authentetication with mysql and NAS type= other
tolik_shavlovsky at mail.ru
tolik_shavlovsky at mail.ru
Thu Dec 8 22:11:03 CET 2011
how can i see inner-tunnel portion? from debug?
so, u didn't answer, how did u know it was extreme?)
08 декабря 2011, 16:20 от "David Peterson-19 [via FreeRadius]" <ml-node+s1045715n5058598h29 at n5.nabble.com>:
Actually the 5.x GHz Extreme product is a fully 16e protocol, just not WiMax certified. The 4-Motion product is fully WiMax certified as you point out.
WiMax as a protocol uses EAP-TTLS/TLS and does not send the username in the outer tunnel. If you watch the debug you will see the username unencrypted in the inner-tunnel portion of the authentication.
David
From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email]
Sent: Thursday, December 08, 2011 2:34 AM
To: [hidden email]
Subject: Re[6]: authentetication with mysql and NAS type= other
David,
usually Alvarion WIMAX 802.16 is 4M products. Extreme is 802.16 standard but for nonWiMAX band = 5 GHz. All Alvarion hexes username, like [hidden email]
So, you just gess it was Extreme?))
07 декабря 2011, 20:33 от "David Peterson-19 [via FreeRadius]" <[hidden email]>:
I know it’s Extreme because we sell Alvarion WiMax for all of North America J
Keepaliveusernameandpassword is a generic request coming from the BTS which can either be accepted or denied. Either response is fine.
The Extreme uses EAP-TTLS as does all WiMax so the username should be something like [hidden email]
David
From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email]
Sent: Wednesday, December 07, 2011 11:03 AM
To: [hidden email]
Subject: Re[4]: authentetication with mysql and NAS type= other
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"'
[acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206
[detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206
[detail] expand: %t -> Tue Dec 6 17:57:06 2011
++[detail] returns ok
++[unix] returns fail
Finished request 247.
Cleaning up request 247 ID 56 with timestamp +1802
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host 10.152.98.23 port 49154, id=177, length=181
User-Name = "KeepAliveUserNameAndPassword"
NAS-IP-Address = 10.152.98.23
NAS-Port-Type = Wireless-802.16
NAS-Port = 0
Calling-Station-Id = "\000\000\000\000\000"
NAS-Identifier = "000000001137128000"
WiMAX-GMT-Timezone-offset = 0
Message-Authenticator = 0x892bc16577cd6753b2a7e0c0a3499523
Acct-Session-Id = "KeepAliveSessionId"
User-Password = "KeepAliveUserNameAndPassword"
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[sql] expand: %{User-Name} -> KeepAliveUserNameAndPassword
[sql] sql_set_user escaped user --> 'KeepAliveUserNameAndPassword'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
[sql] User KeepAliveUserNameAndPassword not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Login incorrect: [KeepAliveUserNameAndPassword/KeepAliveUserNameAndPassword] (from client 10.152.98.23/16 port 0 cli )
=======================================
login and password are correct!
ow did you jnow that its extreme& by NAS identifirer?
07 декабря 2011, 19:16 от "David Peterson-19 [via FreeRadius]" <[hidden email]>:
The only requests I see are User-Name = "KeepAliveUserNameAndPassword"
This is just a keep-alive packet all Alvarion Extreme base stations send out. I do not see the CPE attempting to authenticate.
David
From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email]
Sent: Wednesday, December 07, 2011 10:05 AM
To: [hidden email]
Subject: Re[2]: authentetication with mysql and NAS type= other
here is debug:
ad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135
User-Name = "KeepAliveUserNameAndPassword"
NAS-IP-Address = 10.152.98.23
NAS-Port-Type = Wireless-802.16
NAS-Port = 0
Calling-Station-Id = "\000\000\000\000\000"
NAS-Identifier = "000000001137128000"
WiMAX-GMT-Timezone-offset = 0
Acct-Status-Type = Stop
Acct-Session-Id = "KeepAliveSessionId"
# Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"'
[acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206
[detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206
[detail] expand: %t -> Tue Dec 6 16:59:07 2011
++[detail] returns ok
++[unix] returns fail
Finished request 98.
Cleaning up request 98 ID 10 with timestamp +570
Going to the next request
Ready to process requests.
rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135
User-Name = "KeepAliveUserNameAndPassword"
NAS-IP-Address = 10.152.98.23
NAS-Port-Type = Wireless-802.16
NAS-Port = 0
Calling-Station-Id = "\000\000\000\000\000"
NAS-Identifier = "000000001137128000"
WiMAX-GMT-Timezone-offset = 0
Acct-Status-Type = Stop
Acct-Session-Id = "KeepAliveSessionId"
# Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"'
[acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206
[detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206
[detail] expand: %t -> Tue Dec 6 16:59:12 2011
++[detail] returns ok
++[unix] returns fail
Finished request 99.
Cleaning up request 99 ID 10 with timestamp +575
Going to the next request
Ready to process requests.
rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135
User-Name = "KeepAliveUserNameAndPassword"
NAS-IP-Address = 10.152.98.23
NAS-Port-Type = Wireless-802.16
NAS-Port = 0
Calling-Station-Id = "\000\000\000\000\000"
NAS-Identifier = "000000001137128000"
WiMAX-GMT-Timezone-offset = 0
Acct-Status-Type = Stop
Acct-Session-Id = "KeepAliveSessionId"
# Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"'
[acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206
[detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206
[detail] expand: %t -> Tue Dec 6 17:00:17 2011
++[detail] returns ok
++[unix] returns fail
Finished request 100.
Cleaning up request 100 ID 11 with timestamp +640
Going to the next request
Ready to process requests.
rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135
User-Name = "KeepAliveUserNameAndPassword"
NAS-IP-Address = 10.152.98.23
NAS-Port-Type = Wireless-802.16
NAS-Port = 0
Calling-Station-Id = "\000\000\000\000\000"
NAS-Identifier = "000000001137128000"
WiMAX-GMT-Timezone-offset = 0
Acct-Status-Type = Stop
Acct-Session-Id = "KeepAliveSessionId"
# Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"'
[acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206
[detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206
[detail] expand: %t -> Tue Dec 6 17:00:22 2011
++[detail] returns ok
++[unix] returns fail
Finished request 101.
Cleaning up request 101 ID 11 with timestamp +645
Going to the next request
Ready to process requests.
rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135
User-Name = "KeepAliveUserNameAndPassword"
NAS-IP-Address = 10.152.98.23
NAS-Port-Type = Wireless-802.16
NAS-Port = 0
Calling-Station-Id = "\000\000\000\000\000"
NAS-Identifier = "000000001137128000"
WiMAX-GMT-Timezone-offset = 0
Acct-Status-Type = Stop
Acct-Session-Id = "KeepAliveSessionId"
# Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"'
[acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206
[detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206
[detail] expand: %t -> Tue Dec 6 17:00:27 2011
++[detail] returns ok
++[unix] returns fail
Finished request 102.
Cleaning up request 102 ID 11 with timestamp +650
Going to the next request
Ready to process requests.
07 декабря 2011, 18:37 от "Alan DeKok-2 [via FreeRadius]" <[hidden email]>:
[hidden email] wrote:
> 1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but
> Simulteneous-Use is not working.
See the FAQ for "it doesn't work"
> 2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can
> authenticate them from users file.
Without the debug log, it's impossible to know.
> what can be a problem?
You didn't follow the existing documentation.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
----------------------------------------------------------------------
If you reply to this email, your message will be added to the discussion below:
http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5055831.html
To unsubscribe from authentetication with mysql and NAS type= other, click here.
NAML
----------------------------------------------------------------------
View this message in context: Re[2]: authentetication with mysql and NAS type= other
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
----------------------------------------------------------------------
If you reply to this email, your message will be added to the discussion below:
http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5055966.html
To unsubscribe from authentetication with mysql and NAS type= other, click here.
NAML
----------------------------------------------------------------------
View this message in context: Re[4]: authentetication with mysql and NAS type= other
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
----------------------------------------------------------------------
If you reply to this email, your message will be added to the discussion below:
http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5056216.html
To unsubscribe from authentetication with mysql and NAS type= other, click here.
NAML
----------------------------------------------------------------------
View this message in context: Re[6]: authentetication with mysql and NAS type= other
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
----------------------------------------------------------------------
If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5058598.html
To unsubscribe from authentetication with mysql and NAS type= other, click here.
NAML
--
View this message in context: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5060105.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111208/f4d304a8/attachment.html>
More information about the Freeradius-Users
mailing list