WIMAX problem

Dimitris Theofilatos thed at intracom.gr
Tue Dec 23 09:21:12 CET 2008


Hi,
At the section post-auth of the file raddb/sites-enabled/default i put 
the next lines
        update "reply"{
#                WiMAX-MN-NAI = "%{User-Name}"
#                WiMAX-IP-Technology = CMIP4
                WiMAX-MSK = EAP-MSK
        }
        wimax

I don't need MN-HA keys so i comment lines for WiMAX-MN-NAI and 
WiMAX-IP-Technology
I need only WiMAX-MSK attribute but at the log i get from radiusd i get

rad_recv: Access-Request packet from host 192.168.10.3 port 1812, id=21, 
length=208
        User-Name = "{am=1}anonymous at wintegra.com"
        EAP-Message = 0x020700061500
        Message-Authenticator = 0x39c6753507015df1c48ed97532628e62
        NAS-IP-Address = 192.168.10.3
        NAS-Port-Type = 27
        Calling-Station-Id = "\000!\000\r\302#"
        Chargeable-User-Identity = ""
        WiMAX-Release = "1.0"
        WiMAX-Accounting-Capabilities = IP-Session-Based
        WiMAX-Hotlining-Capabilities = Not-Supported
        WiMAX-Idle-Mode-Notification-Cap = Supported
        WiMAX-Available-In-Client = 3
        WiMAX-Session-Termination-Capability = Dynamic-Authorization
        WiMAX-GMT-Timezone-offset = 0
        WiMAX-BS-Id = 0x0050c21174a4
        Service-Type = Framed-User
        Framed-MTU = 2000
        State = 0x4bf4b8834ef3add9ca036385eef43d1d
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "wintegra.com" for User-Name = 
"{am=1}anonymous at wintegra.com"
[suffix] No such realm "wintegra.com"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake is finished
[ttls] eaptls_verify returned 3
[ttls] eaptls_process returned 3
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
++[reply] returns noop
[wimax] MIP-RK = 
0xb8e4779af82f3bcf7df08e821f445b11c59c51483023bf167c581717d9ae29e870447876afea76876c13cc7e98be8eea658113c49894e318a96f1c0fd826279b
[wimax] MIP-SPI = 440dccea
[wimax] WARNING: WiMAX-MN-NAI was not found in the request or in the reply.
[wimax] WARNING: We cannot calculate MN-HA keys.
[wimax] WARNING: WiMAX-IP-Technology not found in reply.
[wimax] WARNING: Not calculating MN-HA keys
++[wimax] returns updated
Sending Access-Accept of id 21 to 192.168.10.3 port 1812
        MS-MPPE-Recv-Key = 
0x333fa1a21e9db9a1f28a4ebda79c3285249d6b885904a609dbacb7895fc6225f
        MS-MPPE-Send-Key = 
0x12c8bfb5930801db106aececd858aea13f7cbe54449d937cb1c913f765dd6cbb
        EAP-Message = 0x03070004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "{am=1}anonymous at wintegra.com"
        WiMAX-MSK = 0x4541502d4d534b



WiMAX-MSK is not 64 bytes and the ASN-GW doen not accept it...
Do i have to make more changes?


> Dimitris Theofilatos wrote:
>   
>> How can i configure these attributes? The only information i found about
>> WIMAX is that i have to
>> type "wimax" at the post-auth section.
>>     
>
>   The "raddb/modules/wimax" file clearly states that you may need to
> define WiMAX-MN-NAI.  It even gives an example of how to do so.
>
>   And the debug output shows WARNINGS, not errors.  If you do not want
> the MN-HA keys, then ignore the warnings.
>
>   If you want the MN-HA keys to be calculated, you will need to define
> the WiMAX-MN-NAI name, and WiMAX-IP-Technology.  See "man unlang" for
> how to create attributes.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081223/aee36b06/attachment.html>


More information about the Freeradius-Users mailing list