Users attributes missing from Access accept messages
Teva AVRIL-TEIPOARII
teva at viti.pf
Sat May 14 00:01:44 CEST 2011
Greetings,
I have a FreeRadius 1.1.5 that I'm using in a Wimax network. I'd like to
upgrade it so I've installed a FreeRadius 2.1.7. Authentication is EAP-TTLS
on both. The network architecture is the same on both side.
My issue is that some users attributes are missing from Access accept
messages coming from the FreeRadius 2, whereas the FreeRadius 1 is working
perfectly.
Here below the config of both of its:
FREE RADIUS 1.1.5: ACCESS ACCEPT OK WITH ALL ATTRIBUTES REQUESTED
rad_recv: Access-Request packet from host 192.168.1.111:33102, id=185,
length=210
User-Name = "ABCDEFGHIJKL"
Calling-Station-Id = "\000\037\373"\214@"
NAS-IP-Address = 192.168.1.111
NAS-Port = 1
Framed-MTU = 1400
Service-Type = Framed-User
Called-Station-Id = "000084800711"
NAS-Identifier = "636170632D73632D70726F64"
NAS-Port-Type = 27
Attr-89 = 0x00
NWG-WiMAX-Capability = 0x000106312e3000020301
NWG-GMT-Time-Zone-Offset = 0x0000000000
NWG-BS-ID = 0x00000084800711
NWG-NSP-ID = 0x000001f9
EAP-Message = 0x029d001101423836313646303044333437
Message-Authenticator = 0x163079cdfd5e95cbbdf12114567d5225
Tue May 10 12:28:23 2011 : Debug: Processing the authorize section of
radiusd.conf
Sending Access-Challenge of id 185 to 192.168.1.111 port 33102
Session-Timeout = 64800
NWG-AAA-Session-Id = 0x00000001
Motorola-WiMAX-Convergence-Sublayer = 0x00
Motorola-WiMAX-Network-Domain-Name = "wimax.test"
Motorola-WiMAX-EMS-Address = 10.10.10.1
Motorola-WiMAX-NTP-Server = 0x0171c54402
Motorola-WiMAX-HO-SVC-CLASS = 0x02
Motorola-WiMAX-DNS-Server-IP-Address = 0x71c2250421c22522
Motorola-WiMAX-Service-Flows = "2|Default"
Motorola-WiMAX-VLAN-ID = 0x0111
Motorola-WiMAX-Maximum-Total-Bandwidth = 0x0000c3500000c350
Motorola-WiMAX-Maximum-Commit-Bandwidth = 0x0000c3500000c350
EAP-Message = 0x019e00060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x42dd4346756c2acf80fbc1fd8ab0560f
Tue May 10 12:28:23 2011 : Debug: Finished request 0
Tue May 10 12:28:23 2011 : Debug: Going to the next request
Tue May 10 12:28:23 2011 : Debug: --- Walking the entire request list ---
Tue May 10 12:28:23 2011 : Debug: Waking up in 3 seconds...
rad_recv: Access-Request packet from host 192.168.1.111:33102, id=186,
length=217
User-Name = "ABCDEFGHIJKL"
Calling-Station-Id = "\000\037\373"\214@"
NAS-IP-Address = 192.168.1.111
State = 0x42dd4346756c2acf80fbc1fd8ab0560f
NAS-Port = 1
Framed-MTU = 1400
Service-Type = Framed-User
Called-Station-Id = "000084800711"
NAS-Identifier = "636170632D73632D70726F64"
NAS-Port-Type = 27
Attr-89 = 0x00
NWG-WiMAX-Capability = 0x000106312e3000020301
NWG-GMT-Time-Zone-Offset = 0x0000000000
NWG-BS-ID = 0x00000084800711
NWG-NSP-ID = 0x000001f9
EAP-Message = 0x029e00060315
Message-Authenticator = 0x07cec79be43d3d5bf70a09d2210054f9
Tue May 10 12:28:23 2011 : Debug: Processing the authorize section of
radiusd.conf
Sending Access-Challenge of id 186 to 192.168.1.111 port 33102
Session-Timeout = 64800
NWG-AAA-Session-Id = 0x00000001
Motorola-WiMAX-Convergence-Sublayer = 0x00
Motorola-WiMAX-Network-Domain-Name = "wimax.test"
Motorola-WiMAX-EMS-Address = 10.10.10.1
Motorola-WiMAX-NTP-Server = 0x0171c54402
Motorola-WiMAX-HO-SVC-CLASS = 0x02
Motorola-WiMAX-DNS-Server-IP-Address = 0x71c2250421c22522
Motorola-WiMAX-Service-Flows = "2|Default"
Motorola-WiMAX-VLAN-ID = 0x0111
Motorola-WiMAX-Maximum-Total-Bandwidth = 0x0000c3500000c350
Motorola-WiMAX-Maximum-Commit-Bandwidth = 0x0000c3500000c350
EAP-Message = 0x019f00061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd5efd74ea5bf2690ca9b30b80c0c0d1f
Tue May 10 12:28:23 2011 : Debug: Finished request 1
Tue May 10 12:28:23 2011 : Debug: Going to the next request
Tue May 10 12:28:23 2011 : Debug: Waking up in 3 seconds...
rad_recv: Access-Request packet from host 192.168.1.111:33102, id=187,
length=291
User-Name = "ABCDEFGHIJKL"
Calling-Station-Id = "\000\037\373"\214@"
NAS-IP-Address = 192.168.1.111
State = 0xd5efd74ea5bf2690ca9b30b80c0c0d1f
NAS-Port = 1
Framed-MTU = 1400
Service-Type = Framed-User
Called-Station-Id = "000084800711"
NAS-Identifier = "636170632D73632D70726F64"
NAS-Port-Type = 27
Attr-89 = 0x00
NWG-WiMAX-Capability = 0x000106312e3000020301
NWG-GMT-Time-Zone-Offset = 0x0000000000
NWG-BS-ID = 0x00000084800711
NWG-NSP-ID = 0x000001f9
EAP-Message =
0x029f005015001603010045010000410301bd274996a0d2a8dfc66a64a99828716e17e9b2f7
0921563de9b960534980670600001a0015001600330009000a002f000700670039006b003c00
35003d0100
Message-Authenticator = 0xc84be94975c1643cb9bb387a864959b5
Tue May 10 12:28:23 2011 : Debug: rlm_eap: EAP/ttls
Sending Access-Challenge of id 187 to 192.168.1.111 port 33102
Session-Timeout = 64800
NWG-AAA-Session-Id = 0x00000001
Motorola-WiMAX-Convergence-Sublayer = 0x00
Motorola-WiMAX-Network-Domain-Name = "wimax.test"
Motorola-WiMAX-EMS-Address = 10.10.10.1
Motorola-WiMAX-NTP-Server = 0x0171c54402
Motorola-WiMAX-HO-SVC-CLASS = 0x02
Motorola-WiMAX-DNS-Server-IP-Address = 0x71c2250421c22522
Motorola-WiMAX-Service-Flows = "2|Default"
Motorola-WiMAX-VLAN-ID = 0x0111
Motorola-WiMAX-Maximum-Total-Bandwidth = 0x0000c3500000c350
Motorola-WiMAX-Maximum-Commit-Bandwidth = 0x0000c3500000c350
EAP-Message =
0x01a004051580000003fb160301004a0200004603014dc9bc07dbe88ec6106c4f128ef68386
473398aca2842adc3a4eaaee8614ce8e20779bcc1aa204f5d6e489f46ea6322950177f6a81a1
c45bde9741076dd5052144000900160301039e0b00039a0003970003943082039030820278a0
0302010202070100195ec9d00e300d06092a864886f70d0101050500307b310b300906035504
061302555331173015060355040a130e4d6f746f726f6c612c20496e632e312b302906035504
0b132257694d41582044657669636520436572746966696361746520417574686f7269747931
2630240603550403131d4d6f746f726f6c612057694d41582044
EAP-Message =
0x657669636520526f6f74204341301e170d3036303932383230353034335a170d3336303932
383230353034335a3072310b300906035504061302555331173015060355040a130e4d6f746f
726f6c612c20496e632e31153013060355040b130c57694d415820446576696365311c301a06
0355040b13134d6f746f726f6c6120504b492043656e746572311530130603550403130c3030
3139354543394430304530819f300d06092a864886f70d010101050003818d00308189028181
00e054813a6131a8ffa8212b75685f7e57c5e0f5194f33774b417b9d81178d7303e4983bf393
41386ccceac0cf3cd39da83ba27377b9dc3199edb43d4dd109d0
EAP-Message =
0x318893741855abca98290310bb50b41cc6e09d586c0ff98015f48ca02732b8f29f8e69661f
769e72690dcd3c71b1397a6cc235cbeff011123669c77eb24206171b0203010001a381a53081
a2300e0603551d0f0101ff0404030205a030200603551d250101ff0416301406082b06010505
07030206082b06010505070301301f0603551d23041830168014749ff62c2b6080531779a039
6d7784fdbad88865304d0603551d1f044630443042a040a03e863c687474703a2f2f7777772e
6174736563656e672e636f6d2f43524c2f4d6f746f57694d4158446576696365526f6f744341
2f6465766963652e63726c300d06092a864886f70d0101050500
EAP-Message =
0x038201010021be251ae9a0a1a428b5c9475eed95e4b5d9fc5493cd7ab2975a0344d39af891
9ace14bff5f39d2fb8aa235356d99e2b23d2ba1747cc383a2c4ae672c6ed98f8fce46043ff63
013ed19d6f6854c571ac22eb4725f45480b7983b93c8ee76114cad7ada64e32ae96ffc9b215f
68089bc11f2583194eee2d5dedb453868e9c688f3d48a0fbd2d5f0808c51b99e4967dc330200
8a2199c5bc2056ed2341140aff7389a2fdcbab3d5ce2ce9ce265cf1655263b9b8850c61b2199
fa4ac19fee01414de48b4b3955c213e4aa39571b2ff09713ae1a761e0b281d64f81e09ff8b65
fa47b39c54e0d8daf943c62040cc1ce13b950a4f340d4d918896
EAP-Message = 0xccf661e6b9980fdd16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x797d6859978d85bd05c3d3563531b789
Tue May 10 12:28:23 2011 : Debug: Finished request 2
Tue May 10 12:28:23 2011 : Debug: Going to the next request
Tue May 10 12:28:23 2011 : Debug: Waking up in 3 seconds...
rad_recv: Access-Request packet from host 192.168.1.111:33102, id=188,
length=407
User-Name = "ABCDEFGHIJKL"
Calling-Station-Id = "\000\037\373"\214@"
NAS-IP-Address = 192.168.1.111
State = 0x797d6859978d85bd05c3d3563531b789
NAS-Port = 1
Framed-MTU = 1400
Service-Type = Framed-User
Called-Station-Id = "000084800711"
NAS-Identifier = "636170632D73632D70726F64"
NAS-Port-Type = 27
Attr-89 = 0x00
NWG-WiMAX-Capability = 0x000106312e3000020301
NWG-GMT-Time-Zone-Offset = 0x0000000000
NWG-BS-ID = 0x00000084800711
NWG-NSP-ID = 0x000001f9
EAP-Message =
0x02a000c41500160301008610000082008023d40d3c7050fd4d414fd95cc39d8a810fdc5b69
7b964512b3d1e1fee2c67bef3a77995ae8276347a07162e17fef80092e3ae3f6a9a33af95c79
0e37a01c4648e2702a16b3c72f778f21488658fa2fd9d6e013da3d0fb15654c9df9f1d8ade55
c0d94c8d05a022c2509602e93cfc688ecbb9c4ef5e622b4f8c14c356dcd6eef4140301000101
1603010028721f3b5868dd99ea3a9d91dc70f8da97cf8c817432503dce2b7a147446b932dd2d
96d683b9ce6ae0
Message-Authenticator = 0xb83011d6deee1bc5a068aca1cf7d3401
Sending Access-Challenge of id 188 to 192.168.1.111 port 33102
Session-Timeout = 64800
NWG-AAA-Session-Id = 0x00000001
Motorola-WiMAX-Convergence-Sublayer = 0x00
Motorola-WiMAX-Network-Domain-Name = "wimax.test"
Motorola-WiMAX-EMS-Address = 10.10.10.1
Motorola-WiMAX-NTP-Server = 0x0171c54402
Motorola-WiMAX-HO-SVC-CLASS = 0x02
Motorola-WiMAX-DNS-Server-IP-Address = 0x71c2250421c22522
Motorola-WiMAX-Service-Flows = "2|Default"
Motorola-WiMAX-VLAN-ID = 0x0111
Motorola-WiMAX-Maximum-Total-Bandwidth = 0x0000c3500000c350
Motorola-WiMAX-Maximum-Commit-Bandwidth = 0x0000c3500000c350
EAP-Message =
0x01a1003d1580000000331403010001011603010028c4fc69856441301a816285f1754f1b17
c76dce7f6a0452fc56f9975a51aa58b6babbf545b2c8b4a4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa131f428a180d28e0d94a607853650a7
rad_recv: Access-Request packet from host 192.168.1.111:33102, id=189,
length=358
User-Name = "ABCDEFGHIJKL"
Calling-Station-Id = "\000\037\373"\214@"
NAS-IP-Address = 192.168.1.111
State = 0xa131f428a180d28e0d94a607853650a7
NAS-Port = 1
Framed-MTU = 1400
Service-Type = Framed-User
Called-Station-Id = "000084800711"
NAS-Identifier = "636170632D73632D70726F64"
NAS-Port-Type = 27
Attr-89 = 0x00
NWG-WiMAX-Capability = 0x000106312e3000020301
NWG-GMT-Time-Zone-Offset = 0x0000000000
NWG-BS-ID = 0x00000084800711
NWG-NSP-ID = 0x000001f9
EAP-Message =
0x02a10093150017030100886f506af88817f95f825287a053de88848946a8e8d5e919f0742d
42a8e8f7726d8d45374503e98fe12c9bba9a574e97b9e78018a011894d17ea6bb64913009155
6fb3f810250bdf0deac74be2ea6bfe7957284df32385b135cab5ab624f39f08ee91ae5f266e4
a5e0af9e032575bdd0ff182c8ceb229b331bf833b6b83cb50e77e148c0eceed741fa
Message-Authenticator = 0x682093618c0d9a0717464733d93bcafb
Sending Access-Challenge of id 189 to 192.168.1.111 port 33102
Session-Timeout = 64800
NWG-AAA-Session-Id = 0x00000001
Motorola-WiMAX-Convergence-Sublayer = 0x00
Motorola-WiMAX-Network-Domain-Name = "wimax.test"
Motorola-WiMAX-EMS-Address = 10.10.10.1
Motorola-WiMAX-NTP-Server = 0x0171c54402
Motorola-WiMAX-HO-SVC-CLASS = 0x02
Motorola-WiMAX-DNS-Server-IP-Address = 0x71c2250421c22522
Motorola-WiMAX-Service-Flows = "2|Default"
Motorola-WiMAX-VLAN-ID = 0x0111
Motorola-WiMAX-Maximum-Total-Bandwidth = 0x0000c3500000c350
Motorola-WiMAX-Maximum-Commit-Bandwidth = 0x0000c3500000c350
EAP-Message =
0x01a2005f1580000000551703010050ebd22c76d84467560a7c9ec2d14f85378b6a0198e137
820df6d48e338ae7df4e01ac57ee64ca1d63e8841c093bd8df4812b2309ee039a4e9402a595c
7363d31d58c17b61c20b49fab7182f38a5529517
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbfb482684b5f736f6a4520780d45024c
Tue May 10 12:28:23 2011 : Debug: Finished request 4
Tue May 10 12:28:23 2011 : Debug: Going to the next request
Tue May 10 12:28:23 2011 : Debug: Waking up in 3 seconds...
rad_recv: Access-Request packet from host 192.168.1.111:33102, id=190,
length=217
User-Name = "ABCDEFGHIJKL"
Calling-Station-Id = "\000\037\373"\214@"
NAS-IP-Address = 192.168.1.111
State = 0xbfb482684b5f736f6a4520780d45024c
NAS-Port = 1
Framed-MTU = 1400
Service-Type = Framed-User
Called-Station-Id = "000084800711"
NAS-Identifier = "636170632D73632D70726F64"
NAS-Port-Type = 27
Attr-89 = 0x00
NWG-WiMAX-Capability = 0x000106312e3000020301
NWG-GMT-Time-Zone-Offset = 0x0000000000
NWG-BS-ID = 0x00000084800711
NWG-NSP-ID = 0x000001f9
EAP-Message = 0x02a200061500
Message-Authenticator = 0x01a65022fbcbf916e7db8a9aec5d11d6
Sending Access-Accept of id 190 to 192.168.1.111 port 33102
Session-Timeout = 64800
NWG-AAA-Session-Id = 0x00000001
Motorola-WiMAX-Convergence-Sublayer = 0x00
Motorola-WiMAX-Network-Domain-Name = "wimax.test"
Motorola-WiMAX-EMS-Address = 10.10.10.1
Motorola-WiMAX-NTP-Server = 0x0171c54402
Motorola-WiMAX-HO-SVC-CLASS = 0x02
Motorola-WiMAX-DNS-Server-IP-Address = 0x71c2250421c22522
Motorola-WiMAX-Service-Flows = "2|Default"
Motorola-WiMAX-VLAN-ID = 0x0111
Motorola-WiMAX-Maximum-Total-Bandwidth = 0x0000c3500000c350
Motorola-WiMAX-Maximum-Commit-Bandwidth = 0x0000c3500000c350
MS-MPPE-Recv-Key =
0xac420687cf25af1258037359ed46a9fb206ef03923fd295b058d7b7bb057bcc3
MS-MPPE-Send-Key =
0x53c8e311cf376e6d6482197c2c000c48cc09232f9c3ef821f2b393322da32db2
EAP-Message = 0x03a20004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "ABCDEFGHIJKL"
FREERADIUS 2: ACCESS ACCEPT MESSAGE NOK, Missing attributes
rad_recv: Access-Request packet from host 192.168.1.111 port 33096, id=169,
length=210
User-Name = "ABCDEFGHIJKL"
Calling-Station-Id = "\000\037\373\"\214@"
NAS-IP-Address = 192.168.1.111
NAS-Port = 1
Framed-MTU = 1400
Service-Type = Framed-User
Called-Station-Id = "000084800711"
NAS-Identifier = "636170632D73632D70726F64"
NAS-Port-Type = 27
Chargeable-User-Identity = ""
NWG-WiMAX-Capability = 0x000106312e3000020301
NWG-GMT-Time-Zone-Offset = 0x0000000000
NWG-BS-ID = 0x00000084800711
NWG-NSP-ID = 0x000001f9
EAP-Message = 0x0289001101423836313646303044333437
Message-Authenticator = 0x9f9f3cbb6a2b7487bfa5feba9e7191e9
Sending Access-Challenge of id 169 to 192.168.1.111 port 33096
Session-Timeout = 64800
NWG-AAA-Session-Id = 0x00000001
Motorola-WiMAX-Convergence-Sublayer = 0x00
Motorola-WiMAX-Network-Domain-Name = "wimax.test"
Motorola-WiMAX-EMS-Address = 10.10.10.1
Motorola-WiMAX-NTP-Server = 0x0171c54402
Motorola-WiMAX-HO-SVC-CLASS = 0x02
Motorola-WiMAX-DNS-Server-IP-Address = 0x71c2250421c22522
Motorola-WiMAX-Service-Flows = "2|Default"
Motorola-WiMAX-VLAN-ID = 0x0111
Motorola-WiMAX-Maximum-Total-Bandwidth = 0x0000c3500000c350
Motorola-WiMAX-Maximum-Commit-Bandwidth = 0x0000c3500000c350
EAP-Message = 0x018a00060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1f1aab301f90a699efb30c2336a4a7f8
rad_recv: Access-Request packet from host 192.168.1.111 port 33096, id=170,
length=217
User-Name = "ABCDEFGHIJKL"
Calling-Station-Id = "\000\037\373\"\214@"
NAS-IP-Address = 192.168.1.111
State = 0x1f1aab301f90a699efb30c2336a4a7f8
NAS-Port = 1
Framed-MTU = 1400
Service-Type = Framed-User
Called-Station-Id = "000084800711"
NAS-Identifier = "636170632D73632D70726F64"
NAS-Port-Type = 27
Chargeable-User-Identity = ""
NWG-WiMAX-Capability = 0x000106312e3000020301
NWG-GMT-Time-Zone-Offset = 0x0000000000
NWG-BS-ID = 0x00000084800711
NWG-NSP-ID = 0x000001f9
EAP-Message = 0x028a00060315
Message-Authenticator = 0x9bfe543a80d2b666c535ecec4716540c
Sending Access-Challenge of id 170 to 192.168.1.111 port 33096
Session-Timeout = 64800
NWG-AAA-Session-Id = 0x00000001
Motorola-WiMAX-Convergence-Sublayer = 0x00
Motorola-WiMAX-Network-Domain-Name = "wimax.test"
Motorola-WiMAX-EMS-Address = 10.10.10.1
Motorola-WiMAX-NTP-Server = 0x0171c54402
Motorola-WiMAX-HO-SVC-CLASS = 0x02
Motorola-WiMAX-DNS-Server-IP-Address = 0x71c2250421c22522
Motorola-WiMAX-Service-Flows = "2|Default"
Motorola-WiMAX-VLAN-ID = 0x0111
Motorola-WiMAX-Maximum-Total-Bandwidth = 0x0000c3500000c350
Motorola-WiMAX-Maximum-Commit-Bandwidth = 0x0000c3500000c350
EAP-Message = 0x018b00061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1f1aab301e91be99efb30c2336a4a7f8
rad_recv: Access-Request packet from host 192.168.1.111 port 33096, id=171,
length=291
User-Name = "ABCDEFGHIJKL"
Calling-Station-Id = "\000\037\373\"\214@"
NAS-IP-Address = 192.168.1.111
State = 0x1f1aab301e91be99efb30c2336a4a7f8
NAS-Port = 1
Framed-MTU = 1400
Service-Type = Framed-User
Called-Station-Id = "000084800711"
NAS-Identifier = "636170632D73632D70726F64"
NAS-Port-Type = 27
Chargeable-User-Identity = ""
NWG-WiMAX-Capability = 0x000106312e3000020301
NWG-GMT-Time-Zone-Offset = 0x0000000000
NWG-BS-ID = 0x00000084800711
NWG-NSP-ID = 0x000001f9
EAP-Message =
0x028b0050150016030100450100004103010fc6de0dabfd728862b435215018375f0925555c
a0c3841817c989017b4e208a00001a0015001600330009000a002f000700670039006b003c00
35003d0100
Message-Authenticator = 0xe8a191b0ed61fc61e1d2ef3bdaf83cc3
Tue May 10 12:32:06 2011 : Debug: rlm_wimax: Fixing WiMAX binary
Calling-Station-Id to 00-1f-fb-22-8c-40
Tue May 10 12:32:06 2011 : Info: ++[wimax] returns ok
Tue May 10 12:32:06 2011 : Info: [suffix] No '@' in User-Name =
"ABCDEFGHIJKL", looking up realm NULL
Tue May 10 12:32:06 2011 : Info: [eap] Request found, released from the list
Tue May 10 12:32:06 2011 : Info: [eap] EAP/ttls
Tue May 10 12:32:06 2011 : Info: [eap] processing type ttls
Tue May 10 12:32:06 2011 : Info: [ttls] Authenticate
Tue May 10 12:32:06 2011 : Info: [ttls] processing EAP-TLS
Tue May 10 12:32:06 2011 : Info: [ttls] eaptls_verify returned 7
Tue May 10 12:32:06 2011 : Info: [ttls] Done initial handshake
Tue May 10 12:32:06 2011 : Info: [ttls] (other): before/accept
initialization
Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: before/accept
initialization
Tue May 10 12:32:07 2011 : Info: [ttls] <<< TLS 1.0 Handshake [length 0045],
ClientHello
Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 read client
hello A
Tue May 10 12:32:07 2011 : Info: [ttls] >>> TLS 1.0 Handshake [length 002a],
ServerHello
Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 write server
hello A
Tue May 10 12:32:07 2011 : Info: [ttls] >>> TLS 1.0 Handshake [length 07a4],
Certificate
Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 write
certificate A
Tue May 10 12:32:07 2011 : Info: [ttls] >>> TLS 1.0 Handshake [length 018d],
ServerKeyExchange
Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 write key
exchange A
Tue May 10 12:32:07 2011 : Info: [ttls] >>> TLS 1.0 Handshake [length 0004],
ServerHelloDone
Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 write server
done A
Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 flush data
Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: Need to read more
data: SSLv3 read client certificate A
Tue May 10 12:32:07 2011 : Debug: In SSL Handshake Phase
Tue May 10 12:32:07 2011 : Debug: In SSL Accept mode
Tue May 10 12:32:07 2011 : Info: [ttls] eaptls_process returned 13
Tue May 10 12:32:07 2011 : Info: ++[eap] returns handled
Sending Access-Challenge of id 171 to 192.168.1.111 port 33096
EAP-Message =
0x018c057415c000000973160301002a0200002603014dc9bce7d40cda888a43688210a00314
9c994d366a65124da0269c9e686e5c220000150016030107a40b0007a000079d0003c9308203
c53082032ea003020102020102300d06092a864886f70d01010505003081a5310b3009060355
04061302504631193017060355040813104672656e636820506f6c796e65736961310f300d06
035504071306546168697469310d300b060355040a13045669546931253023060355040b131c
566954692043657274696669636174696f6e20417574686f726974793110300e060355040313
07566954692043413122302006092a864886f70d010901161373
EAP-Message =
0x75706572766973696f6e40766974692e7066301e170d3131303531303139303630305a170d
3231303531303139303530305a3081a4310b3009060355040613025046311930170603550408
13104672656e636820506f6c796e65736961310f300d06035504071306546168697469310d30
0b060355040a1304566954693120301e060355040b1317566954692044657669636520436572
7469666963617465311430120603550403130b56695469204465766963653122302006092a86
4886f70d01090116137375706572766973696f6e40766974692e706630819f300d06092a8648
86f70d010101050003818d0030818902818100cf146e3aec377c
EAP-Message =
0xf2e1bec0453263b1b4127e0027a8adb9c3b4ccef2b8d855c0f961a7a25d10150dd7a33aa19
1576f0f33d2caf6645138cc5e8746320af632696db3a13daccc1a48eae75162b2eba2a9458a5
4d005203f2c70380c3be402b08118a92bee2c0325459cd31e666bd160a5d479adaaa079aa683
ae42ce4f5d05c9210203010001a38201023081ff30090603551d1304023000301d0603551d0e
04160414a4c6acab08366f6bb61fd9b8a4ed15b92112846c3081d20603551d230481ca3081c7
80148e5db1d2720ee7812a816ef4617fab6a05fbe5cda181aba481a83081a5310b3009060355
04061302504631193017060355040813104672656e636820506f
EAP-Message =
0x6c796e65736961310f300d06035504071306546168697469310d300b060355040a13045669
546931253023060355040b131c566954692043657274696669636174696f6e20417574686f72
6974793110300e06035504031307566954692043413122302006092a864886f70d0109011613
7375706572766973696f6e40766974692e7066820101300d06092a864886f70d010105050003
8181005851ca7ba587bbd42a7be05bb08e6b5498828d647ea5dde26637c7534f7744aa6b4f66
d4b74d32445c14cf62aa98ee96d0ba6315eddbbfa2aa53d572c42cfa9a833f527082a874beae
39d5afce6a81c86b2538ddabb7186f2bd1ed3dc041b15a15387b
EAP-Message =
0xeb64a2f8b9f7eb4f88196b08bea65dd215b15c8257c7164f86f99298190003ce308203ca30
820333a003020102020101300d06092a864886f70d01010505003081a5310b30090603550406
1302504631193017060355040813104672656e636820506f6c796e65736961310f300d060355
04071306546168697469310d300b060355040a13045669546931253023060355040b131c5669
54692043657274696669636174696f6e20417574686f726974793110300e0603550403130756
6954692043413122302006092a864886f70d01090116137375706572766973696f6e40766974
692e7066301e170d3131303531303139303530305a170d323130
EAP-Message =
0x3531303139303530305a3081a5310b30090603550406130250463119301706035504081310
4672656e636820506f6c796e65736961310f300d06035504071306546168697469310d300b06
0355040a13045669546931253023060355040b131c566954692043657274696669636174696f
6e20417574686f726974793110300e060355
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1f1aab301d96be99efb30c2336a4a7f8
rad_recv: Access-Request packet from host 192.168.1.111 port 33096, id=172,
length=217
User-Name = "ABCDEFGHIJKL"
Calling-Station-Id = "\000\037\373\"\214@"
NAS-IP-Address = 192.168.1.111
State = 0x1f1aab301d96be99efb30c2336a4a7f8
NAS-Port = 1
Framed-MTU = 1400
Service-Type = Framed-User
Called-Station-Id = "000084800711"
NAS-Identifier = "636170632D73632D70726F64"
NAS-Port-Type = 27
Chargeable-User-Identity = ""
NWG-WiMAX-Capability = 0x000106312e3000020301
NWG-GMT-Time-Zone-Offset = 0x0000000000
NWG-BS-ID = 0x00000084800711
NWG-NSP-ID = 0x000001f9
EAP-Message = 0x028c00061500
Message-Authenticator = 0x4feb13773e367f2f9bb82e5476b30c4e
Tue May 10 12:32:07 2011 : Info: [eap] EAP/ttls
Tue May 10 12:32:07 2011 : Info: [eap] processing type ttls
Tue May 10 12:32:07 2011 : Info: [ttls] Authenticate
Tue May 10 12:32:07 2011 : Info: [ttls] processing EAP-TLS
Tue May 10 12:32:07 2011 : Info: [ttls] Received TLS ACK
Tue May 10 12:32:07 2011 : Info: [ttls] ACK handshake fragment handler
Tue May 10 12:32:07 2011 : Info: [ttls] eaptls_verify returned 1
Tue May 10 12:32:07 2011 : Info: [ttls] eaptls_process returned 13
Tue May 10 12:32:07 2011 : Info: ++[eap] returns handled
Sending Access-Challenge of id 172 to 192.168.1.111 port 33096
EAP-Message =
0x018d041315800000097304031307566954692043413122302006092a864886f70d01090116
137375706572766973696f6e40766974692e706630819f300d06092a864886f70d0101010500
03818d0030818902818100b7ac51ec399b15d7cf0643216d5306d93aa4452657d7fbe44d1fa3
1af4075d73a4a3a35ef85ae05c447ffa77af62936416062468c17c15786ae6ee8550515693f0
c7f65607bf195f36099fe3d109055734f0ed3cff4aee4dc47f151985ba949b3f5a3777cae7b0
524d668f2037ebba783780f2713dadbf11a705f98de8c0a21b0203010001a382010630820102
300c0603551d13040530030101ff301d0603551d0e041604148e
EAP-Message =
0x5db1d2720ee7812a816ef4617fab6a05fbe5cd3081d20603551d230481ca3081c780148e5d
b1d2720ee7812a816ef4617fab6a05fbe5cda181aba481a83081a5310b300906035504061302
504631193017060355040813104672656e636820506f6c796e65736961310f300d0603550407
1306546168697469310d300b060355040a13045669546931253023060355040b131c56695469
2043657274696669636174696f6e20417574686f726974793110300e06035504031307566954
692043413122302006092a864886f70d01090116137375706572766973696f6e40766974692e
7066820101300d06092a864886f70d01010505000381810090c8
EAP-Message =
0x0c65f81c8ceb5b62904cff1b80456c04f697c3adc26a164949a51dfdfdd3edc5f3533a9c66
f49823621c06ba4a3b336f79bb2359cf9f141a1f56d32461dc5b035ccdf96bcc0f9a8a16f59b
6fe8ad12eb5e52d2f0e801a502b003623d3e58a857cdff666ab7109ba20d97374cf24605ba50
4399f3fa0aa349a78d2690c75e160301018d0c000189008096c63659641fe69224a150344e09
f5640eff816b755ed2919b4abdd624f52b357de4d8eed363296dec7f49cab77e5d3fa71100a6
31ea006653da6da4b01b5ef0a8716ac1f8358a78d24862c2b79390e0e94a8e31c4192197b95f
eaa631910015d7494823fa06817313a5f9e7cb46982abc4a59a1
EAP-Message =
0x98eb701ea03966bc5233a08300010200803b555aa3c5417163d1d890a41131b06ad88dfef4
9ffd1fc3c2547845112efce1b818a21b6ed46bad7ae412cd100a23b10162c372ec7f618dbd1f
50812450f4b60addefc8fb2698a27fbbc5abdc1a5eb137aec15bdccd596b1d52d1d69ef9f206
4f0be3de750413eb6508f19c8e2cf4807f57e1e3aaef4232d1c4f5f6450e6c980080ae642d91
204dc58bcf2de45a3a2dcc1a92ffcdfeb5d9bc1832e969528b42b5b0b12350a995e1219874f5
0717be1cb7f42f4d7a664134d1a479e34ae3ee7f0136dff6b37edc3021ad865783e0a868f23b
2ffcee78f99b32d2d4f16db950159c29964d51711b82826258d9
EAP-Message =
0xbd4a4e36d91b7047288f4f78254763134f61152f942816030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1f1aab301c97be99efb30c2336a4a7f8
rad_recv: Access-Request packet from host 192.168.1.111 port 33096, id=173,
length=407
User-Name = "ABCDEFGHIJKL"
Calling-Station-Id = "\000\037\373\"\214@"
NAS-IP-Address = 192.168.1.111
State = 0x1f1aab301c97be99efb30c2336a4a7f8
NAS-Port = 1
Framed-MTU = 1400
Service-Type = Framed-User
Called-Station-Id = "000084800711"
NAS-Identifier = "636170632D73632D70726F64"
NAS-Port-Type = 27
Chargeable-User-Identity = ""
NWG-WiMAX-Capability = 0x000106312e3000020301
NWG-GMT-Time-Zone-Offset = 0x0000000000
NWG-BS-ID = 0x00000084800711
NWG-NSP-ID = 0x000001f9
EAP-Message =
0x028d00c415001603010086100000820080041043d5921043658e7021b4dc0c4766668c5254
518f4c66ef3aee6c5b050bd710b8a99b4d2efed361a5aee69673ee2f497ea993705b8ca5c95a
b86e00d96882a9e249b225b91bf7ce5ed734164ac29e17fc55de89e345444bd241a875e22d4c
51b6fb7318e376938005ed77138d2836b648a59c38cb0ebd681998473d06ad57140301000101
1603010028fb9cb199122793285220fa9435f91dfe2c8106081c1761645cde53593aa9bc0104
ebccc13f74afee
Message-Authenticator = 0x72753965c681bd3edfb36ef6b39909ae
Tue May 10 12:32:07 2011 : Info: +- entering group authorize {...}
Tue May 10 12:32:07 2011 : Info: ++[preprocess] returns ok
Tue May 10 12:32:07 2011 : Info: [auth_log] expand: %t -> Tue May 10
12:32:07 2011
Tue May 10 12:32:07 2011 : Info: ++[auth_log] returns ok
Tue May 10 12:32:07 2011 : Info: ++[chap] returns noop
Tue May 10 12:32:07 2011 : Info: ++[mschap] returns noop
Tue May 10 12:32:07 2011 : Debug: rlm_wimax: Fixing WiMAX binary
Calling-Station-Id to 00-1f-fb-22-8c-40
Tue May 10 12:32:07 2011 : Info: ++[wimax] returns ok
Tue May 10 12:32:07 2011 : Info: [eap] EAP/ttls
Tue May 10 12:32:07 2011 : Info: [eap] processing type ttls
Tue May 10 12:32:07 2011 : Info: [ttls] Authenticate
Tue May 10 12:32:07 2011 : Info: [ttls] processing EAP-TLS
Tue May 10 12:32:07 2011 : Info: [ttls] eaptls_verify returned 7
Tue May 10 12:32:07 2011 : Info: [ttls] Done initial handshake
Tue May 10 12:32:07 2011 : Info: [ttls] <<< TLS 1.0 Handshake [length 0086],
ClientKeyExchange
Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 read client
key exchange A
Tue May 10 12:32:07 2011 : Info: [ttls] <<< TLS 1.0 ChangeCipherSpec [length
0001]
Tue May 10 12:32:07 2011 : Info: [ttls] <<< TLS 1.0 Handshake [length 0010],
Finished
Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 read finished
A
Tue May 10 12:32:07 2011 : Info: [ttls] >>> TLS 1.0 ChangeCipherSpec [length
0001]
Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 write change
cipher spec A
Tue May 10 12:32:07 2011 : Info: [ttls] >>> TLS 1.0 Handshake [length 0010],
Finished
Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 write finished
A
Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 flush data
Tue May 10 12:32:07 2011 : Info: [ttls] (other): SSL negotiation
finished successfully
Tue May 10 12:32:07 2011 : Debug: SSL Connection Established
Tue May 10 12:32:07 2011 : Info: [ttls] eaptls_process returned 13
Tue May 10 12:32:07 2011 : Info: ++[eap] returns handled
Sending Access-Challenge of id 173 to 192.168.1.111 port 33096
EAP-Message =
0x018e003d158000000033140301000101160301002836597205ba27c7eb6f6c282853dfcd01
b4a82000561ad791379a623c527aabadff705be58f4392b9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1f1aab301b94be99efb30c2336a4a7f8
rad_recv: Access-Request packet from host 192.168.1.111 port 33096, id=174,
length=358
User-Name = "ABCDEFGHIJKL"
Calling-Station-Id = "\000\037\373\"\214@"
NAS-IP-Address = 192.168.1.111
State = 0x1f1aab301b94be99efb30c2336a4a7f8
NAS-Port = 1
Framed-MTU = 1400
Service-Type = Framed-User
Called-Station-Id = "000084800711"
NAS-Identifier = "636170632D73632D70726F64"
NAS-Port-Type = 27
Chargeable-User-Identity = ""
NWG-WiMAX-Capability = 0x000106312e3000020301
NWG-GMT-Time-Zone-Offset = 0x0000000000
NWG-BS-ID = 0x00000084800711
NWG-NSP-ID = 0x000001f9
EAP-Message =
0x028e0093150017030100880c7f64a5f5184085fb897a83be464d3c99883f7949f8c30d76e7
09e44c3154dcd14dbdcc0f76ef33368959613f398b868bf96f797187b9edcc0a280b20994284
6660822fd2efa60ea39da6ada99dc8ce28cc7caaaaa26fd10308af7fbf16d1421e4cda944739
bddeb2474188f0017d24ec3f657301733ddd1229c0a031a2462ee9cfc5f67e2d0df5
Message-Authenticator = 0x0f0f1ba3f356aa9b52e19c3f338f57f9
Tue May 10 12:32:07 2011 : Debug: rlm_wimax: Fixing WiMAX binary
Calling-Station-Id to 00-1f-fb-22-8c-40
Tue May 10 12:32:07 2011 : Info: ++[wimax] returns ok
Tue May 10 12:32:07 2011 : Info: [suffix] No '@' in User-Name =
"ABCDEFGHIJKL", looking up realm NULL
Tue May 10 12:32:07 2011 : Info: [eap] EAP/ttls
Tue May 10 12:32:07 2011 : Info: [eap] processing type ttls
Tue May 10 12:32:07 2011 : Info: [ttls] Authenticate
Tue May 10 12:32:07 2011 : Info: [ttls] processing EAP-TLS
Tue May 10 12:32:07 2011 : Info: [ttls] eaptls_verify returned 7
Tue May 10 12:32:07 2011 : Info: [ttls] Done initial handshake
Tue May 10 12:32:07 2011 : Info: [ttls] eaptls_process returned 7
Tue May 10 12:32:07 2011 : Info: [ttls] Session established. Proceeding to
decode tunneled attributes.
Tue May 10 12:32:07 2011 : Info: [ttls] Got tunneled request
User-Name = "usertest"
MS-CHAP-Challenge = 0x4f40452a49e66f3394fe5472d7a6c8a3
MS-CHAP2-Response =
0x730014ff97bffc0a475fbe7d800f95b76e9e00000000000000008873ec5c5e2f2abe748678
133c983a865c80980b3b532e24
FreeRADIUS-Proxied-To = 127.0.0.1
Tue May 10 12:32:07 2011 : Info: [ttls] Sending tunneled request
User-Name = "usertest"
MS-CHAP-Challenge = 0x4f40452a49e66f3394fe5472d7a6c8a3
MS-CHAP2-Response =
0x730014ff97bffc0a475fbe7d800f95b76e9e00000000000000008873ec5c5e2f2abe748678
133c983a865c80980b3b532e24
FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
Tue May 10 12:32:07 2011 : Info: [mschap] Told to do MS-CHAPv2 for usertest
with NT-Password
Tue May 10 12:32:07 2011 : Info: [mschap] adding MS-CHAPv2 MPPE keys
Tue May 10 12:32:07 2011 : Info: ++[mschap] returns ok
Tue May 10 12:32:07 2011 : Info: WARNING: Empty section. Using default
return values.
} # server inner-tunnel
Tue May 10 12:32:07 2011 : Info: [ttls] Got tunneled reply code 2
MS-CHAP2-Success =
0x73533d45434435323936393145304539454433384342423831354245354644433446384631
384533454139
MS-MPPE-Recv-Key = 0x2dacf31b4e71f823de59fbab96d683d3
MS-MPPE-Send-Key = 0x4e126126cbeee506002c7e8b418b7c37
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
Tue May 10 12:32:07 2011 : Info: [ttls] Got tunneled Access-Accept
Tue May 10 12:32:07 2011 : Info: [ttls] Got MS-CHAP2-Success, tunneling it
to the client in a challenge.
Tue May 10 12:32:07 2011 : Info: ++[eap] returns handled
Sending Access-Challenge of id 174 to 192.168.1.111 port 33096
EAP-Message =
0x018f005f1580000000551703010050a7dd22c4c960fac1b93edcce9e2caa6bc6cd1c3daf00
b30b64cb7ca999bac133b6bf01f33f00c8848a60de395ec93a2abaa09cd35fbaaf4e357c8cd1
4ab7e499121d53cb61cd60ad8e4efc534b0a1b5b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1f1aab301a95be99efb30c2336a4a7f8
Tue May 10 12:32:07 2011 : Info: Finished request 8.
Tue May 10 12:32:07 2011 : Debug: Going to the next request
Tue May 10 12:32:07 2011 : Debug: Waking up in 1.3 seconds.
rad_recv: Access-Request packet from host 192.168.1.111 port 33096, id=175,
length=217
User-Name = "ABCDEFGHIJKL"
Calling-Station-Id = "\000\037\373\"\214@"
NAS-IP-Address = 192.168.1.111
State = 0x1f1aab301a95be99efb30c2336a4a7f8
NAS-Port = 1
Framed-MTU = 1400
Service-Type = Framed-User
Called-Station-Id = "000084800711"
NAS-Identifier = "636170632D73632D70726F64"
NAS-Port-Type = 27
Chargeable-User-Identity = ""
NWG-WiMAX-Capability = 0x000106312e3000020301
NWG-GMT-Time-Zone-Offset = 0x0000000000
NWG-BS-ID = 0x00000084800711
NWG-NSP-ID = 0x000001f9
EAP-Message = 0x028f00061500
Message-Authenticator = 0x39b7c4e6f117eeb2972893b5de5fa739
Tue May 10 12:32:07 2011 : Info: +- entering group authorize {...}
Tue May 10 12:32:07 2011 : Info: ++[preprocess] returns ok
Tue May 10 12:32:07 2011 : Info: ++[chap] returns noop
Tue May 10 12:32:07 2011 : Info: ++[mschap] returns noop
Tue May 10 12:32:07 2011 : Debug: rlm_wimax: Fixing WiMAX binary
Calling-Station-Id to 00-1f-fb-22-8c-40
Tue May 10 12:32:07 2011 : Info: ++[wimax] returns ok
Tue May 10 12:32:07 2011 : Info: [eap] Freeing handler
Tue May 10 12:32:07 2011 : Info: ++[eap] returns ok
Tue May 10 12:32:07 2011 : Info: [wimax] MIP-RK =
0xb53187ac09a8638b39ccece5d545ddcddfe9039dd4ca0d87fbfb11eb8d28bfed72fd0b846c
b227a4bfef736b776521f1f9f65399d97663622de78645392e829a
Tue May 10 12:32:07 2011 : Info: [wimax] MIP-SPI = c3962fc7
Tue May 10 12:32:07 2011 : Info: [wimax] WARNING: WiMAX-MN-NAI was not found
in the request or in the reply.
Tue May 10 12:32:07 2011 : Info: [wimax] WARNING: We cannot calculate MN-HA
keys.
Tue May 10 12:32:07 2011 : Info: [wimax] WARNING: WiMAX-IP-Technology not
found in reply.
Tue May 10 12:32:07 2011 : Info: [wimax] WARNING: Not calculating MN-HA keys
Tue May 10 12:32:07 2011 : Info: ++[wimax] returns updated
Sending Access-Accept of id 175 to 192.168.1.111 port 33096
MS-MPPE-Recv-Key =
0x6ac20e0ae330ec47259e11c1c88604adaf0bf8b2fed16dcd36676a114f989c50
MS-MPPE-Send-Key =
0x6c6881e76c18bae61afc53895744ccee92b7c95acc83cff8f59fcad428930e68
EAP-Message = 0x038f0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "ABCDEFGHIJKL"
If you have some clues please let me know.
Regards,
More information about the Freeradius-Users
mailing list