Support for WiMAX VSA
Nitin Naveen
Nitin.Naveen at hsc.com
Thu Jul 19 06:54:09 CEST 2007
Hi Walter,
We fixed the freeradius so that the WiMAX VSA may be downloaded to the
ASNGW after
EAP completion. We have not enhanced freeradius to be AAA server in a
WiMAX network.
We download the MSK from freeradius to our ASNGW. Based on the downloaded
MSK
our ASNGW generates the AK context and hence the required keys. Freeradius
only
provides the key material, generation is part of our ASNGW. Hope this
explanation helps.
We can work towards making freeradius a complete AAA server for the WiMAX
network.
Regards
Nitin
freeradius-users-request at lists.freeradius.org
Sent by:
freeradius-users-bounces+nitin.naveen=hsc.com at lists.freeradius.org
07/19/2007 09:27 AM
Please respond to
freeradius-users at lists.freeradius.org
To
freeradius-users at lists.freeradius.org
cc
Subject
Freeradius-Users Digest, Vol 27, Issue 114
Send Freeradius-Users mailing list submissions to
freeradius-users at lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request at lists.freeradius.org
You can reach the person managing the list at
freeradius-users-owner at lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. RE: Mikrotik Accounting ON/OFF (Hugh Messenger)
2. Re: 1.1.7 sqlippool %{SQL-User-Name} (Peter Nixon)
3. Testing WAD via ntlm_auth (ken)
4. Re: Testing WAD via ntlm_auth (A.L.M.Buxey at lboro.ac.uk)
5. RE: Mikrotik Accounting ON/OFF (tnt at kalik.co.yu)
6. Re: Testing WAD via ntlm_auth (tnt at kalik.co.yu)
7. RE: Mikrotik Accounting ON/OFF (Hugh Messenger)
8. Support for WiMAX VSA (Nitin Naveen)
9.Support for WiMAX VSA(Walter Goulet)
----------------------------------------------------------------------
Message: 1
Date: Wed, 18 Jul 2007 14:47:22 -0500
From: "Hugh Messenger" <hugh at alaweb.com>
Subject: RE: Mikrotik Accounting ON/OFF
To: "'FreeRadius users mailing list'"
<freeradius-users at lists.freeradius.org>
Message-ID: <00d301c7c974$76445ed0$010210ac at DELLBOY>
Content-Type: text/plain; charset="us-ascii"
tnt at kalik.co.yu said:
> >, but if anyone on this list has a Beta 3 setup :-D
>
> Good old SETUP - missing or bug:
> http://forum.mikrotik.com/viewtopic.php?f=1&t=16963
OK, I'll rephrase that ... "if anyone on this list has a 3.0beta10 install
they can test with". :)
> Ivan Kalik
> Kalik Informatika ISP
-- hugh
------------------------------
Message: 2
Date: Wed, 18 Jul 2007 23:03:46 +0300
From: Peter Nixon <listuser at peternixon.net>
Subject: Re: 1.1.7 sqlippool %{SQL-User-Name}
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <200707182303.46430.listuser at peternixon.net>
Content-Type: text/plain; charset="iso-8859-1"
On Wed 18 Jul 2007, Hugh Messenger wrote:
> Peter Nixon quoth:
> > On Tue 17 Jul 2007, Hugh Messenger wrote:
> > > Can we add sqlippool to the ./modules/stable list?
> >
> > It is in the stable list for 2.0 but its up to Alan whether we put it
in
> > for 1.1.7
>
> It's been pretty darn stable for me in 1.1.6. And now we've gotten the
> MySQL stuff whipped into shape and fixed a few other issues for 1.1.7,
I'd
> say it's ready for Prime Time.
OK. Thats good enough for me. I have added it :-)
--
Peter Nixon
http://peternixon.net/
------------------------------
Message: 3
Date: Wed, 18 Jul 2007 21:41:10 +0100
From: ken <k.brown at bbk.ac.uk>
Subject: Testing WAD via ntlm_auth
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <469E7AE6.8060505 at bbk.ac.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Does anyone have actual examples of radclient (or other
command-line tools) being used to test Freeradius using Windows
Active Directory authentication via samba/ntlm_auth?
I'd like to be able to test Radius authentication for various
different categories of user on our Active Directory.
Presumably this involves PEAP/MSCHAPv2 I can't work out how to
do it without using a Windows client and a wireless
infrastructure we don't have yet. (or even if it is doable)
I can use radclient to test PAP and "straight" CHAP against
locally defined users with cleartext passwords. Time to go one
step further.
------------------------------
Message: 4
Date: Wed, 18 Jul 2007 21:55:08 +0100
From: A.L.M.Buxey at lboro.ac.uk
Subject: Re: Testing WAD via ntlm_auth
To: k.brown at bbk.ac.uk, FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <20070718205508.GA21505 at lboro.ac.uk>
Content-Type: text/plain; charset=us-ascii
Hi,
> Presumably this involves PEAP/MSCHAPv2 I can't work out how to
> do it without using a Windows client and a wireless
> infrastructure we don't have yet. (or even if it is doable)
you dont need wireless to do such testing - there are plenty
of ethernet switches out there that do 802.1x and can throw
the EAP authentication to your RADIUS box...
....with this in mind, you could use wpa_supplicant on linux
- yes it does wired 802.1x nicely... eg have this in the config
eap=PEAP
identity="domain\username"
password="secret_password"
ca_cert="/etc/cert/ca.pem"
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
or..since you're playing with wpa_supplicant..use its handy tool
eapol_test - very useful.
of course, with wired 802.1x you can also play with the windows client
and get used to its quirks and foibles.
alan
------------------------------
Message: 5
Date: Wed, 18 Jul 2007 22:05:01 +0100
From: <tnt at kalik.co.yu>
Subject: RE: Mikrotik Accounting ON/OFF
To: "FreeRadius users mailing list"
<freeradius-users at lists.freeradius.org>
Message-ID: <b03pBwWK.1184792701.4799830.tnt at kalik.co.yu>
Content-Type: text/plain; charset=ISO-8859-2
I have an idle routerboard waiting for a replacement wifi mini-pci. It
has routeros 2.9 but somehow I am not tempted to try the upgrade:
upgrade to 3beta & failed logins:
http://forum.mikrotik.com/viewtopic.php?f=3&t=17128
On liked topic things go from bad to worse - it seems that the wireless
package is working as well as setup command in beta:
RB133c and 3.10b:
http://forum.mikrotik.com/viewtopic.php?f=1&t=16502&p=80766
And since routerboard has flash memory and not HDD for storing OS I am
not so sure what would happen to the licence after the
upgrade/downgrade. Not particularly keen to find out :-(
Ivan Kalik
Kalik Informatika ISP
Dana 18/7/2007, "Hugh Messenger" <hugh at alaweb.com> pi?e:
>tnt at kalik.co.yu said:
>> >, but if anyone on this list has a Beta 3 setup :-D
>>
>> Good old SETUP - missing or bug:
>> http://forum.mikrotik.com/viewtopic.php?f=1&t=16963
>
>OK, I'll rephrase that ... "if anyone on this list has a 3.0beta10
install
>they can test with". :)
>
>> Ivan Kalik
>> Kalik Informatika ISP
>
> -- hugh
>
>
>-
>List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>
------------------------------
Message: 6
Date: Wed, 18 Jul 2007 23:38:12 +0100
From: <tnt at kalik.co.yu>
Subject: Re: Testing WAD via ntlm_auth
To: freeradius-users at lists.freeradius.org
Message-ID: <20aUZbvV.1184798292.9840090.tnt at kalik.co.yu>
Content-Type: text/plain; charset=ISO-8859-2
http://www.nabble.com/MSCHAP-test-client--tf4069370.html
You don't need to do PEAP to test ntlm_auth, just MSCHAP.
Ivan Kalik
Kalik Informatika ISP
Dana 18/7/2007, "ken" <k.brown at bbk.ac.uk> pi?e:
>Does anyone have actual examples of radclient (or other
>command-line tools) being used to test Freeradius using Windows
>Active Directory authentication via samba/ntlm_auth?
>
>I'd like to be able to test Radius authentication for various
>different categories of user on our Active Directory.
>
>Presumably this involves PEAP/MSCHAPv2 I can't work out how to
>do it without using a Windows client and a wireless
>infrastructure we don't have yet. (or even if it is doable)
>
>I can use radclient to test PAP and "straight" CHAP against
>locally defined users with cleartext passwords. Time to go one
>step further.
>
>
>
>
>-
>List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>
------------------------------
Message: 7
Date: Wed, 18 Jul 2007 17:58:06 -0500
From: "Hugh Messenger" <hugh at alaweb.com>
Subject: RE: Mikrotik Accounting ON/OFF
To: "'FreeRadius users mailing list'"
<freeradius-users at lists.freeradius.org>
Message-ID: <00e401c7c98f$1b3a2450$010210ac at DELLBOY>
Content-Type: text/plain; charset="us-ascii"
I finally thought to look in the changelog
http://www.mikrotik.com/download/CHANGELOG_beta
> What's new in 3.0beta10:
[blah blah]
> *) added radius client to send Accounting-On packet on startup;
[blah]
-- hugh
------------------------------
Message: 8
Date: Thu, 19 Jul 2007 09:11:26 +0530
From: Nitin Naveen <Nitin.Naveen at hsc.com>
Subject: Support for WiMAX VSA
To: freeradius-users at lists.freeradius.org
Cc:
freeradius-users-bounces+nitin.naveen=hsc.com at lists.freeradius.org,
freeradius-users at lists.freeradius.org
Message-ID:
<OF4AEE7966.C6FE6E61-ON6525731D.00137FC1-6525731D.00149CEF at hsc.com>
Content-Type: text/plain; charset="us-ascii"
Hello All,
Hi I am Nitin Naveen working with HUGHES SYSTIQUE. We have been working to
enhance freeradius to support WiMAX VSA (as per WiMAX NWG forum). WiMAX
VSA are not the typical type-length-value rather they have
type-length-controlinfo-value.
We have enhanced the dictionary but we were not able to generate the
attributes
as per the WiMAX NWG format. For now we have developed our own
rlm_hsc_wimax
module. We like to contribute to freeradius so that the WiMAX VSA are
supported as
part of the standard distribution. To this end we can share our code. But
before that
we would like to follow the correct procedure for releasing the code. Your
inputs and
suggestion are awaited.
Regards
Nitin Naveen
Principal Engineer
HUGHES SYSTIQUE
D-8, Infocity-11
Sector-33, Gugaon
Haryana, India
tel: +91-124-3045400
fax: +91-124-4039301
nitin.naveen at hsc.com
www.hsc.com
*****************************************************DISCLAIMER*****************************************************
This message and/or attachment(s) contained here are confidential,
proprietary to HUGHES SYSTIQUE and its customers.
Contents may be privileged or otherwise protected by law. The information
is solely intended for the entity it is
addressed to. If you are not the intended recipient of this message, it is
strictly prohibited to read, forward,
print, retain, copy or disseminate this message or any part of it. If you
have received this e-mail in error,
please notify the sender immediately and delete the message.
********************************************************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070719/1e34d8ef/attachment-0001.html
------------------------------
Message: 9
Date: Wed, 18 Jul 2007 22:57:37 -0500
From: "Walter Goulet" <wgoulet at gmail.com>
Subject: Re: Support for WiMAX VSA
To: "FreeRadius users mailing list"
<freeradius-users at lists.freeradius.org>
Message-ID:
<4a5b59560707182057s24c37776lae398d9460e98300 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hi Nitin,
Question on your planned contribution to FreeRADIUS: Does your module
support the key generation algorithms for the WiMAX mobility keys?
Specifically, is your module able to correctly generate the
MN-HA-MIP4-KEY and related key material from the EMSK derived as part
of the EAP exchange?
Personally this was seen as the biggest challenge towards building NWG
compliance into FreeRADIUS as opposed to VSA format.
Thanks,
Walter
On 7/18/07, Nitin Naveen <Nitin.Naveen at hsc.com> wrote:
>
> Hello All,
>
> Hi I am Nitin Naveen working with HUGHES SYSTIQUE. We have been working
to
> enhance freeradius to support WiMAX VSA (as per WiMAX NWG forum). WiMAX
> VSA are not the typical type-length-value rather they have
> type-length-controlinfo-value.
> We have enhanced the dictionary but we were not able to generate the
> attributes
> as per the WiMAX NWG format. For now we have developed our own
rlm_hsc_wimax
> module. We like to contribute to freeradius so that the WiMAX VSA are
> supported as
> part of the standard distribution. To this end we can share our code.
But
> before that
> we would like to follow the correct procedure for releasing the code.
Your
> inputs and
> suggestion are awaited.
>
> Regards
> Nitin Naveen
> Principal Engineer
> HUGHES SYSTIQUE
> D-8, Infocity-11
> Sector-33, Gugaon
> Haryana, India
> tel: +91-124-3045400
> fax: +91-124-4039301
> nitin.naveen at hsc.com
> www.hsc.com
>
>
*****************************************************DISCLAIMER*****************************************************
This
> message and/or attachment(s) contained here are confidential,
proprietary to
> HUGHES SYSTIQUE and its customers.
Contents may be privileged or otherwise
> protected by law. The information is solely intended for the entity it
is
>
addressed to. If you are not the intended recipient of this message, it is
> strictly prohibited to read, forward,
print, retain, copy or disseminate
> this message or any part of it. If you have received this e-mail in
error,
>
please notify the sender immediately and delete the
> message.
********************************************************************************************************************
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
------------------------------
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 27, Issue 114
*************************************************
*****************************************************DISCLAIMER*****************************************************
This message and/or attachment(s) contained here are confidential, proprietary to HUGHES SYSTIQUE and its customers.
Contents may be privileged or otherwise protected by law. The information is solely intended for the entity it is
addressed to. If you are not the intended recipient of this message, it is strictly prohibited to read, forward,
print, retain, copy or disseminate this message or any part of it. If you have received this e-mail in error,
please notify the sender immediately and delete the message.
********************************************************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070719/15d3d7e2/attachment.html>
More information about the Freeradius-Users
mailing list