Radius Packet Simulator

khursheed Ahmed khursheedahmedqau at hotmail.com
Mon Apr 2 10:16:22 CEST 2007



Hi All

   I need a RADIUS Packet simulator, which could simulate RADIUS packet for 
me,
If is there any Plz tell me,
As I needed it bcz I m developing a Translation Agent which could translate 
(convert)
RADIS packet in to Diameter Packet.

Is there any Idea Plz help me


Khursheed Ahmed QAU




>From: freeradius-users-request at lists.freeradius.org
>Reply-To: freeradius-users at lists.freeradius.org
>To: freeradius-users at lists.freeradius.org
>Subject: Freeradius-Users Digest, Vol 24, Issue 3
>Date: Mon, 02 Apr 2007 07:59:28 +0200
>
>Send Freeradius-Users mailing list submissions to
>	freeradius-users at lists.freeradius.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
>	http://lists.freeradius.org/mailman/listinfo/freeradius-users
>or, via email, send a message with subject or body 'help' to
>	freeradius-users-request at lists.freeradius.org
>
>You can reach the person managing the list at
>	freeradius-users-owner at lists.freeradius.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Freeradius-Users digest..."
>
>
>Today's Topics:
>
>    1. Re: Attributes (Shawn Mitchell)
>    2. Re: passing Calling-Station-ID (Adil Azmi Bikarbass)
>    3. Re: Freeradius-Users Digest, Vol 24, Issue 2 (Arran Cudbard-Bell)
>    4. RE: Attributes [unclas] (Ranner, Frank MR)
>    5. Re: Attributes [unclas] (Shawn Mitchell)
>    6. RE: Anyone using dd-wrt for AP? (Aren Chua)
>    7. EAP-AKA patch for Freeradius 1.1.2 (awaneesh kumar)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Sun, 01 Apr 2007 16:45:22 -0500
>From: Shawn Mitchell <shawnm at iodamedia.net>
>Subject: Re: Attributes
>To: FreeRadius users mailing list
>	<freeradius-users at lists.freeradius.org>
>Message-ID: <461027F2.3020605 at iodamedia.net>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>Ok, here's what I'm doing:
>
>DEFAULT Client-IP-Address == xx.xx.xx.xx
>         Ascend-Data-Filter = "ip in forward tcp est",
>         Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24",
>         Ascend-Data-Filter = "ip in drop tcp dstport = 25",
>         Ascend-Data-Filter = "ip in forward",
>         Fall-Through = Yes
>
>I turned on logging of reply's, but all I'm seeing it send is:
>
>Sun Apr  1 16:31:21 2007
>         Ascend-Data-Filter = "ip in forward tcp est"
>
>I put this into the 'users' file btw.
>
>
>
>Alan DeKok wrote:
> > Shawn Mitchell wrote:
> >
> >> Where can I say "If client is 'x', then also send these attributes to
> >> users being authenticated..."?
> >>
> >
> >   In the "users" file.
> >
> > DEFAULT Client-IP-Address == 1.2.3.4
> > 	Reply-Message = "You're coming from 1.2.3.4"
> >
> >   Alan DeKok.
> > --
> >   http://deployingradius.com       - The web site of the book
> >   http://deployingradius.com/blog/ - The blog
> > -
> > List info/subscribe/unsubscribe? See 
>http://www.freeradius.org/list/users.html
> >
>
>
>
>------------------------------
>
>Message: 2
>Date: Sun, 01 Apr 2007 22:59:14 +0000
>From: Adil Azmi Bikarbass <adil at mtds.com>
>Subject: Re: passing Calling-Station-ID
>To: Alan DeKok <aland at deployingradius.com>
>Cc: FreeRadius users mailing list
>	<freeradius-users at lists.freeradius.org>
>Message-ID: <46103942.2070008 at mtds.com>
>Content-Type: text/plain;	charset=ISO-8859-1;	format=flowed
>
>Hello All,
>
>Do i need to create a whole DB for only one filed that i will pass from
>one NAS to another?
>
>Knowing that my Freeradius is running on Solaris 10 which DB you suggest
>to use?
>
>Thank you
>
>
>Alan DeKok a ?crit :
> > Adil Azmi Bikarbass wrote:
> >
> >> The issue is that we want the second NAS to get the calling-station-ID
> >> from the "someuser" session on Radius
> >>
> >
> >   To do... what?
> >
> >
> >> is there a way we can have this to work and pass this attribute from 
>one
> >> session to another?
> >>
> >
> >   Sure.  Store the Calling-Station-Id in a database when you receive it
> > from the first NAS, then pull it out of the DB, and send it to the
> > second NAS.
> >
> >   Alan DeKok.
> > --
> >   http://deployingradius.com       - The web site of the book
> >   http://deployingradius.com/blog/ - The blog
> >
> >
>
>--
>|-Adil Bikarbass
>|-IT Manager, MTDS
>|-tel +212.3.767.4861
>|-fax +212.3.767.4863
>|-gsm +212.6.139. 4541
>|-14, rue 16 novembre
>|-Rabat, Kingdom of Morocco
>
>
>
>------------------------------
>
>Message: 3
>Date: Mon, 02 Apr 2007 00:00:43 +0100
>From: Arran Cudbard-Bell <A.Cudbard-Bell at sussex.ac.uk>
>Subject: Re: Freeradius-Users Digest, Vol 24, Issue 2
>To: freeradius-users at lists.freeradius.org
>Message-ID: <4610399B.6010008 at sussex.ac.uk>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>
> >> Does anyone have a draft list of which clients actually support the
> >> Reply-Message and by which methods they can recieve them?
> >>
> >
> >   All clients will accept it.  Very few will do anything useful with it.
> >
> >
> >> The reason why I ask , it during initial tests (using chap) the built 
>in
> >> windows CHAP supplicant would display the reply-messages being sent 
>back
> >> from the server.
> >> Now we've moved on from CHAP to using EAP and the windows supplicant no
> >> longer displays the messages.
> >>
> >
> >   Yes.
> >
> >
> >> Am I right in assuming that with EAP attributes from the access-accept
> >> packet only get to the NAS and that the NAS will strip out of the EAP
> >> message
> >> and pass it on to the supplicant and thats all the supplicant will ever 
>get?
> >>
> >
> >   Yes.
> >
> >
> >> In which case, although the Reply-Message attribute is also supported 
>in
> >> PoD the client will never actually recieve it when using EAP ?
> >>
> >
> >   Yes.
> >
> >   Alan DeKok.
> >
>Ahh, Thanks for clearing that up !
>
>Don't suppose EAP supports encoding the equivalent of a Reply-Message ?
>
>P.S Well done for understanding my poorly punctuated morning ramblings :)
>
>Arran
>
>
>
>------------------------------
>
>Message: 4
>Date: Mon, 2 Apr 2007 11:14:47 +1000
>From: "Ranner, Frank MR" <Frank.Ranner at defence.gov.au>
>Subject: RE: Attributes [unclas]
>To: "FreeRadius users mailing list"
>	<freeradius-users at lists.freeradius.org>
>Message-ID:
>	<3497E314EE23D54EACE26B5CFFD896980A6125 at drnrxm01.drn.mil.au>
>Content-Type: text/plain;	charset="US-ASCII"
>
>Use the += operator, eg Ascend-Data-Filter += "ip in forward dstip
>xx.xx.xx.0/24", to append to
>a multi-valued list.
>
>FR
>
> > -----Original Message-----
> > From:
> > freeradius-users-bounces+frank.ranner=defence.gov.au at lists.fre
> > eradius.org
> > [mailto:freeradius-users-bounces+frank.ranner=defence.gov.au at l
> > ists.freeradius.org] On Behalf Of Shawn Mitchell
> > Sent: Monday, 2 April 2007 07:45
> > To: FreeRadius users mailing list
> > Subject: Re: Attributes
> >
> > Ok, here's what I'm doing:
> >
> > DEFAULT Client-IP-Address == xx.xx.xx.xx
> >         Ascend-Data-Filter = "ip in forward tcp est",
> >         Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24",
> >         Ascend-Data-Filter = "ip in drop tcp dstport = 25",
> >         Ascend-Data-Filter = "ip in forward",
> >         Fall-Through = Yes
> >
> > I turned on logging of reply's, but all I'm seeing it send is:
> >
> > Sun Apr  1 16:31:21 2007
> >         Ascend-Data-Filter = "ip in forward tcp est"
> >
> > I put this into the 'users' file btw.
> >
> >
> >
> > Alan DeKok wrote:
> > > Shawn Mitchell wrote:
> > >
> > >> Where can I say "If client is 'x', then also send these
> > attributes to
> > >> users being authenticated..."?
> > >>
> > >
> > >   In the "users" file.
> > >
> > > DEFAULT Client-IP-Address == 1.2.3.4
> > > 	Reply-Message = "You're coming from 1.2.3.4"
> > >
> > >   Alan DeKok.
> > > --
> > >   http://deployingradius.com       - The web site of the book
> > >   http://deployingradius.com/blog/ - The blog
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
>
>------------------------------
>
>Message: 5
>Date: Sun, 01 Apr 2007 20:44:05 -0500
>From: Shawn Mitchell <shawnm at iodamedia.net>
>Subject: Re: Attributes [unclas]
>To: FreeRadius users mailing list
>	<freeradius-users at lists.freeradius.org>
>Message-ID: <46105FE5.3090904 at iodamedia.net>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>Thanks!
>
>That seems to have fixed it
>
>radtest blarg blarg localhost 111 testing123
>
>Sending Access-Request of id 145 to 127.0.0.1:1812
>         User-Name = "blarg"
>         User-Password = "blarg"
>         NAS-IP-Address = xxxxxxxxxxxxxx
>         NAS-Port = 111
>rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=145, length=180
>         Ascend-Data-Filter = "ip in forward tcp est"
>         Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24 0"
>         Ascend-Data-Filter = "ip in drop tcp dstport = 25"
>         Ascend-Data-Filter = "ip in forward 0"
>
>
>Ranner, Frank MR wrote:
> > Use the += operator, eg Ascend-Data-Filter += "ip in forward dstip
> > xx.xx.xx.0/24", to append to
> > a multi-valued list.
> >
> > FR
> >
> >
> >> -----Original Message-----
> >> From:
> >> freeradius-users-bounces+frank.ranner=defence.gov.au at lists.fre
> >> eradius.org
> >> [mailto:freeradius-users-bounces+frank.ranner=defence.gov.au at l
> >> ists.freeradius.org] On Behalf Of Shawn Mitchell
> >> Sent: Monday, 2 April 2007 07:45
> >> To: FreeRadius users mailing list
> >> Subject: Re: Attributes
> >>
> >> Ok, here's what I'm doing:
> >>
> >> DEFAULT Client-IP-Address == xx.xx.xx.xx
> >>         Ascend-Data-Filter = "ip in forward tcp est",
> >>         Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24",
> >>         Ascend-Data-Filter = "ip in drop tcp dstport = 25",
> >>         Ascend-Data-Filter = "ip in forward",
> >>         Fall-Through = Yes
> >>
> >> I turned on logging of reply's, but all I'm seeing it send is:
> >>
> >> Sun Apr  1 16:31:21 2007
> >>         Ascend-Data-Filter = "ip in forward tcp est"
> >>
> >> I put this into the 'users' file btw.
> >>
> >>
> >>
> >> Alan DeKok wrote:
> >>
> >>> Shawn Mitchell wrote:
> >>>
> >>>
> >>>> Where can I say "If client is 'x', then also send these
> >>>>
> >> attributes to
> >>
> >>>> users being authenticated..."?
> >>>>
> >>>>
> >>>   In the "users" file.
> >>>
> >>> DEFAULT Client-IP-Address == 1.2.3.4
> >>> 	Reply-Message = "You're coming from 1.2.3.4"
> >>>
> >>>   Alan DeKok.
> >>> --
> >>>   http://deployingradius.com       - The web site of the book
> >>>   http://deployingradius.com/blog/ - The blog
> >>> -
> >>> List info/subscribe/unsubscribe? See
> >>> http://www.freeradius.org/list/users.html
> >>>
> >>>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >>
> >
> > -
> > List info/subscribe/unsubscribe? See 
>http://www.freeradius.org/list/users.html
> >
>
>
>
>------------------------------
>
>Message: 6
>Date: Mon, 2 Apr 2007 03:03:25 +0000
>From: Aren Chua <cclian18 at hotmail.com>
>Subject: RE: Anyone using dd-wrt for AP?
>To: FreeRadius users mailing list
>	<freeradius-users at lists.freeradius.org>
>Message-ID: <BAY130-W126EC141C8DD048BA432ECCC600 at phx.gbl>
>Content-Type: text/plain; charset="iso-8859-1"
>
>
>Ian Truelsen
>
>you can try the hotspot(chillispot) under DD-WRT firmware to configure your 
>AP to authenticate against the radius server.
>Regards,
>Aren Chua> Date: Sun, 1 Apr 2007 10:16:25 +0200> From: 
>aland at deployingradius.com> To: freeradius-users at lists.freeradius.org> 
>Subject: Re: Anyone using dd-wrt for AP?> > Ian Truelsen wrote:> >> > 
>Hopefully that is not the case. The freeradius server is on an external> > 
>machine. I am trying to get the AP to authenticate against that server,> > 
>but I am having trouble sorting out how to get it to do this.> > There 
>should be a RADIUS server configuration. But you'll have to> enable 802.1x 
>authentication, too.> > Alan DeKok.> --> http://deployingradius.com - The 
>web site of the book> http://deployingradius.com/blog/ - The blog> - > List 
>info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>_________________________________________________________________
>Your friends are close to you.?Keep them that way.
>http://spaces.live.com/signup.aspx
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: 
>https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070402/5e13df6d/attachment-0001.html
>
>------------------------------
>
>Message: 7
>Date: Sun, 1 Apr 2007 22:59:20 -0700 (PDT)
>From: awaneesh kumar <awaneeshkmr at yahoo.com>
>Subject: EAP-AKA patch for Freeradius 1.1.2
>To: freeradius-users at lists.freeradius.org
>Message-ID: <181530.30637.qm at web58815.mail.re1.yahoo.com>
>Content-Type: text/plain; charset="iso-8859-1"
>
>Hi All,
>
>   I have downloaded patch from 
>http://bugs.freeradius.org/show_bug.cgi?id=386.
>   I have succesfully applied patch to Freeradius1.1.2. Few questions i 
>have..
>
>   a) Does patch supports optional identity privacy support, optional 
>result indications, and an optional fast re-authentication procedure.
>
>   b)   After receiving EAP-Request/AKA-Challenge from server, client 
>should calculate AT_MAC and compares with the received one. If it matches 
>it should send back the EAP-Response/AKA-Challenge with AT_RES and new 
>AT_MAC.
>   As per section 10.8 of RFC 4187, AT_RES should be encoded as follows.
>
>           The value field of this attribute begins with the 2-byte         
>                     RES Length,which identifies the exact length of the 
>RES in bits.  The RES length is followed by the AKA RES parameter.  
>According to [TS33.105], the length of the AKA RES can vary between 32 and 
>128 bits.  Because the length of the AT_RES         attribute must be a 
>multiple of 4 bytes, the sender pads the RES with zero bits        where 
>necessary
>
>   Trace below is packet from client to server:-
>
>   0x024200301701000003050000d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d00b0500         
>    000d6eb3a8082c9d2c0a031505b7a0fac0
>
>   c)   As per section 3 (Figure 2) from RFC 4187, if server is unable to 
>authenticate client if AT_MAC or AT_RES is incorrect, it should back the 
>EAP-Request/AKA-Notification to client and client should respond back with 
>EAP-Response/AKA-Notification. Then only server should send back EAP result 
>as Failure. But Freeradius1.1.2 sends back the EAP Result (FAILURE) with 
>Access-Reject.         How ever success scenarion works perfectly.
>
>   d) After receiving AKA-Challenge from Radius server, does patch supports 
>the checking of Sequence No from AUTN parameter?
>
>   Do we have any latest patch to support EAP-AKA?
>
>   Thanks
>
>
>
>
>
>
>---------------------------------
>Sucker-punch spam with award-winning protection.
>  Try the free Yahoo! Mail Beta.
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: 
>https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070401/1708475c/attachment.html
>
>------------------------------
>
>-
>List info/subscribe/unsubscribe? See 
>http://www.freeradius.org/list/users.html
>
>
>End of Freeradius-Users Digest, Vol 24, Issue 3
>***********************************************

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/




More information about the Freeradius-Users mailing list