Freeradius-Users Digest, Vol 24, Issue 5

khursheed Ahmed khursheedahmedqau at hotmail.com
Mon Apr 2 12:49:30 CEST 2007


Hi Jan

like Radtest, But radtest is used for the test of Radius installation
Could it will give me AVPs of
Radius so that may  I convert them for Diameter packets

thnx

>From: freeradius-users-request at lists.freeradius.org
>Reply-To: freeradius-users at lists.freeradius.org
>To: freeradius-users at lists.freeradius.org
>Subject: Freeradius-Users Digest, Vol 24, Issue 5
>Date: Mon, 02 Apr 2007 11:15:13 +0200
>
>Send Freeradius-Users mailing list submissions to
>	freeradius-users at lists.freeradius.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
>	http://lists.freeradius.org/mailman/listinfo/freeradius-users
>or, via email, send a message with subject or body 'help' to
>	freeradius-users-request at lists.freeradius.org
>
>You can reach the person managing the list at
>	freeradius-users-owner at lists.freeradius.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Freeradius-Users digest..."
>
>
>Today's Topics:
>
>    1. Re: Radius Packet Simulator (Jan Mulders)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Mon, 2 Apr 2007 10:15:03 +0100
>From: "Jan Mulders" <lastchancehotel at gmail.com>
>Subject: Re: Radius Packet Simulator
>To: "FreeRadius users mailing list"
>	<freeradius-users at lists.freeradius.org>
>Message-ID:
>	<2dae841b0704020215v35e5c076y3b4922c3202a24eb at mail.gmail.com>
>Content-Type: text/plain; charset="iso-8859-1"
>
>like Radtest, you mean?
>
>Jan
>
>On 02/04/07, khursheed Ahmed <khursheedahmedqau at hotmail.com> wrote:
> >
> >
> >
> > Hi All
> >
> >    I need a RADIUS Packet simulator, which could simulate RADIUS packet
> > for
> > me,
> > If is there any Plz tell me,
> > As I needed it bcz I m developing a Translation Agent which could
> > translate
> > (convert)
> > RADIS packet in to Diameter Packet.
> >
> > Is there any Idea Plz help me
> >
> >
> > Khursheed Ahmed QAU
> >
> >
> >
> >
> > >From: freeradius-users-request at lists.freeradius.org
> > >Reply-To: freeradius-users at lists.freeradius.org
> > >To: freeradius-users at lists.freeradius.org
> > >Subject: Freeradius-Users Digest, Vol 24, Issue 3
> > >Date: Mon, 02 Apr 2007 07:59:28 +0200
> > >
> > >Send Freeradius-Users mailing list submissions to
> > >       freeradius-users at lists.freeradius.org
> > >
> > >To subscribe or unsubscribe via the World Wide Web, visit
> > >       http://lists.freeradius.org/mailman/listinfo/freeradius-users
> > >or, via email, send a message with subject or body 'help' to
> > >       freeradius-users-request at lists.freeradius.org
> > >
> > >You can reach the person managing the list at
> > >       freeradius-users-owner at lists.freeradius.org
> > >
> > >When replying, please edit your Subject line so it is more specific
> > >than "Re: Contents of Freeradius-Users digest..."
> > >
> > >
> > >Today's Topics:
> > >
> > >    1. Re: Attributes (Shawn Mitchell)
> > >    2. Re: passing Calling-Station-ID (Adil Azmi Bikarbass)
> > >    3. Re: Freeradius-Users Digest, Vol 24, Issue 2 (Arran 
>Cudbard-Bell)
> > >    4. RE: Attributes [unclas] (Ranner, Frank MR)
> > >    5. Re: Attributes [unclas] (Shawn Mitchell)
> > >    6. RE: Anyone using dd-wrt for AP? (Aren Chua)
> > >    7. EAP-AKA patch for Freeradius 1.1.2 (awaneesh kumar)
> > >
> > >
> > >----------------------------------------------------------------------
> > >
> > >Message: 1
> > >Date: Sun, 01 Apr 2007 16:45:22 -0500
> > >From: Shawn Mitchell <shawnm at iodamedia.net>
> > >Subject: Re: Attributes
> > >To: FreeRadius users mailing list
> > >       <freeradius-users at lists.freeradius.org>
> > >Message-ID: <461027F2.3020605 at iodamedia.net>
> > >Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> > >
> > >Ok, here's what I'm doing:
> > >
> > >DEFAULT Client-IP-Address == xx.xx.xx.xx
> > >         Ascend-Data-Filter = "ip in forward tcp est",
> > >         Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24",
> > >         Ascend-Data-Filter = "ip in drop tcp dstport = 25",
> > >         Ascend-Data-Filter = "ip in forward",
> > >         Fall-Through = Yes
> > >
> > >I turned on logging of reply's, but all I'm seeing it send is:
> > >
> > >Sun Apr  1 16:31:21 2007
> > >         Ascend-Data-Filter = "ip in forward tcp est"
> > >
> > >I put this into the 'users' file btw.
> > >
> > >
> > >
> > >Alan DeKok wrote:
> > > > Shawn Mitchell wrote:
> > > >
> > > >> Where can I say "If client is 'x', then also send these attributes 
>to
> > > >> users being authenticated..."?
> > > >>
> > > >
> > > >   In the "users" file.
> > > >
> > > > DEFAULT Client-IP-Address == 1.2.3.4
> > > >     Reply-Message = "You're coming from 1.2.3.4"
> > > >
> > > >   Alan DeKok.
> > > > --
> > > >   http://deployingradius.com       - The web site of the book
> > > >   http://deployingradius.com/blog/ - The blog
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > >http://www.freeradius.org/list/users.html
> > > >
> > >
> > >
> > >
> > >------------------------------
> > >
> > >Message: 2
> > >Date: Sun, 01 Apr 2007 22:59:14 +0000
> > >From: Adil Azmi Bikarbass <adil at mtds.com>
> > >Subject: Re: passing Calling-Station-ID
> > >To: Alan DeKok <aland at deployingradius.com>
> > >Cc: FreeRadius users mailing list
> > >       <freeradius-users at lists.freeradius.org>
> > >Message-ID: <46103942.2070008 at mtds.com>
> > >Content-Type: text/plain;      charset=ISO-8859-1;     format=flowed
> > >
> > >Hello All,
> > >
> > >Do i need to create a whole DB for only one filed that i will pass from
> > >one NAS to another?
> > >
> > >Knowing that my Freeradius is running on Solaris 10 which DB you 
>suggest
> > >to use?
> > >
> > >Thank you
> > >
> > >
> > >Alan DeKok a ?crit :
> > > > Adil Azmi Bikarbass wrote:
> > > >
> > > >> The issue is that we want the second NAS to get the
> > calling-station-ID
> > > >> from the "someuser" session on Radius
> > > >>
> > > >
> > > >   To do... what?
> > > >
> > > >
> > > >> is there a way we can have this to work and pass this attribute 
>from
> > >one
> > > >> session to another?
> > > >>
> > > >
> > > >   Sure.  Store the Calling-Station-Id in a database when you receive
> > it
> > > > from the first NAS, then pull it out of the DB, and send it to the
> > > > second NAS.
> > > >
> > > >   Alan DeKok.
> > > > --
> > > >   http://deployingradius.com       - The web site of the book
> > > >   http://deployingradius.com/blog/ - The blog
> > > >
> > > >
> > >
> > >--
> > >|-Adil Bikarbass
> > >|-IT Manager, MTDS
> > >|-tel +212.3.767.4861
> > >|-fax +212.3.767.4863
> > >|-gsm +212.6.139. 4541
> > >|-14, rue 16 novembre
> > >|-Rabat, Kingdom of Morocco
> > >
> > >
> > >
> > >------------------------------
> > >
> > >Message: 3
> > >Date: Mon, 02 Apr 2007 00:00:43 +0100
> > >From: Arran Cudbard-Bell <A.Cudbard-Bell at sussex.ac.uk>
> > >Subject: Re: Freeradius-Users Digest, Vol 24, Issue 2
> > >To: freeradius-users at lists.freeradius.org
> > >Message-ID: <4610399B.6010008 at sussex.ac.uk>
> > >Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> > >
> > >
> > > >> Does anyone have a draft list of which clients actually support the
> > > >> Reply-Message and by which methods they can recieve them?
> > > >>
> > > >
> > > >   All clients will accept it.  Very few will do anything useful with
> > it.
> > > >
> > > >
> > > >> The reason why I ask , it during initial tests (using chap) the 
>built
> > >in
> > > >> windows CHAP supplicant would display the reply-messages being sent
> > >back
> > > >> from the server.
> > > >> Now we've moved on from CHAP to using EAP and the windows 
>supplicant
> > no
> > > >> longer displays the messages.
> > > >>
> > > >
> > > >   Yes.
> > > >
> > > >
> > > >> Am I right in assuming that with EAP attributes from the
> > access-accept
> > > >> packet only get to the NAS and that the NAS will strip out of the 
>EAP
> > > >> message
> > > >> and pass it on to the supplicant and thats all the supplicant will
> > ever
> > >get?
> > > >>
> > > >
> > > >   Yes.
> > > >
> > > >
> > > >> In which case, although the Reply-Message attribute is also 
>supported
> > >in
> > > >> PoD the client will never actually recieve it when using EAP ?
> > > >>
> > > >
> > > >   Yes.
> > > >
> > > >   Alan DeKok.
> > > >
> > >Ahh, Thanks for clearing that up !
> > >
> > >Don't suppose EAP supports encoding the equivalent of a Reply-Message ?
> > >
> > >P.S Well done for understanding my poorly punctuated morning ramblings 
>:)
> > >
> > >Arran
> > >
> > >
> > >
> > >------------------------------
> > >
> > >Message: 4
> > >Date: Mon, 2 Apr 2007 11:14:47 +1000
> > >From: "Ranner, Frank MR" <Frank.Ranner at defence.gov.au>
> > >Subject: RE: Attributes [unclas]
> > >To: "FreeRadius users mailing list"
> > >       <freeradius-users at lists.freeradius.org>
> > >Message-ID:
> > >       <3497E314EE23D54EACE26B5CFFD896980A6125 at drnrxm01.drn.mil.au>
> > >Content-Type: text/plain;      charset="US-ASCII"
> > >
> > >Use the += operator, eg Ascend-Data-Filter += "ip in forward dstip
> > >xx.xx.xx.0/24", to append to
> > >a multi-valued list.
> > >
> > >FR
> > >
> > > > -----Original Message-----
> > > > From:
> > > > freeradius-users-bounces+frank.ranner=defence.gov.au at lists.fre
> > > > eradius.org
> > > > [mailto:freeradius-users-bounces+frank.ranner=defence.gov.au at l
> > > > ists.freeradius.org] On Behalf Of Shawn Mitchell
> > > > Sent: Monday, 2 April 2007 07:45
> > > > To: FreeRadius users mailing list
> > > > Subject: Re: Attributes
> > > >
> > > > Ok, here's what I'm doing:
> > > >
> > > > DEFAULT Client-IP-Address == xx.xx.xx.xx
> > > >         Ascend-Data-Filter = "ip in forward tcp est",
> > > >         Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24",
> > > >         Ascend-Data-Filter = "ip in drop tcp dstport = 25",
> > > >         Ascend-Data-Filter = "ip in forward",
> > > >         Fall-Through = Yes
> > > >
> > > > I turned on logging of reply's, but all I'm seeing it send is:
> > > >
> > > > Sun Apr  1 16:31:21 2007
> > > >         Ascend-Data-Filter = "ip in forward tcp est"
> > > >
> > > > I put this into the 'users' file btw.
> > > >
> > > >
> > > >
> > > > Alan DeKok wrote:
> > > > > Shawn Mitchell wrote:
> > > > >
> > > > >> Where can I say "If client is 'x', then also send these
> > > > attributes to
> > > > >> users being authenticated..."?
> > > > >>
> > > > >
> > > > >   In the "users" file.
> > > > >
> > > > > DEFAULT Client-IP-Address == 1.2.3.4
> > > > >   Reply-Message = "You're coming from 1.2.3.4"
> > > > >
> > > > >   Alan DeKok.
> > > > > --
> > > > >   http://deployingradius.com       - The web site of the book
> > > > >   http://deployingradius.com/blog/ - The blog
> > > > > -
> > > > > List info/subscribe/unsubscribe? See
> > > > > http://www.freeradius.org/list/users.html
> > > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > > >
> > >
> > >
> > >
> > >------------------------------
> > >
> > >Message: 5
> > >Date: Sun, 01 Apr 2007 20:44:05 -0500
> > >From: Shawn Mitchell <shawnm at iodamedia.net>
> > >Subject: Re: Attributes [unclas]
> > >To: FreeRadius users mailing list
> > >       <freeradius-users at lists.freeradius.org>
> > >Message-ID: <46105FE5.3090904 at iodamedia.net>
> > >Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> > >
> > >Thanks!
> > >
> > >That seems to have fixed it
> > >
> > >radtest blarg blarg localhost 111 testing123
> > >
> > >Sending Access-Request of id 145 to 127.0.0.1:1812
> > >         User-Name = "blarg"
> > >         User-Password = "blarg"
> > >         NAS-IP-Address = xxxxxxxxxxxxxx
> > >         NAS-Port = 111
> > >rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=145,
> > length=180
> > >         Ascend-Data-Filter = "ip in forward tcp est"
> > >         Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24 0"
> > >         Ascend-Data-Filter = "ip in drop tcp dstport = 25"
> > >         Ascend-Data-Filter = "ip in forward 0"
> > >
> > >
> > >Ranner, Frank MR wrote:
> > > > Use the += operator, eg Ascend-Data-Filter += "ip in forward dstip
> > > > xx.xx.xx.0/24", to append to
> > > > a multi-valued list.
> > > >
> > > > FR
> > > >
> > > >
> > > >> -----Original Message-----
> > > >> From:
> > > >> freeradius-users-bounces+frank.ranner=defence.gov.au at lists.fre
> > > >> eradius.org
> > > >> [mailto:freeradius-users-bounces+frank.ranner=defence.gov.au at l
> > > >> ists.freeradius.org] On Behalf Of Shawn Mitchell
> > > >> Sent: Monday, 2 April 2007 07:45
> > > >> To: FreeRadius users mailing list
> > > >> Subject: Re: Attributes
> > > >>
> > > >> Ok, here's what I'm doing:
> > > >>
> > > >> DEFAULT Client-IP-Address == xx.xx.xx.xx
> > > >>         Ascend-Data-Filter = "ip in forward tcp est",
> > > >>         Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24",
> > > >>         Ascend-Data-Filter = "ip in drop tcp dstport = 25",
> > > >>         Ascend-Data-Filter = "ip in forward",
> > > >>         Fall-Through = Yes
> > > >>
> > > >> I turned on logging of reply's, but all I'm seeing it send is:
> > > >>
> > > >> Sun Apr  1 16:31:21 2007
> > > >>         Ascend-Data-Filter = "ip in forward tcp est"
> > > >>
> > > >> I put this into the 'users' file btw.
> > > >>
> > > >>
> > > >>
> > > >> Alan DeKok wrote:
> > > >>
> > > >>> Shawn Mitchell wrote:
> > > >>>
> > > >>>
> > > >>>> Where can I say "If client is 'x', then also send these
> > > >>>>
> > > >> attributes to
> > > >>
> > > >>>> users being authenticated..."?
> > > >>>>
> > > >>>>
> > > >>>   In the "users" file.
> > > >>>
> > > >>> DEFAULT Client-IP-Address == 1.2.3.4
> > > >>>   Reply-Message = "You're coming from 1.2.3.4"
> > > >>>
> > > >>>   Alan DeKok.
> > > >>> --
> > > >>>   http://deployingradius.com       - The web site of the book
> > > >>>   http://deployingradius.com/blog/ - The blog
> > > >>> -
> > > >>> List info/subscribe/unsubscribe? See
> > > >>> http://www.freeradius.org/list/users.html
> > > >>>
> > > >>>
> > > >> -
> > > >> List info/subscribe/unsubscribe? See
> > > >> http://www.freeradius.org/list/users.html
> > > >>
> > > >>
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > >http://www.freeradius.org/list/users.html
> > > >
> > >
> > >
> > >
> > >------------------------------
> > >
> > >Message: 6
> > >Date: Mon, 2 Apr 2007 03:03:25 +0000
> > >From: Aren Chua <cclian18 at hotmail.com>
> > >Subject: RE: Anyone using dd-wrt for AP?
> > >To: FreeRadius users mailing list
> > >       <freeradius-users at lists.freeradius.org>
> > >Message-ID: <BAY130-W126EC141C8DD048BA432ECCC600 at phx.gbl>
> > >Content-Type: text/plain; charset="iso-8859-1"
> > >
> > >
> > >Ian Truelsen
> > >
> > >you can try the hotspot(chillispot) under DD-WRT firmware to configure
> > your
> > >AP to authenticate against the radius server.
> > >Regards,
> > >Aren Chua> Date: Sun, 1 Apr 2007 10:16:25 +0200> From:
> > >aland at deployingradius.com> To: freeradius-users at lists.freeradius.org>
> > >Subject: Re: Anyone using dd-wrt for AP?> > Ian Truelsen wrote:> >> >
> > >Hopefully that is not the case. The freeradius server is on an 
>external>
> > >
> > >machine. I am trying to get the AP to authenticate against that 
>server,>
> > >
> > >but I am having trouble sorting out how to get it to do this.> > There
> > >should be a RADIUS server configuration. But you'll have to> enable
> > 802.1x
> > >authentication, too.> > Alan DeKok.> --> http://deployingradius.com - 
>The
> > >web site of the book> http://deployingradius.com/blog/ - The blog> - >
> > List
> > >info/subscribe/unsubscribe? See 
>http://www.freeradius.org/list/users.html
> > >_________________________________________________________________
> > >Your friends are close to you.?Keep them that way.
> > >http://spaces.live.com/signup.aspx
> > >-------------- next part --------------
> > >An HTML attachment was scrubbed...
> > >URL:
> > >
> > 
>https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070402/5e13df6d/attachment-0001.html
> > >
> > >------------------------------
> > >
> > >Message: 7
> > >Date: Sun, 1 Apr 2007 22:59:20 -0700 (PDT)
> > >From: awaneesh kumar <awaneeshkmr at yahoo.com>
> > >Subject: EAP-AKA patch for Freeradius 1.1.2
> > >To: freeradius-users at lists.freeradius.org
> > >Message-ID: <181530.30637.qm at web58815.mail.re1.yahoo.com>
> > >Content-Type: text/plain; charset="iso-8859-1"
> > >
> > >Hi All,
> > >
> > >   I have downloaded patch from
> > >http://bugs.freeradius.org/show_bug.cgi?id=386.
> > >   I have succesfully applied patch to Freeradius1.1.2. Few questions i
> > >have..
> > >
> > >   a) Does patch supports optional identity privacy support, optional
> > >result indications, and an optional fast re-authentication procedure.
> > >
> > >   b)   After receiving EAP-Request/AKA-Challenge from server, client
> > >should calculate AT_MAC and compares with the received one. If it 
>matches
> > >it should send back the EAP-Response/AKA-Challenge with AT_RES and new
> > >AT_MAC.
> > >   As per section 10.8 of RFC 4187, AT_RES should be encoded as 
>follows.
> > >
> > >           The value field of this attribute begins with the 2-byte
> > >                     RES Length,which identifies the exact length of 
>the
> > >RES in bits.  The RES length is followed by the AKA RES parameter.
> > >According to [TS33.105], the length of the AKA RES can vary between 32
> > and
> > >128 bits.  Because the length of the AT_RES         attribute must be a
> > >multiple of 4 bytes, the sender pads the RES with zero bits        
>where
> > >necessary
> > >
> > >   Trace below is packet from client to server:-
> > >
> > >   0x024200301701000003050000d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d00b0500
> > >    000d6eb3a8082c9d2c0a031505b7a0fac0
> > >
> > >   c)   As per section 3 (Figure 2) from RFC 4187, if server is unable 
>to
> > >authenticate client if AT_MAC or AT_RES is incorrect, it should back 
>the
> > >EAP-Request/AKA-Notification to client and client should respond back
> > with
> > >EAP-Response/AKA-Notification. Then only server should send back EAP
> > result
> > >as Failure. But Freeradius1.1.2 sends back the EAP Result (FAILURE) 
>with
> > >Access-Reject.         How ever success scenarion works perfectly.
> > >
> > >   d) After receiving AKA-Challenge from Radius server, does patch
> > supports
> > >the checking of Sequence No from AUTN parameter?
> > >
> > >   Do we have any latest patch to support EAP-AKA?
> > >
> > >   Thanks
> > >
> > >
> > >
> > >
> > >
> > >
> > >---------------------------------
> > >Sucker-punch spam with award-winning protection.
> > >  Try the free Yahoo! Mail Beta.
> > >-------------- next part --------------
> > >An HTML attachment was scrubbed...
> > >URL:
> > >
> > 
>https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070401/1708475c/attachment.html
> > >
> > >------------------------------
> > >
> > >-
> > >List info/subscribe/unsubscribe? See
> > >http://www.freeradius.org/list/users.html
> > >
> > >
> > >End of Freeradius-Users Digest, Vol 24, Issue 3
> > >***********************************************
> >
> > _________________________________________________________________
> > Express yourself instantly with MSN Messenger! Download today it's FREE!
> > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: 
>https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070402/5b0b22be/attachment.html
>
>------------------------------
>
>-
>List info/subscribe/unsubscribe? See 
>http://www.freeradius.org/list/users.html
>
>
>End of Freeradius-Users Digest, Vol 24, Issue 5
>***********************************************

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/




More information about the Freeradius-Users mailing list