Access Accept vs Tunneled reply

David Peterson davidp at wirelessconnections.net
Fri Mar 11 20:33:11 CET 2011


Progress at last guys!  Thanks for all the help!    Now seeing this both
outside the tunnel as well as in the pcap.  Now to make my attribute conform
with the NAS.

(175) ++[wimax] returns updated
Sending Access-Accept of id 103 to 172.16.4.2 port 1812
        WiMAX-VLAN-ID = 192
        WiMAX-Classifer-Direction = Bi-Directional
        WiMAX-Classifer-Priority = 1
        WiMAX-ClassifierID = 1
        WiMAX-Downlink-QOS-Id = 1
        WiMAX-Uplink-QOS-Id = 1
        WiMAX-Transport-Type = Ethernet
        WiMAX-Direction = Bi-Directional
        WiMAX-Packet-Data-Flow-Id = 1
        WiMAX-QoS-Id = 1
        WiMAX-Schedule-Type = Best-Effort
        WiMAX-Maximum-Sustained-Traffic-Rate = 31457289
        WiMAX-R3-IF-Name = "vpws"
        WiMAX-PDFID = 1
        EAP-Message = 0x03080004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "{sm=1}3FF9EF10336DD9EF3892DC1ED1EF2696"
        WiMAX-IP-Technology = CMIP4
        WiMAX-FA-RK-Key = 0x8287ac45d467483a74dadc2337a59574b7e49e0f
        WiMAX-MSK = 0x
        WiMAX-MSK =
0x3d0788c7f457fdbb4b69dffbfba26496064025dce735232348d8d76397faf1e2644b33e0cf
27ffe7a0953a0a8180fd58b8286b3d3caaf2f215f88b054b11171b
        WiMAX-FA-RK-SPI = 1832484922
(175) Finished request.

-----Original Message-----
From:
freeradius-users-bounces+david.peterson=acc-corp.net at lists.freeradius.org
[mailto:freeradius-users-bounces+david.peterson=acc-corp.net at lists.freeradiu
s.org] On Behalf Of Alexander Clouter
Sent: Friday, March 11, 2011 1:34 PM
To: freeradius-users at lists.freeradius.org
Subject: Re: Access Accept vs Tunneled reply

David Peterson <davidp at wirelessconnections.net> wrote:
>
> I am wondering if it's a misconfiguration of a group reply.  I have 
> those attributes listed as a group-reply.  Would putting the 
> attributes in the normal vs the group reply put them in a different 
> portion of the response?
> 
As you have the User-Name/whatever-wimax utilises now movable from the
inner-layer to the outer you can just do you policy on the outer layer
instead.  Do authentication on the inner-tunnel, whilst authorisation keep
to the outer layer...

Cheers

--
Alexander Clouter
.sigmonster says: Stay the curse.

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list