Radius Packet Simulator
Jan Mulders
lastchancehotel at gmail.com
Mon Apr 2 11:15:03 CEST 2007
like Radtest, you mean?
Jan
On 02/04/07, khursheed Ahmed <khursheedahmedqau at hotmail.com> wrote:
>
>
>
> Hi All
>
> I need a RADIUS Packet simulator, which could simulate RADIUS packet
> for
> me,
> If is there any Plz tell me,
> As I needed it bcz I m developing a Translation Agent which could
> translate
> (convert)
> RADIS packet in to Diameter Packet.
>
> Is there any Idea Plz help me
>
>
> Khursheed Ahmed QAU
>
>
>
>
> >From: freeradius-users-request at lists.freeradius.org
> >Reply-To: freeradius-users at lists.freeradius.org
> >To: freeradius-users at lists.freeradius.org
> >Subject: Freeradius-Users Digest, Vol 24, Issue 3
> >Date: Mon, 02 Apr 2007 07:59:28 +0200
> >
> >Send Freeradius-Users mailing list submissions to
> > freeradius-users at lists.freeradius.org
> >
> >To subscribe or unsubscribe via the World Wide Web, visit
> > http://lists.freeradius.org/mailman/listinfo/freeradius-users
> >or, via email, send a message with subject or body 'help' to
> > freeradius-users-request at lists.freeradius.org
> >
> >You can reach the person managing the list at
> > freeradius-users-owner at lists.freeradius.org
> >
> >When replying, please edit your Subject line so it is more specific
> >than "Re: Contents of Freeradius-Users digest..."
> >
> >
> >Today's Topics:
> >
> > 1. Re: Attributes (Shawn Mitchell)
> > 2. Re: passing Calling-Station-ID (Adil Azmi Bikarbass)
> > 3. Re: Freeradius-Users Digest, Vol 24, Issue 2 (Arran Cudbard-Bell)
> > 4. RE: Attributes [unclas] (Ranner, Frank MR)
> > 5. Re: Attributes [unclas] (Shawn Mitchell)
> > 6. RE: Anyone using dd-wrt for AP? (Aren Chua)
> > 7. EAP-AKA patch for Freeradius 1.1.2 (awaneesh kumar)
> >
> >
> >----------------------------------------------------------------------
> >
> >Message: 1
> >Date: Sun, 01 Apr 2007 16:45:22 -0500
> >From: Shawn Mitchell <shawnm at iodamedia.net>
> >Subject: Re: Attributes
> >To: FreeRadius users mailing list
> > <freeradius-users at lists.freeradius.org>
> >Message-ID: <461027F2.3020605 at iodamedia.net>
> >Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >
> >Ok, here's what I'm doing:
> >
> >DEFAULT Client-IP-Address == xx.xx.xx.xx
> > Ascend-Data-Filter = "ip in forward tcp est",
> > Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24",
> > Ascend-Data-Filter = "ip in drop tcp dstport = 25",
> > Ascend-Data-Filter = "ip in forward",
> > Fall-Through = Yes
> >
> >I turned on logging of reply's, but all I'm seeing it send is:
> >
> >Sun Apr 1 16:31:21 2007
> > Ascend-Data-Filter = "ip in forward tcp est"
> >
> >I put this into the 'users' file btw.
> >
> >
> >
> >Alan DeKok wrote:
> > > Shawn Mitchell wrote:
> > >
> > >> Where can I say "If client is 'x', then also send these attributes to
> > >> users being authenticated..."?
> > >>
> > >
> > > In the "users" file.
> > >
> > > DEFAULT Client-IP-Address == 1.2.3.4
> > > Reply-Message = "You're coming from 1.2.3.4"
> > >
> > > Alan DeKok.
> > > --
> > > http://deployingradius.com - The web site of the book
> > > http://deployingradius.com/blog/ - The blog
> > > -
> > > List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
> > >
> >
> >
> >
> >------------------------------
> >
> >Message: 2
> >Date: Sun, 01 Apr 2007 22:59:14 +0000
> >From: Adil Azmi Bikarbass <adil at mtds.com>
> >Subject: Re: passing Calling-Station-ID
> >To: Alan DeKok <aland at deployingradius.com>
> >Cc: FreeRadius users mailing list
> > <freeradius-users at lists.freeradius.org>
> >Message-ID: <46103942.2070008 at mtds.com>
> >Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >
> >Hello All,
> >
> >Do i need to create a whole DB for only one filed that i will pass from
> >one NAS to another?
> >
> >Knowing that my Freeradius is running on Solaris 10 which DB you suggest
> >to use?
> >
> >Thank you
> >
> >
> >Alan DeKok a ?crit :
> > > Adil Azmi Bikarbass wrote:
> > >
> > >> The issue is that we want the second NAS to get the
> calling-station-ID
> > >> from the "someuser" session on Radius
> > >>
> > >
> > > To do... what?
> > >
> > >
> > >> is there a way we can have this to work and pass this attribute from
> >one
> > >> session to another?
> > >>
> > >
> > > Sure. Store the Calling-Station-Id in a database when you receive
> it
> > > from the first NAS, then pull it out of the DB, and send it to the
> > > second NAS.
> > >
> > > Alan DeKok.
> > > --
> > > http://deployingradius.com - The web site of the book
> > > http://deployingradius.com/blog/ - The blog
> > >
> > >
> >
> >--
> >|-Adil Bikarbass
> >|-IT Manager, MTDS
> >|-tel +212.3.767.4861
> >|-fax +212.3.767.4863
> >|-gsm +212.6.139. 4541
> >|-14, rue 16 novembre
> >|-Rabat, Kingdom of Morocco
> >
> >
> >
> >------------------------------
> >
> >Message: 3
> >Date: Mon, 02 Apr 2007 00:00:43 +0100
> >From: Arran Cudbard-Bell <A.Cudbard-Bell at sussex.ac.uk>
> >Subject: Re: Freeradius-Users Digest, Vol 24, Issue 2
> >To: freeradius-users at lists.freeradius.org
> >Message-ID: <4610399B.6010008 at sussex.ac.uk>
> >Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >
> >
> > >> Does anyone have a draft list of which clients actually support the
> > >> Reply-Message and by which methods they can recieve them?
> > >>
> > >
> > > All clients will accept it. Very few will do anything useful with
> it.
> > >
> > >
> > >> The reason why I ask , it during initial tests (using chap) the built
> >in
> > >> windows CHAP supplicant would display the reply-messages being sent
> >back
> > >> from the server.
> > >> Now we've moved on from CHAP to using EAP and the windows supplicant
> no
> > >> longer displays the messages.
> > >>
> > >
> > > Yes.
> > >
> > >
> > >> Am I right in assuming that with EAP attributes from the
> access-accept
> > >> packet only get to the NAS and that the NAS will strip out of the EAP
> > >> message
> > >> and pass it on to the supplicant and thats all the supplicant will
> ever
> >get?
> > >>
> > >
> > > Yes.
> > >
> > >
> > >> In which case, although the Reply-Message attribute is also supported
> >in
> > >> PoD the client will never actually recieve it when using EAP ?
> > >>
> > >
> > > Yes.
> > >
> > > Alan DeKok.
> > >
> >Ahh, Thanks for clearing that up !
> >
> >Don't suppose EAP supports encoding the equivalent of a Reply-Message ?
> >
> >P.S Well done for understanding my poorly punctuated morning ramblings :)
> >
> >Arran
> >
> >
> >
> >------------------------------
> >
> >Message: 4
> >Date: Mon, 2 Apr 2007 11:14:47 +1000
> >From: "Ranner, Frank MR" <Frank.Ranner at defence.gov.au>
> >Subject: RE: Attributes [unclas]
> >To: "FreeRadius users mailing list"
> > <freeradius-users at lists.freeradius.org>
> >Message-ID:
> > <3497E314EE23D54EACE26B5CFFD896980A6125 at drnrxm01.drn.mil.au>
> >Content-Type: text/plain; charset="US-ASCII"
> >
> >Use the += operator, eg Ascend-Data-Filter += "ip in forward dstip
> >xx.xx.xx.0/24", to append to
> >a multi-valued list.
> >
> >FR
> >
> > > -----Original Message-----
> > > From:
> > > freeradius-users-bounces+frank.ranner=defence.gov.au at lists.fre
> > > eradius.org
> > > [mailto:freeradius-users-bounces+frank.ranner=defence.gov.au at l
> > > ists.freeradius.org] On Behalf Of Shawn Mitchell
> > > Sent: Monday, 2 April 2007 07:45
> > > To: FreeRadius users mailing list
> > > Subject: Re: Attributes
> > >
> > > Ok, here's what I'm doing:
> > >
> > > DEFAULT Client-IP-Address == xx.xx.xx.xx
> > > Ascend-Data-Filter = "ip in forward tcp est",
> > > Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24",
> > > Ascend-Data-Filter = "ip in drop tcp dstport = 25",
> > > Ascend-Data-Filter = "ip in forward",
> > > Fall-Through = Yes
> > >
> > > I turned on logging of reply's, but all I'm seeing it send is:
> > >
> > > Sun Apr 1 16:31:21 2007
> > > Ascend-Data-Filter = "ip in forward tcp est"
> > >
> > > I put this into the 'users' file btw.
> > >
> > >
> > >
> > > Alan DeKok wrote:
> > > > Shawn Mitchell wrote:
> > > >
> > > >> Where can I say "If client is 'x', then also send these
> > > attributes to
> > > >> users being authenticated..."?
> > > >>
> > > >
> > > > In the "users" file.
> > > >
> > > > DEFAULT Client-IP-Address == 1.2.3.4
> > > > Reply-Message = "You're coming from 1.2.3.4"
> > > >
> > > > Alan DeKok.
> > > > --
> > > > http://deployingradius.com - The web site of the book
> > > > http://deployingradius.com/blog/ - The blog
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> >
> >
> >
> >------------------------------
> >
> >Message: 5
> >Date: Sun, 01 Apr 2007 20:44:05 -0500
> >From: Shawn Mitchell <shawnm at iodamedia.net>
> >Subject: Re: Attributes [unclas]
> >To: FreeRadius users mailing list
> > <freeradius-users at lists.freeradius.org>
> >Message-ID: <46105FE5.3090904 at iodamedia.net>
> >Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >
> >Thanks!
> >
> >That seems to have fixed it
> >
> >radtest blarg blarg localhost 111 testing123
> >
> >Sending Access-Request of id 145 to 127.0.0.1:1812
> > User-Name = "blarg"
> > User-Password = "blarg"
> > NAS-IP-Address = xxxxxxxxxxxxxx
> > NAS-Port = 111
> >rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=145,
> length=180
> > Ascend-Data-Filter = "ip in forward tcp est"
> > Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24 0"
> > Ascend-Data-Filter = "ip in drop tcp dstport = 25"
> > Ascend-Data-Filter = "ip in forward 0"
> >
> >
> >Ranner, Frank MR wrote:
> > > Use the += operator, eg Ascend-Data-Filter += "ip in forward dstip
> > > xx.xx.xx.0/24", to append to
> > > a multi-valued list.
> > >
> > > FR
> > >
> > >
> > >> -----Original Message-----
> > >> From:
> > >> freeradius-users-bounces+frank.ranner=defence.gov.au at lists.fre
> > >> eradius.org
> > >> [mailto:freeradius-users-bounces+frank.ranner=defence.gov.au at l
> > >> ists.freeradius.org] On Behalf Of Shawn Mitchell
> > >> Sent: Monday, 2 April 2007 07:45
> > >> To: FreeRadius users mailing list
> > >> Subject: Re: Attributes
> > >>
> > >> Ok, here's what I'm doing:
> > >>
> > >> DEFAULT Client-IP-Address == xx.xx.xx.xx
> > >> Ascend-Data-Filter = "ip in forward tcp est",
> > >> Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24",
> > >> Ascend-Data-Filter = "ip in drop tcp dstport = 25",
> > >> Ascend-Data-Filter = "ip in forward",
> > >> Fall-Through = Yes
> > >>
> > >> I turned on logging of reply's, but all I'm seeing it send is:
> > >>
> > >> Sun Apr 1 16:31:21 2007
> > >> Ascend-Data-Filter = "ip in forward tcp est"
> > >>
> > >> I put this into the 'users' file btw.
> > >>
> > >>
> > >>
> > >> Alan DeKok wrote:
> > >>
> > >>> Shawn Mitchell wrote:
> > >>>
> > >>>
> > >>>> Where can I say "If client is 'x', then also send these
> > >>>>
> > >> attributes to
> > >>
> > >>>> users being authenticated..."?
> > >>>>
> > >>>>
> > >>> In the "users" file.
> > >>>
> > >>> DEFAULT Client-IP-Address == 1.2.3.4
> > >>> Reply-Message = "You're coming from 1.2.3.4"
> > >>>
> > >>> Alan DeKok.
> > >>> --
> > >>> http://deployingradius.com - The web site of the book
> > >>> http://deployingradius.com/blog/ - The blog
> > >>> -
> > >>> List info/subscribe/unsubscribe? See
> > >>> http://www.freeradius.org/list/users.html
> > >>>
> > >>>
> > >> -
> > >> List info/subscribe/unsubscribe? See
> > >> http://www.freeradius.org/list/users.html
> > >>
> > >>
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
> > >
> >
> >
> >
> >------------------------------
> >
> >Message: 6
> >Date: Mon, 2 Apr 2007 03:03:25 +0000
> >From: Aren Chua <cclian18 at hotmail.com>
> >Subject: RE: Anyone using dd-wrt for AP?
> >To: FreeRadius users mailing list
> > <freeradius-users at lists.freeradius.org>
> >Message-ID: <BAY130-W126EC141C8DD048BA432ECCC600 at phx.gbl>
> >Content-Type: text/plain; charset="iso-8859-1"
> >
> >
> >Ian Truelsen
> >
> >you can try the hotspot(chillispot) under DD-WRT firmware to configure
> your
> >AP to authenticate against the radius server.
> >Regards,
> >Aren Chua> Date: Sun, 1 Apr 2007 10:16:25 +0200> From:
> >aland at deployingradius.com> To: freeradius-users at lists.freeradius.org>
> >Subject: Re: Anyone using dd-wrt for AP?> > Ian Truelsen wrote:> >> >
> >Hopefully that is not the case. The freeradius server is on an external>
> >
> >machine. I am trying to get the AP to authenticate against that server,>
> >
> >but I am having trouble sorting out how to get it to do this.> > There
> >should be a RADIUS server configuration. But you'll have to> enable
> 802.1x
> >authentication, too.> > Alan DeKok.> --> http://deployingradius.com - The
> >web site of the book> http://deployingradius.com/blog/ - The blog> - >
> List
> >info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >_________________________________________________________________
> >Your friends are close to you.?Keep them that way.
> >http://spaces.live.com/signup.aspx
> >-------------- next part --------------
> >An HTML attachment was scrubbed...
> >URL:
> >
> https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070402/5e13df6d/attachment-0001.html
> >
> >------------------------------
> >
> >Message: 7
> >Date: Sun, 1 Apr 2007 22:59:20 -0700 (PDT)
> >From: awaneesh kumar <awaneeshkmr at yahoo.com>
> >Subject: EAP-AKA patch for Freeradius 1.1.2
> >To: freeradius-users at lists.freeradius.org
> >Message-ID: <181530.30637.qm at web58815.mail.re1.yahoo.com>
> >Content-Type: text/plain; charset="iso-8859-1"
> >
> >Hi All,
> >
> > I have downloaded patch from
> >http://bugs.freeradius.org/show_bug.cgi?id=386.
> > I have succesfully applied patch to Freeradius1.1.2. Few questions i
> >have..
> >
> > a) Does patch supports optional identity privacy support, optional
> >result indications, and an optional fast re-authentication procedure.
> >
> > b) After receiving EAP-Request/AKA-Challenge from server, client
> >should calculate AT_MAC and compares with the received one. If it matches
> >it should send back the EAP-Response/AKA-Challenge with AT_RES and new
> >AT_MAC.
> > As per section 10.8 of RFC 4187, AT_RES should be encoded as follows.
> >
> > The value field of this attribute begins with the 2-byte
> > RES Length,which identifies the exact length of the
> >RES in bits. The RES length is followed by the AKA RES parameter.
> >According to [TS33.105], the length of the AKA RES can vary between 32
> and
> >128 bits. Because the length of the AT_RES attribute must be a
> >multiple of 4 bytes, the sender pads the RES with zero bits where
> >necessary
> >
> > Trace below is packet from client to server:-
> >
> > 0x024200301701000003050000d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d00b0500
> > 000d6eb3a8082c9d2c0a031505b7a0fac0
> >
> > c) As per section 3 (Figure 2) from RFC 4187, if server is unable to
> >authenticate client if AT_MAC or AT_RES is incorrect, it should back the
> >EAP-Request/AKA-Notification to client and client should respond back
> with
> >EAP-Response/AKA-Notification. Then only server should send back EAP
> result
> >as Failure. But Freeradius1.1.2 sends back the EAP Result (FAILURE) with
> >Access-Reject. How ever success scenarion works perfectly.
> >
> > d) After receiving AKA-Challenge from Radius server, does patch
> supports
> >the checking of Sequence No from AUTN parameter?
> >
> > Do we have any latest patch to support EAP-AKA?
> >
> > Thanks
> >
> >
> >
> >
> >
> >
> >---------------------------------
> >Sucker-punch spam with award-winning protection.
> > Try the free Yahoo! Mail Beta.
> >-------------- next part --------------
> >An HTML attachment was scrubbed...
> >URL:
> >
> https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070401/1708475c/attachment.html
> >
> >------------------------------
> >
> >-
> >List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
> >
> >
> >End of Freeradius-Users Digest, Vol 24, Issue 3
> >***********************************************
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070402/5b0b22be/attachment.html>
More information about the Freeradius-Users
mailing list