authentetication with mysql and NAS type= other

David Peterson davidp at wirelessconnections.net
Thu Dec 8 22:43:04 CET 2011


I am a certified Alvarion CASS trainer.  I know the product by heart.

 

David

 

From: freeradius-users-bounces+davidp=wirelessconnections.net at lists.freeradius.org [mailto:freeradius-users-bounces+davidp=wirelessconnections.net at lists.freeradius.org] On Behalf Of tolik_shavlovsky at mail.ru
Sent: Thursday, December 08, 2011 4:11 PM
To: freeradius-users at lists.freeradius.org
Subject: Re[8]: authentetication with mysql and NAS type= other

 

how can i see inner-tunnel portion? from debug?

so, u didn't answer, how did u know it was extreme?)


08 декабря 2011, 16:20 от "David Peterson-19 [via FreeRadius]" <[hidden email] <http://e.mail.ru/user/SendEmail.jtp?type=node&node=5060105&i=0> >:

Actually the 5.x GHz Extreme product is a fully 16e protocol, just not WiMax certified.  The 4-Motion product is fully WiMax certified as you point out.  

 

WiMax as a protocol uses EAP-TTLS/TLS and does not send the username in the outer tunnel.  If you watch the debug you will see the username unencrypted in the inner-tunnel portion of the authentication.

 

 

David

 

From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email]
Sent: Thursday, December 08, 2011 2:34 AM
To: [hidden email]
Subject: Re[6]: authentetication with mysql and NAS type= other

 

David,

usually Alvarion  WIMAX 802.16 is 4M products. Extreme is 802.16 standard but for nonWiMAX band = 5 GHz. All Alvarion hexes username, like [hidden email]

So, you just gess it was Extreme?))


07 декабря 2011, 20:33 от "David Peterson-19 [via FreeRadius]" <[hidden email]>:

I know it’s Extreme because we sell Alvarion WiMax for all of North America J  

 

Keepaliveusernameandpassword is a generic request coming from the BTS which can either be accepted or denied.  Either response is fine.  

 

The Extreme uses EAP-TTLS as does all WiMax so the username should be something like [hidden email] 

 

David

 

 

From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email]
Sent: Wednesday, December 07, 2011 11:03 AM
To: [hidden email]
Subject: Re[4]: authentetication with mysql and NAS type= other

 

[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"'
[acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206
[detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206
[detail] expand: %t -> Tue Dec 6 17:57:06 2011
++[detail] returns ok
++[unix] returns fail
Finished request 247.
Cleaning up request 247 ID 56 with timestamp +1802
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host 10.152.98.23 port 49154, id=177, length=181
User-Name = "KeepAliveUserNameAndPassword"
NAS-IP-Address = 10.152.98.23
NAS-Port-Type = Wireless-802.16
NAS-Port = 0
Calling-Station-Id = "\000\000\000\000\000"
NAS-Identifier = "000000001137128000"
WiMAX-GMT-Timezone-offset = 0
Message-Authenticator = 0x892bc16577cd6753b2a7e0c0a3499523
Acct-Session-Id = "KeepAliveSessionId"
User-Password = "KeepAliveUserNameAndPassword"
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[sql] expand: %{User-Name} -> KeepAliveUserNameAndPassword
[sql] sql_set_user escaped user --> 'KeepAliveUserNameAndPassword'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
[sql] User KeepAliveUserNameAndPassword not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Login incorrect: [KeepAliveUserNameAndPassword/KeepAliveUserNameAndPassword] (from client 10.152.98.23/16 port 0 cli )

=======================================
login and password are correct!

ow did you jnow that its extreme& by NAS identifirer?




07 декабря 2011, 19:16 от "David Peterson-19 [via FreeRadius]" <[hidden email]>:

The only requests I see are User-Name = "KeepAliveUserNameAndPassword"

This is just a keep-alive packet all Alvarion Extreme base stations send out.  I do not see the CPE attempting to authenticate.

 

David

 

From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email]
Sent: Wednesday, December 07, 2011 10:05 AM
To: [hidden email]
Subject: Re[2]: authentetication with mysql and NAS type= other

 

here is debug:

ad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135
User-Name = "KeepAliveUserNameAndPassword"
NAS-IP-Address = 10.152.98.23
NAS-Port-Type = Wireless-802.16
NAS-Port = 0
Calling-Station-Id = "\000\000\000\000\000"
NAS-Identifier = "000000001137128000"
WiMAX-GMT-Timezone-offset = 0
Acct-Status-Type = Stop
Acct-Session-Id = "KeepAliveSessionId"
# Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"'
[acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206
[detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206
[detail] expand: %t -> Tue Dec 6 16:59:07 2011
++[detail] returns ok
++[unix] returns fail
Finished request 98.
Cleaning up request 98 ID 10 with timestamp +570
Going to the next request
Ready to process requests.
rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135
User-Name = "KeepAliveUserNameAndPassword"
NAS-IP-Address = 10.152.98.23
NAS-Port-Type = Wireless-802.16
NAS-Port = 0
Calling-Station-Id = "\000\000\000\000\000"
NAS-Identifier = "000000001137128000"
WiMAX-GMT-Timezone-offset = 0
Acct-Status-Type = Stop
Acct-Session-Id = "KeepAliveSessionId"
# Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"'
[acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206
[detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206
[detail] expand: %t -> Tue Dec 6 16:59:12 2011
++[detail] returns ok
++[unix] returns fail
Finished request 99.
Cleaning up request 99 ID 10 with timestamp +575
Going to the next request
Ready to process requests.
rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135
User-Name = "KeepAliveUserNameAndPassword"
NAS-IP-Address = 10.152.98.23
NAS-Port-Type = Wireless-802.16
NAS-Port = 0
Calling-Station-Id = "\000\000\000\000\000"
NAS-Identifier = "000000001137128000"
WiMAX-GMT-Timezone-offset = 0
Acct-Status-Type = Stop
Acct-Session-Id = "KeepAliveSessionId"
# Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"'
[acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206
[detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206
[detail] expand: %t -> Tue Dec 6 17:00:17 2011
++[detail] returns ok
++[unix] returns fail
Finished request 100.
Cleaning up request 100 ID 11 with timestamp +640
Going to the next request
Ready to process requests.
rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135
User-Name = "KeepAliveUserNameAndPassword"
NAS-IP-Address = 10.152.98.23
NAS-Port-Type = Wireless-802.16
NAS-Port = 0
Calling-Station-Id = "\000\000\000\000\000"
NAS-Identifier = "000000001137128000"
WiMAX-GMT-Timezone-offset = 0
Acct-Status-Type = Stop
Acct-Session-Id = "KeepAliveSessionId"
# Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"'
[acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206
[detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206
[detail] expand: %t -> Tue Dec 6 17:00:22 2011
++[detail] returns ok
++[unix] returns fail
Finished request 101.
Cleaning up request 101 ID 11 with timestamp +645
Going to the next request
Ready to process requests.
rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135
User-Name = "KeepAliveUserNameAndPassword"
NAS-IP-Address = 10.152.98.23
NAS-Port-Type = Wireless-802.16
NAS-Port = 0
Calling-Station-Id = "\000\000\000\000\000"
NAS-Identifier = "000000001137128000"
WiMAX-GMT-Timezone-offset = 0
Acct-Status-Type = Stop
Acct-Session-Id = "KeepAliveSessionId"
# Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"'
[acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206
[detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206
[detail] expand: %t -> Tue Dec 6 17:00:27 2011
++[detail] returns ok
++[unix] returns fail
Finished request 102.
Cleaning up request 102 ID 11 with timestamp +650
Going to the next request
Ready to process requests.




07 декабря 2011, 18:37 от "Alan DeKok-2 [via FreeRadius]" <[hidden email]>:

[hidden email] wrote: 
> 1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but 
> Simulteneous-Use is not working. 

  See the FAQ for "it doesn't work" 

> 2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can 
> authenticate them from users file. 

  Without the debug log, it's impossible to know. 

> what can be a problem? 

  You didn't follow the existing documentation. 

  Alan DeKok. 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

  _____  

If you reply to this email, your message will be added to the discussion below:

http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5055831.html 

To unsubscribe from authentetication with mysql and NAS type= other, click here.
 <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML 



















 

  _____  

View this message in context: Re[2]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5055921.html> 
Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html>  at Nabble.com.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

  _____  

If you reply to this email, your message will be added to the discussion below:

http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5055966.html 

To unsubscribe from authentetication with mysql and NAS type= other, click here.
 <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML 

 

 

  _____  

View this message in context: Re[4]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5056103.html> 
Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html>  at Nabble.com.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

  _____  

If you reply to this email, your message will be added to the discussion below:

http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5056216.html 

To unsubscribe from authentetication with mysql and NAS type= other, click here.
 <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML 





 

  _____  

View this message in context: Re[6]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5057918.html> 
Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html>  at Nabble.com.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



  _____  

If you reply to this email, your message will be added to the discussion below:

http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5058598.html 

To unsubscribe from authentetication with mysql and NAS type= other, click here.
 <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML 






 

  _____  

View this message in context: Re[8]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5060105.html> 
Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html>  at Nabble.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111208/213c1385/attachment.html>


More information about the Freeradius-Users mailing list