Repeating the same attribute in reply message
Shai Mizrachi
mizrachi.shai at gmail.com
Mon May 30 22:38:30 CEST 2011
Hi,
The users are configured inside /etc/raddb/users (no D.B is used).
All of the Wimax parameters are working fine, it is just the repeated
attributes which are failing (not sure this is related to Wimax ?)
I am attaching the output of the radiusd -X, followed by the user configured
in the users file.
Thanks for the help ...
=================================================
=================================================
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Ready to process requests.
rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=95,
length=244
User-Name = "{am=1}25f49af72f955791d10bec743331c5cc at lab.com"
EAP-Message =
0x02010033017b616d3d317d3235663439616637326639353537393164313062656337343333333163356363406c61622e636f6d
Message-Authenticator = 0x0f3f1d311098d83650466889dc8c8be4
NAS-Identifier = "ASN-GW"
NAS-IP-Address = 10.10.186.40
Calling-Station-Id = "00-10-E7-62-31-6C"
WiMAX-BS-Id = 0x020202010102
NAS-Port-Type = 27
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 0
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
WiMAX-Attr-1793 = 0x0000028a
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/10.10.186.40/auth-detail-20110530
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/10.10.186.40/auth-detail-20110530
[auth_log] expand: %t -> Mon May 30 23:27:49 2011
++[auth_log] returns ok
++[mschap] returns noop
++[files] returns noop
++[wimax] returns ok
[eap] EAP packet type response id 1 length 51
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 95 to 10.10.186.40 port 1812
EAP-Message = 0x010200061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x053d4696053f53efd45f1f316c7360de
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=96,
length=273
User-Name = "{am=1}25f49af72f955791d10bec743331c5cc at lab.com"
EAP-Message =
0x0202003e150016030100330100002f0301000005ac62f536b4e285cf8c87f103e4f71c387c62d870cff93b0831ed3d6590000008002f000a000500040100
Message-Authenticator = 0x92bca141cfecbcbc26200c92954fdd00
NAS-Identifier = "ASN-GW"
NAS-IP-Address = 10.10.186.40
Calling-Station-Id = "00-10-E7-62-31-6C"
WiMAX-BS-Id = 0x020202010102
NAS-Port-Type = 27
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 0
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
WiMAX-Attr-1793 = 0x0000028a
State = 0x053d4696053f53efd45f1f316c7360de
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/10.10.186.40/auth-detail-20110530
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/10.10.186.40/auth-detail-20110530
[auth_log] expand: %t -> Mon May 30 23:27:49 2011
++[auth_log] returns ok
++[mschap] returns noop
++[files] returns noop
++[wimax] returns ok
[eap] EAP packet type response id 2 length 62
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 0033], ClientHello
[ttls] TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[ttls] TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 085e], Certificate
[ttls] TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls] TLS_accept: SSLv3 write server done A
[ttls] TLS_accept: SSLv3 flush data
[ttls] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 96 to 10.10.186.40 port 1812
EAP-Message =
0x0103040015c00000089b160301002a0200002603014de3fdc5d1d28867b0622cc6f5687695696174dd611902e01c2360571181ad6800002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
EAP-Message =
0x301e170d3131303532363230303133315a170d3132303532353230303133315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b46520833e7c771d35ef2663a7a4a2c5f8f7a14cfc1de3d75565e0d2f53d61220f0ee69cda0ec130512315a0208a1e93b3900ed878d01c52a0866e8ed800
EAP-Message =
0x0dd110881020abe9d580cfcb7afb7212a6c9f14caab6ae90cd62fdac8b457155fb04e0bbc38c96a04ea46d92b1dfbc375f89f448ca43b9b17419e86d741842b428d2f4f91fcffa6a7dc3b49d4b5b6b2561ad071c20c4a22c512d8f25d0ed4375fd802e043ea78535cd60146320ea4a1d8dc075b37c197ae1cfaec10c056271138b36ee40741b453a6a42140a2e18de2dd59f46d10219d040e824f0f3ffbbd72494ffbe79fa6ae6e9dfb0a681867f0ccc6f0dbc27f0483eb6a9217b499604b33cd0750203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101000222b6a16a0622b9d8
EAP-Message =
0xb824f1ef69d354ab1552a5934440f05d150639594ffe06cf7714cc264e714089de76d2920157c1d2d3e378b64884ca3533625a88373b1dd4a6e852da867ed72e915c2bcae0ad0358e9738f588d3238a10c772438d7843d49286cb065dfd1d1aa58446730f67a8804774a257899f0154c12214c2ca9e7e15ce9c145dc3b9aa3a3e9dfb554875817faefef16cf72e4b6a5e16f637f3ca921feaad24cdaf08432773bd3bfdea0667b041b2a60503050cd71788818b7899dc3331e9a9f29ee89905d11796929934e1dbf0367fb4ba1a00b81738dce9229115472f15339f5eaa1d4539a3156ddd80efe65baa0cd974b2611db0471e5f15e085b0004ab308204
EAP-Message = 0xa73082038fa0030201020209
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x053d4696043e53efd45f1f316c7360de
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=97,
length=217
User-Name = "{am=1}25f49af72f955791d10bec743331c5cc at lab.com"
EAP-Message = 0x020300061500
Message-Authenticator = 0x54ef7760e3b928dca237285f47387b05
NAS-Identifier = "ASN-GW"
NAS-IP-Address = 10.10.186.40
Calling-Station-Id = "00-10-E7-62-31-6C"
WiMAX-BS-Id = 0x020202010102
NAS-Port-Type = 27
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 0
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
WiMAX-Attr-1793 = 0x0000028a
State = 0x053d4696043e53efd45f1f316c7360de
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/10.10.186.40/auth-detail-20110530
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/10.10.186.40/auth-detail-20110530
[auth_log] expand: %t -> Mon May 30 23:27:49 2011
++[auth_log] returns ok
++[mschap] returns noop
++[files] returns noop
++[wimax] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 97 to 10.10.186.40 port 1812
EAP-Message =
0x0104040015c00000089b00831df6a982d018e5300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3131303532363230303133315a170d3132303532353230303133315a308193310b3009060355040613024652310f300d0603550408130652616469757331123010
EAP-Message =
0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100e1a0848d1402797067079584e7a66b3166f43551353d3ed40022e611235740d06d254c1143ef481d184bdf89a6d3019d418dbfa20b0c523728908a55a587c446cffd6289362b11036a93cd43984c72d7f69e650a46b5bab076ec766ec50081daa02ac73248baaa737885cf
EAP-Message =
0xa2b8eefcbcf75083ea333f55e4b322d8ee54a61dc400c03e1ba054a8da360656b5ac4fc6e5e6c37935ce52abb25fbbeadd086732dd2bc5956124a7ab236938e9636bf43c808d891dda71d413cee161cbf1dc3e7fb9894d84c1fd8bfc0b06fd85cf66c50f732dd517c49ab20ba8cef96937116f2032a45db966c8ea98f574ef4fa4898e10d217234b0dd497024141539209e6fa0bef0203010001a381fb3081f8301d0603551d0e0416041496eb3dd1a839b16846b251bbafc06aacb224dff33081c80603551d230481c03081bd801496eb3dd1a839b16846b251bbafc06aacb224dff3a18199a48196308193310b3009060355040613024652310f300d
EAP-Message =
0x060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900831df6a982d018e5300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100a104b252dca5de30e3408fedbf255276180a97ea23e0292a9d04bebd15606707aa43710971c7df459e148ddda98068d026f69d540f37aff1b195d57da7fb7d8a868a9c0355233ae84a4d2a56fc43
EAP-Message = 0x40ebc8c69220f02c5cf8ac5c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x053d4696073953efd45f1f316c7360de
Finished request 2.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=98,
length=217
User-Name = "{am=1}25f49af72f955791d10bec743331c5cc at lab.com"
EAP-Message = 0x020400061500
Message-Authenticator = 0x5bc9fb67028db3ca75384b250d49f223
NAS-Identifier = "ASN-GW"
NAS-IP-Address = 10.10.186.40
Calling-Station-Id = "00-10-E7-62-31-6C"
WiMAX-BS-Id = 0x020202010102
NAS-Port-Type = 27
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 0
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
WiMAX-Attr-1793 = 0x0000028a
State = 0x053d4696073953efd45f1f316c7360de
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/10.10.186.40/auth-detail-20110530
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/10.10.186.40/auth-detail-20110530
[auth_log] expand: %t -> Mon May 30 23:27:50 2011
++[auth_log] returns ok
++[mschap] returns noop
++[files] returns noop
++[wimax] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 98 to 10.10.186.40 port 1812
EAP-Message =
0x010500b915800000089b4a2ecaef24f899dfc6c948b2d9131ea2ad6d4f21bd0e0f940bc66f43d13689ac6058a1bad235de38502575b6cffdaae0c64cde8e3df0819211f94dc769ccdd47b3ca24289e73054b79cb9844d6fe295dab8b0fe4924fc582ae0c16e60723a3b291553437875d97a8b443b7c17fba728dbfa149d6f83d0a287ebaf7f9a911bec0ef925a5ebd8a8ee0df6b4662d10f557136be94a69d8a479866c2adfd90f6b5c119e61035ef7316030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x053d4696063853efd45f1f316c7360de
Finished request 3.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=99,
length=545
User-Name = "{am=1}25f49af72f955791d10bec743331c5cc at lab.com"
EAP-Message =
0x0205014c15001603010106100001020100144bc81228a0051ed5f8f8c4e487da89ccaeea6269e5f29458db08446dbe8ba4dfc9f4e61197587dda7dda5596dfa1e40e37ba81fca5c945e18245b08e928e2181bd3ba917382b93ec7f7a7b57ef02fa0bbdde1d6f23528bbe7fe987780da9290811d214f3bc8e72a2493ca3d4129c1beef9537d8ac542a235b2ddd29633af28a39e25e0decb8d60af09de873eb99cd7c3c4ae4c01a2ef9042f57aeb9a302a5b27a46eab61e6d73d2d2e2971f0f9dd05899954d4fa46c7bbe589c39624cdcf95a860a75db29a9bee717dfadb9280ca8c95b1db821d88d84b7d7ef5d7c7f25bc931de46cba01771e2b1a4e187
EAP-Message =
0xd5ff3c8d571696195f6cdf74149069b61382de601403010001011603010030642012d01bdb07d967c3c732e2624ac232cf66a13c045909f245d1113270c89771f302e8e77b7eb3f14b2434ed728f18
Message-Authenticator = 0xa3940c26ad536f4df564151e14a962d1
NAS-Identifier = "ASN-GW"
NAS-IP-Address = 10.10.186.40
Calling-Station-Id = "00-10-E7-62-31-6C"
WiMAX-BS-Id = 0x020202010102
NAS-Port-Type = 27
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 0
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
WiMAX-Attr-1793 = 0x0000028a
State = 0x053d4696063853efd45f1f316c7360de
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/10.10.186.40/auth-detail-20110530
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/10.10.186.40/auth-detail-20110530
[auth_log] expand: %t -> Mon May 30 23:27:50 2011
++[auth_log] returns ok
++[mschap] returns noop
++[files] returns noop
++[wimax] returns ok
[eap] EAP packet type response id 5 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[ttls] TLS_accept: SSLv3 read client key exchange A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 write finished A
[ttls] TLS_accept: SSLv3 flush data
[ttls] (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 99 to 10.10.186.40 port 1812
EAP-Message =
0x0106004515800000003b140301000101160301003069b56c3d3948529c615d8d65e533020fef7e7ab7732cd615f9e87055675ebf83a29b5146da4a554bceec25df935f6555
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x053d4696013b53efd45f1f316c7360de
Finished request 4.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=100,
length=382
User-Name = "{am=1}25f49af72f955791d10bec743331c5cc at lab.com"
EAP-Message =
0x020600ab150017030100a0d8688e20c0b0067915213b723edda42fc3344b33496b465422aa8687d9a6727678efac380e96c18d7197c894a329f1fc0bada19e689ccef2f1a37d8e9f25c4a8fee6b7fe623d86b912ca0c03d25c20b25ab4c0950dabbce9236f1bd4fef65f036c78d6b5aa07ad75eca65178f4198c7bd34b881ffdf7c2e57f763ce34951aab3631e0ad0283532fc0c1f1812495c7bb7f79389c4045d4e72067b1333fb77c9ed
Message-Authenticator = 0x6ca3e01fb59e6ab77890bcb48cc2d361
NAS-Identifier = "ASN-GW"
NAS-IP-Address = 10.10.186.40
Calling-Station-Id = "00-10-E7-62-31-6C"
WiMAX-BS-Id = 0x020202010102
NAS-Port-Type = 27
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 0
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
WiMAX-Attr-1793 = 0x0000028a
State = 0x053d4696013b53efd45f1f316c7360de
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/10.10.186.40/auth-detail-20110530
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/10.10.186.40/auth-detail-20110530
[auth_log] expand: %t -> Mon May 30 23:27:50 2011
++[auth_log] returns ok
++[mschap] returns noop
++[files] returns noop
++[wimax] returns ok
[eap] EAP packet type response id 6 length 171
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
User-Name = "explicit_ipcs at lab.com"
MS-CHAP-Challenge = 0x0b7f5bf22bab3eb0e2ac075b2ca5c652
MS-CHAP2-Response =
0x090019064d31498f4b510c02e282cdd804080000000000000000eb431e35a460ab50b9cd0b7b76190ff77c3fccb20cfd84d0
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
User-Name = "explicit_ipcs at lab.com"
MS-CHAP-Challenge = 0x0b7f5bf22bab3eb0e2ac075b2ca5c652
MS-CHAP2-Response =
0x090019064d31498f4b510c02e282cdd804080000000000000000eb431e35a460ab50b9cd0b7b76190ff77c3fccb20cfd84d0
FreeRADIUS-Proxied-To = 127.0.0.1
NAS-Identifier = "ASN-GW"
NAS-IP-Address = 10.10.186.40
Calling-Station-Id = "00-10-E7-62-31-6C"
WiMAX-BS-Id = 0x020202010102
NAS-Port-Type = 27
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 0
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
WiMAX-Attr-1793 = 0x0000028a
server {
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/10.10.186.40/auth-detail-20110530
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/10.10.186.40/auth-detail-20110530
[auth_log] expand: %t -> Mon May 30 23:27:50 2011
++[auth_log] returns ok
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
[files] users: Matched entry explicit_ipcs at lab.com at line 212
++[files] returns ok
++[wimax] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for explicit_ipcs at lab.com with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
expand: %{User-Name} -> explicit_ipcs at lab.com
++[request] returns noop
++[reply] returns noop
[wimax] No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys.
++[wimax] returns noop
} # server
[ttls] Got tunneled reply code 2
Idle-Timeout = 3600
Session-Timeout = 1800
Termination-Action = RADIUS-Request
R3-IF-Name = "CPE_MGMT_SG"
PDFID = 1
WiMAX-Packet-Data-Flow-Id = 1
WiMAX-Direction = Bi-Directional
WiMAX-Transport-Type = IPv4-CS
WiMAX-Uplink-QOS-Id = 1
WiMAX-Downlink-QOS-Id = 2
Classifier = 0x01030102030004030307051818ff
WiMAX-QoS-Id = 1
WiMAX-Schedule-Type = Best-Effort
WiMAX-Traffic-Priority = 1
WiMAX-Maximum-Sustained-Traffic-Rate = 2000000
WiMAX-QoS-Id = 2
WiMAX-Schedule-Type = Best-Effort
WiMAX-Traffic-Priority = 1
WiMAX-Maximum-Sustained-Traffic-Rate = 2000000
R3-IF-Name = "DHCP_Relay_SG"
PDFID = 2
WiMAX-Packet-Data-Flow-Id = 2
WiMAX-Direction = Bi-Directional
WiMAX-Transport-Type = IPv4-CS
WiMAX-Uplink-QOS-Id = 3
WiMAX-Downlink-QOS-Id = 4
Classifier = 0x01030102030004030307050000ff
WiMAX-QoS-Id = 3
WiMAX-Schedule-Type = Best-Effort
WiMAX-Traffic-Priority = 0
WiMAX-Maximum-Sustained-Traffic-Rate = 1000000
WiMAX-QoS-Id = 4
WiMAX-Schedule-Type = Best-Effort
WiMAX-Traffic-Priority = 0
WiMAX-Maximum-Sustained-Traffic-Rate = 1000000
MS-CHAP2-Success =
0x09533d32374643374430424643444134303643454343324546384236363046414235444138354544414532
MS-MPPE-Recv-Key = 0x3010c1cef4dff3ccbc401e61fe6aba40
MS-MPPE-Send-Key = 0xceb06d718258ce7e6b9aed16c80e7f2e
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
WiMAX-FA-RK-Key = 0x00
WiMAX-HA-RK-Key = 0x00
WiMAX-IP-Technology = CMIP4
[ttls] Got tunneled Access-Accept
[ttls] Got MS-CHAP2-Success, tunneling it to the client in a challenge.
++[eap] returns handled
Sending Access-Challenge of id 100 to 10.10.186.40 port 1812
EAP-Message =
0x0107005f15800000005517030100509aef16d756ed9395371c99b470bac318aceb342970cd8d0d52891ef51b8a9451a5f3227ca14cafcee73235c8aad0401f2a6596ad98a857512c468fe0f7f8be0ac712235fb6767a1590705002fa7816bf
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x053d4696003a53efd45f1f316c7360de
Finished request 5.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 10.10.186.40 port 1812, id=101,
length=217
User-Name = "{am=1}25f49af72f955791d10bec743331c5cc at lab.com"
EAP-Message = 0x020700061500
Message-Authenticator = 0xc30d23caa66a6c953bfe8980cba6ac85
NAS-Identifier = "ASN-GW"
NAS-IP-Address = 10.10.186.40
Calling-Station-Id = "00-10-E7-62-31-6C"
WiMAX-BS-Id = 0x020202010102
NAS-Port-Type = 27
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 0
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
WiMAX-Attr-1793 = 0x0000028a
State = 0x053d4696003a53efd45f1f316c7360de
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/10.10.186.40/auth-detail-20110530
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/10.10.186.40/auth-detail-20110530
[auth_log] expand: %t -> Mon May 30 23:27:50 2011
++[auth_log] returns ok
++[mschap] returns noop
++[files] returns noop
++[wimax] returns ok
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake is finished
[ttls] eaptls_verify returned 3
[ttls] eaptls_process returned 3
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
expand: %{User-Name} ->
{am=1}25f49af72f955791d10bec743331c5cc at lab.com
++[request] returns noop
++[reply] returns noop
[wimax] MIP-RK =
0xaef9d3e53fd7d9bcf6b0f765dca01d76e342f5acd10f5ff4561e6f16c6a14d6c1d6fbc7a2d233f8eb5c4440f07e7fee9285396977715f86584cc91712551f6a5
[wimax] MIP-SPI = e7754631
[wimax] WARNING: WiMAX-hHA-IP-MIP4 not found. Cannot calculate MN-HA-CMIP4
key
++[wimax] returns updated
Sending Access-Accept of id 101 to 10.10.186.40 port 1812
Idle-Timeout = 3600
Session-Timeout = 1800
Termination-Action = RADIUS-Request
R3-IF-Name = "CPE_MGMT_SG"
PDFID = 1
WiMAX-Packet-Data-Flow-Id = 1
WiMAX-Direction = Bi-Directional
WiMAX-Transport-Type = IPv4-CS
WiMAX-Uplink-QOS-Id = 1
WiMAX-Downlink-QOS-Id = 2
Classifier = 0x01030102030004030307051818ff
WiMAX-QoS-Id = 1
WiMAX-Schedule-Type = Best-Effort
WiMAX-Traffic-Priority = 1
WiMAX-Maximum-Sustained-Traffic-Rate = 2000000
WiMAX-FA-RK-Key = 0xe5c88d100cf04d75e950ea17183fd6a75fdeed2e
WiMAX-HA-RK-Key = 0x00
WiMAX-IP-Technology = CMIP4
EAP-Message = 0x03070004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "{am=1}25f49af72f955791d10bec743331c5cc at lab.com"
WiMAX-MSK =
0x10526ef39b288de53f21aea35e5d45e426399ce2991dcd3db2e1705d82f57b4c6e90fb19ccfed3621fe7657f657f6124c12a414393689957c0232b39db064f20
WiMAX-FA-RK-SPI = 826701287
Finished request 6.
========================================================================
========================================================================
explicit_ipcs at lab.com Cleartext-Password := "1234"
Idle-Timeout = 3600,
Session-Timeout = 1800,
Termination-Action = RADIUS-Request,
R3-IF-Name += CPE_MGMT_SG,
PDFID += 1,
WiMAX-Packet-Data-Flow-Id += 1,
WiMAX-Direction += Bi-Directional,
WiMAX-Transport-Type += IPv4-CS,
WiMAX-Uplink-QOS-Id += 1,
WiMAX-Downlink-QOS-Id += 2,
Classifier += 0x01030102030004030307051818ff,
WiMAX-QoS-Id += 1,
WiMAX-Schedule-Type += Best-Effort,
WiMAX-Traffic-Priority += 1,
WiMAX-Maximum-Sustained-Traffic-Rate += 2000000,
WiMAX-QoS-Id += 2,
WiMAX-Schedule-Type += Best-Effort,
WiMAX-Traffic-Priority += 1,
WiMAX-Maximum-Sustained-Traffic-Rate += 2000000,
R3-IF-Name += DHCP_Relay_SG,
PDFID += 2,
WiMAX-Packet-Data-Flow-Id += 2,
WiMAX-Direction += Bi-Directional,
WiMAX-Transport-Type += IPv4-CS,
WiMAX-Uplink-QOS-Id += 3,
WiMAX-Downlink-QOS-Id += 4,
Classifier += 0x01030102030004030307050000ff,
WiMAX-QoS-Id += 3,
WiMAX-Schedule-Type += Best-Effort,
WiMAX-Traffic-Priority +=0,
WiMAX-Maximum-Sustained-Traffic-Rate += 1000000,
WiMAX-QoS-Id += 4,
WiMAX-Schedule-Type += Best-Effort,
WiMAX-Traffic-Priority += 0,
WiMAX-Maximum-Sustained-Traffic-Rate += 1000000
======================================================================
======================================================================
On Mon, May 30, 2011 at 5:16 PM, Alan DeKok <aland at deployingradius.com>wrote:
> Shai Mizrachi wrote:
> > I a trying to send in the Access-Accept the same attribute twice but
> > with different values (for Wimax QoS descriptor).
> > I am using the += operator but still, the reply message contains only
> > the first parameter and the second is just ignored.
>
> It should work. But maybe 2.1.7 doesn't have the required WiMAX magic.
>
> What does the debug output show? Where are the attributes defined?
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
----------------
Shai Mizrachi
054-9225408
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110530/3505122b/attachment.html>
More information about the Freeradius-Users
mailing list