No connection after access-accept.

Krzysztof Grobelak kgrobelak at airspeed.ie
Thu Oct 20 13:57:10 CEST 2011


Hello David,

I followed your format and it worked. Thank you for your help.

Regards,
Krzysztof
On 19/10/11 17:54, David Peterson wrote:
> The problem with the 4-Motion system is that it's completely different from
> the Extreme.  The specification they "created" is completely off the WiMax
> specs which is why Alan had to put in some fixes.
>
> Follow the format I sent you EXACTLY and it should work just fine.  I.e.
> You have classifier ID of 2 coming before 1.
>
> In addition, set delete_mppe_keys = yes in the WiMax module.
>
> David
>
> -----Original Message-----
> From:
> freeradius-users-bounces+david.peterson=acc-corp.net at lists.freeradius.org
> [mailto:freeradius-users-bounces+david.peterson=acc-corp.net at lists.freeradiu
> s.org] On Behalf Of Krzysztof Grobelak
> Sent: Wednesday, October 19, 2011 11:58 AM
> To: FreeRadius users mailing list
> Subject: Re: No connection after access-accept.
>
> Thank you for quick reply.
>
> I believe that I am using the correct dictionaries
> (dictionary.alvarion.wimax.v2_2&&  dictionary.wimax.alvarion).
>
> I fixed the TOS range and mask but it still does not connect.
>
> Regards,
> Krzysztof
>
> On 19/10/11 16:19, David Peterson wrote:
>> Hi Krzystof,
>>
>> You need to use the new Alvarion dictionary which is included in the 3.0
>> version I believe, Alan will undoubtedly correct me.
>>
>> In addition you will need to change the TOS range and mask values.  Here
> is
>> what I send to set up 1 IPCS flow on an Alvarion 4-Motion ASN.
>>
>> Alvarion-R3-IF-Name	+=	SGVLAN13
>> Alvarion-PDFID	+=	1
>> WiMAX-Packet-Data-Flow-Id	+=	1
>> WiMAX-Service-Data-Flow-Id	+=	1
>> WiMAX-Direction	+=	3
>> WiMAX-Transport-Type	+=	1
>> WiMAX-Uplink-QOS-Id	+=	1
>> WiMAX-Downlink-QOS-Id	+=	1
>> WiMAX-ClassifierID	+=	1
>> WiMAX-Classifier-Priority	+=	1
>> WiMAX-Classifier-Direction	+=	1
>> WiMAX-IP-TOS-DSCP-Range-and-Mask	+=	0x1818FF
>> WiMAX-Transport-Type	+=	1
>> WiMAX-ClassifierID	+=	2
>> WiMAX-Classifier-Priority	+=	1
>> WiMAX-Classifier-Direction	+=	2
>> WiMAX-IP-TOS-DSCP-Range-and-Mask	+=	0x0000FF
>> WiMAX-QoS-Id	+=	1
>> WiMAX-Schedule-Type	+=	2
>> WiMAX-Traffic-Priority	+=	1
>> WiMAX-Maximum-Sustained-Traffic-Rate	+=	256000
>>
>> David Peterson
>> Senior WiMax Engineer
>> Wireless Connections
>>
>> -----Original Message-----
>> From:
>> freeradius-users-bounces+david.peterson=acc-corp.net at lists.freeradius.org
>>
> [mailto:freeradius-users-bounces+david.peterson=acc-corp.net at lists.freeradiu
>> s.org] On Behalf Of Krzysztof Grobelak
>> Sent: Wednesday, October 19, 2011 11:06 AM
>> To: FreeRadius users mailing list
>> Subject: No connection after access-accept.
>>
>> Hello.
>>
>> I am trying to configure freeradius to work with Alvarion devices. It is
>> working fine with Extreme but for some reason it does not work with
>> 4motion.
>> I installed the "master" version from git and I edited the dictionary
>> files.
>> My problem is that i see access-accept being sent but the connection is
>> not established and radio keeps trying to authenticate with freeradius.
>> Each attempt ends with access-accept being sent.
>>
>> Thanks in advance
>> P.S. I am new to freeradius and wimax so please dont eat me alive...
>>
>> Regards,
>> Krzysztof
>>
>> Debug:
>>
>> FreeRADIUS Version 3.0.0, for host i686-pc-linux-gnu, built on Oct 17
>> 2011 at 10:26:54
>> Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
>> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
>> PARTICULAR PURPOSE.
>> You may redistribute copies of FreeRADIUS under the terms of the
>> GNU General Public License v2.
>>
>> Compilation options:
>> Regex flavour: Posix
>> Starting - reading configuration files ...
>> including configuration file /usr/local/etc/raddb/radiusd.conf
>> including configuration file /usr/local/etc/raddb/proxy.conf
>> including configuration file /usr/local/etc/raddb/clients.conf
>> including files in directory /usr/local/etc/raddb/modules/
>> including configuration file /usr/local/etc/raddb/modules/redis
>> including configuration file /usr/local/etc/raddb/modules/cui
>> including configuration file /usr/local/etc/raddb/modules/echo
>> including configuration file /usr/local/etc/raddb/modules/checkval
>> including configuration file /usr/local/etc/raddb/modules/sql_log
>> including configuration file /usr/local/etc/raddb/modules/smsotp
>> including configuration file /usr/local/etc/raddb/modules/acct_unique
>> including configuration file /usr/local/etc/raddb/modules/policy
>> including configuration file /usr/local/etc/raddb/modules/realm
>> including configuration file /usr/local/etc/raddb/modules/files
>> including configuration file /usr/local/etc/raddb/modules/etc_group
>> including configuration file /usr/local/etc/raddb/modules/ippool
>> including configuration file /usr/local/etc/raddb/modules/inner-eap
>> including configuration file /usr/local/etc/raddb/modules/pam
>> including configuration file /usr/local/etc/raddb/modules/sql
>> including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
>> including configuration file /usr/local/etc/raddb/modules/counter
>> including configuration file /usr/local/etc/raddb/modules/expiration
>> including configuration file /usr/local/etc/raddb/modules/detail.log
>> including configuration file /usr/local/etc/raddb/modules/expr
>> including configuration file /usr/local/etc/raddb/modules/ntlm_auth
>> including configuration file /usr/local/etc/raddb/modules/mac2vlan
>> including configuration file
> /usr/local/etc/raddb/modules/detail.example.com
>> including configuration file /usr/local/etc/raddb/modules/always
>> including configuration file /usr/local/etc/raddb/modules/logintime
>> including configuration file /usr/local/etc/raddb/modules/replicate
>> including configuration file /usr/local/etc/raddb/modules/unix
>> including configuration file /usr/local/etc/raddb/modules/chap
>> including configuration file /usr/local/etc/raddb/modules/linelog
>> including configuration file /usr/local/etc/raddb/modules/radutmp
>> including configuration file /usr/local/etc/raddb/modules/digest
>> including configuration file /usr/local/etc/raddb/modules/sradutmp
>> including configuration file /usr/local/etc/raddb/modules/preprocess
>> including configuration file /usr/local/etc/raddb/modules/ldap
>> including configuration file /usr/local/etc/raddb/modules/sqlippool
>> including configuration file
> /usr/local/etc/raddb/sql/postgresql/ippool.conf
>> including configuration file /usr/local/etc/raddb/modules/opendirectory
>> including configuration file /usr/local/etc/raddb/modules/otp
>> including configuration file /usr/local/etc/raddb/modules/rediswho
>> including configuration file /usr/local/etc/raddb/modules/mschap
>> including configuration file /usr/local/etc/raddb/modules/eap
>> including configuration file /usr/local/etc/raddb/modules/attr_rewrite
>> including configuration file /usr/local/etc/raddb/modules/exec
>> including configuration file /usr/local/etc/raddb/modules/pap
>> including configuration file
>> /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
>> including configuration file /usr/local/etc/raddb/modules/mac2ip
>> including configuration file /usr/local/etc/raddb/modules/utf8
>> including configuration file /usr/local/etc/raddb/modules/passwd
>> including configuration file /usr/local/etc/raddb/modules/attr_filter
>> including configuration file /usr/local/etc/raddb/modules/soh
>> including configuration file /usr/local/etc/raddb/modules/detail
>> including configuration file /usr/local/etc/raddb/modules/smbpasswd
>> including configuration file /usr/local/etc/raddb/modules/dynamic_clients
>> including configuration file /usr/local/etc/raddb/modules/wimax
>> including configuration file /usr/local/etc/raddb/modules/krb5
>> including configuration file /usr/local/etc/raddb/modules/perl
>> including configuration file /usr/local/etc/raddb/policy.conf
>> including files in directory /usr/local/etc/raddb/sites-enabled/
>> including configuration file /usr/local/etc/raddb/sites-enabled/default
>> including configuration file
> /usr/local/etc/raddb/sites-enabled/inner-tunnel
>> including configuration file
>> /usr/local/etc/raddb/sites-enabled/control-socket
>> main {
>>     security {
>>            allow_core_dumps = no
>>     }
>> }
>> including dictionary file /usr/local/etc/raddb/dictionary
>> main {
>>            name = "radiusd"
>>            prefix = "/usr/local"
>>            localstatedir = "/usr/local/var"
>>            sbindir = "/usr/local/sbin"
>>            logdir = "/usr/local/var/log/radius"
>>            run_dir = "/usr/local/var/run/radiusd"
>>            libdir = "/usr/local/lib"
>>            radacctdir = "/usr/local/var/log/radius/radacct"
>>            hostname_lookups = no
>>            max_request_time = 30
>>            cleanup_delay = 5
>>            max_requests = 1024
>>            pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
>>            checkrad = "/usr/local/sbin/checkrad"
>>            debug_level = 0
>>            proxy_requests = yes
>>     log {
>>            stripped_names = no
>>            auth = no
>>            auth_badpass = no
>>            auth_goodpass = no
>>     }
>>     security {
>>            max_attributes = 200
>>            reject_delay = 1
>>            status_server = yes
>>     }
>> }
>> radiusd: #### Loading Realms and Home Servers ####
>>     proxy server {
>>            retry_delay = 5
>>            retry_count = 3
>>            default_fallback = no
>>            dead_time = 120
>>            wake_all_if_all_dead = no
>>     }
>>     home_server localhost {
>>            ipaddr = 127.0.0.1
>>            port = 1812
>>            type = "auth"
>>            secret = "testing123"
>>            response_window = 20
>>            max_outstanding = 65536
>>            require_message_authenticator = yes
>>            zombie_period = 40
>>            status_check = "status-server"
>>            ping_interval = 30
>>            check_interval = 30
>>            num_answers_to_alive = 3
>>            num_pings_to_alive = 3
>>            revive_interval = 120
>>            status_check_timeout = 4
>>      coa {
>>            irt = 2
>>            mrt = 16
>>            mrc = 5
>>            mrd = 30
>>      }
>>      limit {
>>            max_connections = 16
>>            max_requests = 0
>>            lifetime = 0
>>            idle_timeout = 0
>>      }
>>     }
>>     home_server_pool my_auth_failover {
>>            type = fail-over
>>            home_server = localhost
>>     }
>>     realm example.com {
>>            auth_pool = my_auth_failover
>>     }
>>     realm LOCAL {
>>     }
>> radiusd: #### Loading Clients ####
>>     client localhost {
>>            ipaddr = 127.0.0.1
>>            require_message_authenticator = no
>>            secret = "testing123"
>>            nastype = "other"
>>            max_connections = 16
>>     }
>>     client 10.190.0.2 {
>>            require_message_authenticator = no
>>            secret = "pass"
>>            shortname = "Testing"
>>            nastype = "other"
>>            max_connections = 16
>>     }
>>
>> radiusd: #### Instantiating modules ####
>>     instantiate {
>>     Module: Linked to module rlm_exec
>>     Module: Instantiating module "exec" from file
>> /usr/local/etc/raddb/modules/exec
>>      exec {
>>            wait = no
>>            input_pairs = "request"
>>            shell_escape = yes
>>      }
>>     Module: Linked to module rlm_expr
>>     Module: Instantiating module "expr" from file
>> /usr/local/etc/raddb/modules/expr
>>     Module: Linked to module rlm_expiration
>>     Module: Instantiating module "expiration" from file
>> /usr/local/etc/raddb/modules/expiration
>>      expiration {
>>            reply-message = "Password Has Expired  "
>>      }
>>     Module: Linked to module rlm_logintime
>>     Module: Instantiating module "logintime" from file
>> /usr/local/etc/raddb/modules/logintime
>>      logintime {
>>            reply-message = "You are calling outside your allowed timespan
> "
>>            minimum-timeout = 60
>>      }
>>     }
>> radiusd: #### Loading Virtual Servers ####
>> server { # from file /usr/local/etc/raddb/radiusd.conf
>>     modules {
>>     Module: Checking authenticate {...} for more modules to load
>>     Module: Linked to module rlm_chap
>>     Module: Instantiating module "chap" from file
>> /usr/local/etc/raddb/modules/chap
>>     Module: Linked to module rlm_mschap
>>     Module: Instantiating module "mschap" from file
>> /usr/local/etc/raddb/modules/mschap
>>      mschap {
>>            use_mppe = yes
>>            require_encryption = no
>>            require_strong = no
>>            with_ntdomain_hack = no
>>       passchange {
>>       }
>>            allow_retry = yes
>>      }
>>     Module: Linked to module rlm_eap
>>     Module: Instantiating module "eap" from file
>> /usr/local/etc/raddb/modules/eap
>>      eap {
>>            default_eap_type = "ttls"
>>            timer_expire = 60
>>            ignore_unknown_eap_types = no
>>            cisco_accounting_username_bug = no
>>            max_sessions = 4096
>>      }
>>     Module: Linked to sub-module rlm_eap_md5
>>     Module: Instantiating eap-md5
>>     Module: Linked to sub-module rlm_eap_leap
>>     Module: Instantiating eap-leap
>>     Module: Linked to sub-module rlm_eap_gtc
>>     Module: Instantiating eap-gtc
>>       gtc {
>>            challenge = "Password: "
>>            auth_type = "PAP"
>>       }
>>     Module: Linked to sub-module rlm_eap_tls
>>     Module: Instantiating eap-tls
>>       tls {
>>            rsa_key_exchange = no
>>            dh_key_exchange = yes
>>            rsa_key_length = 512
>>            dh_key_length = 512
>>            verify_depth = 0
>>            CA_path = "/usr/local/etc/raddb/certs"
>>            pem_file_type = yes
>>            private_key_file = "/usr/local/etc/raddb/certs/server.pem"
>>            certificate_file = "/usr/local/etc/raddb/certs/server.pem"
>>            CA_file = "/usr/local/etc/raddb/certs/ca.pem"
>>            private_key_password = "whatever"
>>            dh_file = "/usr/local/etc/raddb/certs/dh"
>>            random_file = "/usr/local/etc/raddb/certs/random"
>>            fragment_size = 1024
>>            include_length = yes
>>            check_crl = no
>>            cipher_list = "DEFAULT"
>>            make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
>>            ecdh_curve = "prime256v1"
>>        cache {
>>            enable = no
>>            lifetime = 24
>>            max_entries = 255
>>        }
>>        verify {
>>        }
>>        ocsp {
>>            enable = no
>>            override_cert_url = yes
>>            url = "http://127.0.0.1/ocsp/"
>>        }
>>       }
>>     Module: Linked to sub-module rlm_eap_ttls
>>     Module: Instantiating eap-ttls
>>       ttls {
>>            default_eap_type = "md5"
>>            copy_request_to_tunnel = yes
>>            use_tunneled_reply = yes
>>            virtual_server = "inner-tunnel"
>>            include_length = yes
>>       }
>>     Module: Linked to sub-module rlm_eap_peap
>>     Module: Instantiating eap-peap
>>       peap {
>>            default_eap_type = "mschapv2"
>>            copy_request_to_tunnel = no
>>            use_tunneled_reply = no
>>            proxy_tunneled_request_as_eap = yes
>>            virtual_server = "inner-tunnel"
>>            soh = no
>>       }
>>     Module: Linked to sub-module rlm_eap_mschapv2
>>     Module: Instantiating eap-mschapv2
>>       mschapv2 {
>>            with_ntdomain_hack = no
>>            send_error = no
>>       }
>>     Module: Checking authorize {...} for more modules to load
>>     Module: Linked to module rlm_preprocess
>>     Module: Instantiating module "preprocess" from file
>> /usr/local/etc/raddb/modules/preprocess
>>      preprocess {
>>            huntgroups = "/usr/local/etc/raddb/huntgroups"
>>            hints = "/usr/local/etc/raddb/hints"
>>            with_ascend_hack = no
>>            ascend_channels_per_line = 23
>>            with_ntdomain_hack = no
>>            with_specialix_jetstream_hack = no
>>            with_cisco_vsa_hack = no
>>            with_alvarion_vsa_hack = no
>>      }
>>     Module: Linked to module rlm_files
>>     Module: Instantiating module "files" from file
>> /usr/local/etc/raddb/modules/files
>>      files {
>>            usersfile = "/usr/local/etc/raddb/users"
>>            acctusersfile = "/usr/local/etc/raddb/acct_users"
>>            preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
>>            compat = "no"
>>      }
>>     Module: Checking preacct {...} for more modules to load
>>     Module: Loading virtual module acct_unique
>>     Module: Linked to module rlm_realm
>>     Module: Instantiating module "suffix" from file
>> /usr/local/etc/raddb/modules/realm
>>      realm suffix {
>>            format = "suffix"
>>            delimiter = "@"
>>            ignore_default = no
>>            ignore_null = no
>>      }
>>     Module: Linked to module rlm_wimax
>>     Module: Instantiating module "wimax" from file
>> /usr/local/etc/raddb/modules/wimax
>>      wimax {
>>            delete_mppe_keys = no
>>      }
>>     Module: Checking accounting {...} for more modules to load
>>     Module: Linked to module rlm_unix
>>     Module: Instantiating module "unix" from file
>> /usr/local/etc/raddb/modules/unix
>>      unix {
>>            radwtmp = "/usr/local/var/log/radius/radwtmp"
>>      }
>>     Module: Linked to module rlm_radutmp
>>     Module: Instantiating module "radutmp" from file
>> /usr/local/etc/raddb/modules/radutmp
>>      radutmp {
>>            filename = "/usr/local/var/log/radius/radutmp"
>>            username = "%{User-Name}"
>>            case_sensitive = yes
>>            check_with_nas = yes
>>            perm = 384
>>            callerid = yes
>>      }
>>     Module: Linked to module rlm_attr_filter
>>     Module: Instantiating module "attr_filter.accounting_response" from
>> file /usr/local/etc/raddb/modules/attr_filter
>>      attr_filter attr_filter.accounting_response {
>>            attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
>>            key = "%{User-Name}"
>>            relaxed = no
>>      }
>>     Module: Checking session {...} for more modules to load
>>     Module: Checking post-proxy {...} for more modules to load
>>     Module: Checking post-auth {...} for more modules to load
>>     Module: Instantiating module "attr_filter.access_reject" from file
>> /usr/local/etc/raddb/modules/attr_filter
>>      attr_filter attr_filter.access_reject {
>>            attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
>>            key = "%{User-Name}"
>>            relaxed = no
>>      }
>>     } # modules
>> } # server
>> server inner-tunnel { # from file
>> /usr/local/etc/raddb/sites-enabled/inner-tunnel
>>     modules {
>>     Module: Checking authenticate {...} for more modules to load
>>     Module: Checking authorize {...} for more modules to load
>>     Module: Checking session {...} for more modules to load
>>     Module: Checking post-proxy {...} for more modules to load
>>     Module: Checking post-auth {...} for more modules to load
>>     } # modules
>> } # server
>> radiusd: #### Opening IP addresses and Ports ####
>> listen {
>>            type = "auth"
>>            ipaddr = *
>>            port = 0
>> }
>> listen {
>>            type = "acct"
>>            ipaddr = *
>>            port = 0
>> }
>> listen {
>>            type = "control"
>>     listen {
>>            socket = "/usr/local/var/run/radiusd/radiusd.sock"
>>     }
>> }
>> listen {
>>            type = "auth"
>>            ipaddr = 127.0.0.1
>>            port = 18120
>> }
>> Listening on authentication address * port 1812
>> Listening on accounting address * port 1813
>> Listening on command file /usr/local/var/run/radiusd/radiusd.sock
>> Listening on authentication address 127.0.0.1 port 18120 as server
>> inner-tunnel
>> Opening new proxy address * port 1814
>> Listening on proxy address * port 1814
>> Ready to process requests.
>> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=225,
>> length=226
>>            User-Name = "{sm=1}test at company.ie"
>>            EAP-Message =
>>
> 0x0201002a017b736d3d317d6d61676e612e74616c6c616768742e7465737440616972737065
>> 65642e6965
>>            Message-Authenticator = 0xb0e4f53c239e82a5a9424643abac90c5
>>            NAS-Identifier = "BTS105"
>>            NAS-IP-Address = 10.190.0.2
>>            Calling-Station-Id = "00-26-82-D0-B6-F6"
>>            WiMAX-BS-Id = 0xffc6c8690100
>>            NAS-Port-Type = Wireless-802.16
>>            Framed-MTU = 2000
>>            Service-Type = Framed-User
>>            WiMAX-GMT-Timezone-offset = 0
>>            WiMAX-Release = "1.0"
>>            WiMAX-Accounting-Capabilities = IP-Session-Based
>>            WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
>>            Attr-26.24757.1.7 = 0x0000028a
>> (0) # Executing section authorize from file
>> /usr/local/etc/raddb/sites-enabled/default
>> (0)   group authorize {
>> (0)  - entering group authorize {...}
>> (0)   [preprocess] = ok
>> (0)   [chap] = noop
>> (0)   [mschap] = noop
>> (0) eap : EAP packet type response id 1 length 42
>> (0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the
>> rest of authorize
>> (0)   [eap] = ok
>> (0) Found Auth-Type = ?
>> (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
>> (0)   group authenticate {
>> (0)  - entering group authenticate {...}
>> (0) eap : EAP Identity
>> (0) eap : processing type tls
>> (0) tls : Initiate
>> (0) tls : Start returned 1
>> (0)   [eap] = handled
>> Sending Access-Challenge of id 225 to 10.190.0.2 port 1812
>>            EAP-Message = 0x010200061520
>>            Message-Authenticator = 0x00000000000000000000000000000000
>>            State = 0x4524932a452686bf0e6f9b30d966adf3
>> (0) Finished request 0.
>> Waking up in 0.3 seconds.
>> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=226,
>> length=290
>>            User-Name = "{sm=1}test at company.ie"
>>            EAP-Message =
>>
> 0x0202005815800000004e16030100490100004503014d6f0492446dcf37684a8ba3964276e6
> a0af14e11c0c66ba0bfe09bee47296d900001e00390038003500160013000a00330032002f00
>> 15001200090014001100080100
>>            Message-Authenticator = 0x16b9a8766e5ca7d66bd4109f08badf56
>>            NAS-Identifier = "BTS105"
>>            NAS-IP-Address = 10.190.0.2
>>            Calling-Station-Id = "00-26-82-D0-B6-F6"
>>            WiMAX-BS-Id = 0xffc6c8690100
>>            NAS-Port-Type = Wireless-802.16
>>            Framed-MTU = 2000
>>            Service-Type = Framed-User
>>            WiMAX-GMT-Timezone-offset = 0
>>            WiMAX-Release = "1.0"
>>            WiMAX-Accounting-Capabilities = IP-Session-Based
>>            WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
>>            Attr-26.24757.1.7 = 0x0000028a
>>            State = 0x4524932a452686bf0e6f9b30d966adf3
>> (1) # Executing section authorize from file
>> /usr/local/etc/raddb/sites-enabled/default
>> (1)   group authorize {
>> (1)  - entering group authorize {...}
>> (1)   [preprocess] = ok
>> (1)   [chap] = noop
>> (1)   [mschap] = noop
>> (1) eap : EAP packet type response id 2 length 88
>> (1) eap : Continuing tunnel setup.
>> (1)   [eap] = ok
>> (1) Found Auth-Type = ?
>> (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
>> (1)   group authenticate {
>> (1)  - entering group authenticate {...}
>> (1) eap : Request found, released from the list
>> (1) eap : EAP/ttls
>> (1) eap : processing type ttls
>> (1) ttls : Authenticate
>> (1) ttls : processing EAP-TLS
>>      TLS Length 78
>> (1) ttls : Length Included
>> (1) ttls : eaptls_verify returned 11
>> (1) ttls :     (other): before/accept initialization
>> (1) ttls :     TLS_accept: before/accept initialization
>> (1) ttls :<<<   TLS 1.0 Handshake [length 0049], ClientHello
>> (1) ttls :     TLS_accept: SSLv3 read client hello A
>> (1) ttls :>>>   TLS 1.0 Handshake [length 002a], ServerHello
>> (1) ttls :     TLS_accept: SSLv3 write server hello A
>> (1) ttls :>>>   TLS 1.0 Handshake [length 085e], Certificate
>> (1) ttls :     TLS_accept: SSLv3 write certificate A
>> (1) ttls :>>>   TLS 1.0 Handshake [length 020d], ServerKeyExchange
>> (1) ttls :     TLS_accept: SSLv3 write key exchange A
>> (1) ttls :>>>   TLS 1.0 Handshake [length 0004], ServerHelloDone
>> (1) ttls :     TLS_accept: SSLv3 write server done A
>> (1) ttls :     TLS_accept: SSLv3 flush data
>> (1) ttls :     TLS_accept: Need to read more data: SSLv3 read client
>> certificate A
>> In SSL Handshake Phase
>> In SSL Accept mode
>> (1) ttls : eaptls_process returned 13
>> (1)   [eap] = handled
>> Sending Access-Challenge of id 226 to 10.190.0.2 port 1812
>>            EAP-Message =
>>
> 0x0103040015c000000aad160301002a0200002603014e9ee50972fa598b689b6f459a90c557
> abd4de3970630ee299ae5a309acdf4ec00003900160301085e0b00085a0008570003a6308203
> a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355
> 040613024652310f300d060355040813065261646975733112301006035504071309536f6d65
> 776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886
> f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d457861
>> 6d706c6520436572746966696361746520417574686f72697479
>>            EAP-Message =
>>
> 0x301e170d3131313031333039353734375a170d3132313031323039353734375a307c310b30
> 09060355040613024652310f300d0603550408130652616469757331153013060355040a130c
> 4578616d706c6520496e632e312330210603550403131a4578616d706c652053657276657220
> 43657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d
> 706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a028201
> 0100caef6b9b67bdef4ad8e1e44128bc7e4d59b10f7fea2f25a815df34e36e48223a3812b6b4
>> c9005ddf99cf79afe5a4645eb7847cdaa444ad11ad858447f05e
>>            EAP-Message =
>>
> 0xbb17624bb71f12a488110b381a1a629f04fe7811e5589b7cfebad4e16d89ce6b982880f28d
> b5f6817bda4db85b83520a6d47f682e224f70e9a104fc421ca712b8fa4c1b9e6c98329a5db41
> 50bb6d06fe29729e2842c5ecb6960b89cbdadc1ec91e7eadbdb4288023659fef46b02ec89bb4
> 7026e86c85aefb37d6df74167a3e12279d32b42199ba04013f8d4985c218365f0f60c3d9af22
> 7a3949125925db3ffb1bdccf34548f7626dac63e22b0624b6f16669d47fbc7ca4ddf2f794d00
> 4b901ecb090203010001a317301530130603551d25040c300a06082b06010505070301300d06
>> 092a864886f70d01010405000382010100b676c0afe25190b575
>>            EAP-Message =
>>
> 0x1fa8ec975b02e09c61c8b25c4e2b7fe96b9275018524ef5bfecace1625ea8a09aaccc1a0b9
> cdb2ebe7d1780ecf6a2bf775d639944c27881d5ea4d6fb013799ca759216777b46ee8dbdd9b6
> 6346ad9ee5b4e1854f04fa495bc64ce62702c50f3ba637d28c835c3113ca9984a94b1b3e6402
> 8034c73d734af96bdbb3e7bbb427372fb069af913eb2ced4ef9253a87050138334320cd2f563
> c457de969f8472fd861282613fb501a0732e1bc2e9a0eb41caa6cb481c773f79737c1a9bc0e9
> 5e795ee5a0974fb2752d947606422dfba0e2c45b046c834c0553aecdd2b3a37952050de7a2d6
>> e27be9065dc29bc10b90188a7faf20beed7b904c0004ab308204
>>            EAP-Message = 0xa73082038fa0030201020209
>>            Message-Authenticator = 0x00000000000000000000000000000000
>>            State = 0x4524932a442786bf0e6f9b30d966adf3
>> (1) Finished request 1.
>> Waking up in 0.1 seconds.
>> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=227,
>> length=208
>>            User-Name = "{sm=1}test at company.ie"
>>            EAP-Message = 0x020300061500
>>            Message-Authenticator = 0x9a77a1ab1819f89e18fb8f7a8d263dbc
>>            NAS-Identifier = "BTS105"
>>            NAS-IP-Address = 10.190.0.2
>>            Calling-Station-Id = "00-26-82-D0-B6-F6"
>>            WiMAX-BS-Id = 0xffc6c8690100
>>            NAS-Port-Type = Wireless-802.16
>>            Framed-MTU = 2000
>>            Service-Type = Framed-User
>>            WiMAX-GMT-Timezone-offset = 0
>>            WiMAX-Release = "1.0"
>>            WiMAX-Accounting-Capabilities = IP-Session-Based
>>            WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
>>            Attr-26.24757.1.7 = 0x0000028a
>>            State = 0x4524932a442786bf0e6f9b30d966adf3
>> (2) # Executing section authorize from file
>> /usr/local/etc/raddb/sites-enabled/default
>> (2)   group authorize {
>> (2)  - entering group authorize {...}
>> (2)   [preprocess] = ok
>> (2)   [chap] = noop
>> (2)   [mschap] = noop
>> (2) eap : EAP packet type response id 3 length 6
>> (2) eap : Continuing tunnel setup.
>> (2)   [eap] = ok
>> (2) Found Auth-Type = ?
>> (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
>> (2)   group authenticate {
>> (2)  - entering group authenticate {...}
>> (2) eap : Request found, released from the list
>> (2) eap : EAP/ttls
>> (2) eap : processing type ttls
>> (2) ttls : Authenticate
>> (2) ttls : processing EAP-TLS
>> (2) ttls : Received TLS ACK
>> (2) ttls : Received TLS ACK
>> (2) ttls : ACK handshake fragment handler
>> (2) ttls : eaptls_verify returned 1
>> (2) ttls : eaptls_process returned 13
>> (2)   [eap] = handled
>> Sending Access-Challenge of id 227 to 10.190.0.2 port 1812
>>            EAP-Message =
>>
> 0x0104040015c000000aad00ec1d720e4a7e8a98300d06092a864886f70d0101050500308193
> 310b3009060355040613024652310f300d060355040813065261646975733112301006035504
> 071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e312030
> 1e06092a864886f70d010901161161646d696e406578616d706c652e636f6d31263024060355
> 0403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d31
> 31313031333039353734375a170d3132313031323039353734375a308193310b300906035504
>> 0613024652310f300d0603550408130652616469757331123010
>>            EAP-Message =
>>
> 0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e
> 632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126
> 30240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
> 30820122300d06092a864886f70d01010105000382010f003082010a0282010100be734cc62e
> cb7177f45d9f49d0dc7c67f1e8f71f9ad048dd67a12de738c98729d524e687e47b801bf912a3
> ce76ff5c35cbbae16eed0733b5e51b53633123803af7f8bdb2a456b82f3c022ab8aa75e09e55
>> f898044a1de747799af4506d191327f3cb2fd28c87d277828b1b
>>            EAP-Message =
>>
> 0x5372af25f28e4dc8ece69051878c673e3036fad0165be210ee1e208c762dbd201af930f8d3
> 0c2d8e1f112afa92bec4462e0f812d645e0572c991a9f1ff3fb7938f9aa1c92db6464ea6025f
> c34af023dc152c09ac6074742f3b1766cfca4c352255553bea37de71ea152bb306cd1893e111
> 19326b7a5bdf957fc90726ffcf49b542285aeda0480ced4f180547fe0449400dfd786fc50203
> 010001a381fb3081f8301d0603551d0e04160414b57317268d6d7a07453f567b60d8e38ab31a
> f2a13081c80603551d230481c03081bd8014b57317268d6d7a07453f567b60d8e38ab31af2a1
>> a18199a48196308193310b3009060355040613024652310f300d
>>            EAP-Message =
>>
> 0x060355040813065261646975733112301006035504071309536f6d65776865726531153013
> 060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d01090116116164
> 6d696e406578616d706c652e636f6d312630240603550403131d4578616d706c652043657274
> 6966696361746520417574686f72697479820900ec1d720e4a7e8a98300c0603551d13040530
> 030101ff300d06092a864886f70d010105050003820101000145888b12dc92a1ae57d9cf122d
> 90702ccf6fdeacf92f4e46bdab9773d80bb5373ddacd234f03fd8d8f8587b515ba24b28931ff
>> ec882ad044f8bc07f3c510b90f86e302639082c1d1fbc9fd9d2b
>>            EAP-Message = 0x29f6a43153b63396708d1c2a
>>            Message-Authenticator = 0x00000000000000000000000000000000
>>            State = 0x4524932a472086bf0e6f9b30d966adf3
>> (2) Finished request 2.
>> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=228,
>> length=208
>>            User-Name = "{sm=1}test at company.ie"
>>            EAP-Message = 0x020400061500
>>            Message-Authenticator = 0xe3f7dbd13796664921230156fd4a7f0b
>>            NAS-Identifier = "BTS105"
>>            NAS-IP-Address = 10.190.0.2
>>            Calling-Station-Id = "00-26-82-D0-B6-F6"
>>            WiMAX-BS-Id = 0xffc6c8690100
>>            NAS-Port-Type = Wireless-802.16
>>            Framed-MTU = 2000
>>            Service-Type = Framed-User
>>            WiMAX-GMT-Timezone-offset = 0
>>            WiMAX-Release = "1.0"
>>            WiMAX-Accounting-Capabilities = IP-Session-Based
>>            WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
>>            Attr-26.24757.1.7 = 0x0000028a
>>            State = 0x4524932a472086bf0e6f9b30d966adf3
>> (3) # Executing section authorize from file
>> /usr/local/etc/raddb/sites-enabled/default
>> (3)   group authorize {
>> (3)  - entering group authorize {...}
>> (3)   [preprocess] = ok
>> (3)   [chap] = noop
>> (3)   [mschap] = noop
>> (3) eap : EAP packet type response id 4 length 6
>> (3) eap : Continuing tunnel setup.
>> (3)   [eap] = ok
>> (3) Found Auth-Type = ?
>> (3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
>> (3)   group authenticate {
>> (3)  - entering group authenticate {...}
>> (3) eap : Request found, released from the list
>> (3) eap : EAP/ttls
>> (3) eap : processing type ttls
>> (3) ttls : Authenticate
>> (3) ttls : processing EAP-TLS
>> (3) ttls : Received TLS ACK
>> (3) ttls : Received TLS ACK
>> (3) ttls : ACK handshake fragment handler
>> (3) ttls : eaptls_verify returned 1
>> (3) ttls : eaptls_process returned 13
>> (3)   [eap] = handled
>> Sending Access-Challenge of id 228 to 10.190.0.2 port 1812
>>            EAP-Message =
>>
> 0x010502cb158000000aad6b687c3b13bd2cbcdc94906e01fea4a72a53605631056850f7c340
> 7a5d7b7a88d58a990667955f91c7e7fd1d4bcc1cb32597585648a06987428bb59b80040251ea
> 1eb36ca37e6b08d6dcff0bbac544ee590b97dcdd3043216a8d7c43b3b8177a6d50c34a1954b7
> 97f6ce1b83260aec1f9cd4f49b89bf166b6fcbe2169a6cdfdd381bfdc0210904a4332192d206
> d220b4227586268fe877dec3e39b6c9cfa223f5af7f750fd76160301020d0c0002090080f261
> ea67ca98641e7618ffeaf9dbfbfeba8524299d1674bbae7d654b45ddb4d4d56cfc334a0d31a3
>> 3b07a51ec227e83c6111384da4c513b3799894ab435ab01f0308
>>            EAP-Message =
>>
> 0xbae422a62095161d878138f148293e9d8bbdd8e1f17eeb6aea213178d729efd10049433c42
> 9ea9685564ff39a81b78828cd381e4ebb6ff4a2022e92349230001020080cf073ac84159ffdf
> 2a3954bc6d8c5b241548eef76ea49c6f5648bf586017e4f8038d6956580fa5bd17a7199c7b05
> bec37333162d8c6302c80092a8339aaecdcd44d3f77964b938c579d2fe5f5e2eb90d52b0215d
> ec2972f639283ac415d95b1aecb8d856e28eababe9ee8f662b385efb60b09741356027269b5a
> 089c7c85738001004c76e655fcfb777d949b3e64e0018f329eedb978f1294c0f4fe10736b52d
>> f39df6edf0f5634de3dc17614893582df2e251c5b6acd61276d0
>>            EAP-Message =
>>
> 0xb71e3de49e55f6775effac0d28046d1510714dbd68c4d55dedb7329f9ba3de55154a4ffd8d
> 2aad7081dc07b232ff609ca8c19743ba19ccd2d1b3bf35dd1ccd78c1d54f477a4336188fb929
> 8426a941501972562ed1fca0efad8c451b0ec15674ff86500e67617241c95625ddecc82feefc
> 41c0eb91cdab0cc56176884e28aab3c850a81bd7736e1ec133d6b83db28db10623c552c5f7a2
> d7a6d59e0f1cf362b155e415a274088d2eb875d07acd63236660e40f200f6055bd2c0c934777
>> c61d55c1a57d7983d867c016030100040e000000
>>            Message-Authenticator = 0x00000000000000000000000000000000
>>            State = 0x4524932a462186bf0e6f9b30d966adf3
>> (3) Finished request 3.
>> Waking up in 0.2 seconds.
>> Waking up in 4.3 seconds.
>> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=229,
>> length=410
>>            User-Name = "{sm=1}test at company.ie"
>>            EAP-Message =
>>
> 0x020500d01580000000c61603010086100000820080e3190ec3957550a29a5f545907823a1e
> adcd83d25d26b74f1858aae52bac948aef1e3d75bc2adff031a57ad656d2d09066f0cae0630e
> 0c66d0487abc980cb7d6631a6531f05cba19b4a94f628a6bda9a90aae7e58f33fe204399f1fc
> d215d007dba697579f7bcb002baa5d67c06a10d82953c53a31b100711f4f0d07e550a3d41403
> 0100010116030100308a7e900fbfb4f5de1ef3c91092938dee297c5a4b41f537309996762989
>> cffc3aa2475130e85a6cfcbd3cc5d4f4a38b01
>>            Message-Authenticator = 0x4f4cb9ffdb83cca6564a6d11de9eca5e
>>            NAS-Identifier = "BTS105"
>>            NAS-IP-Address = 10.190.0.2
>>            Calling-Station-Id = "00-26-82-D0-B6-F6"
>>            WiMAX-BS-Id = 0xffc6c8690100
>>            NAS-Port-Type = Wireless-802.16
>>            Framed-MTU = 2000
>>            Service-Type = Framed-User
>>            WiMAX-GMT-Timezone-offset = 0
>>            WiMAX-Release = "1.0"
>>            WiMAX-Accounting-Capabilities = IP-Session-Based
>>            WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
>>            Attr-26.24757.1.7 = 0x0000028a
>>            State = 0x4524932a462186bf0e6f9b30d966adf3
>> (4) # Executing section authorize from file
>> /usr/local/etc/raddb/sites-enabled/default
>> (4)   group authorize {
>> (4)  - entering group authorize {...}
>> (4)   [preprocess] = ok
>> (4)   [chap] = noop
>> (4)   [mschap] = noop
>> (4) eap : EAP packet type response id 5 length 208
>> (4) eap : Continuing tunnel setup.
>> (4)   [eap] = ok
>> (4) Found Auth-Type = ?
>> (4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
>> (4)   group authenticate {
>> (4)  - entering group authenticate {...}
>> (4) eap : Request found, released from the list
>> (4) eap : EAP/ttls
>> (4) eap : processing type ttls
>> (4) ttls : Authenticate
>> (4) ttls : processing EAP-TLS
>>      TLS Length 198
>> (4) ttls : Length Included
>> (4) ttls : eaptls_verify returned 11
>> (4) ttls :<<<   TLS 1.0 Handshake [length 0086], ClientKeyExchange
>> (4) ttls :     TLS_accept: SSLv3 read client key exchange A
>> (4) ttls :<<<   TLS 1.0 ChangeCipherSpec [length 0001]
>> (4) ttls :<<<   TLS 1.0 Handshake [length 0010], Finished
>> (4) ttls :     TLS_accept: SSLv3 read finished A
>> (4) ttls :>>>   TLS 1.0 ChangeCipherSpec [length 0001]
>> (4) ttls :     TLS_accept: SSLv3 write change cipher spec A
>> (4) ttls :>>>   TLS 1.0 Handshake [length 0010], Finished
>> (4) ttls :     TLS_accept: SSLv3 write finished A
>> (4) ttls :     TLS_accept: SSLv3 flush data
>> (4) ttls :     (other): SSL negotiation finished successfully
>> SSL Connection Established
>> (4) ttls : eaptls_process returned 13
>> (4)   [eap] = handled
>> Sending Access-Challenge of id 229 to 10.190.0.2 port 1812
>>            EAP-Message =
>>
> 0x0106004515800000003b14030100010116030100303a882b92af53c50ce085959593e73fca
>> 32ab9a7bd2e2e0a895c165c0a4163a638e8f12fef6f0bc8878a70cfcda0548a8
>>            Message-Authenticator = 0x00000000000000000000000000000000
>>            State = 0x4524932a412286bf0e6f9b30d966adf3
>> (4) Finished request 4.
>> Waking up in 0.2 seconds.
>> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=230,
>> length=378
>>            User-Name = "{sm=1test at company.ie"
>>            EAP-Message =
>>
> 0x020600b0150017030100201783b2821501d183457ee81425c3bcbfd372c1207cc52b44e4af
> 3250a771e4181703010080a65edf5e1fddb09f70ebffef22b5811ebb4d7f3143b2d1ecf88e2a
> f29edd0178dc38aa45de3e8ac0106fa7259392dbb721ed242bf6fd1a79cdc10faad024b583e8
> 710f2396246d34353b915f3a49771b11ed93e106564b0f94f208631a4f9852c21452c53492d5
>> 302b2571ec8f1b95d0b1abdaf202da0f42b9b68c863653886c
>>            Message-Authenticator = 0x064bdfc96ada80a4ac9a92242232b9ae
>>            NAS-Identifier = "BTS105"
>>            NAS-IP-Address = 10.190.0.2
>>            Calling-Station-Id = "00-26-82-D0-B6-F6"
>>            WiMAX-BS-Id = 0xffc6c8690100
>>            NAS-Port-Type = Wireless-802.16
>>            Framed-MTU = 2000
>>            Service-Type = Framed-User
>>            WiMAX-GMT-Timezone-offset = 0
>>            WiMAX-Release = "1.0"
>>            WiMAX-Accounting-Capabilities = IP-Session-Based
>>            WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
>>            Attr-26.24757.1.7 = 0x0000028a
>>            State = 0x4524932a412286bf0e6f9b30d966adf3
>> (5) # Executing section authorize from file
>> /usr/local/etc/raddb/sites-enabled/default
>> (5)   group authorize {
>> (5)  - entering group authorize {...}
>> (5)   [preprocess] = ok
>> (5)   [chap] = noop
>> (5)   [mschap] = noop
>> (5) eap : EAP packet type response id 6 length 176
>> (5) eap : Continuing tunnel setup.
>> (5)   [eap] = ok
>> (5) Found Auth-Type = ?
>> (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
>> (5)   group authenticate {
>> (5)  - entering group authenticate {...}
>> (5) eap : Request found, released from the list
>> (5) eap : EAP/ttls
>> (5) eap : processing type ttls
>> (5) ttls : Authenticate
>> (5) ttls : processing EAP-TLS
>> (5) ttls : eaptls_verify returned 7
>> (5) ttls : Done initial handshake
>> (5) ttls : eaptls_process returned 7
>> (5) ttls : Session established.  Proceeding to decode tunneled attributes.
>> (5) ttls : Got tunneled request
>>            User-Name = "30001020"
>>            MS-CHAP-Challenge = 0x967d3f6435e31b63
>>            MS-CHAP-Response =
>>
> 0xb801000000000000000000000000000000000000000000000000b32723b5ce6e52ba066370
>> add032fa03fecc6350d759fa7f
>>            FreeRADIUS-Proxied-To = 127.0.0.1
>> (5) ttls : Sending tunneled request
>>            User-Name = "30001020"
>>            MS-CHAP-Challenge = 0x967d3f6435e31b63
>>            MS-CHAP-Response =
>>
> 0xb801000000000000000000000000000000000000000000000000b32723b5ce6e52ba066370
>> add032fa03fecc6350d759fa7f
>>            FreeRADIUS-Proxied-To = 127.0.0.1
>>            NAS-Identifier = "BTS105"
>>            NAS-IP-Address = 10.190.0.2
>>            Calling-Station-Id = "00-26-82-D0-B6-F6"
>>            WiMAX-BS-Id = 0xffc6c8690100
>>            NAS-Port-Type = Wireless-802.16
>>            Framed-MTU = 2000
>>            Service-Type = Framed-User
>>            WiMAX-Release = "1.0"
>>            WiMAX-Accounting-Capabilities = IP-Session-Based
>>            WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
>>            Attr-26.24757.1.7 = 0x0000028a
>> server inner-tunnel {
>> (5) # Executing section authorize from file
>> /usr/local/etc/raddb/sites-enabled/inner-tunnel
>> (5)   group authorize {
>> (5)  - entering group authorize {...}
>> (5)   [chap] = noop
>> (5) mschap : Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
>> (5)   [mschap] = ok
>> (5) eap : No EAP-Message, not doing EAP
>> (5)   [eap] = noop
>> (5) files : users: Matched entry 30001020 at line 99
>> (5)   [files] = ok
>> (5)   [preprocess] = ok
>> (5) Found Auth-Type = ?
>> (5) # Executing group from file
>> /usr/local/etc/raddb/sites-enabled/inner-tunnel
>> (5)   group MS-CHAP {
>> (5)  - entering group MS-CHAP {...}
>> (5) mschap : Told to do MS-CHAPv1 with NT-Password
>> (5) mschap : adding MS-CHAPv1 MPPE keys
>> (5)   [mschap] = ok
>> (5) # Executing section post-auth from file
>> /usr/local/etc/raddb/sites-enabled/inner-tunnel
>> (5)   group post-auth {
>> (5)  - entering group post-auth {...}
>> (5)   update outer.reply {
>> (5)     expand: %{request:User-Name} ->   30001020
>> (5)   } # update outer.reply = noop
>> (5) wimax : No EAP-MSK or EAP-EMSK.  Cannot create WiMAX keys.
>> (5)   [wimax] = noop
>> } # server inner-tunnel
>> (5) ttls : Got tunneled reply code 2
>>            Alvarion-R3-IF-Name += "CPEL3Mgmt"
>>            Alvarion-PDFID += 1
>>            WiMAX-Packet-Data-Flow-Id += 1
>>            WiMAX-Direction += Bi-Directional
>>            WiMAX-Transport-Type += IPv4-CS
>>            WiMAX-Uplink-QOS-Id += 1
>>            WiMAX-Downlink-QOS-Id += 1
>>            WiMAX-ClassifierID += 2
>>            WiMAX-Classifier-Priority += 1
>>            WiMAX-Classifier-Direction += IN
>>            WiMAX-IP-TOS-DSCP-Range-and-Mask += 0x31353739323633
>>            WiMAX-ClassifierID += 1
>>            WiMAX-Classifier-Priority += 1
>>            WiMAX-Classifier-Direction += OUT
>>            WiMAX-IP-TOS-DSCP-Range-and-Mask += 0x3635353335
>>            WiMAX-QoS-Id += 1
>>            WiMAX-Schedule-Type += Best-Effort
>>            WiMAX-Traffic-Priority += 4
>>            WiMAX-Maximum-Sustained-Traffic-Rate += 512000
>>            WiMAX-IP-Technology += PMIP4
>>            Alvarion-R3-IF-Name += "HazelL2Service"
>>            Alvarion-PDFID += 2
>>            WiMAX-Packet-Data-Flow-Id += 2
>>            WiMAX-Direction += Bi-Directional
>>            WiMAX-Transport-Type += Ethernet
>>            WiMAX-Uplink-QOS-Id += 2
>>            WiMAX-Downlink-QOS-Id += 2
>>            WiMAX-ClassifierID += 1
>>            WiMAX-Classifier-Priority += 1
>>            WiMAX-Classifier-Direction += Bi-Directional
>>            WiMAX-VLAN-ID += 175
>>            WiMAX-QoS-Id += 2
>>            WiMAX-Schedule-Type += nrtPS
>>            WiMAX-Traffic-Priority += 1
>>            WiMAX-Maximum-Sustained-Traffic-Rate += 4096000
>>            WiMAX-Minimum-Reserved-Traffic-Rate += 1024000
>>            WiMAX-IP-Technology += Ethernet-CS
>>            WiMAX-hHA-IP-MIP4 += 12.12.12.12
>>            Session-Timeout = 3600
>>            Reply-Message = "4motion test"
>>            MS-CHAP-MPPE-Keys =
>> 0x250838025ed089c5740e1ec19c1d0bedd9776bd85e9fca880000000000000000
>>            MS-MPPE-Encryption-Policy = Encryption-Allowed
>>            MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
>> (5) ttls : Got tunneled Access-Accept
>> (5) eap : Freeing handler
>> (5)   [eap] = ok
>> (5) # Executing section post-auth from file
>> /usr/local/etc/raddb/sites-enabled/default
>> (5)   group post-auth {
>> (5)  - entering group post-auth {...}
>> (5)   update request {
>> (5)     expand: %{User-Name} ->   {sm=1}test at company.ie
>> (5)   } # update request = noop
>> (5)   update reply {
>> (5)     expand: %{reply:EAP-MSK} ->
>>
> 0x1fb12ddd1fa37055e2178c1525d32d189d720d0987006686a6a5306992df472e3c1a0fade5
>> 9132dd591aed447610e20c90a230fa5e7e345461261f8893588691
>> (5)   } # update reply = noop
>> (5) wimax : MIP-RK =
>>
> 0x34cb0114be346973d5832ba7410516ed882d1fb1fb0ae3ad608e687c48b01ab6948fd63668
>> f8d0e5fbdb1c3169e676b44aea80064919ae759cc997505584dbf7
>> (5) wimax : MIP-SPI = dd1974b7
>> (5)   [wimax] = updated
>> Sending Access-Accept of id 230 to 10.190.0.2 port 1812
>>            User-Name = "30001020"
>>            Alvarion-R3-IF-Name = "CPEL3Mgmt"
>>            Alvarion-PDFID = 1
>>            WiMAX-Packet-Data-Flow-Id = 1
>>            WiMAX-Direction = Bi-Directional
>>            WiMAX-Transport-Type = IPv4-CS
>>            WiMAX-Uplink-QOS-Id = 1
>>            WiMAX-Downlink-QOS-Id = 1
>>            WiMAX-ClassifierID = 2
>>            WiMAX-Classifier-Priority = 1
>>            WiMAX-Classifier-Direction = IN
>>            WiMAX-IP-TOS-DSCP-Range-and-Mask = 0x31353739323633
>>            WiMAX-ClassifierID = 1
>>            WiMAX-Classifier-Priority = 1
>>            WiMAX-Classifier-Direction = OUT
>>            WiMAX-IP-TOS-DSCP-Range-and-Mask = 0x3635353335
>>            WiMAX-QoS-Id = 1
>>            WiMAX-Schedule-Type = Best-Effort
>>            WiMAX-Traffic-Priority = 4
>>            WiMAX-Maximum-Sustained-Traffic-Rate = 512000
>>            WiMAX-IP-Technology = Ethernet-CS
>>            Alvarion-R3-IF-Name = "HazelL2Service"
>>            Alvarion-PDFID = 2
>>            WiMAX-Packet-Data-Flow-Id = 2
>>            WiMAX-Direction = Bi-Directional
>>            WiMAX-Transport-Type = Ethernet
>>            WiMAX-Uplink-QOS-Id = 2
>>            WiMAX-Downlink-QOS-Id = 2
>>            WiMAX-ClassifierID = 1
>>            WiMAX-Classifier-Priority = 1
>>            WiMAX-Classifier-Direction = Bi-Directional
>>            WiMAX-VLAN-ID = 175
>>            WiMAX-QoS-Id = 2
>>            WiMAX-Schedule-Type = nrtPS
>>            WiMAX-Traffic-Priority = 1
>>            WiMAX-Maximum-Sustained-Traffic-Rate = 4096000
>>            WiMAX-Minimum-Reserved-Traffic-Rate = 1024000
>>            WiMAX-IP-Technology = Ethernet-CS
>>            WiMAX-hHA-IP-MIP4 = 12.12.12.12
>>            Session-Timeout = 3600
>>            Reply-Message = "4motion test"
>>            MS-CHAP-MPPE-Keys =
>> 0x250838025ed089c5740e1ec19c1d0bedd9776bd85e9fca880000000000000000
>>            MS-MPPE-Encryption-Policy = Encryption-Allowed
>>            MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
>>            MS-MPPE-Recv-Key =
>> 0x1fb12ddd1fa37055e2178c1525d32d189d720d0987006686a6a5306992df472e
>>            MS-MPPE-Send-Key =
>> 0x3c1a0fade59132dd591aed447610e20c90a230fa5e7e345461261f8893588691
>>            EAP-Message = 0x03060004
>>            Message-Authenticator = 0x00000000000000000000000000000000
>>            WiMAX-MSK =
>>
> 0x1fb12ddd1fa37055e2178c1525d32d189d720d0987006686a6a5306992df472e3c1a0fade5
>> 9132dd591aed447610e20c90a230fa5e7e345461261f8893588691
>> (5) Finished request 5.
>> Waking up in 0.1 seconds.
>> Waking up in 0.1 seconds.
>> Waking up in 2.9 seconds.
>> (0) Cleaning up request packet ID 225 with timestamp +85
>> Waking up in 0.1 seconds.
>> (1) Cleaning up request packet ID 226 with timestamp +85
>> (2) Cleaning up request packet ID 227 with timestamp +85
>> (3) Cleaning up request packet ID 228 with timestamp +85
>> Waking up in 1.2 seconds.
>> (4) Cleaning up request packet ID 229 with timestamp +86
>> Waking up in 0.1 seconds.
>> (5) Cleaning up request packet ID 230 with timestamp +86
>> Ready to process requests.
>> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=231,
>> length=226
>>            User-Name = "{sm=1}test at company.ie"
>>            EAP-Message =
>>
> 0x0201002a017b736d3d317d6d61676e612e74616c6c616768742e7465737440616972737065
>> 65642e6965
>>            Message-Authenticator = 0x2304870d06de86fa88b3ccd2de56a789
>>            NAS-Identifier = "BTS105"
>>            NAS-IP-Address = 10.190.0.2
>>            Calling-Station-Id = "00-26-82-D0-B6-F6"
>>            WiMAX-BS-Id = 0xffc6c8690100
>>            NAS-Port-Type = Wireless-802.16
>>            Framed-MTU = 2000
>>            Service-Type = Framed-User
>>            WiMAX-GMT-Timezone-offset = 0
>>            WiMAX-Release = "1.0"
>>            WiMAX-Accounting-Capabilities = IP-Session-Based
>>            WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
>>            Attr-26.24757.1.7 = 0x0000028a
>> (6) # Executing section authorize from file
>> /usr/local/etc/raddb/sites-enabled/default
>> (6)   group authorize {
>> (6)  - entering group authorize {...}
>> (6)   [preprocess] = ok
>> (6)   [chap] = noop
>> (6)   [mschap] = noop
>> (6) eap : EAP packet type response id 1 length 42
>> (6) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the
>> rest of authorize
>> (6)   [eap] = ok
>> (6) Found Auth-Type = ?
>> (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
>> (6)   group authenticate {
>> (6)  - entering group authenticate {...}
>> (6) eap : EAP Identity
>> (6) eap : processing type tls
>> (6) tls : Initiate
>> (6) tls : Start returned 1
>> (6)   [eap] = handled
>> Sending Access-Challenge of id 231 to 10.190.0.2 port 1812
>>            EAP-Message = 0x010200061520
>>            Message-Authenticator = 0x00000000000000000000000000000000
>>            State = 0xfdcbcc4afdc9d9fe908aaa2f4bb4f780
>> (6) Finished request 6.
>> Waking up in 0.3 seconds.
>> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=232,
>> length=290
>>            User-Name = "{sm=1}test at company.ie"
>>            EAP-Message =
>>
> 0x0202005815800000004e16030100490100004503014d6f049b50d6ea950c49e9ddac3c33c4
> a0477aefbe9119045fd3313c4148aa9300001e00390038003500160013000a00330032002f00
>> 15001200090014001100080100
>>            Message-Authenticator = 0xab2efdd42f1f345c5b0ff3654e5fbeb1
>>            NAS-Identifier = "BTS105"
>>            NAS-IP-Address = 10.190.0.2
>>            Calling-Station-Id = "00-26-82-D0-B6-F6"
>>            WiMAX-BS-Id = 0xffc6c8690100
>>            NAS-Port-Type = Wireless-802.16
>>            Framed-MTU = 2000
>>            Service-Type = Framed-User
>>            WiMAX-GMT-Timezone-offset = 0
>>            WiMAX-Release = "1.0"
>>            WiMAX-Accounting-Capabilities = IP-Session-Based
>>            WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
>>            Attr-26.24757.1.7 = 0x0000028a
>>            State = 0xfdcbcc4afdc9d9fe908aaa2f4bb4f780
>> (7) # Executing section authorize from file
>> /usr/local/etc/raddb/sites-enabled/default
>> (7)   group authorize {
>> (7)  - entering group authorize {...}
>> (7)   [preprocess] = ok
>> (7)   [chap] = noop
>> (7)   [mschap] = noop
>> (7) eap : EAP packet type response id 2 length 88
>> (7) eap : Continuing tunnel setup.
>> (7)   [eap] = ok
>> (7) Found Auth-Type = ?
>> (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
>> (7)   group authenticate {
>> (7)  - entering group authenticate {...}
>> (7) eap : Request found, released from the list
>> (7) eap : EAP/ttls
>> (7) eap : processing type ttls
>> (7) ttls : Authenticate
>> (7) ttls : processing EAP-TLS
>>      TLS Length 78
>> (7) ttls : Length Included
>> (7) ttls : eaptls_verify returned 11
>> (7) ttls :     (other): before/accept initialization
>> (7) ttls :     TLS_accept: before/accept initialization
>> (7) ttls :<<<   TLS 1.0 Handshake [length 0049], ClientHello
>> (7) ttls :     TLS_accept: SSLv3 read client hello A
>> (7) ttls :>>>   TLS 1.0 Handshake [length 002a], ServerHello
>> (7) ttls :     TLS_accept: SSLv3 write server hello A
>> (7) ttls :>>>   TLS 1.0 Handshake [length 085e], Certificate
>> (7) ttls :     TLS_accept: SSLv3 write certificate A
>> (7) ttls :>>>   TLS 1.0 Handshake [length 020d], ServerKeyExchange
>> (7) ttls :     TLS_accept: SSLv3 write key exchange A
>> (7) ttls :>>>   TLS 1.0 Handshake [length 0004], ServerHelloDone
>> (7) ttls :     TLS_accept: SSLv3 write server done A
>> (7) ttls :     TLS_accept: SSLv3 flush data
>> (7) ttls :     TLS_accept: Need to read more data: SSLv3 read client
>> certificate A
>> In SSL Handshake Phase
>> In SSL Accept mode
>> (7) ttls : eaptls_process returned 13
>> (7)   [eap] = handled
>> Sending Access-Challenge of id 232 to 10.190.0.2 port 1812
>>            EAP-Message =
>>
> 0x0103040015c000000aad160301002a0200002603014e9ee512e286821d40c5caafa8f5cd1b
> 8a1ed466ce0608d778ac01ab923d418c00003900160301085e0b00085a0008570003a6308203
> a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355
> 040613024652310f300d060355040813065261646975733112301006035504071309536f6d65
> 776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886
> f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d457861
>> 6d706c6520436572746966696361746520417574686f72697479
>>            EAP-Message =
>>
> 0x301e170d3131313031333039353734375a170d3132313031323039353734375a307c310b30
> 09060355040613024652310f300d0603550408130652616469757331153013060355040a130c
> 4578616d706c6520496e632e312330210603550403131a4578616d706c652053657276657220
> 43657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d
> 706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a028201
> 0100caef6b9b67bdef4ad8e1e44128bc7e4d59b10f7fea2f25a815df34e36e48223a3812b6b4
>> c9005ddf99cf79afe5a4645eb7847cdaa444ad11ad858447f05e
>>            EAP-Message =
>>
> 0xbb17624bb71f12a488110b381a1a629f04fe7811e5589b7cfebad4e16d89ce6b982880f28d
> b5f6817bda4db85b83520a6d47f682e224f70e9a104fc421ca712b8fa4c1b9e6c98329a5db41
> 50bb6d06fe29729e2842c5ecb6960b89cbdadc1ec91e7eadbdb4288023659fef46b02ec89bb4
> 7026e86c85aefb37d6df74167a3e12279d32b42199ba04013f8d4985c218365f0f60c3d9af22
> 7a3949125925db3ffb1bdccf34548f7626dac63e22b0624b6f16669d47fbc7ca4ddf2f794d00
> 4b901ecb090203010001a317301530130603551d25040c300a06082b06010505070301300d06
>> 092a864886f70d01010405000382010100b676c0afe25190b575
>>            EAP-Message =
>>
> 0x1fa8ec975b02e09c61c8b25c4e2b7fe96b9275018524ef5bfecace1625ea8a09aaccc1a0b9
> cdb2ebe7d1780ecf6a2bf775d639944c27881d5ea4d6fb013799ca759216777b46ee8dbdd9b6
> 6346ad9ee5b4e1854f04fa495bc64ce62702c50f3ba637d28c835c3113ca9984a94b1b3e6402
> 8034c73d734af96bdbb3e7bbb427372fb069af913eb2ced4ef9253a87050138334320cd2f563
> c457de969f8472fd861282613fb501a0732e1bc2e9a0eb41caa6cb481c773f79737c1a9bc0e9
> 5e795ee5a0974fb2752d947606422dfba0e2c45b046c834c0553aecdd2b3a37952050de7a2d6
>> e27be9065dc29bc10b90188a7faf20beed7b904c0004ab308204
>>            EAP-Message = 0xa73082038fa0030201020209
>>            Message-Authenticator = 0x00000000000000000000000000000000
>>            State = 0xfdcbcc4afcc8d9fe908aaa2f4bb4f780
>> (7) Finished request 7.
>> Waking up in 0.1 seconds.
>> rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=233,
>> length=208
>>            User-Name = "{sm=1}test at company.ie"
>>            EAP-Message = 0x020300061500
>>            Message-Authenticator = 0xe4548d83804e1e53f53cce5d4e69eede
>>            NAS-Identifier = "BTS105"
>>            NAS-IP-Address = 10.190.0.2
>>            Calling-Station-Id = "00-26-82-D0-B6-F6"
>>            WiMAX-BS-Id = 0xffc6c8690100
>>            NAS-Port-Type = Wireless-802.16
>>            Framed-MTU = 2000
>>            Service-Type = Framed-User
>>            WiMAX-GMT-Timezone-offset = 0
>>            WiMAX-Release = "1.0"
>>            WiMAX-Accounting-Capabilities = IP-Session-Based
>>            WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
>>            Attr-26.24757.1.7 = 0x0000028a
>>            State = 0xfdcbcc4afcc8d9fe908aaa2f4bb4f780
>> (8) # Executing section authorize from file
>> /usr/local/etc/raddb/sites-enabled/default
>> (8)   group authorize {
>> (8)  - entering group authorize {...}
>> (8)   [preprocess] = ok
>> (8)   [chap] = noop
>> (8)   [mschap] = noop
>> (8) eap : EAP packet type response id 3 length 6
>> (8) eap : Continuing tunnel setup.
>> (8)   [eap] = ok
>> (8) Found Auth-Type = ?
>> (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
>> (8)   group authenticate {
>> (8)  - entering group authenticate {...}
>> (8) eap : Request found, released from the list
>> (8) eap : EAP/ttls
>> (8) eap : processing type ttls
>> (8) ttls : Authenticate
>> (8) ttls : processing EAP-TLS
>> (8) ttls : Received TLS ACK
>> (8) ttls : Received TLS ACK
>> (8) ttls : ACK handshake fragment handler
>> (8) ttls : eaptls_verify returned 1
>> (8) ttls : eaptls_process returned 13
>> (8)   [eap] = handled
>> Sending Access-Challenge of id 233 to 10.190.0.2 port 1812
>>            EAP-Message =
>>
> 0x0104040015c000000aad00ec1d720e4a7e8a98300d06092a864886f70d0101050500308193
> 310b3009060355040613024652310f300d060355040813065261646975733112301006035504
> 071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e312030
> 1e06092a864886f70d010901161161646d696e406578616d706c652e636f6d31263024060355
> 0403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d31
> 31313031333039353734375a170d3132313031323039353734375a308193310b300906035504
>> 0613024652310f300d0603550408130652616469757331123010
>>            EAP-Message =
>>
> 0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e
> 632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126
> 30240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
> 30820122300d06092a864886f70d01010105000382010f003082010a0282010100be734cc62e
> cb7177f45d9f49d0dc7c67f1e8f71f9ad048dd67a12de738c98729d524e687e47b801bf912a3
> ce76ff5c35cbbae16eed0733b5e51b53633123803af7f8bdb2a456b82f3c022ab8aa75e09e55
>> f898044a1de747799af4506d191327f3cb2fd28c87d277828b1b
>>            EAP-Message =
>>
> 0x5372af25f28e4dc8ece69051878c673e3036fad0165be210ee1e208c762dbd201af930f8d3
> 0c2d8e1f112afa92bec4462e0f812d645e0572c991a9f1ff3fb7938f9aa1c92db6464ea6025f
> c34af023dc152c09ac6074742f3b1766cfca4c352255553bea37de71ea152bb306cd1893e111
> 19326b7a5bdf957fc90726ffcf49b542285aeda0480ced4f180547fe0449400dfd786fc50203
> 010001a381fb3081f8301d0603551d0e04160414b57317268d6d7a07453f567b60d8e38ab31a
> f2a13081c80603551d230481c03081bd8014b57317268d6d7a07453f567b60d8e38ab31af2a1
>> a18199a48196308193310b3009060355040613024652310f300d
>>            EAP-Message =
>>
> 0x060355040813065261646975733112301006035504071309536f6d65776865726531153013
> 060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d01090116116164
> 6d696e406578616d706c652e636f6d312630240603550403131d4578616d706c652043657274
> 6966696361746520417574686f72697479820900ec1d720e4a7e8a98300c0603551d13040530
> 030101ff300d06092a864886f70d010105050003820101000145888b12dc92a1ae57d9cf122d
> 90702ccf6fdeacf92f4e46bdab9773d80bb5373ddacd234f03fd8d8f8587b515ba24b28931ff
>> ec882ad044f8bc07f3c510b90f86e302639082c1d1fbc9fd9d2b
>>            EAP-Message = 0x29f6a43153b63396708d1c2a
>>            Message-Authenticator = 0x00000000000000000000000000000000
>>            State = 0xfdcbcc4affcfd9fe908aaa2f4bb4f780
>> (8) Finished request 8.
>>
>>
>>
>>
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>> -
>> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


 
 
 
 




More information about the Freeradius-Users mailing list