No connection after access-accept.
David Peterson
davidp at wirelessconnections.net
Wed Oct 19 18:54:13 CEST 2011
The problem with the 4-Motion system is that it's completely different from
the Extreme. The specification they "created" is completely off the WiMax
specs which is why Alan had to put in some fixes.
Follow the format I sent you EXACTLY and it should work just fine. I.e.
You have classifier ID of 2 coming before 1.
In addition, set delete_mppe_keys = yes in the WiMax module.
David
-----Original Message-----
From:
freeradius-users-bounces+david.peterson=acc-corp.net at lists.freeradius.org
[mailto:freeradius-users-bounces+david.peterson=acc-corp.net at lists.freeradiu
s.org] On Behalf Of Krzysztof Grobelak
Sent: Wednesday, October 19, 2011 11:58 AM
To: FreeRadius users mailing list
Subject: Re: No connection after access-accept.
Thank you for quick reply.
I believe that I am using the correct dictionaries
(dictionary.alvarion.wimax.v2_2 && dictionary.wimax.alvarion).
I fixed the TOS range and mask but it still does not connect.
Regards,
Krzysztof
On 19/10/11 16:19, David Peterson wrote:
> Hi Krzystof,
>
> You need to use the new Alvarion dictionary which is included in the 3.0
> version I believe, Alan will undoubtedly correct me.
>
> In addition you will need to change the TOS range and mask values. Here
is
> what I send to set up 1 IPCS flow on an Alvarion 4-Motion ASN.
>
> Alvarion-R3-IF-Name += SGVLAN13
> Alvarion-PDFID += 1
> WiMAX-Packet-Data-Flow-Id += 1
> WiMAX-Service-Data-Flow-Id += 1
> WiMAX-Direction += 3
> WiMAX-Transport-Type += 1
> WiMAX-Uplink-QOS-Id += 1
> WiMAX-Downlink-QOS-Id += 1
> WiMAX-ClassifierID += 1
> WiMAX-Classifier-Priority += 1
> WiMAX-Classifier-Direction += 1
> WiMAX-IP-TOS-DSCP-Range-and-Mask += 0x1818FF
> WiMAX-Transport-Type += 1
> WiMAX-ClassifierID += 2
> WiMAX-Classifier-Priority += 1
> WiMAX-Classifier-Direction += 2
> WiMAX-IP-TOS-DSCP-Range-and-Mask += 0x0000FF
> WiMAX-QoS-Id += 1
> WiMAX-Schedule-Type += 2
> WiMAX-Traffic-Priority += 1
> WiMAX-Maximum-Sustained-Traffic-Rate += 256000
>
> David Peterson
> Senior WiMax Engineer
> Wireless Connections
>
> -----Original Message-----
> From:
> freeradius-users-bounces+david.peterson=acc-corp.net at lists.freeradius.org
>
[mailto:freeradius-users-bounces+david.peterson=acc-corp.net at lists.freeradiu
> s.org] On Behalf Of Krzysztof Grobelak
> Sent: Wednesday, October 19, 2011 11:06 AM
> To: FreeRadius users mailing list
> Subject: No connection after access-accept.
>
> Hello.
>
> I am trying to configure freeradius to work with Alvarion devices. It is
> working fine with Extreme but for some reason it does not work with
> 4motion.
> I installed the "master" version from git and I edited the dictionary
> files.
> My problem is that i see access-accept being sent but the connection is
> not established and radio keeps trying to authenticate with freeradius.
> Each attempt ends with access-accept being sent.
>
> Thanks in advance
> P.S. I am new to freeradius and wimax so please dont eat me alive...
>
> Regards,
> Krzysztof
>
> Debug:
>
> FreeRADIUS Version 3.0.0, for host i686-pc-linux-gnu, built on Oct 17
> 2011 at 10:26:54
> Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License v2.
>
> Compilation options:
> Regex flavour: Posix
> Starting - reading configuration files ...
> including configuration file /usr/local/etc/raddb/radiusd.conf
> including configuration file /usr/local/etc/raddb/proxy.conf
> including configuration file /usr/local/etc/raddb/clients.conf
> including files in directory /usr/local/etc/raddb/modules/
> including configuration file /usr/local/etc/raddb/modules/redis
> including configuration file /usr/local/etc/raddb/modules/cui
> including configuration file /usr/local/etc/raddb/modules/echo
> including configuration file /usr/local/etc/raddb/modules/checkval
> including configuration file /usr/local/etc/raddb/modules/sql_log
> including configuration file /usr/local/etc/raddb/modules/smsotp
> including configuration file /usr/local/etc/raddb/modules/acct_unique
> including configuration file /usr/local/etc/raddb/modules/policy
> including configuration file /usr/local/etc/raddb/modules/realm
> including configuration file /usr/local/etc/raddb/modules/files
> including configuration file /usr/local/etc/raddb/modules/etc_group
> including configuration file /usr/local/etc/raddb/modules/ippool
> including configuration file /usr/local/etc/raddb/modules/inner-eap
> including configuration file /usr/local/etc/raddb/modules/pam
> including configuration file /usr/local/etc/raddb/modules/sql
> including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
> including configuration file /usr/local/etc/raddb/modules/counter
> including configuration file /usr/local/etc/raddb/modules/expiration
> including configuration file /usr/local/etc/raddb/modules/detail.log
> including configuration file /usr/local/etc/raddb/modules/expr
> including configuration file /usr/local/etc/raddb/modules/ntlm_auth
> including configuration file /usr/local/etc/raddb/modules/mac2vlan
> including configuration file
/usr/local/etc/raddb/modules/detail.example.com
> including configuration file /usr/local/etc/raddb/modules/always
> including configuration file /usr/local/etc/raddb/modules/logintime
> including configuration file /usr/local/etc/raddb/modules/replicate
> including configuration file /usr/local/etc/raddb/modules/unix
> including configuration file /usr/local/etc/raddb/modules/chap
> including configuration file /usr/local/etc/raddb/modules/linelog
> including configuration file /usr/local/etc/raddb/modules/radutmp
> including configuration file /usr/local/etc/raddb/modules/digest
> including configuration file /usr/local/etc/raddb/modules/sradutmp
> including configuration file /usr/local/etc/raddb/modules/preprocess
> including configuration file /usr/local/etc/raddb/modules/ldap
> including configuration file /usr/local/etc/raddb/modules/sqlippool
> including configuration file
/usr/local/etc/raddb/sql/postgresql/ippool.conf
> including configuration file /usr/local/etc/raddb/modules/opendirectory
> including configuration file /usr/local/etc/raddb/modules/otp
> including configuration file /usr/local/etc/raddb/modules/rediswho
> including configuration file /usr/local/etc/raddb/modules/mschap
> including configuration file /usr/local/etc/raddb/modules/eap
> including configuration file /usr/local/etc/raddb/modules/attr_rewrite
> including configuration file /usr/local/etc/raddb/modules/exec
> including configuration file /usr/local/etc/raddb/modules/pap
> including configuration file
> /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
> including configuration file /usr/local/etc/raddb/modules/mac2ip
> including configuration file /usr/local/etc/raddb/modules/utf8
> including configuration file /usr/local/etc/raddb/modules/passwd
> including configuration file /usr/local/etc/raddb/modules/attr_filter
> including configuration file /usr/local/etc/raddb/modules/soh
> including configuration file /usr/local/etc/raddb/modules/detail
> including configuration file /usr/local/etc/raddb/modules/smbpasswd
> including configuration file /usr/local/etc/raddb/modules/dynamic_clients
> including configuration file /usr/local/etc/raddb/modules/wimax
> including configuration file /usr/local/etc/raddb/modules/krb5
> including configuration file /usr/local/etc/raddb/modules/perl
> including configuration file /usr/local/etc/raddb/policy.conf
> including files in directory /usr/local/etc/raddb/sites-enabled/
> including configuration file /usr/local/etc/raddb/sites-enabled/default
> including configuration file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
> including configuration file
> /usr/local/etc/raddb/sites-enabled/control-socket
> main {
> security {
> allow_core_dumps = no
> }
> }
> including dictionary file /usr/local/etc/raddb/dictionary
> main {
> name = "radiusd"
> prefix = "/usr/local"
> localstatedir = "/usr/local/var"
> sbindir = "/usr/local/sbin"
> logdir = "/usr/local/var/log/radius"
> run_dir = "/usr/local/var/run/radiusd"
> libdir = "/usr/local/lib"
> radacctdir = "/usr/local/var/log/radius/radacct"
> hostname_lookups = no
> max_request_time = 30
> cleanup_delay = 5
> max_requests = 1024
> pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
> checkrad = "/usr/local/sbin/checkrad"
> debug_level = 0
> proxy_requests = yes
> log {
> stripped_names = no
> auth = no
> auth_badpass = no
> auth_goodpass = no
> }
> security {
> max_attributes = 200
> reject_delay = 1
> status_server = yes
> }
> }
> radiusd: #### Loading Realms and Home Servers ####
> proxy server {
> retry_delay = 5
> retry_count = 3
> default_fallback = no
> dead_time = 120
> wake_all_if_all_dead = no
> }
> home_server localhost {
> ipaddr = 127.0.0.1
> port = 1812
> type = "auth"
> secret = "testing123"
> response_window = 20
> max_outstanding = 65536
> require_message_authenticator = yes
> zombie_period = 40
> status_check = "status-server"
> ping_interval = 30
> check_interval = 30
> num_answers_to_alive = 3
> num_pings_to_alive = 3
> revive_interval = 120
> status_check_timeout = 4
> coa {
> irt = 2
> mrt = 16
> mrc = 5
> mrd = 30
> }
> limit {
> max_connections = 16
> max_requests = 0
> lifetime = 0
> idle_timeout = 0
> }
> }
> home_server_pool my_auth_failover {
> type = fail-over
> home_server = localhost
> }
> realm example.com {
> auth_pool = my_auth_failover
> }
> realm LOCAL {
> }
> radiusd: #### Loading Clients ####
> client localhost {
> ipaddr = 127.0.0.1
> require_message_authenticator = no
> secret = "testing123"
> nastype = "other"
> max_connections = 16
> }
> client 10.190.0.2 {
> require_message_authenticator = no
> secret = "pass"
> shortname = "Testing"
> nastype = "other"
> max_connections = 16
> }
>
> radiusd: #### Instantiating modules ####
> instantiate {
> Module: Linked to module rlm_exec
> Module: Instantiating module "exec" from file
> /usr/local/etc/raddb/modules/exec
> exec {
> wait = no
> input_pairs = "request"
> shell_escape = yes
> }
> Module: Linked to module rlm_expr
> Module: Instantiating module "expr" from file
> /usr/local/etc/raddb/modules/expr
> Module: Linked to module rlm_expiration
> Module: Instantiating module "expiration" from file
> /usr/local/etc/raddb/modules/expiration
> expiration {
> reply-message = "Password Has Expired "
> }
> Module: Linked to module rlm_logintime
> Module: Instantiating module "logintime" from file
> /usr/local/etc/raddb/modules/logintime
> logintime {
> reply-message = "You are calling outside your allowed timespan
"
> minimum-timeout = 60
> }
> }
> radiusd: #### Loading Virtual Servers ####
> server { # from file /usr/local/etc/raddb/radiusd.conf
> modules {
> Module: Checking authenticate {...} for more modules to load
> Module: Linked to module rlm_chap
> Module: Instantiating module "chap" from file
> /usr/local/etc/raddb/modules/chap
> Module: Linked to module rlm_mschap
> Module: Instantiating module "mschap" from file
> /usr/local/etc/raddb/modules/mschap
> mschap {
> use_mppe = yes
> require_encryption = no
> require_strong = no
> with_ntdomain_hack = no
> passchange {
> }
> allow_retry = yes
> }
> Module: Linked to module rlm_eap
> Module: Instantiating module "eap" from file
> /usr/local/etc/raddb/modules/eap
> eap {
> default_eap_type = "ttls"
> timer_expire = 60
> ignore_unknown_eap_types = no
> cisco_accounting_username_bug = no
> max_sessions = 4096
> }
> Module: Linked to sub-module rlm_eap_md5
> Module: Instantiating eap-md5
> Module: Linked to sub-module rlm_eap_leap
> Module: Instantiating eap-leap
> Module: Linked to sub-module rlm_eap_gtc
> Module: Instantiating eap-gtc
> gtc {
> challenge = "Password: "
> auth_type = "PAP"
> }
> Module: Linked to sub-module rlm_eap_tls
> Module: Instantiating eap-tls
> tls {
> rsa_key_exchange = no
> dh_key_exchange = yes
> rsa_key_length = 512
> dh_key_length = 512
> verify_depth = 0
> CA_path = "/usr/local/etc/raddb/certs"
> pem_file_type = yes
> private_key_file = "/usr/local/etc/raddb/certs/server.pem"
> certificate_file = "/usr/local/etc/raddb/certs/server.pem"
> CA_file = "/usr/local/etc/raddb/certs/ca.pem"
> private_key_password = "whatever"
> dh_file = "/usr/local/etc/raddb/certs/dh"
> random_file = "/usr/local/etc/raddb/certs/random"
> fragment_size = 1024
> include_length = yes
> check_crl = no
> cipher_list = "DEFAULT"
> make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
> ecdh_curve = "prime256v1"
> cache {
> enable = no
> lifetime = 24
> max_entries = 255
> }
> verify {
> }
> ocsp {
> enable = no
> override_cert_url = yes
> url = "http://127.0.0.1/ocsp/"
> }
> }
> Module: Linked to sub-module rlm_eap_ttls
> Module: Instantiating eap-ttls
> ttls {
> default_eap_type = "md5"
> copy_request_to_tunnel = yes
> use_tunneled_reply = yes
> virtual_server = "inner-tunnel"
> include_length = yes
> }
> Module: Linked to sub-module rlm_eap_peap
> Module: Instantiating eap-peap
> peap {
> default_eap_type = "mschapv2"
> copy_request_to_tunnel = no
> use_tunneled_reply = no
> proxy_tunneled_request_as_eap = yes
> virtual_server = "inner-tunnel"
> soh = no
> }
> Module: Linked to sub-module rlm_eap_mschapv2
> Module: Instantiating eap-mschapv2
> mschapv2 {
> with_ntdomain_hack = no
> send_error = no
> }
> Module: Checking authorize {...} for more modules to load
> Module: Linked to module rlm_preprocess
> Module: Instantiating module "preprocess" from file
> /usr/local/etc/raddb/modules/preprocess
> preprocess {
> huntgroups = "/usr/local/etc/raddb/huntgroups"
> hints = "/usr/local/etc/raddb/hints"
> with_ascend_hack = no
> ascend_channels_per_line = 23
> with_ntdomain_hack = no
> with_specialix_jetstream_hack = no
> with_cisco_vsa_hack = no
> with_alvarion_vsa_hack = no
> }
> Module: Linked to module rlm_files
> Module: Instantiating module "files" from file
> /usr/local/etc/raddb/modules/files
> files {
> usersfile = "/usr/local/etc/raddb/users"
> acctusersfile = "/usr/local/etc/raddb/acct_users"
> preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
> compat = "no"
> }
> Module: Checking preacct {...} for more modules to load
> Module: Loading virtual module acct_unique
> Module: Linked to module rlm_realm
> Module: Instantiating module "suffix" from file
> /usr/local/etc/raddb/modules/realm
> realm suffix {
> format = "suffix"
> delimiter = "@"
> ignore_default = no
> ignore_null = no
> }
> Module: Linked to module rlm_wimax
> Module: Instantiating module "wimax" from file
> /usr/local/etc/raddb/modules/wimax
> wimax {
> delete_mppe_keys = no
> }
> Module: Checking accounting {...} for more modules to load
> Module: Linked to module rlm_unix
> Module: Instantiating module "unix" from file
> /usr/local/etc/raddb/modules/unix
> unix {
> radwtmp = "/usr/local/var/log/radius/radwtmp"
> }
> Module: Linked to module rlm_radutmp
> Module: Instantiating module "radutmp" from file
> /usr/local/etc/raddb/modules/radutmp
> radutmp {
> filename = "/usr/local/var/log/radius/radutmp"
> username = "%{User-Name}"
> case_sensitive = yes
> check_with_nas = yes
> perm = 384
> callerid = yes
> }
> Module: Linked to module rlm_attr_filter
> Module: Instantiating module "attr_filter.accounting_response" from
> file /usr/local/etc/raddb/modules/attr_filter
> attr_filter attr_filter.accounting_response {
> attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
> key = "%{User-Name}"
> relaxed = no
> }
> Module: Checking session {...} for more modules to load
> Module: Checking post-proxy {...} for more modules to load
> Module: Checking post-auth {...} for more modules to load
> Module: Instantiating module "attr_filter.access_reject" from file
> /usr/local/etc/raddb/modules/attr_filter
> attr_filter attr_filter.access_reject {
> attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
> key = "%{User-Name}"
> relaxed = no
> }
> } # modules
> } # server
> server inner-tunnel { # from file
> /usr/local/etc/raddb/sites-enabled/inner-tunnel
> modules {
> Module: Checking authenticate {...} for more modules to load
> Module: Checking authorize {...} for more modules to load
> Module: Checking session {...} for more modules to load
> Module: Checking post-proxy {...} for more modules to load
> Module: Checking post-auth {...} for more modules to load
> } # modules
> } # server
> radiusd: #### Opening IP addresses and Ports ####
> listen {
> type = "auth"
> ipaddr = *
> port = 0
> }
> listen {
> type = "acct"
> ipaddr = *
> port = 0
> }
> listen {
> type = "control"
> listen {
> socket = "/usr/local/var/run/radiusd/radiusd.sock"
> }
> }
> listen {
> type = "auth"
> ipaddr = 127.0.0.1
> port = 18120
> }
> Listening on authentication address * port 1812
> Listening on accounting address * port 1813
> Listening on command file /usr/local/var/run/radiusd/radiusd.sock
> Listening on authentication address 127.0.0.1 port 18120 as server
> inner-tunnel
> Opening new proxy address * port 1814
> Listening on proxy address * port 1814
> Ready to process requests.
> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=225,
> length=226
> User-Name = "{sm=1}test at company.ie"
> EAP-Message =
>
0x0201002a017b736d3d317d6d61676e612e74616c6c616768742e7465737440616972737065
> 65642e6965
> Message-Authenticator = 0xb0e4f53c239e82a5a9424643abac90c5
> NAS-Identifier = "BTS105"
> NAS-IP-Address = 10.190.0.2
> Calling-Station-Id = "00-26-82-D0-B6-F6"
> WiMAX-BS-Id = 0xffc6c8690100
> NAS-Port-Type = Wireless-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-offset = 0
> WiMAX-Release = "1.0"
> WiMAX-Accounting-Capabilities = IP-Session-Based
> WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
> Attr-26.24757.1.7 = 0x0000028a
> (0) # Executing section authorize from file
> /usr/local/etc/raddb/sites-enabled/default
> (0) group authorize {
> (0) - entering group authorize {...}
> (0) [preprocess] = ok
> (0) [chap] = noop
> (0) [mschap] = noop
> (0) eap : EAP packet type response id 1 length 42
> (0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the
> rest of authorize
> (0) [eap] = ok
> (0) Found Auth-Type = ?
> (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> (0) group authenticate {
> (0) - entering group authenticate {...}
> (0) eap : EAP Identity
> (0) eap : processing type tls
> (0) tls : Initiate
> (0) tls : Start returned 1
> (0) [eap] = handled
> Sending Access-Challenge of id 225 to 10.190.0.2 port 1812
> EAP-Message = 0x010200061520
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x4524932a452686bf0e6f9b30d966adf3
> (0) Finished request 0.
> Waking up in 0.3 seconds.
> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=226,
> length=290
> User-Name = "{sm=1}test at company.ie"
> EAP-Message =
>
0x0202005815800000004e16030100490100004503014d6f0492446dcf37684a8ba3964276e6
>
a0af14e11c0c66ba0bfe09bee47296d900001e00390038003500160013000a00330032002f00
> 15001200090014001100080100
> Message-Authenticator = 0x16b9a8766e5ca7d66bd4109f08badf56
> NAS-Identifier = "BTS105"
> NAS-IP-Address = 10.190.0.2
> Calling-Station-Id = "00-26-82-D0-B6-F6"
> WiMAX-BS-Id = 0xffc6c8690100
> NAS-Port-Type = Wireless-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-offset = 0
> WiMAX-Release = "1.0"
> WiMAX-Accounting-Capabilities = IP-Session-Based
> WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
> Attr-26.24757.1.7 = 0x0000028a
> State = 0x4524932a452686bf0e6f9b30d966adf3
> (1) # Executing section authorize from file
> /usr/local/etc/raddb/sites-enabled/default
> (1) group authorize {
> (1) - entering group authorize {...}
> (1) [preprocess] = ok
> (1) [chap] = noop
> (1) [mschap] = noop
> (1) eap : EAP packet type response id 2 length 88
> (1) eap : Continuing tunnel setup.
> (1) [eap] = ok
> (1) Found Auth-Type = ?
> (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> (1) group authenticate {
> (1) - entering group authenticate {...}
> (1) eap : Request found, released from the list
> (1) eap : EAP/ttls
> (1) eap : processing type ttls
> (1) ttls : Authenticate
> (1) ttls : processing EAP-TLS
> TLS Length 78
> (1) ttls : Length Included
> (1) ttls : eaptls_verify returned 11
> (1) ttls : (other): before/accept initialization
> (1) ttls : TLS_accept: before/accept initialization
> (1) ttls :<<< TLS 1.0 Handshake [length 0049], ClientHello
> (1) ttls : TLS_accept: SSLv3 read client hello A
> (1) ttls :>>> TLS 1.0 Handshake [length 002a], ServerHello
> (1) ttls : TLS_accept: SSLv3 write server hello A
> (1) ttls :>>> TLS 1.0 Handshake [length 085e], Certificate
> (1) ttls : TLS_accept: SSLv3 write certificate A
> (1) ttls :>>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
> (1) ttls : TLS_accept: SSLv3 write key exchange A
> (1) ttls :>>> TLS 1.0 Handshake [length 0004], ServerHelloDone
> (1) ttls : TLS_accept: SSLv3 write server done A
> (1) ttls : TLS_accept: SSLv3 flush data
> (1) ttls : TLS_accept: Need to read more data: SSLv3 read client
> certificate A
> In SSL Handshake Phase
> In SSL Accept mode
> (1) ttls : eaptls_process returned 13
> (1) [eap] = handled
> Sending Access-Challenge of id 226 to 10.190.0.2 port 1812
> EAP-Message =
>
0x0103040015c000000aad160301002a0200002603014e9ee50972fa598b689b6f459a90c557
>
abd4de3970630ee299ae5a309acdf4ec00003900160301085e0b00085a0008570003a6308203
>
a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355
>
040613024652310f300d060355040813065261646975733112301006035504071309536f6d65
>
776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886
>
f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d457861
> 6d706c6520436572746966696361746520417574686f72697479
> EAP-Message =
>
0x301e170d3131313031333039353734375a170d3132313031323039353734375a307c310b30
>
09060355040613024652310f300d0603550408130652616469757331153013060355040a130c
>
4578616d706c6520496e632e312330210603550403131a4578616d706c652053657276657220
>
43657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d
>
706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a028201
>
0100caef6b9b67bdef4ad8e1e44128bc7e4d59b10f7fea2f25a815df34e36e48223a3812b6b4
> c9005ddf99cf79afe5a4645eb7847cdaa444ad11ad858447f05e
> EAP-Message =
>
0xbb17624bb71f12a488110b381a1a629f04fe7811e5589b7cfebad4e16d89ce6b982880f28d
>
b5f6817bda4db85b83520a6d47f682e224f70e9a104fc421ca712b8fa4c1b9e6c98329a5db41
>
50bb6d06fe29729e2842c5ecb6960b89cbdadc1ec91e7eadbdb4288023659fef46b02ec89bb4
>
7026e86c85aefb37d6df74167a3e12279d32b42199ba04013f8d4985c218365f0f60c3d9af22
>
7a3949125925db3ffb1bdccf34548f7626dac63e22b0624b6f16669d47fbc7ca4ddf2f794d00
>
4b901ecb090203010001a317301530130603551d25040c300a06082b06010505070301300d06
> 092a864886f70d01010405000382010100b676c0afe25190b575
> EAP-Message =
>
0x1fa8ec975b02e09c61c8b25c4e2b7fe96b9275018524ef5bfecace1625ea8a09aaccc1a0b9
>
cdb2ebe7d1780ecf6a2bf775d639944c27881d5ea4d6fb013799ca759216777b46ee8dbdd9b6
>
6346ad9ee5b4e1854f04fa495bc64ce62702c50f3ba637d28c835c3113ca9984a94b1b3e6402
>
8034c73d734af96bdbb3e7bbb427372fb069af913eb2ced4ef9253a87050138334320cd2f563
>
c457de969f8472fd861282613fb501a0732e1bc2e9a0eb41caa6cb481c773f79737c1a9bc0e9
>
5e795ee5a0974fb2752d947606422dfba0e2c45b046c834c0553aecdd2b3a37952050de7a2d6
> e27be9065dc29bc10b90188a7faf20beed7b904c0004ab308204
> EAP-Message = 0xa73082038fa0030201020209
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x4524932a442786bf0e6f9b30d966adf3
> (1) Finished request 1.
> Waking up in 0.1 seconds.
> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=227,
> length=208
> User-Name = "{sm=1}test at company.ie"
> EAP-Message = 0x020300061500
> Message-Authenticator = 0x9a77a1ab1819f89e18fb8f7a8d263dbc
> NAS-Identifier = "BTS105"
> NAS-IP-Address = 10.190.0.2
> Calling-Station-Id = "00-26-82-D0-B6-F6"
> WiMAX-BS-Id = 0xffc6c8690100
> NAS-Port-Type = Wireless-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-offset = 0
> WiMAX-Release = "1.0"
> WiMAX-Accounting-Capabilities = IP-Session-Based
> WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
> Attr-26.24757.1.7 = 0x0000028a
> State = 0x4524932a442786bf0e6f9b30d966adf3
> (2) # Executing section authorize from file
> /usr/local/etc/raddb/sites-enabled/default
> (2) group authorize {
> (2) - entering group authorize {...}
> (2) [preprocess] = ok
> (2) [chap] = noop
> (2) [mschap] = noop
> (2) eap : EAP packet type response id 3 length 6
> (2) eap : Continuing tunnel setup.
> (2) [eap] = ok
> (2) Found Auth-Type = ?
> (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> (2) group authenticate {
> (2) - entering group authenticate {...}
> (2) eap : Request found, released from the list
> (2) eap : EAP/ttls
> (2) eap : processing type ttls
> (2) ttls : Authenticate
> (2) ttls : processing EAP-TLS
> (2) ttls : Received TLS ACK
> (2) ttls : Received TLS ACK
> (2) ttls : ACK handshake fragment handler
> (2) ttls : eaptls_verify returned 1
> (2) ttls : eaptls_process returned 13
> (2) [eap] = handled
> Sending Access-Challenge of id 227 to 10.190.0.2 port 1812
> EAP-Message =
>
0x0104040015c000000aad00ec1d720e4a7e8a98300d06092a864886f70d0101050500308193
>
310b3009060355040613024652310f300d060355040813065261646975733112301006035504
>
071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e312030
>
1e06092a864886f70d010901161161646d696e406578616d706c652e636f6d31263024060355
>
0403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d31
>
31313031333039353734375a170d3132313031323039353734375a308193310b300906035504
> 0613024652310f300d0603550408130652616469757331123010
> EAP-Message =
>
0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e
>
632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126
>
30240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
>
30820122300d06092a864886f70d01010105000382010f003082010a0282010100be734cc62e
>
cb7177f45d9f49d0dc7c67f1e8f71f9ad048dd67a12de738c98729d524e687e47b801bf912a3
>
ce76ff5c35cbbae16eed0733b5e51b53633123803af7f8bdb2a456b82f3c022ab8aa75e09e55
> f898044a1de747799af4506d191327f3cb2fd28c87d277828b1b
> EAP-Message =
>
0x5372af25f28e4dc8ece69051878c673e3036fad0165be210ee1e208c762dbd201af930f8d3
>
0c2d8e1f112afa92bec4462e0f812d645e0572c991a9f1ff3fb7938f9aa1c92db6464ea6025f
>
c34af023dc152c09ac6074742f3b1766cfca4c352255553bea37de71ea152bb306cd1893e111
>
19326b7a5bdf957fc90726ffcf49b542285aeda0480ced4f180547fe0449400dfd786fc50203
>
010001a381fb3081f8301d0603551d0e04160414b57317268d6d7a07453f567b60d8e38ab31a
>
f2a13081c80603551d230481c03081bd8014b57317268d6d7a07453f567b60d8e38ab31af2a1
> a18199a48196308193310b3009060355040613024652310f300d
> EAP-Message =
>
0x060355040813065261646975733112301006035504071309536f6d65776865726531153013
>
060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d01090116116164
>
6d696e406578616d706c652e636f6d312630240603550403131d4578616d706c652043657274
>
6966696361746520417574686f72697479820900ec1d720e4a7e8a98300c0603551d13040530
>
030101ff300d06092a864886f70d010105050003820101000145888b12dc92a1ae57d9cf122d
>
90702ccf6fdeacf92f4e46bdab9773d80bb5373ddacd234f03fd8d8f8587b515ba24b28931ff
> ec882ad044f8bc07f3c510b90f86e302639082c1d1fbc9fd9d2b
> EAP-Message = 0x29f6a43153b63396708d1c2a
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x4524932a472086bf0e6f9b30d966adf3
> (2) Finished request 2.
> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=228,
> length=208
> User-Name = "{sm=1}test at company.ie"
> EAP-Message = 0x020400061500
> Message-Authenticator = 0xe3f7dbd13796664921230156fd4a7f0b
> NAS-Identifier = "BTS105"
> NAS-IP-Address = 10.190.0.2
> Calling-Station-Id = "00-26-82-D0-B6-F6"
> WiMAX-BS-Id = 0xffc6c8690100
> NAS-Port-Type = Wireless-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-offset = 0
> WiMAX-Release = "1.0"
> WiMAX-Accounting-Capabilities = IP-Session-Based
> WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
> Attr-26.24757.1.7 = 0x0000028a
> State = 0x4524932a472086bf0e6f9b30d966adf3
> (3) # Executing section authorize from file
> /usr/local/etc/raddb/sites-enabled/default
> (3) group authorize {
> (3) - entering group authorize {...}
> (3) [preprocess] = ok
> (3) [chap] = noop
> (3) [mschap] = noop
> (3) eap : EAP packet type response id 4 length 6
> (3) eap : Continuing tunnel setup.
> (3) [eap] = ok
> (3) Found Auth-Type = ?
> (3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> (3) group authenticate {
> (3) - entering group authenticate {...}
> (3) eap : Request found, released from the list
> (3) eap : EAP/ttls
> (3) eap : processing type ttls
> (3) ttls : Authenticate
> (3) ttls : processing EAP-TLS
> (3) ttls : Received TLS ACK
> (3) ttls : Received TLS ACK
> (3) ttls : ACK handshake fragment handler
> (3) ttls : eaptls_verify returned 1
> (3) ttls : eaptls_process returned 13
> (3) [eap] = handled
> Sending Access-Challenge of id 228 to 10.190.0.2 port 1812
> EAP-Message =
>
0x010502cb158000000aad6b687c3b13bd2cbcdc94906e01fea4a72a53605631056850f7c340
>
7a5d7b7a88d58a990667955f91c7e7fd1d4bcc1cb32597585648a06987428bb59b80040251ea
>
1eb36ca37e6b08d6dcff0bbac544ee590b97dcdd3043216a8d7c43b3b8177a6d50c34a1954b7
>
97f6ce1b83260aec1f9cd4f49b89bf166b6fcbe2169a6cdfdd381bfdc0210904a4332192d206
>
d220b4227586268fe877dec3e39b6c9cfa223f5af7f750fd76160301020d0c0002090080f261
>
ea67ca98641e7618ffeaf9dbfbfeba8524299d1674bbae7d654b45ddb4d4d56cfc334a0d31a3
> 3b07a51ec227e83c6111384da4c513b3799894ab435ab01f0308
> EAP-Message =
>
0xbae422a62095161d878138f148293e9d8bbdd8e1f17eeb6aea213178d729efd10049433c42
>
9ea9685564ff39a81b78828cd381e4ebb6ff4a2022e92349230001020080cf073ac84159ffdf
>
2a3954bc6d8c5b241548eef76ea49c6f5648bf586017e4f8038d6956580fa5bd17a7199c7b05
>
bec37333162d8c6302c80092a8339aaecdcd44d3f77964b938c579d2fe5f5e2eb90d52b0215d
>
ec2972f639283ac415d95b1aecb8d856e28eababe9ee8f662b385efb60b09741356027269b5a
>
089c7c85738001004c76e655fcfb777d949b3e64e0018f329eedb978f1294c0f4fe10736b52d
> f39df6edf0f5634de3dc17614893582df2e251c5b6acd61276d0
> EAP-Message =
>
0xb71e3de49e55f6775effac0d28046d1510714dbd68c4d55dedb7329f9ba3de55154a4ffd8d
>
2aad7081dc07b232ff609ca8c19743ba19ccd2d1b3bf35dd1ccd78c1d54f477a4336188fb929
>
8426a941501972562ed1fca0efad8c451b0ec15674ff86500e67617241c95625ddecc82feefc
>
41c0eb91cdab0cc56176884e28aab3c850a81bd7736e1ec133d6b83db28db10623c552c5f7a2
>
d7a6d59e0f1cf362b155e415a274088d2eb875d07acd63236660e40f200f6055bd2c0c934777
> c61d55c1a57d7983d867c016030100040e000000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x4524932a462186bf0e6f9b30d966adf3
> (3) Finished request 3.
> Waking up in 0.2 seconds.
> Waking up in 4.3 seconds.
> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=229,
> length=410
> User-Name = "{sm=1}test at company.ie"
> EAP-Message =
>
0x020500d01580000000c61603010086100000820080e3190ec3957550a29a5f545907823a1e
>
adcd83d25d26b74f1858aae52bac948aef1e3d75bc2adff031a57ad656d2d09066f0cae0630e
>
0c66d0487abc980cb7d6631a6531f05cba19b4a94f628a6bda9a90aae7e58f33fe204399f1fc
>
d215d007dba697579f7bcb002baa5d67c06a10d82953c53a31b100711f4f0d07e550a3d41403
>
0100010116030100308a7e900fbfb4f5de1ef3c91092938dee297c5a4b41f537309996762989
> cffc3aa2475130e85a6cfcbd3cc5d4f4a38b01
> Message-Authenticator = 0x4f4cb9ffdb83cca6564a6d11de9eca5e
> NAS-Identifier = "BTS105"
> NAS-IP-Address = 10.190.0.2
> Calling-Station-Id = "00-26-82-D0-B6-F6"
> WiMAX-BS-Id = 0xffc6c8690100
> NAS-Port-Type = Wireless-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-offset = 0
> WiMAX-Release = "1.0"
> WiMAX-Accounting-Capabilities = IP-Session-Based
> WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
> Attr-26.24757.1.7 = 0x0000028a
> State = 0x4524932a462186bf0e6f9b30d966adf3
> (4) # Executing section authorize from file
> /usr/local/etc/raddb/sites-enabled/default
> (4) group authorize {
> (4) - entering group authorize {...}
> (4) [preprocess] = ok
> (4) [chap] = noop
> (4) [mschap] = noop
> (4) eap : EAP packet type response id 5 length 208
> (4) eap : Continuing tunnel setup.
> (4) [eap] = ok
> (4) Found Auth-Type = ?
> (4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> (4) group authenticate {
> (4) - entering group authenticate {...}
> (4) eap : Request found, released from the list
> (4) eap : EAP/ttls
> (4) eap : processing type ttls
> (4) ttls : Authenticate
> (4) ttls : processing EAP-TLS
> TLS Length 198
> (4) ttls : Length Included
> (4) ttls : eaptls_verify returned 11
> (4) ttls :<<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
> (4) ttls : TLS_accept: SSLv3 read client key exchange A
> (4) ttls :<<< TLS 1.0 ChangeCipherSpec [length 0001]
> (4) ttls :<<< TLS 1.0 Handshake [length 0010], Finished
> (4) ttls : TLS_accept: SSLv3 read finished A
> (4) ttls :>>> TLS 1.0 ChangeCipherSpec [length 0001]
> (4) ttls : TLS_accept: SSLv3 write change cipher spec A
> (4) ttls :>>> TLS 1.0 Handshake [length 0010], Finished
> (4) ttls : TLS_accept: SSLv3 write finished A
> (4) ttls : TLS_accept: SSLv3 flush data
> (4) ttls : (other): SSL negotiation finished successfully
> SSL Connection Established
> (4) ttls : eaptls_process returned 13
> (4) [eap] = handled
> Sending Access-Challenge of id 229 to 10.190.0.2 port 1812
> EAP-Message =
>
0x0106004515800000003b14030100010116030100303a882b92af53c50ce085959593e73fca
> 32ab9a7bd2e2e0a895c165c0a4163a638e8f12fef6f0bc8878a70cfcda0548a8
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x4524932a412286bf0e6f9b30d966adf3
> (4) Finished request 4.
> Waking up in 0.2 seconds.
> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=230,
> length=378
> User-Name = "{sm=1test at company.ie"
> EAP-Message =
>
0x020600b0150017030100201783b2821501d183457ee81425c3bcbfd372c1207cc52b44e4af
>
3250a771e4181703010080a65edf5e1fddb09f70ebffef22b5811ebb4d7f3143b2d1ecf88e2a
>
f29edd0178dc38aa45de3e8ac0106fa7259392dbb721ed242bf6fd1a79cdc10faad024b583e8
>
710f2396246d34353b915f3a49771b11ed93e106564b0f94f208631a4f9852c21452c53492d5
> 302b2571ec8f1b95d0b1abdaf202da0f42b9b68c863653886c
> Message-Authenticator = 0x064bdfc96ada80a4ac9a92242232b9ae
> NAS-Identifier = "BTS105"
> NAS-IP-Address = 10.190.0.2
> Calling-Station-Id = "00-26-82-D0-B6-F6"
> WiMAX-BS-Id = 0xffc6c8690100
> NAS-Port-Type = Wireless-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-offset = 0
> WiMAX-Release = "1.0"
> WiMAX-Accounting-Capabilities = IP-Session-Based
> WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
> Attr-26.24757.1.7 = 0x0000028a
> State = 0x4524932a412286bf0e6f9b30d966adf3
> (5) # Executing section authorize from file
> /usr/local/etc/raddb/sites-enabled/default
> (5) group authorize {
> (5) - entering group authorize {...}
> (5) [preprocess] = ok
> (5) [chap] = noop
> (5) [mschap] = noop
> (5) eap : EAP packet type response id 6 length 176
> (5) eap : Continuing tunnel setup.
> (5) [eap] = ok
> (5) Found Auth-Type = ?
> (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> (5) group authenticate {
> (5) - entering group authenticate {...}
> (5) eap : Request found, released from the list
> (5) eap : EAP/ttls
> (5) eap : processing type ttls
> (5) ttls : Authenticate
> (5) ttls : processing EAP-TLS
> (5) ttls : eaptls_verify returned 7
> (5) ttls : Done initial handshake
> (5) ttls : eaptls_process returned 7
> (5) ttls : Session established. Proceeding to decode tunneled attributes.
> (5) ttls : Got tunneled request
> User-Name = "30001020"
> MS-CHAP-Challenge = 0x967d3f6435e31b63
> MS-CHAP-Response =
>
0xb801000000000000000000000000000000000000000000000000b32723b5ce6e52ba066370
> add032fa03fecc6350d759fa7f
> FreeRADIUS-Proxied-To = 127.0.0.1
> (5) ttls : Sending tunneled request
> User-Name = "30001020"
> MS-CHAP-Challenge = 0x967d3f6435e31b63
> MS-CHAP-Response =
>
0xb801000000000000000000000000000000000000000000000000b32723b5ce6e52ba066370
> add032fa03fecc6350d759fa7f
> FreeRADIUS-Proxied-To = 127.0.0.1
> NAS-Identifier = "BTS105"
> NAS-IP-Address = 10.190.0.2
> Calling-Station-Id = "00-26-82-D0-B6-F6"
> WiMAX-BS-Id = 0xffc6c8690100
> NAS-Port-Type = Wireless-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-Release = "1.0"
> WiMAX-Accounting-Capabilities = IP-Session-Based
> WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
> Attr-26.24757.1.7 = 0x0000028a
> server inner-tunnel {
> (5) # Executing section authorize from file
> /usr/local/etc/raddb/sites-enabled/inner-tunnel
> (5) group authorize {
> (5) - entering group authorize {...}
> (5) [chap] = noop
> (5) mschap : Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
> (5) [mschap] = ok
> (5) eap : No EAP-Message, not doing EAP
> (5) [eap] = noop
> (5) files : users: Matched entry 30001020 at line 99
> (5) [files] = ok
> (5) [preprocess] = ok
> (5) Found Auth-Type = ?
> (5) # Executing group from file
> /usr/local/etc/raddb/sites-enabled/inner-tunnel
> (5) group MS-CHAP {
> (5) - entering group MS-CHAP {...}
> (5) mschap : Told to do MS-CHAPv1 with NT-Password
> (5) mschap : adding MS-CHAPv1 MPPE keys
> (5) [mschap] = ok
> (5) # Executing section post-auth from file
> /usr/local/etc/raddb/sites-enabled/inner-tunnel
> (5) group post-auth {
> (5) - entering group post-auth {...}
> (5) update outer.reply {
> (5) expand: %{request:User-Name} -> 30001020
> (5) } # update outer.reply = noop
> (5) wimax : No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys.
> (5) [wimax] = noop
> } # server inner-tunnel
> (5) ttls : Got tunneled reply code 2
> Alvarion-R3-IF-Name += "CPEL3Mgmt"
> Alvarion-PDFID += 1
> WiMAX-Packet-Data-Flow-Id += 1
> WiMAX-Direction += Bi-Directional
> WiMAX-Transport-Type += IPv4-CS
> WiMAX-Uplink-QOS-Id += 1
> WiMAX-Downlink-QOS-Id += 1
> WiMAX-ClassifierID += 2
> WiMAX-Classifier-Priority += 1
> WiMAX-Classifier-Direction += IN
> WiMAX-IP-TOS-DSCP-Range-and-Mask += 0x31353739323633
> WiMAX-ClassifierID += 1
> WiMAX-Classifier-Priority += 1
> WiMAX-Classifier-Direction += OUT
> WiMAX-IP-TOS-DSCP-Range-and-Mask += 0x3635353335
> WiMAX-QoS-Id += 1
> WiMAX-Schedule-Type += Best-Effort
> WiMAX-Traffic-Priority += 4
> WiMAX-Maximum-Sustained-Traffic-Rate += 512000
> WiMAX-IP-Technology += PMIP4
> Alvarion-R3-IF-Name += "HazelL2Service"
> Alvarion-PDFID += 2
> WiMAX-Packet-Data-Flow-Id += 2
> WiMAX-Direction += Bi-Directional
> WiMAX-Transport-Type += Ethernet
> WiMAX-Uplink-QOS-Id += 2
> WiMAX-Downlink-QOS-Id += 2
> WiMAX-ClassifierID += 1
> WiMAX-Classifier-Priority += 1
> WiMAX-Classifier-Direction += Bi-Directional
> WiMAX-VLAN-ID += 175
> WiMAX-QoS-Id += 2
> WiMAX-Schedule-Type += nrtPS
> WiMAX-Traffic-Priority += 1
> WiMAX-Maximum-Sustained-Traffic-Rate += 4096000
> WiMAX-Minimum-Reserved-Traffic-Rate += 1024000
> WiMAX-IP-Technology += Ethernet-CS
> WiMAX-hHA-IP-MIP4 += 12.12.12.12
> Session-Timeout = 3600
> Reply-Message = "4motion test"
> MS-CHAP-MPPE-Keys =
> 0x250838025ed089c5740e1ec19c1d0bedd9776bd85e9fca880000000000000000
> MS-MPPE-Encryption-Policy = Encryption-Allowed
> MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
> (5) ttls : Got tunneled Access-Accept
> (5) eap : Freeing handler
> (5) [eap] = ok
> (5) # Executing section post-auth from file
> /usr/local/etc/raddb/sites-enabled/default
> (5) group post-auth {
> (5) - entering group post-auth {...}
> (5) update request {
> (5) expand: %{User-Name} -> {sm=1}test at company.ie
> (5) } # update request = noop
> (5) update reply {
> (5) expand: %{reply:EAP-MSK} ->
>
0x1fb12ddd1fa37055e2178c1525d32d189d720d0987006686a6a5306992df472e3c1a0fade5
> 9132dd591aed447610e20c90a230fa5e7e345461261f8893588691
> (5) } # update reply = noop
> (5) wimax : MIP-RK =
>
0x34cb0114be346973d5832ba7410516ed882d1fb1fb0ae3ad608e687c48b01ab6948fd63668
> f8d0e5fbdb1c3169e676b44aea80064919ae759cc997505584dbf7
> (5) wimax : MIP-SPI = dd1974b7
> (5) [wimax] = updated
> Sending Access-Accept of id 230 to 10.190.0.2 port 1812
> User-Name = "30001020"
> Alvarion-R3-IF-Name = "CPEL3Mgmt"
> Alvarion-PDFID = 1
> WiMAX-Packet-Data-Flow-Id = 1
> WiMAX-Direction = Bi-Directional
> WiMAX-Transport-Type = IPv4-CS
> WiMAX-Uplink-QOS-Id = 1
> WiMAX-Downlink-QOS-Id = 1
> WiMAX-ClassifierID = 2
> WiMAX-Classifier-Priority = 1
> WiMAX-Classifier-Direction = IN
> WiMAX-IP-TOS-DSCP-Range-and-Mask = 0x31353739323633
> WiMAX-ClassifierID = 1
> WiMAX-Classifier-Priority = 1
> WiMAX-Classifier-Direction = OUT
> WiMAX-IP-TOS-DSCP-Range-and-Mask = 0x3635353335
> WiMAX-QoS-Id = 1
> WiMAX-Schedule-Type = Best-Effort
> WiMAX-Traffic-Priority = 4
> WiMAX-Maximum-Sustained-Traffic-Rate = 512000
> WiMAX-IP-Technology = Ethernet-CS
> Alvarion-R3-IF-Name = "HazelL2Service"
> Alvarion-PDFID = 2
> WiMAX-Packet-Data-Flow-Id = 2
> WiMAX-Direction = Bi-Directional
> WiMAX-Transport-Type = Ethernet
> WiMAX-Uplink-QOS-Id = 2
> WiMAX-Downlink-QOS-Id = 2
> WiMAX-ClassifierID = 1
> WiMAX-Classifier-Priority = 1
> WiMAX-Classifier-Direction = Bi-Directional
> WiMAX-VLAN-ID = 175
> WiMAX-QoS-Id = 2
> WiMAX-Schedule-Type = nrtPS
> WiMAX-Traffic-Priority = 1
> WiMAX-Maximum-Sustained-Traffic-Rate = 4096000
> WiMAX-Minimum-Reserved-Traffic-Rate = 1024000
> WiMAX-IP-Technology = Ethernet-CS
> WiMAX-hHA-IP-MIP4 = 12.12.12.12
> Session-Timeout = 3600
> Reply-Message = "4motion test"
> MS-CHAP-MPPE-Keys =
> 0x250838025ed089c5740e1ec19c1d0bedd9776bd85e9fca880000000000000000
> MS-MPPE-Encryption-Policy = Encryption-Allowed
> MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
> MS-MPPE-Recv-Key =
> 0x1fb12ddd1fa37055e2178c1525d32d189d720d0987006686a6a5306992df472e
> MS-MPPE-Send-Key =
> 0x3c1a0fade59132dd591aed447610e20c90a230fa5e7e345461261f8893588691
> EAP-Message = 0x03060004
> Message-Authenticator = 0x00000000000000000000000000000000
> WiMAX-MSK =
>
0x1fb12ddd1fa37055e2178c1525d32d189d720d0987006686a6a5306992df472e3c1a0fade5
> 9132dd591aed447610e20c90a230fa5e7e345461261f8893588691
> (5) Finished request 5.
> Waking up in 0.1 seconds.
> Waking up in 0.1 seconds.
> Waking up in 2.9 seconds.
> (0) Cleaning up request packet ID 225 with timestamp +85
> Waking up in 0.1 seconds.
> (1) Cleaning up request packet ID 226 with timestamp +85
> (2) Cleaning up request packet ID 227 with timestamp +85
> (3) Cleaning up request packet ID 228 with timestamp +85
> Waking up in 1.2 seconds.
> (4) Cleaning up request packet ID 229 with timestamp +86
> Waking up in 0.1 seconds.
> (5) Cleaning up request packet ID 230 with timestamp +86
> Ready to process requests.
> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=231,
> length=226
> User-Name = "{sm=1}test at company.ie"
> EAP-Message =
>
0x0201002a017b736d3d317d6d61676e612e74616c6c616768742e7465737440616972737065
> 65642e6965
> Message-Authenticator = 0x2304870d06de86fa88b3ccd2de56a789
> NAS-Identifier = "BTS105"
> NAS-IP-Address = 10.190.0.2
> Calling-Station-Id = "00-26-82-D0-B6-F6"
> WiMAX-BS-Id = 0xffc6c8690100
> NAS-Port-Type = Wireless-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-offset = 0
> WiMAX-Release = "1.0"
> WiMAX-Accounting-Capabilities = IP-Session-Based
> WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
> Attr-26.24757.1.7 = 0x0000028a
> (6) # Executing section authorize from file
> /usr/local/etc/raddb/sites-enabled/default
> (6) group authorize {
> (6) - entering group authorize {...}
> (6) [preprocess] = ok
> (6) [chap] = noop
> (6) [mschap] = noop
> (6) eap : EAP packet type response id 1 length 42
> (6) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the
> rest of authorize
> (6) [eap] = ok
> (6) Found Auth-Type = ?
> (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> (6) group authenticate {
> (6) - entering group authenticate {...}
> (6) eap : EAP Identity
> (6) eap : processing type tls
> (6) tls : Initiate
> (6) tls : Start returned 1
> (6) [eap] = handled
> Sending Access-Challenge of id 231 to 10.190.0.2 port 1812
> EAP-Message = 0x010200061520
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xfdcbcc4afdc9d9fe908aaa2f4bb4f780
> (6) Finished request 6.
> Waking up in 0.3 seconds.
> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=232,
> length=290
> User-Name = "{sm=1}test at company.ie"
> EAP-Message =
>
0x0202005815800000004e16030100490100004503014d6f049b50d6ea950c49e9ddac3c33c4
>
a0477aefbe9119045fd3313c4148aa9300001e00390038003500160013000a00330032002f00
> 15001200090014001100080100
> Message-Authenticator = 0xab2efdd42f1f345c5b0ff3654e5fbeb1
> NAS-Identifier = "BTS105"
> NAS-IP-Address = 10.190.0.2
> Calling-Station-Id = "00-26-82-D0-B6-F6"
> WiMAX-BS-Id = 0xffc6c8690100
> NAS-Port-Type = Wireless-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-offset = 0
> WiMAX-Release = "1.0"
> WiMAX-Accounting-Capabilities = IP-Session-Based
> WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
> Attr-26.24757.1.7 = 0x0000028a
> State = 0xfdcbcc4afdc9d9fe908aaa2f4bb4f780
> (7) # Executing section authorize from file
> /usr/local/etc/raddb/sites-enabled/default
> (7) group authorize {
> (7) - entering group authorize {...}
> (7) [preprocess] = ok
> (7) [chap] = noop
> (7) [mschap] = noop
> (7) eap : EAP packet type response id 2 length 88
> (7) eap : Continuing tunnel setup.
> (7) [eap] = ok
> (7) Found Auth-Type = ?
> (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> (7) group authenticate {
> (7) - entering group authenticate {...}
> (7) eap : Request found, released from the list
> (7) eap : EAP/ttls
> (7) eap : processing type ttls
> (7) ttls : Authenticate
> (7) ttls : processing EAP-TLS
> TLS Length 78
> (7) ttls : Length Included
> (7) ttls : eaptls_verify returned 11
> (7) ttls : (other): before/accept initialization
> (7) ttls : TLS_accept: before/accept initialization
> (7) ttls :<<< TLS 1.0 Handshake [length 0049], ClientHello
> (7) ttls : TLS_accept: SSLv3 read client hello A
> (7) ttls :>>> TLS 1.0 Handshake [length 002a], ServerHello
> (7) ttls : TLS_accept: SSLv3 write server hello A
> (7) ttls :>>> TLS 1.0 Handshake [length 085e], Certificate
> (7) ttls : TLS_accept: SSLv3 write certificate A
> (7) ttls :>>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
> (7) ttls : TLS_accept: SSLv3 write key exchange A
> (7) ttls :>>> TLS 1.0 Handshake [length 0004], ServerHelloDone
> (7) ttls : TLS_accept: SSLv3 write server done A
> (7) ttls : TLS_accept: SSLv3 flush data
> (7) ttls : TLS_accept: Need to read more data: SSLv3 read client
> certificate A
> In SSL Handshake Phase
> In SSL Accept mode
> (7) ttls : eaptls_process returned 13
> (7) [eap] = handled
> Sending Access-Challenge of id 232 to 10.190.0.2 port 1812
> EAP-Message =
>
0x0103040015c000000aad160301002a0200002603014e9ee512e286821d40c5caafa8f5cd1b
>
8a1ed466ce0608d778ac01ab923d418c00003900160301085e0b00085a0008570003a6308203
>
a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355
>
040613024652310f300d060355040813065261646975733112301006035504071309536f6d65
>
776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886
>
f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d457861
> 6d706c6520436572746966696361746520417574686f72697479
> EAP-Message =
>
0x301e170d3131313031333039353734375a170d3132313031323039353734375a307c310b30
>
09060355040613024652310f300d0603550408130652616469757331153013060355040a130c
>
4578616d706c6520496e632e312330210603550403131a4578616d706c652053657276657220
>
43657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d
>
706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a028201
>
0100caef6b9b67bdef4ad8e1e44128bc7e4d59b10f7fea2f25a815df34e36e48223a3812b6b4
> c9005ddf99cf79afe5a4645eb7847cdaa444ad11ad858447f05e
> EAP-Message =
>
0xbb17624bb71f12a488110b381a1a629f04fe7811e5589b7cfebad4e16d89ce6b982880f28d
>
b5f6817bda4db85b83520a6d47f682e224f70e9a104fc421ca712b8fa4c1b9e6c98329a5db41
>
50bb6d06fe29729e2842c5ecb6960b89cbdadc1ec91e7eadbdb4288023659fef46b02ec89bb4
>
7026e86c85aefb37d6df74167a3e12279d32b42199ba04013f8d4985c218365f0f60c3d9af22
>
7a3949125925db3ffb1bdccf34548f7626dac63e22b0624b6f16669d47fbc7ca4ddf2f794d00
>
4b901ecb090203010001a317301530130603551d25040c300a06082b06010505070301300d06
> 092a864886f70d01010405000382010100b676c0afe25190b575
> EAP-Message =
>
0x1fa8ec975b02e09c61c8b25c4e2b7fe96b9275018524ef5bfecace1625ea8a09aaccc1a0b9
>
cdb2ebe7d1780ecf6a2bf775d639944c27881d5ea4d6fb013799ca759216777b46ee8dbdd9b6
>
6346ad9ee5b4e1854f04fa495bc64ce62702c50f3ba637d28c835c3113ca9984a94b1b3e6402
>
8034c73d734af96bdbb3e7bbb427372fb069af913eb2ced4ef9253a87050138334320cd2f563
>
c457de969f8472fd861282613fb501a0732e1bc2e9a0eb41caa6cb481c773f79737c1a9bc0e9
>
5e795ee5a0974fb2752d947606422dfba0e2c45b046c834c0553aecdd2b3a37952050de7a2d6
> e27be9065dc29bc10b90188a7faf20beed7b904c0004ab308204
> EAP-Message = 0xa73082038fa0030201020209
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xfdcbcc4afcc8d9fe908aaa2f4bb4f780
> (7) Finished request 7.
> Waking up in 0.1 seconds.
> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=233,
> length=208
> User-Name = "{sm=1}test at company.ie"
> EAP-Message = 0x020300061500
> Message-Authenticator = 0xe4548d83804e1e53f53cce5d4e69eede
> NAS-Identifier = "BTS105"
> NAS-IP-Address = 10.190.0.2
> Calling-Station-Id = "00-26-82-D0-B6-F6"
> WiMAX-BS-Id = 0xffc6c8690100
> NAS-Port-Type = Wireless-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-offset = 0
> WiMAX-Release = "1.0"
> WiMAX-Accounting-Capabilities = IP-Session-Based
> WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
> Attr-26.24757.1.7 = 0x0000028a
> State = 0xfdcbcc4afcc8d9fe908aaa2f4bb4f780
> (8) # Executing section authorize from file
> /usr/local/etc/raddb/sites-enabled/default
> (8) group authorize {
> (8) - entering group authorize {...}
> (8) [preprocess] = ok
> (8) [chap] = noop
> (8) [mschap] = noop
> (8) eap : EAP packet type response id 3 length 6
> (8) eap : Continuing tunnel setup.
> (8) [eap] = ok
> (8) Found Auth-Type = ?
> (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> (8) group authenticate {
> (8) - entering group authenticate {...}
> (8) eap : Request found, released from the list
> (8) eap : EAP/ttls
> (8) eap : processing type ttls
> (8) ttls : Authenticate
> (8) ttls : processing EAP-TLS
> (8) ttls : Received TLS ACK
> (8) ttls : Received TLS ACK
> (8) ttls : ACK handshake fragment handler
> (8) ttls : eaptls_verify returned 1
> (8) ttls : eaptls_process returned 13
> (8) [eap] = handled
> Sending Access-Challenge of id 233 to 10.190.0.2 port 1812
> EAP-Message =
>
0x0104040015c000000aad00ec1d720e4a7e8a98300d06092a864886f70d0101050500308193
>
310b3009060355040613024652310f300d060355040813065261646975733112301006035504
>
071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e312030
>
1e06092a864886f70d010901161161646d696e406578616d706c652e636f6d31263024060355
>
0403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d31
>
31313031333039353734375a170d3132313031323039353734375a308193310b300906035504
> 0613024652310f300d0603550408130652616469757331123010
> EAP-Message =
>
0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e
>
632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126
>
30240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
>
30820122300d06092a864886f70d01010105000382010f003082010a0282010100be734cc62e
>
cb7177f45d9f49d0dc7c67f1e8f71f9ad048dd67a12de738c98729d524e687e47b801bf912a3
>
ce76ff5c35cbbae16eed0733b5e51b53633123803af7f8bdb2a456b82f3c022ab8aa75e09e55
> f898044a1de747799af4506d191327f3cb2fd28c87d277828b1b
> EAP-Message =
>
0x5372af25f28e4dc8ece69051878c673e3036fad0165be210ee1e208c762dbd201af930f8d3
>
0c2d8e1f112afa92bec4462e0f812d645e0572c991a9f1ff3fb7938f9aa1c92db6464ea6025f
>
c34af023dc152c09ac6074742f3b1766cfca4c352255553bea37de71ea152bb306cd1893e111
>
19326b7a5bdf957fc90726ffcf49b542285aeda0480ced4f180547fe0449400dfd786fc50203
>
010001a381fb3081f8301d0603551d0e04160414b57317268d6d7a07453f567b60d8e38ab31a
>
f2a13081c80603551d230481c03081bd8014b57317268d6d7a07453f567b60d8e38ab31af2a1
> a18199a48196308193310b3009060355040613024652310f300d
> EAP-Message =
>
0x060355040813065261646975733112301006035504071309536f6d65776865726531153013
>
060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d01090116116164
>
6d696e406578616d706c652e636f6d312630240603550403131d4578616d706c652043657274
>
6966696361746520417574686f72697479820900ec1d720e4a7e8a98300c0603551d13040530
>
030101ff300d06092a864886f70d010105050003820101000145888b12dc92a1ae57d9cf122d
>
90702ccf6fdeacf92f4e46bdab9773d80bb5373ddacd234f03fd8d8f8587b515ba24b28931ff
> ec882ad044f8bc07f3c510b90f86e302639082c1d1fbc9fd9d2b
> EAP-Message = 0x29f6a43153b63396708d1c2a
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xfdcbcc4affcfd9fe908aaa2f4bb4f780
> (8) Finished request 8.
>
>
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list