Freeradius + Alvarion 4Motion specify filter-id value inaccess-accept from value in user conf file ?
Hahusseau, Thomas
thomas.hahusseau at cassidian.com
Tue May 31 19:17:56 CEST 2011
Hello,
I'm running latest version form Master Branch of Freeradius. I managed to connect an Alvarion CPE to an Alvarion 4M BS with Freeradius server as authenticator. Everything works well except that I directly specified in my /site-enable/default configuration file the value of "Filter-Id" attribute required by the base station.
----------- /site-enabled/default
post-auth {
exec
update request {
WiMAX-MN-NAI = "%{User-Name}"
}
update reply {
WiMAX-FA-RK-Key = 0x00
WiMAX-MSK = "%{reply:EAP-MSK}"
Filter-Id = "Profile1"
}
wimax
Post-Auth-Type REJECT {
# log failed authentications in SQL, too.
# sql
attr_filter.access_reject
}
}
-----------
I would like to use different value of attribute "Filter-Id" for different users (specific QoS setting in Alvarion ASN-GW for each Filter-Id). I would like to use the "Filter-ID"'s value specified in my users conf file :
----------- users
#standard customer
cpe1 at eads.com Cleartext-Password := "cpe1"
Session-Timeout = 3600,
Termination-Action = Radius-Request,
Filter-Id = "Profile1"
#VIP customer
cpe2 at eads.com Cleartext-Password := "cpe2"
Session-Timeout = 3600,
Termination-Action = Radius-Request,
Filter-Id = "Profile2"
-----------
I tried to use the same syntax as for WiMAX-MSK attribute: Filter-ID ="%{Filter-Id}" but it doesn't work (Filter-ID value in access-accept is empty). I googled "Filter-Id freeradius" and found nothing relevant.
Is it possible to use Filter-ID value form users conf file in access-accept ?
Here is an example on access-accept message with filter-id specified directly in site-enable/default conf file.
----------- radiusd -X
(7) Found Auth-Type = ?
(7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(7) group authenticate {
(7) - entering group authenticate {...}
(7) eap : Request found, released from the list
(7) eap : EAP/ttls
(7) eap : processing type ttls
(7) ttls : Authenticate
(7) ttls : processing EAP-TLS
(7) ttls : Received TLS ACK
(7) ttls : Received TLS ACK
(7) ttls : ACK handshake is finished
(7) ttls : eaptls_verify returned 3
(7) ttls : eaptls_process returned 3
(7) ttls : Using saved attributes from the original Access-Accept
(7) eap : Freeing handler
(7) [eap] = ok
(7) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
(7) group post-auth {
(7) - entering group post-auth {...}
(7) [exec] = noop
(7) update request {
(7) expand: %{User-Name} -> {am=1}791d05915a25400ca9d1a3cb1a2c7ffa at eads.com
(7) } # update request = noop
(7) update reply {
(7) expand: %{reply:EAP-MSK} -> 0x0473dcd65638bc4ef089945467f25e24f252b53f34e4d2f220d157c3d1192528cb185a0437d0a641fd5434d28738eae8f013d4b0308662a0e1b365d8ad542ce0
(7) } # update reply = noop
(7) wimax : MIP-RK = 0x9ec871a65c3033e03c0d77ed55a1517d4b7dbbbeb2d782bcf369635861e64925c5db13c36286e2032c789ad6fe2c09cd21eda782a9a4758e9ce73f8f384c46b6
(7) wimax : MIP-SPI = bb9d949a
(7) wimax : WARNING: WiMAX-IP-Technology not found in reply.
(7) wimax : WARNING: Not calculating MN-HA keys
(7) [wimax] = updated
Sending Access-Accept of id 246 to 192.168.100.10 port 1812
MS-MPPE-Recv-Key = 0x0473dcd65638bc4ef089945467f25e24f252b53f34e4d2f220d157c3d1192528
MS-MPPE-Send-Key = 0xcb185a0437d0a641fd5434d28738eae8f013d4b0308662a0e1b365d8ad542ce0
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "{am=1}791d05915a25400ca9d1a3cb1a2c7ffa at eads.com"
WiMAX-FA-RK-Key = 0xb37b0b5832687e02c31b94319b2ba3077479411f
WiMAX-MSK = 0x0473dcd65638bc4ef089945467f25e24f252b53f34e4d2f220d157c3d1192528cb185a0437d0a641fd5434d28738eae8f013d4b0308662a0e1b365d8ad542ce0
Filter-Id = "Profile1"
WiMAX-FA-RK-SPI = 2593430971
(7) Finished request 7.
-----------
Regards,
Mr Thomas Hahusseau,
Ingénieur réseau
Cassidian (EADS)
More information about the Freeradius-Users
mailing list