Access Req from HA rejected
Ivan Kalik
tnt at kalik.net
Thu Jun 18 12:19:17 CEST 2009
> I am using the Free Radius to test Proxy Authentication from H-AAA, the
> initial Authentication (proxied through H-AAA) goes through fine. But the
> HA then triggers an Access Request message (we are using PMIP), but this
> fails at the Free radius.
Because this request is not in any authentication protocol known to man.
> I suspect this is because the HA root keys etc
> are not generated by Free radius but by the H-AAA. Can you please let me
> know what configuration needs to be done to get this scenario working.
>
> rad_recv: Access-Request packet from host 10.142.139.65 port 52687,
> id=162, length=201
>
> User-Name = "user at isp2.wimaxlab.com"
>
> NAS-IP-Address = 10.142.139.68
>
> Service-Type = Framed-User
>
> Framed-IP-Address = 0.0.0.0
>
> Vendor-Specific = 0x00001fe4180600000003
>
> Vendor-Specific = 0x00001fe4a9060a8e8b46
>
> WiMAX-Release = "1.0"
>
> WiMAX-Accounting-Capabilities = 3
>
> WiMAX-GMT-Timezone-offset = 3600
>
> WiMAX-hHA-IP-MIP4 = 10.142.139.70
>
> WiMAX-MN-hHA-MIP4-SPI = 512
>
> WiMAX-HA-RK-SPI = 512
>
> NAS-Identifier = "HA_ISP1"
>
> Event-Timestamp = "Jun 18 2009 09:36:50 GMT"
>
> Message-Authenticator = 0x7fc30b3f450c08556a469367efb2d166
>
> Chargeable-User-Identity = "NUL"
>
There should be a field with password in there (User-Password,
EAP-Message, whatever). Ask H-AAA people how to fix the equipment so it
generates requests that do make sense. Some wimax equipment requires mppe
key to be removed from Access-Accept packet. If that is the case adjust it
in wimax module (raddb/modules/wimax).
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list