authenticator = 0xbfc82cffef5fbea2c143a2f2072ebe29 NAS-Identifier = "172.16.0.1" NAS-IP-Address = 172.16.0.1 Calling-Station-Id = "00-17-C4-9B-B5-84" WiMAX-BS-Id = 0x020202060606 NAS-Port-Type = 27 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 State = 0x07d1252d03d7308fa467b7478824e818 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[wimax] returns ok [suffix] Looking up realm "LOCAL" for User-Name = "{am=1}abcd@LOCAL" [suffix] Found realm "LOCAL" [suffix] Adding Stripped-User-Name = "{am=1}abcd" [suffix] Adding Realm = "LOCAL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 6 length 204 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 105 to 172.16.0.1 port 1812 EAP-Message = 0x0107004515800000003b1403010001011603010030c41b64e6395d1bb11d44f10d2cc51b2629d94072d9317e8713a8ee5136fad3d919a9ec4913cfa0d939b5adbc84efffb5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x07d1252d02d6308fa467b7478824e818 Finished request 5. Going to the next request Waking up in 4.3 seconds. rad_recv: Access-Request packet from host 172.16.0.1 port 1812, id=106, length=271 User-Name = "{am=1}abcd@LOCAL" EAP-Message = 0x0207007015001703010020fae7febef31d7dd67dcb8f8f5ca814e164f24a4febbf76508ba9581bf11d631d1703010040263cdf6938b6a85e496b5be24309873c71ede6592ff13c6368dcda032f80c308cf3a2cc6780bc64cc8f6235fa7c60cace93d92fd31a2c92c6bb0630736e32af5 Message-Authenticator = 0x2851a17a76b970711166f19a3a99523d NAS-Identifier = "172.16.0.1" NAS-IP-Address = 172.16.0.1 Calling-Station-Id = "00-17-C4-9B-B5-84" WiMAX-BS-Id = 0x020202060606 NAS-Port-Type = 27 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 State = 0x07d1252d02d6308fa467b7478824e818 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[wimax] returns ok [suffix] Looking up realm "LOCAL" for User-Name = "{am=1}abcd@LOCAL" [suffix] Found realm "LOCAL" [suffix] Adding Stripped-User-Name = "{am=1}abcd" [suffix] Adding Realm = "LOCAL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 7 length 112 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "test" User-Password = "test" FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "test" User-Password = "test" FreeRADIUS-Proxied-To = 127.0.0.1 NAS-Identifier = "172.16.0.1" NAS-IP-Address = 172.16.0.1 Calling-Station-Id = "00-17-C4-9B-B5-84" WiMAX-BS-Id = 0x020202060606 NAS-Port-Type = 27 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Stripped-User-Name = "test" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[control] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry test at line 110 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "test" [pap] Using clear text password "test" [pap] User authenticated successfully ++[pap] returns ok WARNING: Empty post-auth section. Using default return values. } # server inner-tunnel [ttls] Got tunneled reply code 2 Auth-Type = Local Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 192.168.0.33 Framed-IP-Netmask = 255.255.255.0 WiMAX-QoS-Id := 101 WiMAX-Service-Class-Name := "DATA" WiMAX-Schedule-Type := Best-Effort WiMAX-Traffic-Priority := 1 WiMAX-Maximum-Sustained-Traffic-Rate := 512000 WiMAX-Reduced-Resources-Code := 1 [ttls] Got tunneled Access-Accept [eap] Freeing handler ++[eap] returns ok +- entering group post-auth {...} [sql_log] Processing sql_log_postauth [sql_log] expand: %{User-Name} -> {am=1}abcd@LOCAL [sql_log] expand: %{%{User-Name}:-DEFAULT} -> {am=1}abcd@LOCAL [sql_log] sql_set_user escaped user --> '{am=1}abcd@LOCAL' [sql_log] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [sql_log] ... expanding second conditional [sql_log] expand: Chap-Password -> Chap-Password [sql_log] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S'); -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('{am=1}abcd@LOCAL', 'Chap-Password', 'Access-Accept', '2010-10-07 16:38:37'); [sql_log] expand: /usr/local/var/log/radius/radacct/sql-relay -> /usr/local/var/log/radius/radacct/sql-relay ++[sql_log] returns ok ++[exec] returns noop [wimax] MIP-RK = 0xef87c598c604f52d8887df1b5dbf19c0a5d5b038d5f2cc05a4040b6550d6dfdbd86632053845cc46e7daf620649d4418751f7e0ee9ff3ff8b3a0a9a8f865b61c [wimax] MIP-SPI = bf1b4edd [wimax] WARNING: WiMAX-MN-NAI was not found in the request or in the reply. [wimax] WARNING: We cannot calculate MN-HA keys. [wimax] WARNING: WiMAX-IP-Technology not found in reply. [wimax] WARNING: Not calculating MN-HA keys ++[wimax] returns updated ++? if (updated) ? Evaluating (updated) -> TRUE ++? if (updated) -> TRUE ++- entering if (updated) {...} +++[reply] returns updated ++- if (updated) returns updated Sending Access-Accept of id 106 to 172.16.0.1 port 1812 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 192.168.0.33 Framed-IP-Netmask = 255.255.255.0 WiMAX-QoS-Id = 101 WiMAX-Service-Class-Name = "DATA" WiMAX-Schedule-Type = Best-Effort WiMAX-Traffic-Priority = 1 WiMAX-Maximum-Sustained-Traffic-Rate = 512000 WiMAX-Reduced-Resources-Code = 1 EAP-Message = 0x03070004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "{am=1}abcd" WiMAX-MSK = 0x58fd064ed193962abcd676849e5d350bce02cdd98153a2577f05a2727221d6368200c817698638447d9964dd5bb1aab61c706753cf6b784bd31eef4c479f689c Finished request 6. Going to the next request Waking up in 4.2 seconds. Regards Anup -------------------------------------------------- From: "Ben Wiechman" <wiechman.lists@gmail.com> Sent: Wednesday, October 06, 2010 10:59 PM To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Subject: RE: WiMax VSA Support
That service profile does not look at all correct. It's a mixed bag of pre-provisioned services and AAA provisioned services.
Here is a sample service definition that works with our ASN-GW: WiMAX-QoS-Id := 101 WiMAX-Service-Class-Name := DATA WiMAX-Schedule-Type := Best-Effort WiMAX-Traffic-Priority := 1 WiMAX-Maximum-Sustained-Traffic-Rate := 512000 WiMAX-Reduced-Resources-Code := 1 WiMAX-QoS-Id += 102 WiMAX-Service-Class-Name += DATA WiMAX-Schedule-Type += Best-Effort WiMAX-Traffic-Priority += 1 WiMAX-Maximum-Sustained-Traffic-Rate += 20971520 WiMAX-Reduced-Resources-Code += 1
We're using Wichorus, but in working with other vendors and service providers in the past who were using the Alvarion ASN-GW I don't recall that there were significant differences in QOS assignment at least. Looking back through my notes it does appear that most of them were using the proprietary Filter-ID method of service assignment. Using the Filter-Id might help rule out any strange EAP issues.
Studying the table of attributes in the WiMAX forum stage three docs (Tables in section 5) also helps explain which TLVs are required and which are not when generating the appropriate responses.
Ben
-----Original Message----- From: freeradius-users- bounces+wiechman.lists=gmail.com@lists.freeradius.org [mailto:freeradius-users- bounces+wiechman.lists=gmail.com@lists.freeradius.org] On Behalf Of Anup krishnan A Sent: Wednesday, October 06, 2010 3:11 AM To: FreeRadius users mailing list Subject: Re: WiMax VSA Support
Hi Alan,
Thank you for your quick response.
We have already checked the dictionary and found that wimax dictionary is available in the freeradius server.
Actually we are using Freeradius server 2.1.9 and Alvarion base-station and Alvarion ASN GW. Initially we created a service profile in Alvarion ASN GW for the user "test" using their management software 'AlvariStar'. And 'users' file in the freeradius has been updated to add the user "test" as follows,
test Cleartext-Password := "test" Auth-Type = Local, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 192.168.0.33, Framed-IP-Netmask = 255.255.255.0, Framed-Routing = Broadcast-Listen, Filter-Id = "servprof2"
where "servprof2" is the name of the service profile created in Alvarion ASN GW. In this case the authentication was successful and MS has got the IP as well.
Then we tried to create the service profile for the user "test" from the Freeradius by using WiMAX attributes found in the file dictionary.wimax'.The entries for the user in the 'users' file is as shown below.
test Cleartext-Password := "test" Auth-Type = Local, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 192.168.0.33, Framed-IP-Netmask = 255.255.255.0, WiMAX-Service-Profile-Id=1, WiMAX-Media-Flow-Type=Streaming-Video, WiMAX-Schedule-Type = Best-Effort, WiMAX-QoS-Id=01, WiMAX-Media-Flow-Type=Robust-Browser, WiMAX-Traffic-Priority=0, WiMAX-Maximum-Sustained-Traffic-Rate=512000
In this case Freeradius has sent the Access-Accept, but the authentication process is not successful and MS is showing an error message as "EAP supplicant transferring error".
I hope you understand the problem
Regards, Anup
Anup wrote:
Hi, I would like to know whether latest Freeradius version has the support for WiMax VSAs?
The server comes with documentation and dictionary files. Please read them.
Also please tell me how to send the WiMAX Qos Descriptors in Access-Accept
VSAs are just attributes. They can be added / edited like anything else.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
----------------------------------------- This email was sent using SquirrelMail. "Webmail for nuts!" http://squirrelmail.org/
______________________________________ Scanned and protected by Email scanner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
______________________________________ Scanned and protected by Email scanner
I don't have access to an Alvarion ASN-GW so I can't specifically test this all. Looking back over the service assignment again I see I didn't grab everything. I did grab the QOS descriptors, but missed the packet flow descriptor. This is the corrected full sample service that provisions services of 2Mbps/512kbps. WiMAX-QoS-Id := 101 WiMAX-Service-Class-Name := DATA WiMAX-Schedule-Type := Best-Effort WiMAX-Traffic-Priority := 1 WiMAX-Maximum-Sustained-Traffic-Rate := 512000 WiMAX-Reduced-Resources-Code := 1 WiMAX-QoS-Id += 102 WiMAX-Service-Class-Name += DATA WiMAX-Schedule-Type += Best-Effort WiMAX-Traffic-Priority += 1 WiMAX-Maximum-Sustained-Traffic-Rate += 2097152 WiMAX-Reduced-Resources-Code += 1 WiMAX-Packet-Data-Flow-Id := 22 WiMAX-Service-Data-Flow-Id := 22 WiMAX-Direction := Bi-Directional WiMAX-Activation-Trigger := 15 WiMAX-Transport-Type := IPv4-CS WiMAX-Uplink-QOS-Id := 101 WiMAX-Downlink-QOS-Id := 102 WiMAX-Uplink-Classifier := permit in any src any dst any priority 1 WiMAX-Downlink-Classifier := permit in any src any dst any priority 1 The root is that you need to read and understand the interdependencies of the QOS descriptor and packet flow descriptor if you want to do this. Seriously. It isn't entirely trivial and there are differences depending on the Schedule Type. Again... check out the WMF stage three docs for whichever version of the WMF the Alvarion ASN-GW currently supports, namely these sections: 5.4.2.28 Packet-Flow Descriptor 5.4.2.29 QoS-Descriptor and Table 5-10 The requirements are outlined there. You can also pre-provision the services on the ASN-GW and simply supply the proper service ID information. e.g. WiMAX-Packet-Data-Flow-Id := 30 WiMAX-Service-Data-Flow-Id := 30 WiMAX-Service-Profile-Id := 30 WiMAX-Packet-Data-Flow-Id += 110 WiMAX-Service-Data-Flow-Id += 110 WiMAX-Service-Profile-Id += 110 Where the services listed are defined on the ASN-GW with those ID numbers. Which of the above methods to use is going to depend on your requirements. Having said that, Alvarion has had a history of... creative... interpretations of various standards. Without a sample Access-Accept that apparently works when using the Filter-Id I can't compare. I would do the following: Ensure there aren't any differences in the non-QOS attributes being returned in the two separate cases: the working Filter-Id network entry and the second failing case. Alvarion's errors aren't always explanatory or related to the actual root cause so the strange error you are getting may be related to services, or may be related to an EAP or other underlying issue. Again, I don't have an Alvarion ASN-GW so I can't tell you. Once you are sure there are not any other EAP issues, it may be easier to use the second method to provision services until you actually understand the details of the packet flow descriptor and qos descriptor. Your ASN-GW may or may not have the same requirements as ours depending on which WMF release is supported, and how well that release is supported. Ben
-----Original Message----- From: freeradius-users- bounces+wiechman.lists=gmail.com@lists.freeradius.org [mailto:freeradius-users- bounces+wiechman.lists=gmail.com@lists.freeradius.org] On Behalf Of Anup Sent: Thursday, October 07, 2010 12:19 AM To: FreeRadius users mailing list Subject: Re: WiMax VSA Support
participants (5)
-
Alan DeKok -
Anup -
Anup krishnan A -
Ben Wiechman -
David Peterson