alvarion not receiving Filter-Id parameters

David Peterson davidp at wirelessconnections.net
Sat Jan 7 15:02:36 CET 2012


Most of this discussion will need to go offlist as it's not appropriate for
the list.  

First off, you don't need the customized radius VSA's for the Extreme
product, only Framed-Filter-Id.  Only the 4-Motion equipment requires the
custom dictionary.  

Secondly you have identified two different service flows.  Do all of the MSF
and SP's actually exist in the base station?  If they do are you using
identical names?  The base station is case sensitive.

David


-----Original Message-----
From:
freeradius-users-bounces+david.peterson=acc-corp.net at lists.freeradius.org
[mailto:freeradius-users-bounces+david.peterson=acc-corp.net at lists.freeradiu
s.org] On Behalf Of Bruce Eckstein
Sent: Friday, January 06, 2012 5:58 PM
To: freeradius-users at lists.freeradius.org
Subject: alvarion not receiving Filter-Id parameters

I am trying to get freeradius to authorize the services on an Alvarion

BreezeMax 5000 system ver 1.7.
I have gotten the cpe authenticated but services are not assigned.

I have downloaded on 1/5/2012 the Master from git.
I modified the dictionary file such that $INCLUDE
dictionary.alvarion.wimax.v2_2 replaced $INCLUDE dictionary.alvarion
$INCLUDE dictionary.wimax.alvarion replaced $INCLUDE dictionary.wimax I ran
configure  using ./configure --with-experimental-modules I ran make and make
install (it compiled, installed and ran) wimax was uncommented in 2 places
in default file
     one in the authorize section and one in the post-auth section
     (the wimax module indicates there should also be one in the "preacct"
section but I do not find that one nor can I figure where it should be) and
the following were uncommented in default file
         update request {
                WiMAX-MN-NAI = "%{User-Name}"
         }
          update reply {
             WiMAX-FA-RK-Key = 0x00
             WiMAX-MSK = "%{EAP-MSK}"
         }
the following users were defined with these replies in the user file
"wimax1 at WIMAX.COM" Cleartext-Password := "wimax"
         Filter-Id = "SP=sp1:MSF=msf1;SP=sp_data_eth:MSF=msf_data_eth;",
Session-Timeout = 1200, Termination-Action = RADIUS-Request
"KeepAliveUserNameAndPassword" Cleartext-Password :=
"KeepAliveUserNameAndPassword"
         Filter-Id = "SP=sp1:MSF=msf1;SP=sp_data_eth:MSF=msf_data_eth;",
Session-Timeout = 1200, Termination-Action = RADIUS-Request

(I don't think I needed the keepalive one but I put it there anyways.) in
the above filters I have tried both with and without a trailing ; after
msf_data_eth and before the " mark no changes were made in the inner-tunnel
file delete_mppe_keys = yes  in the wimax module (I've tried with both yes
and no)

fr seems to work. I see that the Filter-Id is indicated for the reply (see
below).
The Alvarion CPE does get authenticated according to the CPE but there are
no services defined for the CPE

sp1, msf1, sp_data_eth, and msf_data_eth are all defined in the BTS.
What is it that I am missing in configuration of the FreeRadius?

below is a radiusd -X run

FreeRADIUS Version 3.0.0, for host x86_64-unknown-linux-gnu, built on Jan  6
2012 at 15:07:59 Copyright (C) 1999-2009 The FreeRADIUS server project and
contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the GNU General
Public License v2.

Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf including
configuration file /usr/local/etc/raddb/proxy.conf including configuration
file /usr/local/etc/raddb/clients.conf including files in directory
/usr/local/etc/raddb/modules/ including configuration file
/usr/local/etc/raddb/modules/pam including configuration file
/usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/exec including
configuration file /usr/local/etc/raddb/modules/rediswho
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/pap including
configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/krb5 including
configuration file /usr/local/etc/raddb/modules/soh including configuration
file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/sqlippool
including configuration file /usr/local/etc/raddb/sql/postgresql/ippool.conf
including configuration file /usr/local/etc/raddb/modules/expr including
configuration file /usr/local/etc/raddb/modules/sql including configuration
file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/opendirectory
including configuration file /usr/local/etc/raddb/modules/ldap including
configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/eap including
configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/dynamic_clients
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/cui including
configuration file /usr/local/etc/raddb/modules/otp including configuration
file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/perl including
configuration file /usr/local/etc/raddb/modules/redis
including configuration file /usr/local/etc/raddb/modules/replicate
including configuration file /usr/local/etc/raddb/modules/chap including
configuration file /usr/local/etc/raddb/modules/echo including configuration
file /usr/local/etc/raddb/modules/unix including configuration file
/usr/local/etc/raddb/modules/utf8 including configuration file
/usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/policy.conf including
files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file
/usr/local/etc/raddb/sites-enabled/control-socket
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
main {
  security {
     allow_core_dumps = no
  }
}
including dictionary file /usr/local/etc/raddb/dictionary main {
     name = "radiusd"
     prefix = "/usr/local"
     localstatedir = "/usr/local/var"
     sbindir = "/usr/local/sbin"
     logdir = "/usr/local/var/log/radius"
     run_dir = "/usr/local/var/run/radiusd"
     libdir = "/usr/local/lib"
     radacctdir = "/usr/local/var/log/radius/radacct"
     hostname_lookups = no
     max_request_time = 30
     cleanup_delay = 5
     max_requests = 1024
     pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
     checkrad = "/usr/local/sbin/checkrad"
     debug_level = 0
     proxy_requests = yes
  log {
     stripped_names = no
     auth = no
     auth_badpass = no
     auth_goodpass = no
  }
  security {
     max_attributes = 200
     reject_delay = 1
     status_server = yes
  }
}
radiusd: #### Loading Realms and Home Servers ####
  proxy server {
     retry_delay = 5
     retry_count = 3
     default_fallback = no
     dead_time = 120
     wake_all_if_all_dead = no
  }
  home_server localhost {
     ipaddr = 127.0.0.1
     port = 1812
     type = "auth"
     secret = "testing123"
     response_window = 20
     max_outstanding = 65536
     require_message_authenticator = yes
     zombie_period = 40
     status_check = "status-server"
     ping_interval = 30
     check_interval = 30
     num_answers_to_alive = 3
     num_pings_to_alive = 3
     revive_interval = 120
     status_check_timeout = 4
   coa {
     irt = 2
     mrt = 16
     mrc = 5
     mrd = 30
   }
   limit {
     max_connections = 16
     max_requests = 0
     lifetime = 0
     idle_timeout = 0
   }
  }
  home_server_pool my_auth_failover {
     type = fail-over
     home_server = localhost
  }
  realm example.com {
     auth_pool = my_auth_failover
  }
  realm LOCAL {
  }
radiusd: #### Loading Clients ####
  client localhost {
     ipaddr = 127.0.0.1
     require_message_authenticator = no
     secret = "testing123"
     nastype = "other"
     proto = "*"
     max_connections = 16
  }
  client 10.97.0.0/24 {
     require_message_authenticator = no
     secret = "testing123"
     shortname = "private-network-1"
     max_connections = 16
  }
radiusd: #### Instantiating modules ####
  instantiate {
  Module: Linked to module rlm_exec
  Module: Instantiating module "exec" from file
/usr/local/etc/raddb/modules/exec
   exec {
     wait = no
     input_pairs = "request"
     shell_escape = yes
   }
  Module: Linked to module rlm_expr
  Module: Instantiating module "expr" from file
/usr/local/etc/raddb/modules/expr
  Module: Linked to module rlm_expiration
  Module: Instantiating module "expiration" from file
/usr/local/etc/raddb/modules/expiration
   expiration {
     reply-message = "Password Has Expired  "
   }
  Module: Linked to module rlm_logintime
  Module: Instantiating module "logintime" from file
/usr/local/etc/raddb/modules/logintime
   logintime {
     reply-message = "You are calling outside your allowed timespan  "
     minimum-timeout = 60
   }
  }
radiusd: #### Loading Virtual Servers #### server { # from file
/usr/local/etc/raddb/radiusd.conf
  modules {
   Module: Creating Auth-Type = digest
  Module: Checking authenticate {...} for more modules to load
  Module: Linked to module rlm_pap
  Module: Instantiating module "pap" from file
/usr/local/etc/raddb/modules/pap
   pap {
     encryption_scheme = "auto"
     auto_header = no
   }
  Module: Linked to module rlm_chap
  Module: Instantiating module "chap" from file
/usr/local/etc/raddb/modules/chap
  Module: Linked to module rlm_mschap
  Module: Instantiating module "mschap" from file
/usr/local/etc/raddb/modules/mschap
   mschap {
     use_mppe = yes
     require_encryption = no
     require_strong = no
     with_ntdomain_hack = no
    passchange {
    }
     allow_retry = yes
   }
  Module: Linked to module rlm_digest
  Module: Instantiating module "digest" from file
/usr/local/etc/raddb/modules/digest
  Module: Linked to module rlm_unix
  Module: Instantiating module "unix" from file
/usr/local/etc/raddb/modules/unix
   unix {
     radwtmp = "/usr/local/var/log/radius/radwtmp"
   }
  Module: Linked to module rlm_eap
  Module: Instantiating module "eap" from file
/usr/local/etc/raddb/modules/eap
   eap {
     default_eap_type = "md5"
     timer_expire = 60
     ignore_unknown_eap_types = no
     cisco_accounting_username_bug = no
     max_sessions = 4096
   }
  Module: Linked to sub-module rlm_eap_md5
  Module: Instantiating eap-md5
  Module: Linked to sub-module rlm_eap_leap
  Module: Instantiating eap-leap
  Module: Linked to sub-module rlm_eap_gtc
  Module: Instantiating eap-gtc
    gtc {
     challenge = "Password: "
     auth_type = "PAP"
    }
  Module: Linked to sub-module rlm_eap_tls
  Module: Instantiating eap-tls
    tls {
     rsa_key_exchange = no
     dh_key_exchange = yes
     rsa_key_length = 512
     dh_key_length = 512
     verify_depth = 0
     CA_path = "/usr/local/etc/raddb/certs"
     pem_file_type = yes
     private_key_file = "/usr/local/etc/raddb/certs/server.pem"
     certificate_file = "/usr/local/etc/raddb/certs/server.pem"
     CA_file = "/usr/local/etc/raddb/certs/ca.pem"
     private_key_password = "whatever"
     dh_file = "/usr/local/etc/raddb/certs/dh"
     random_file = "/usr/local/etc/raddb/certs/random"
     fragment_size = 1024
     include_length = yes
     check_crl = no
     cipher_list = "DEFAULT"
     make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
     cache {
     enable = no
     lifetime = 24
     max_entries = 255
     }
     verify {
     }
     ocsp {
     enable = no
     override_cert_url = yes
     url = "http://127.0.0.1/ocsp/"
     }
    }
  Module: Linked to sub-module rlm_eap_ttls
  Module: Instantiating eap-ttls
    ttls {
     default_eap_type = "md5"
     copy_request_to_tunnel = no
     use_tunneled_reply = no
     virtual_server = "inner-tunnel"
     include_length = yes
    }
  Module: Linked to sub-module rlm_eap_peap
  Module: Instantiating eap-peap
    peap {
     default_eap_type = "mschapv2"
     copy_request_to_tunnel = no
     use_tunneled_reply = no
     proxy_tunneled_request_as_eap = yes
     virtual_server = "inner-tunnel"
     soh = no
    }
  Module: Linked to sub-module rlm_eap_mschapv2
  Module: Instantiating eap-mschapv2
    mschapv2 {
     with_ntdomain_hack = no
     send_error = no
    }
  Module: Checking authorize {...} for more modules to load
  Module: Linked to module rlm_preprocess
  Module: Instantiating module "preprocess" from file
/usr/local/etc/raddb/modules/preprocess
   preprocess {
     huntgroups = "/usr/local/etc/raddb/huntgroups"
     hints = "/usr/local/etc/raddb/hints"
     with_ascend_hack = no
     ascend_channels_per_line = 23
     with_ntdomain_hack = no
     with_specialix_jetstream_hack = no
     with_cisco_vsa_hack = no
     with_alvarion_vsa_hack = no
   }
  Module: Linked to module rlm_wimax
  Module: Instantiating module "wimax" from file
/usr/local/etc/raddb/modules/wimax
   wimax {
     delete_mppe_keys = yes
   }
  Module: Linked to module rlm_realm
  Module: Instantiating module "suffix" from file
/usr/local/etc/raddb/modules/realm
   realm suffix {
     format = "suffix"
     delimiter = "@"
     ignore_default = no
     ignore_null = no
   }
  Module: Linked to module rlm_files
  Module: Instantiating module "files" from file
/usr/local/etc/raddb/modules/files
   files {
     usersfile = "/usr/local/etc/raddb/users"
     acctusersfile = "/usr/local/etc/raddb/acct_users"
     preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
     compat = "no"
   }
  Module: Checking preacct {...} for more modules to load
  Module: Loading virtual module acct_unique
  Module: Checking accounting {...} for more modules to load
  Module: Linked to module rlm_detail
  Module: Instantiating module "detail" from file
/usr/local/etc/raddb/modules/detail
   detail {
     detailfile =
"/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-
IPv6-Address}}/detail-%Y%m%d"
     header = "%t"
     detailperm = 384
     dirperm = 493
     locking = no
     log_packet_header = no
   }
  Module: Linked to module rlm_radutmp
  Module: Instantiating module "radutmp" from file
/usr/local/etc/raddb/modules/radutmp
   radutmp {
     filename = "/usr/local/var/log/radius/radutmp"
     username = "%{User-Name}"
     case_sensitive = yes
     check_with_nas = yes
     perm = 384
     callerid = yes
   }
  Module: Linked to module rlm_attr_filter
  Module: Instantiating module "attr_filter.accounting_response" from file
/usr/local/etc/raddb/modules/attr_filter
   attr_filter attr_filter.accounting_response {
     attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
     key = "%{User-Name}"
     relaxed = no
   }
  Module: Checking session {...} for more modules to load
  Module: Checking post-proxy {...} for more modules to load
  Module: Checking post-auth {...} for more modules to load
  Module: Loading virtual module remove_reply_message_if_eap
  Module: Linked to module rlm_always
  Module: Instantiating module "noop" from file
/usr/local/etc/raddb/modules/always
   always noop {
     rcode = "noop"
     simulcount = 0
     mpp = no
   }
  Module: Instantiating module "attr_filter.access_reject" from file
/usr/local/etc/raddb/modules/attr_filter
   attr_filter attr_filter.access_reject {
     attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
     key = "%{User-Name}"
     relaxed = no
   }
  Module: Loading virtual module remove_reply_message_if_eap
  } # modules
} # server
server inner-tunnel { # from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
  modules {
  Module: Checking authenticate {...} for more modules to load
  Module: Checking authorize {...} for more modules to load
  Module: Checking session {...} for more modules to load
  Module: Checking post-proxy {...} for more modules to load
  Module: Checking post-auth {...} for more modules to load
  } # modules
} # server
radiusd: #### Opening IP addresses and Ports #### listen {
     type = "auth"
     ipaddr = *
     port = 0
}
listen {
     type = "acct"
     ipaddr = *
     port = 0
}
listen {
     type = "control"
  listen {
     socket = "/usr/local/var/run/radiusd/radiusd.sock"
  }
}
listen {
     type = "auth"
     ipaddr = 127.0.0.1
     port = 18120
}
Listening on authentication address * port 1812 Listening on accounting
address * port 1813 Listening on command file
/usr/local/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel Opening new proxy address * port 1814 Listening on proxy
address * port 1814 Ready to process requests.
rad_recv: Access-Request packet from host 10.97.0.51 port 49154, id=252,
length=181
     User-Name = "KeepAliveUserNameAndPassword"
     NAS-IP-Address = 10.97.0.51
     NAS-Port-Type = Wireless-802.16
     NAS-Port = 0
     Calling-Station-Id = "\000\000\000\000\000"
     NAS-Identifier = "001001003000096000"
     WiMAX-GMT-Timezone-offset = 0
     Message-Authenticator = 0x07dfa70c37088f55baade217a16d54fc
     Acct-Session-Id = "KeepAliveSessionId"
     User-Password = "KeepAliveUserNameAndPassword"
(0) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(0)   group authorize {
(0)  - entering group authorize {...}
(0)   [preprocess] = ok
(0)   [chap] = noop
(0)   [mschap] = noop
(0)   [digest] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to 00-00-00-00-00-00
(0)   [wimax] = ok
(0) suffix : No '@' in User-Name = "KeepAliveUserNameAndPassword", looking
up realm NULL
(0) suffix : No such realm "NULL"
(0)   [suffix] = noop
(0) eap : No EAP-Message, not doing EAP
(0)   [eap] = noop
(0) files : users: Matched entry KeepAliveUserNameAndPassword at line 7
(0)   [files] = ok
(0)   [expiration] = noop
(0)   [logintime] = noop
(0)   [pap] = updated
(0) Found Auth-Type = PAP
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0)   group PAP {
(0)  - entering group PAP {...}
(0) pap : login attempt with password "KeepAliveUserNameAndPassword"
(0) pap : Using clear text password "KeepAliveUserNameAndPassword"
(0) pap : User authenticated successfully
(0)   [pap] = ok
(0) # Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/default
(0)   group post-auth {
(0)  - entering group post-auth {...}
(0)   [exec] = noop
(0)   update request {
(0)     expand: %{User-Name} ->  KeepAliveUserNameAndPassword
(0)   } # update request = noop
(0)   update reply {
(0)     expand: %{EAP-MSK} ->
(0)   } # update reply = noop
(0) wimax : No EAP-MSK or EAP-EMSK.  Cannot create WiMAX keys.
(0)   [wimax] = noop
(0)    policy remove_reply_message_if_eap {
(0)   - entering policy remove_reply_message_if_eap {...}
(0)    ? if (reply:EAP-Message&&  reply:Reply-Message)
(0) ? Evaluating (reply:EAP-Message ) ->  FALSE
(0) ? Skipping (reply:Reply-Message)
(0)    ? if (reply:EAP-Message&&  reply:Reply-Message) ->  FALSE
(0)     else else {
(0)    - entering else else {...}
(0)     [noop] = noop
(0)    - else else returns noop
(0)   - policy remove_reply_message_if_eap returns noop
Sending Access-Accept of id 252 to 10.97.0.51 port 49154
     Filter-Id = "SP=sp1:MSF=msf1;SP=sp_data_eth:MSF=msf_data_eth;"
     Session-Timeout = 1200
     Termination-Action = RADIUS-Request
     WiMAX-FA-RK-Key = 0x00
     WiMAX-MSK = 0x
WARNING: Skipping zero-length attribute WiMAX-MSK
(0) Finished request 0.
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
(0) Cleaning up request packet ID 252 with timestamp +1 Ready to process
requests.
rad_recv: Access-Request packet from host 10.97.0.51 port 49154, id=253,
length=258
     User-Name = "{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM"
     NAS-IP-Address = 10.97.0.51
     NAS-Port-Type = Wireless-802.16
     NAS-Port = 1
     Calling-Station-Id = "\000\020\347a\r\226"
     NAS-Identifier = "001001003000096000"
     WiMAX-GMT-Timezone-offset = 0
     Framed-MTU = 1490
     Service-Type = Framed-User
     WiMAX-Release = "1.0"
     WiMAX-Accounting-Capabilities = IP-Session-Based
     WiMAX-BS-Id = 0x303031303031303033303030303936303030
     EAP-Message =
0x02010035017b616d3d317d3865613339323938643938623631383965306161643932353934
3937303135314057494d41582e434f4d
     Message-Authenticator = 0x6a08e376952afbaf0740a456767bfe80
(1) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(1)   group authorize {
(1)  - entering group authorize {...}
(1)   [preprocess] = ok
(1)   [chap] = noop
(1)   [mschap] = noop
(1)   [digest] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to 00-10-e7-61-0d-96
(1)   [wimax] = ok
(1) suffix : Looking up realm "WIMAX.COM" for User-Name =
"{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM"
(1) suffix : No such realm "WIMAX.COM"
(1)   [suffix] = noop
(1) eap : EAP packet type response id 1 length 53
(1) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(1)   [eap] = ok
(1) Found Auth-Type = EAP
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1)   group authenticate {
(1)  - entering group authenticate {...}
(1) eap : EAP Identity
(1) eap : processing type md5
rlm_eap_md5: Issuing Challenge
(1)   [eap] = handled
Sending Access-Challenge of id 253 to 10.97.0.51 port 49154
     EAP-Message = 0x010200160410d780646d179a777255c505dfbee44ab4
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xee37a64fee35a255d3718fb2df57c86c
(1) Finished request 1.
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 10.97.0.51 port 49154, id=254,
length=229
     User-Name = "{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM"
     NAS-IP-Address = 10.97.0.51
     NAS-Port-Type = Wireless-802.16
     NAS-Port = 1
     Calling-Station-Id = "\000\020\347a\r\226"
     NAS-Identifier = "001001003000096000"
     WiMAX-GMT-Timezone-offset = 0
     Framed-MTU = 1490
     Service-Type = Framed-User
     State = 0xee37a64fee35a255d3718fb2df57c86c
     WiMAX-Release = "1.0"
     WiMAX-Accounting-Capabilities = IP-Session-Based
     WiMAX-BS-Id = 0x303031303031303033303030303936303030
     EAP-Message = 0x020200060315
     Message-Authenticator = 0x94447e93f95cc98a8a6c227ccd901efe
(2) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(2)   group authorize {
(2)  - entering group authorize {...}
(2)   [preprocess] = ok
(2)   [chap] = noop
(2)   [mschap] = noop
(2)   [digest] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to 00-10-e7-61-0d-96
(2)   [wimax] = ok
(2) suffix : Looking up realm "WIMAX.COM" for User-Name =
"{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM"
(2) suffix : No such realm "WIMAX.COM"
(2)   [suffix] = noop
(2) eap : EAP packet type response id 2 length 6
(2) eap : No EAP Start, assuming it's an on-going EAP conversation
(2)   [eap] = updated
(2)   [files] = noop
(2)   [expiration] = noop
(2)   [logintime] = noop
(2) pap : WARNING! No "known good" password found for the user.
Authentication may fail because of this.
(2)   [pap] = noop
(2) Found Auth-Type = EAP
(2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(2)   group authenticate {
(2)  - entering group authenticate {...}
(2) eap : Request found, released from the list
(2) eap : EAP NAK
(2) eap : EAP-NAK asked for EAP-Type/ttls
(2) eap : processing type tls
(2) tls : Initiate
(2) tls : Start returned 1
(2)   [eap] = handled
Sending Access-Challenge of id 254 to 10.97.0.51 port 49154
     EAP-Message = 0x010300061520
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xee37a64fef34b355d3718fb2df57c86c
(2) Finished request 2.
Waking up in 0.1 seconds.
rad_recv: Access-Request packet from host 10.97.0.51 port 49154, id=255,
length=285
     User-Name = "{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM"
     NAS-IP-Address = 10.97.0.51
     NAS-Port-Type = Wireless-802.16
     NAS-Port = 1
     Calling-Station-Id = "\000\020\347a\r\226"
     NAS-Identifier = "001001003000096000"
     WiMAX-GMT-Timezone-offset = 0
     Framed-MTU = 1490
     Service-Type = Framed-User
     State = 0xee37a64fef34b355d3718fb2df57c86c
     WiMAX-Release = "1.0"
     WiMAX-Accounting-Capabilities = IP-Session-Based
     WiMAX-BS-Id = 0x303031303031303033303030303936303030
     EAP-Message =
0x0203003e150016030100330100002f0301000006dea50c9829a6d3f565bcdf7456521cc609
9d8b828e302b1e2dce4a70e7000008002f000a000500040100
     Message-Authenticator = 0xd86dddc0e2ef35284fb32302bf1daedf
(3) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(3)   group authorize {
(3)  - entering group authorize {...}
(3)   [preprocess] = ok
(3)   [chap] = noop
(3)   [mschap] = noop
(3)   [digest] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to 00-10-e7-61-0d-96
(3)   [wimax] = ok
(3) suffix : Looking up realm "WIMAX.COM" for User-Name =
"{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM"
(3) suffix : No such realm "WIMAX.COM"
(3)   [suffix] = noop
(3) eap : EAP packet type response id 3 length 62
(3) eap : Continuing tunnel setup.
(3)   [eap] = ok
(3) Found Auth-Type = EAP
(3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(3)   group authenticate {
(3)  - entering group authenticate {...}
(3) eap : Request found, released from the list
(3) eap : EAP/ttls
(3) eap : processing type ttls
(3) ttls : Authenticate
(3) ttls : processing EAP-TLS
(3) ttls : eaptls_verify returned 7
(3) ttls : Done initial handshake
(3) ttls :     (other): before/accept initialization
(3) ttls :     TLS_accept: before/accept initialization
(3) ttls :<<<  TLS 1.0 Handshake [length 0033], ClientHello
(3) ttls :     TLS_accept: SSLv3 read client hello A
(3) ttls :>>>  TLS 1.0 Handshake [length 002a], ServerHello
(3) ttls :     TLS_accept: SSLv3 write server hello A
(3) ttls :>>>  TLS 1.0 Handshake [length 085e], Certificate
(3) ttls :     TLS_accept: SSLv3 write certificate A
(3) ttls :>>>  TLS 1.0 Handshake [length 0004], ServerHelloDone
(3) ttls :     TLS_accept: SSLv3 write server done A
(3) ttls :     TLS_accept: SSLv3 flush data
(3) ttls :     TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
(3) ttls : eaptls_process returned 13
(3)   [eap] = handled
Sending Access-Challenge of id 255 to 10.97.0.51 port 49154
     EAP-Message =
0x0104040015c00000089b160301002a0200002603014f0756b3dce62ca722a50e1ef6188815
d5f205a7f1f1550cd636e1ca0e2c358c00002f00160301085e0b00085a0008570003a6308203
a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355
040613024652310f300d060355040813065261646975733112301006035504071309536f6d65
776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886
f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d457861
6d706c6520436572746966696361746520417574686f72697479
     EAP-Message =
0x301e170d3132303130353139303230355a170d3133303130343139303230355a307c310b30
09060355040613024652310f300d0603550408130652616469757331153013060355040a130c
4578616d706c6520496e632e312330210603550403131a4578616d706c652053657276657220
43657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d
706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a028201
0100de6164aad9c1017d9e98efb9c6b0c22b8ac67c9da076bab014fcbb499f62f405430309f1
09065166a303815b81ec1bb015e964c845f625c8b22fc19d1543
     EAP-Message =
0x69b92fae983c34835cf9928df6143e9bf749f2debeb406522c840f4b3c3163099857afed26
5426d4208a8e19876c026e2460eaacab04d5e1c2e73b2739ce3fce6db86491016a9b4f4c1b29
34f539c3068506092806e0abaae82fa7285df21ca67eafe88ba1d263f7268841e0d360609e89
80790063d1197fca1597291bd4433561f36a8e570ea6a530ebf5cc969652d3f09dc1b16bf3b0
589f2816056070890f9af6eb9fb1484ba2759bff63410b828f487ecfbccb3f998f93a5b04bcb
f7619c564b0203010001a317301530130603551d25040c300a06082b06010505070301300d06
092a864886f70d010105050003820101003cb3a57f3a4b668e76
     EAP-Message =
0x1f26585c44e14542441630ef39baf247bbbc44c9fa9c0e212f0bebe931803bc2ff7e058a58
a1b9a219f9899b7faaa5edb3bd02ba2f68b10bb50d51f29c9172c0ca063b3a13f99ce28d1ebf
2df3f4210152202f8b50b0e94fcbb3b5e740f0b9943cc6d7966e568649d0b616a2d9dbd63563
414ec7e9e8b792832b90a8d3f01a2d5afa4ba26e1410935f2fd919bc7ee4ac3406c3c8d21a3e
caa0bd4e3c3728f086e8aaa420188e48c67a0f4a59f1f6220857af62cd2392092d87f3527ef3
7899541dff209215d90cd8f317acfa273945baad0b14e5678ccb9b00c1a599ae17894420d173
93cf6d095719d342ba1d941811223e64ab9d0b8d0004ab308204
     EAP-Message = 0xa73082038fa0030201020209
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xee37a64fec33b355d3718fb2df57c86c
(3) Finished request 3.
Waking up in 0.1 seconds.
rad_recv: Access-Request packet from host 10.97.0.51 port 49154, id=0,
length=229
     User-Name = "{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM"
     NAS-IP-Address = 10.97.0.51
     NAS-Port-Type = Wireless-802.16
     NAS-Port = 1
     Calling-Station-Id = "\000\020\347a\r\226"
     NAS-Identifier = "001001003000096000"
     WiMAX-GMT-Timezone-offset = 0
     Framed-MTU = 1490
     Service-Type = Framed-User
     State = 0xee37a64fec33b355d3718fb2df57c86c
     WiMAX-Release = "1.0"
     WiMAX-Accounting-Capabilities = IP-Session-Based
     WiMAX-BS-Id = 0x303031303031303033303030303936303030
     EAP-Message = 0x020400061500
     Message-Authenticator = 0xd9761a90cc87c962fd3b1d9ba3d5c37b
(4) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(4)   group authorize {
(4)  - entering group authorize {...}
(4)   [preprocess] = ok
(4)   [chap] = noop
(4)   [mschap] = noop
(4)   [digest] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to 00-10-e7-61-0d-96
(4)   [wimax] = ok
(4) suffix : Looking up realm "WIMAX.COM" for User-Name =
"{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM"
(4) suffix : No such realm "WIMAX.COM"
(4)   [suffix] = noop
(4) eap : EAP packet type response id 4 length 6
(4) eap : Continuing tunnel setup.
(4)   [eap] = ok
(4) Found Auth-Type = EAP
(4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(4)   group authenticate {
(4)  - entering group authenticate {...}
(4) eap : Request found, released from the list
(4) eap : EAP/ttls
(4) eap : processing type ttls
(4) ttls : Authenticate
(4) ttls : processing EAP-TLS
(4) ttls : Received TLS ACK
(4) ttls : Received TLS ACK
(4) ttls : ACK handshake fragment handler
(4) ttls : eaptls_verify returned 1
(4) ttls : eaptls_process returned 13
(4)   [eap] = handled
Sending Access-Challenge of id 0 to 10.97.0.51 port 49154
     EAP-Message =
0x0105040015c00000089b00f7aba20691b7a87b300d06092a864886f70d0101050500308193
310b3009060355040613024652310f300d060355040813065261646975733112301006035504
071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e312030
1e06092a864886f70d010901161161646d696e406578616d706c652e636f6d31263024060355
0403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d31
32303130353139303230355a170d3133303130343139303230355a308193310b300906035504
0613024652310f300d0603550408130652616469757331123010
     EAP-Message =
0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e
632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126
30240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
30820122300d06092a864886f70d01010105000382010f003082010a0282010100bc30533f96
a0877a3280b984b05dd556c5e33278566f1eaba558868fc2260fd162f73679a4fb97ef499d73
434ee850cd698de202197a9417c73e613c7a32e9246d979c7cdba7e1cc8b24eb9760fece85a3
1680a58f4626b89e4b11f86c4ccb9e28ff7728a9e230f0a72da7
     EAP-Message =
0x7fd3d2beed58c0263c6044fe8459aca3c1e51f9a95ecdf123ed4b783576dfdcd35cc6f14f3
e70902a05fd0b3e069ffbf26eba77e4b01eb9f0892c8affdf80ec03ba2aa1268edb54f349e95
2c03efbf3e44a2d2517e174a5c0db20e703ce797dd98a1e1415b3654e0cc68a6a335f3905bb9
3fe92f146f97b6f1cde8dce4f134cf2bf73db5869a9fd31adc0ad68c23eb7a688e20a3d70203
010001a381fb3081f8301d0603551d0e04160414c6f2b33fb54c9b615f9cc261e48adbd7c651
f5253081c80603551d230481c03081bd8014c6f2b33fb54c9b615f9cc261e48adbd7c651f525
a18199a48196308193310b3009060355040613024652310f300d
     EAP-Message =
0x060355040813065261646975733112301006035504071309536f6d65776865726531153013
060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d01090116116164
6d696e406578616d706c652e636f6d312630240603550403131d4578616d706c652043657274
6966696361746520417574686f72697479820900f7aba20691b7a87b300c0603551d13040530
030101ff300d06092a864886f70d01010505000382010100b0c9953dd9df2ffa112823d7ceca
2bc90bcbe5463161632adfc8d8d86cbc21fa90c3ba769392a4fee11dc2d1f834b44d9fd40f02
64f06f657e039352e59e6946c57b0b7723ec446f1ca0f6616cb1
     EAP-Message = 0xf882cb62abfb0d6232ed28a9
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xee37a64fed32b355d3718fb2df57c86c
(4) Finished request 4.
Waking up in 0.1 seconds.
Waking up in 0.1 seconds.
rad_recv: Access-Request packet from host 10.97.0.51 port 49154, id=1,
length=229
     User-Name = "{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM"
     NAS-IP-Address = 10.97.0.51
     NAS-Port-Type = Wireless-802.16
     NAS-Port = 1
     Calling-Station-Id = "\000\020\347a\r\226"
     NAS-Identifier = "001001003000096000"
     WiMAX-GMT-Timezone-offset = 0
     Framed-MTU = 1490
     Service-Type = Framed-User
     State = 0xee37a64fed32b355d3718fb2df57c86c
     WiMAX-Release = "1.0"
     WiMAX-Accounting-Capabilities = IP-Session-Based
     WiMAX-BS-Id = 0x303031303031303033303030303936303030
     EAP-Message = 0x020500061500
     Message-Authenticator = 0xef737a5a4bd7ccef3fc0193c76fed73d
(5) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(5)   group authorize {
(5)  - entering group authorize {...}
(5)   [preprocess] = ok
(5)   [chap] = noop
(5)   [mschap] = noop
(5)   [digest] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to 00-10-e7-61-0d-96
(5)   [wimax] = ok
(5) suffix : Looking up realm "WIMAX.COM" for User-Name =
"{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM"
(5) suffix : No such realm "WIMAX.COM"
(5)   [suffix] = noop
(5) eap : EAP packet type response id 5 length 6
(5) eap : Continuing tunnel setup.
(5)   [eap] = ok
(5) Found Auth-Type = EAP
(5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(5)   group authenticate {
(5)  - entering group authenticate {...}
(5) eap : Request found, released from the list
(5) eap : EAP/ttls
(5) eap : processing type ttls
(5) ttls : Authenticate
(5) ttls : processing EAP-TLS
(5) ttls : Received TLS ACK
(5) ttls : Received TLS ACK
(5) ttls : ACK handshake fragment handler
(5) ttls : eaptls_verify returned 1
(5) ttls : eaptls_process returned 13
(5)   [eap] = handled
Sending Access-Challenge of id 1 to 10.97.0.51 port 49154
     EAP-Message =
0x010600b915800000089b3d2597e37be612302c51251c809caf06efe13344d68deb5cfd8abb
b0ccb8daabe346f1179e51544bb2960cedde88c033d1f68539aaad5f0078a4144e8441407e8f
86570400d136f23320d86712d4dbd9887b5d892b7bf71c7fc3862e967c7f8cbfe752971cd38a
7a895000823e4166edfe4442df305d728337b4dcd7e4f6d7be981bf5e48730b79fb5500dd8da
4ad2db24cda20ad7723b61dd6526cb5d5f724d15c1d73eef0c16030100040e000000
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xee37a64fea31b355d3718fb2df57c86c
(5) Finished request 5.
Waking up in 0.1 seconds.
Waking up in 0.1 seconds.
Waking up in 4.0 seconds.
rad_recv: Access-Request packet from host 10.97.0.51 port 49154, id=2,
length=557
     User-Name = "{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM"
     NAS-IP-Address = 10.97.0.51
     NAS-Port-Type = Wireless-802.16
     NAS-Port = 1
     Calling-Station-Id = "\000\020\347a\r\226"
     NAS-Identifier = "001001003000096000"
     WiMAX-GMT-Timezone-offset = 0
     Framed-MTU = 1490
     Service-Type = Framed-User
     State = 0xee37a64fea31b355d3718fb2df57c86c
     WiMAX-Release = "1.0"
     WiMAX-Accounting-Capabilities = IP-Session-Based
     WiMAX-BS-Id = 0x303031303031303033303030303936303030
     EAP-Message =
0x0206014c15001603010106100001020100493f1128088cfc52ecfd1411ff5ee55bdf4db01f
3fa627cbb785e8bcedff936f3185525d6329b86ba0ef71f41ee7bc889415afa4bc101422f84a
68222001fb7cc2f44b26f86ec65a4047ec69a24f1fd60e6fd234d63befb8ae166731c4aec4db
e4fd1c693136679c6b4094bb218908df95caa0ff8ca6d747bb19ba0d6f5471a7ff30d60ebd89
37b3ddc561603cf7ef7a316f04044062efb1eccc1b561f6f1f7ad03e62ac3d439c4de799b4f8
ba7000f7dcf1c0c6ba15dfdc591d6f82bb112155a8d337f82658c15f9485a363afefb03e0232
23bdfce2c84e1deb738d1806b90fea9c69bf5b2173125b529224
     EAP-Message =
0x0edc306e48ce048e02c2add34f74027fdcfb6e271403010001011603010030ea083b041af2
12a12ae8ffbd04ad129aad64aa9b57e6b0c8a6bcf22be74cababaaa5c3bcd230bab51d055fee
3380a470
     Message-Authenticator = 0x5397dd3676e023551a225bcd4c9b4841
(6) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(6)   group authorize {
(6)  - entering group authorize {...}
(6)   [preprocess] = ok
(6)   [chap] = noop
(6)   [mschap] = noop
(6)   [digest] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to 00-10-e7-61-0d-96
(6)   [wimax] = ok
(6) suffix : Looking up realm "WIMAX.COM" for User-Name =
"{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM"
(6) suffix : No such realm "WIMAX.COM"
(6)   [suffix] = noop
(6) eap : EAP packet type response id 6 length 253
(6) eap : Continuing tunnel setup.
(6)   [eap] = ok
(6) Found Auth-Type = EAP
(6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(6)   group authenticate {
(6)  - entering group authenticate {...}
(6) eap : Request found, released from the list
(6) eap : EAP/ttls
(6) eap : processing type ttls
(6) ttls : Authenticate
(6) ttls : processing EAP-TLS
(6) ttls : eaptls_verify returned 7
(6) ttls : Done initial handshake
(6) ttls :<<<  TLS 1.0 Handshake [length 0106], ClientKeyExchange
(6) ttls :     TLS_accept: SSLv3 read client key exchange A
(6) ttls :<<<  TLS 1.0 ChangeCipherSpec [length 0001]
(6) ttls :<<<  TLS 1.0 Handshake [length 0010], Finished
(6) ttls :     TLS_accept: SSLv3 read finished A
(6) ttls :>>>  TLS 1.0 ChangeCipherSpec [length 0001]
(6) ttls :     TLS_accept: SSLv3 write change cipher spec A
(6) ttls :>>>  TLS 1.0 Handshake [length 0010], Finished
(6) ttls :     TLS_accept: SSLv3 write finished A
(6) ttls :     TLS_accept: SSLv3 flush data
(6) ttls :     (other): SSL negotiation finished successfully
SSL Connection Established
(6) ttls : eaptls_process returned 13
(6)   [eap] = handled
Sending Access-Challenge of id 2 to 10.97.0.51 port 49154
     EAP-Message =
0x0107004515800000003b14030100010116030100304d77d31f3558219cd2d5d05b8c42db32
a2ce0d6bd1da6e97e38197f17d4eac78e578974e0c3354ea36b515b5476332ab
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xee37a64feb30b355d3718fb2df57c86c
(6) Finished request 6.
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 10.97.0.51 port 49154, id=3,
length=378
     User-Name = "{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM"
     NAS-IP-Address = 10.97.0.51
     NAS-Port-Type = Wireless-802.16
     NAS-Port = 1
     Calling-Station-Id = "\000\020\347a\r\226"
     NAS-Identifier = "001001003000096000"
     WiMAX-GMT-Timezone-offset = 0
     Framed-MTU = 1490
     Service-Type = Framed-User
     State = 0xee37a64feb30b355d3718fb2df57c86c
     WiMAX-Release = "1.0"
     WiMAX-Accounting-Capabilities = IP-Session-Based
     WiMAX-BS-Id = 0x303031303031303033303030303936303030
     EAP-Message =
0x0207009b15001703010090a94a44a2a1a24b0a0392b385be4c524085fc4dfb58cfba7623fc
7c790c2d41fc76e98554be526ca2c8006d0a629f426c5d5c33fe724c6ca3081b7c85e42a4d26
5a64e46174b8351f823a47031ffb562df9f92c6215742d6a8bde1501cbd573142fc18b05197c
eb050886a163d0984703554fb9281a249d8037c2e80197f4fc14eca539d1dfa4058805d16490
ba6e92cd
     Message-Authenticator = 0x0ea984d0f33d209c0596706209586ebe
(7) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(7)   group authorize {
(7)  - entering group authorize {...}
(7)   [preprocess] = ok
(7)   [chap] = noop
(7)   [mschap] = noop
(7)   [digest] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to 00-10-e7-61-0d-96
(7)   [wimax] = ok
(7) suffix : Looking up realm "WIMAX.COM" for User-Name =
"{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM"
(7) suffix : No such realm "WIMAX.COM"
(7)   [suffix] = noop
(7) eap : EAP packet type response id 7 length 155
(7) eap : Continuing tunnel setup.
(7)   [eap] = ok
(7) Found Auth-Type = EAP
(7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(7)   group authenticate {
(7)  - entering group authenticate {...}
(7) eap : Request found, released from the list
(7) eap : EAP/ttls
(7) eap : processing type ttls
(7) ttls : Authenticate
(7) ttls : processing EAP-TLS
(7) ttls : eaptls_verify returned 7
(7) ttls : Done initial handshake
(7) ttls : eaptls_process returned 7
(7) ttls : Session established.  Proceeding to decode tunneled attributes.
(7) ttls : Got tunneled request
     User-Name = "wimax1 at WIMAX.COM"
     MS-CHAP-Challenge = 0x4ff634da70572b920e78e38be8977202
     MS-CHAP2-Response =
0x6c00bb3a20c2232fc139ef8b9c65b557b75400000000000000005bc93665692787af9c594f
c9bc1c22709773fbba940e5ba8
     FreeRADIUS-Proxied-To = 127.0.0.1
(7) ttls : Sending tunneled request
     User-Name = "wimax1 at WIMAX.COM"
     MS-CHAP-Challenge = 0x4ff634da70572b920e78e38be8977202
     MS-CHAP2-Response =
0x6c00bb3a20c2232fc139ef8b9c65b557b75400000000000000005bc93665692787af9c594f
c9bc1c22709773fbba940e5ba8
     FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
(7) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
(7)   group authorize {
(7)  - entering group authorize {...}
(7)   [chap] = noop
(7) mschap : Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
(7)   [mschap] = ok
(7) suffix : Looking up realm "WIMAX.COM" for User-Name = "wimax1 at WIMAX.COM"
(7) suffix : No such realm "WIMAX.COM"
(7)   [suffix] = noop
(7)   update control {
(7)   } # update control = noop
(7) eap : No EAP-Message, not doing EAP
(7)   [eap] = noop
(7) files : users: Matched entry wimax1 at WIMAX.COM at line 4
(7)   [files] = ok
(7)   [expiration] = noop
(7)   [logintime] = noop
(7) pap : WARNING: Auth-Type already set.  Not setting to PAP
(7)   [pap] = noop
(7) Found Auth-Type = MSCHAP
(7) # Executing group from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
(7)   group MS-CHAP {
(7)  - entering group MS-CHAP {...}
(7) mschap : Creating challenge hash with username: wimax1 at WIMAX.COM
(7) mschap : Told to do MS-CHAPv2 for wimax1 at WIMAX.COM with NT-Password
(7) mschap : adding MS-CHAPv2 MPPE keys
(7)   [mschap] = ok
(7)   WARNING: Empty post-auth section.  Using default return values.
(7) # Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
} # server inner-tunnel
(7) ttls : Got tunneled reply code 2
     Filter-Id = "SP=sp1:MSF=msf1;SP=sp_data_eth:MSF=msf_data_eth;"
     Session-Timeout = 1200
     Termination-Action = RADIUS-Request
     MS-CHAP2-Success =
0x6c533d30413343343445383339364636373237324330443444433632433932413444393239
444146314633
     MS-MPPE-Recv-Key = 0x9efd76988038d3ccf4f6ab6aa211af6c
     MS-MPPE-Send-Key = 0x2b74cab7d6bdc6e763f480864a5c581b
     MS-MPPE-Encryption-Policy = Encryption-Allowed
     MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(7) ttls : Got tunneled Access-Accept
(7) ttls : Got MS-CHAP2-Success, tunneling it to the client in a challenge.
(7)   [eap] = handled
Sending Access-Challenge of id 3 to 10.97.0.51 port 49154
     EAP-Message =
0x0108005f158000000055170301005062cd34a1fec097a2061cc98ee4632f597a42ed4cd80a
2d7a7e84c06929acba192114c44395bb6e676d6529843c7618fe2ebe29a179e7ed8f1cfa6692
e8c775760daca68609f7893158eef62a49fba9eb
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xee37a64fe83fb355d3718fb2df57c86c
(7) Finished request 7.
Waking up in 0.1 seconds.
Waking up in 0.1 seconds.
rad_recv: Access-Request packet from host 10.97.0.51 port 49154, id=4,
length=229
     User-Name = "{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM"
     NAS-IP-Address = 10.97.0.51
     NAS-Port-Type = Wireless-802.16
     NAS-Port = 1
     Calling-Station-Id = "\000\020\347a\r\226"
     NAS-Identifier = "001001003000096000"
     WiMAX-GMT-Timezone-offset = 0
     Framed-MTU = 1490
     Service-Type = Framed-User
     State = 0xee37a64fe83fb355d3718fb2df57c86c
     WiMAX-Release = "1.0"
     WiMAX-Accounting-Capabilities = IP-Session-Based
     WiMAX-BS-Id = 0x303031303031303033303030303936303030
     EAP-Message = 0x020800061500
     Message-Authenticator = 0xf409f172ed2561c15ab0cbef54e4d1a2
(8) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(8)   group authorize {
(8)  - entering group authorize {...}
(8)   [preprocess] = ok
(8)   [chap] = noop
(8)   [mschap] = noop
(8)   [digest] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to 00-10-e7-61-0d-96
(8)   [wimax] = ok
(8) suffix : Looking up realm "WIMAX.COM" for User-Name =
"{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM"
(8) suffix : No such realm "WIMAX.COM"
(8)   [suffix] = noop
(8) eap : EAP packet type response id 8 length 6
(8) eap : Continuing tunnel setup.
(8)   [eap] = ok
(8) Found Auth-Type = EAP
(8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(8)   group authenticate {
(8)  - entering group authenticate {...}
(8) eap : Request found, released from the list
(8) eap : EAP/ttls
(8) eap : processing type ttls
(8) ttls : Authenticate
(8) ttls : processing EAP-TLS
(8) ttls : Received TLS ACK
(8) ttls : Received TLS ACK
(8) ttls : ACK handshake is finished
(8) ttls : eaptls_verify returned 3
(8) ttls : eaptls_process returned 3
(8) ttls : Using saved attributes from the original Access-Accept
(8) eap : Freeing handler
(8)   [eap] = ok
(8) # Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/default
(8)   group post-auth {
(8)  - entering group post-auth {...}
(8)   [exec] = noop
(8)   update request {
(8)     expand: %{User-Name} ->
{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM
(8)   } # update request = noop
(8)   update reply {
(8)     expand: %{EAP-MSK} ->
(8)   } # update reply = noop
(8) wimax : MIP-RK =
0xa2cd93eabee4a9a935f0933e2f37c957da9234590d87e33821a353a732f73a28696ae2171e
51289b41207e8558e941db6193526d4f6b70ebc740e44c08cae189
(8) wimax : MIP-SPI = d57e2db6
(8) wimax : WARNING: WiMAX-IP-Technology not found in reply.
(8) wimax : WARNING: Not calculating MN-HA keys
(8)   [wimax] = updated
(8)    policy remove_reply_message_if_eap {
(8)   - entering policy remove_reply_message_if_eap {...}
(8)    ? if (reply:EAP-Message&&  reply:Reply-Message)
(8) ? Evaluating (reply:EAP-Message ) ->  TRUE
(8) ? Evaluating (reply:Reply-Message) ->  FALSE
(8)    ? if (reply:EAP-Message&&  reply:Reply-Message) ->  FALSE
(8)     else else {
(8)    - entering else else {...}
(8)     [noop] = noop
(8)    - else else returns noop
(8)   - policy remove_reply_message_if_eap returns noop
Sending Access-Accept of id 4 to 10.97.0.51 port 49154
     EAP-Message = 0x03080004
     Message-Authenticator = 0x00000000000000000000000000000000
     User-Name = "{am=1}8ea39298d98b6189e0aad92594970151 at WIMAX.COM"
     WiMAX-FA-RK-Key = 0x9081b1490484318c46d65476645a3ea806798046
     WiMAX-MSK = 0x
WARNING: Skipping zero-length attribute WiMAX-MSK
     WiMAX-MSK =
0x0d156b72753d155483788273ff85ed2c67c724fc8e5cbcacee65caeaf5cfff7c62b3f42371
331bc2efc2694834c80ad4ba4fe730f9b434c4726a22b5c2c39ecb
     WiMAX-FA-RK-SPI = 3056434901
(8) Finished request 8.
Waking up in 0.1 seconds.
Waking up in 0.1 seconds.
Waking up in 3.3 seconds.
(1) Cleaning up request packet ID 253 with timestamp +48 Waking up in 0.1
seconds.
(2) Cleaning up request packet ID 254 with timestamp +48 Waking up in 0.1
seconds.
(3) Cleaning up request packet ID 255 with timestamp +48 Waking up in 0.1
seconds.
(4) Cleaning up request packet ID 0 with timestamp +48 Waking up in 0.1
seconds.
(5) Cleaning up request packet ID 1 with timestamp +48 Waking up in 0.3
seconds.
(6) Cleaning up request packet ID 2 with timestamp +49 Waking up in 0.1
seconds.
(7) Cleaning up request packet ID 3 with timestamp +49 Waking up in 0.1
seconds.
(8) Cleaning up request packet ID 4 with timestamp +49 Ready to process
requests.


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list