[RADIATOR] Radiator config for Alvarion WiMAX?
Hugh Irvine
hugh at open.com.au
Thu Dec 10 23:44:17 CST 2009
Hello Louis -
Thanks for sending the configuration file and debug log.
As you mention, it appears that Radiator is sending a TTLS challenge, but then hears nothing further.
Can you send us a copy of the configuration file using the AuthBy FILE and the successful debug?
thanks and regards
Hugh
On 11 Dec 2009, at 00:32, Louis Twomey wrote:
> Hi,
> I am trying to get a new install of Radiator v4.5.1 to authenticate Alvarion
> WiMAX kit. My radius.cfg is almost identical to goodies/wimax.cfg but with some
> minor localised settings. Testing with goodies/wimaxtest is successful, but
> testing from the WiMAX kit (using TTLS+MSCHAPv2, with the same username and
> password that work with wimaxtest) seems to fail before the SSL tunnel is
> successfully established during authentication.
>
> I have verified that the WiMAX kit is happy with the default dummy/test
> certificate that I am using, by testing authentication against "AuthBy FILE" -
> in that scenario I can see the SSL tunnel being established and the internal
> identity being extracted and successfully verified.
>
> Has anyone successfully used goodies/wimax.cfg with Alvarion WiMAX kit, or does
> the Alvarion kit require alternative/additional settings? Radiator is new to me
> so perhaps I am missing something obvious.
>
> I have attached a copy of my radius.cfg and a trace 4 debug of a failed
> session. Thanks in advance for any help or advice.
>
> Regards,
> Louis Twomey.
> --
> HEAnet Limited louis.twomey at heanet.ie
> 5 George's Dock, IFSC, Dublin 1 Tel: +353-1-6609040
> Web: http://www.heanet.ie Fax: +353-1-6603666
> Registered in Ireland, no 275301 PGP key: C77D9256
>
> --- Please consider the environment before printing this e-mail ---
> # wimax.cfg
> #
> # Example Radiator configuration file.
> # This very simple file will allow you to get started with
> # a simple WiMAX system. You can then add and change features.
> # We suggest you start simple, prove to yourself that it
> # works and then develop a more complicated configuration.
> Foreground
> LogStdout
> LogDir .
> DbDir .
> # User a lower trace level in production systems:
> Trace 4
>
> # AuthPort specifies the port to list on for authentication requests
> # Can be a numeric port number or a service name from /etc/services
> # Defaults to 1645. You can specify multiple comma-separated ports
> AuthPort 1812
>
> # AcctPort specifies the port to list on for accounting requests
> # Can be a numeric port number or a service name from /etc/services
> # Defaults to 1646. You can specify multiple comma-separated ports
> AcctPort 1813
>
> # On Unix you can control the actual user that the server runs as
> # provided it starts as a suitable priveleged user. You can specifiy
> # unix user name or UID here
> #User radius
> # or group name/GID
> #Group radius
>
>
> # You will probably want to add other Clients to suit your site,
> # one for each NAS you want to work with
> <Client 1.1.1.1>
> Secret secret
> DupInterval 0
> </Client>
>
> <Client DEFAULT>
> Secret mysecret
> DupInterval 0
> </Client>
>
>
> # This works with the sample SQL tables created by
> # goodies/wimax.sql
> # test with goodies/wimaxtest as a simple test client
> <Realm DEFAULT>
> # Implement MS Revocation List using a table in the SQL database
> # Other modules such as SQl can be used. Required by Alcatel-Lucent
> AuthByPolicy ContinueWhileAccept
> <AuthBy SQL>
> # Details for accessing the SQL database that contains
> # user/device passwords, Device-Sessions etc.
> # This should match the username created in wimax.sql
> DBSource dbi:mysql:wimax
> DBUsername mikem
> DBAuth fred
> NoEAP
> Blacklist
> AuthenticateAttribute Calling-Station-Id
> AuthSelect select reason from blacklist where nai=%0
> </AuthBy>
>
> <AuthBy WIMAX>
> # Details for accessing the SQL database that contains
> # user/device passwords, Device-Sessions etc.
> # This should match the username created in wimax.sql
> DBSource dbi:mysql:wimax
> DBUsername mikem
> DBAuth fred
>
> # The max lifetime of eack key, in seconds.
> # Defaults to 3600 seconds (1 hour)
> #KeyLifetime 3600
>
> # If WiMAX-DHCPv4-Server or WiMAX-DHCPv6-Server are set
> # in the reply, AuthBY WIMAX wil automatically generate
> # a DHCP key for that address, and wil provide that key
> # if the DHCP server later asks for it
> AddToReplyIfNotExist WiMAX-DHCPv4-Server=1.2.3.4
>
> # Indicates whether to honour various hotlining options
> # If any are set, and the subscription has a hotlineprofile
> # then appropriate columns will be returned from the
> # hotlineprofiles table
> # They are also used to set the Hotlining capabilities
> # in WiMAX-Capability
> ProfileHotlining
> #RulebasedHotlining
> HTTPRedirectionHotlining
> IPRedirectionHotlining
>
> # WiMAX is required to handle at least TTLS
> # We can handle any tpe that generates MSK and EMSK
> EAPType TTLS, TLS, PEAP, MSCHAP-V2, PSK, PAX, FAST, SIM, AKA
> EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> EAPTLS_CertificateFile %D/certificates/cert-srv.pem
> EAPTLS_CertificateType PEM
> EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
> EAPTLS_PrivateKeyPassword whatever
>
> # Try to match a certificate CN against an attribute in the
> # incoming request. If matched, return the match else undef
> # Called like EAPTLS_CommonNameHook($cn, $username, $identity, $p)
> # This example attempts to match the CN against the
> # Calling-Station-Id, as rewuired by some WiMAX devices.
> # EAPTLS_CommonNameHook sub {my $cn = $_[0]; my $p = $_[3]; return $cn if $cn eq $p->get_attr('Calling-Station-Id'); return undef;}
>
> # IF HAPassword is defined, the the HA must send this password
> # in requests sent to this HAAA. The HA must be configured to
> # send this password, otherwise its requests will be REJECTed
> # HAPassword mysecret
>
> # You can alter the authentication query with AuthSelect, and
> # process extra columns with AuthColumnDef. Replies attrs
> # WiMAX-Packet-Flow-Descriptor and WiMAX-QoS-Descriptor will be
> # converted from ASCII to binary format.
> #AuthSelect select subscription.psk, subscription.cui, subscription.hotlineprofile, replyprofile.reply from subscription,replyprofile where subscription.nai=? and replyprofile.profile=subscription.replyprofile
> #AuthColumnDef 3,GENERIC,reply
>
> # You can add support for simple accounting using
> # AcctSQLStatement the same as AuthBy SQL
> #AccountingTable ACCOUNTING
> #AcctColumnDef USERNAME,User-Name
> # etc....
>
> # You can customise other SQL queries using during WiMAX
> # processing with GetCachedKeyQuery, GetHotlineProfileQuery,
> # GetQosProfileQuery.
>
> # MSKInMPPEKeys Forces the MSK to be encoded in
> # MS-MPPE-Send-Key and MS-MPPE-Recv-Key, as well as
> # the usual WiMAX-MSK reply attributes. This is required
> # by some non-compliant clients, such as some Alcatel-Lucent
> # devices.
> #MSKInMPPEKeys 1
> </AuthBy>
>
> </Realm>
>
> Thu Dec 10 12:34:02 2009: DEBUG: Finished reading configuration file '/usr/local/etc/raddb/radius.cfg'
> Thu Dec 10 12:34:02 2009: DEBUG: Reading dictionary file './dictionary'
> Thu Dec 10 12:34:02 2009: DEBUG: Creating authentication port 0.0.0.0:1812
> Thu Dec 10 12:34:02 2009: DEBUG: Creating accounting port 0.0.0.0:1813
> Thu Dec 10 12:34:02 2009: NOTICE: Server started: Radiator 4.5.1 on myserver (LOCKED)
> Thu Dec 10 12:34:09 2009: DEBUG: Packet dump:
> *** Received from 1.1.1.1 port 1814 ....
> Code: Access-Request
> Identifier: 0
> Authentic: @<143><196><8><8><183><16>V<232>-<22><129><208><215><14>K
> Attributes:
> User-Name = "{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie"
> EAP-Message = <2><1><0>8<1>{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie
> Message-Authenticator = &97<6><173><161><9>7<7><218><19><176>V<194><149><2>
> NAS-Identifier = "NPU"
> NAS-IP-Address = 2.2.2.2
> Calling-Station-Id = "XX-XX-XX-XX-XX-7A"
> WiMAX-BS-ID = <1><2><3><0><0><3>
> NAS-Port-Type = Wireless-IEEE-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-Offset = 0
> Proxy-State = 170
> Proxy-State = 80
>
> Thu Dec 10 12:34:09 2009: DEBUG: Handling request with Handler 'Realm=DEFAULT'
> Thu Dec 10 12:34:09 2009: DEBUG: Deleting session for {am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie, 2.2.2.2,
> Thu Dec 10 12:34:09 2009: DEBUG: Handling with Radius::AuthSQL:
> Thu Dec 10 12:34:09 2009: DEBUG: Handling with Radius::AuthSQL:
> Thu Dec 10 12:34:09 2009: DEBUG: Query is: 'select reason from blacklist where nai='XX-XX-XX-XX-XX-7A'':
> Thu Dec 10 12:34:09 2009: DEBUG: Radius::AuthSQL looks for match with XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
> Thu Dec 10 12:34:09 2009: DEBUG: Radius::AuthSQL REJECT: No such user: XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
> Thu Dec 10 12:34:09 2009: DEBUG: Query is: 'select reason from blacklist where nai='DEFAULT'':
> Thu Dec 10 12:34:09 2009: DEBUG: AuthBy SQL result: ACCEPT, No such user
> Thu Dec 10 12:34:09 2009: DEBUG: Handling with Radius::AuthWIMAX:
> Thu Dec 10 12:34:09 2009: DEBUG: Handling with Radius::AuthWIMAX:
> Thu Dec 10 12:34:09 2009: DEBUG: Handling with EAP: code 2, 1, 56, 1
> Thu Dec 10 12:34:09 2009: DEBUG: Response type 1
> Thu Dec 10 12:34:10 2009: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Dec 10 12:34:10 2009: DEBUG: AuthBy WIMAX result: CHALLENGE, EAP TTLS Challenge
> Thu Dec 10 12:34:10 2009: DEBUG: Access challenged for XX-XX-XX-XX-XX-7A: EAP TTLS Challenge
> Thu Dec 10 12:34:10 2009: DEBUG: Packet dump:
> *** Sending to 1.1.1.1 port 1814 ....
> Code: Access-Challenge
> Identifier: 0
> Authentic: -<219>$<147>65<136><23>W<194><185><137><242>YKL
> Attributes:
> EAP-Message = <1><2><0><6><21>
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 170
> Proxy-State = 80
>
> Thu Dec 10 12:34:10 2009: DEBUG: Packet dump:
> *** Received from 1.1.1.1 port 1814 ....
> Code: Access-Request
> Identifier: 1
> Authentic: <166><241><27>7<4>=<202><171>F<160><8><250>3<199><26><164>
> Attributes:
> User-Name = "{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie"
> EAP-Message = <2><2><0><140><21><0><22><3><1><0><129><1><0><0>}<3><1>G<164><212><214><254><3><253><139>B0f<221><220>y<210><7><210><1>~\<192><168><130><163><245>F<193><237><164>}#<254> <154><152>E<143><17><175><218><31><148><1>6<11><14><137><192>d<129><218>U)v<162><231><240><191>6iFa<198><215><177><0>6<0>9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/<0><7><0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0><17><0><8><0><6><0><3><1><0>
> Message-Authenticator = <138><207>ekI<158><193>c<143><206>H<14><181>6<13><142>
> NAS-Identifier = "NPU"
> NAS-IP-Address = 2.2.2.2
> Calling-Station-Id = "XX-XX-XX-XX-XX-7A"
> WiMAX-BS-ID = <1><2><3><0><0><3>
> NAS-Port-Type = Wireless-IEEE-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-Offset = 0
> Proxy-State = 171
> Proxy-State = 242
>
> Thu Dec 10 12:34:10 2009: DEBUG: Handling request with Handler 'Realm=DEFAULT'
> Thu Dec 10 12:34:10 2009: DEBUG: Deleting session for {am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie, 2.2.2.2,
> Thu Dec 10 12:34:10 2009: DEBUG: Handling with Radius::AuthSQL:
> Thu Dec 10 12:34:10 2009: DEBUG: Handling with Radius::AuthSQL:
> Thu Dec 10 12:34:10 2009: DEBUG: Query is: 'select reason from blacklist where nai='XX-XX-XX-XX-XX-7A'':
> Thu Dec 10 12:34:10 2009: DEBUG: Radius::AuthSQL looks for match with XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
> Thu Dec 10 12:34:10 2009: DEBUG: Radius::AuthSQL REJECT: No such user: XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
> Thu Dec 10 12:34:10 2009: DEBUG: Query is: 'select reason from blacklist where nai='DEFAULT'':
> Thu Dec 10 12:34:10 2009: DEBUG: AuthBy SQL result: ACCEPT, No such user
> Thu Dec 10 12:34:10 2009: DEBUG: Handling with Radius::AuthWIMAX:
> Thu Dec 10 12:34:10 2009: DEBUG: Handling with Radius::AuthWIMAX:
> Thu Dec 10 12:34:10 2009: DEBUG: Handling with EAP: code 2, 2, 140, 21
> Thu Dec 10 12:34:10 2009: DEBUG: Response type 21
> Thu Dec 10 12:34:10 2009: DEBUG: EAP TTLS data, 24576, 2, -1
> Thu Dec 10 12:34:10 2009: DEBUG: EAP TTLS SSL_accept result: -1, 2, 8576
> Thu Dec 10 12:34:10 2009: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Dec 10 12:34:10 2009: DEBUG: AuthBy WIMAX result: CHALLENGE, EAP TTLS Challenge
> Thu Dec 10 12:34:10 2009: DEBUG: Access challenged for XX-XX-XX-XX-XX-7A: EAP TTLS Challenge
> Thu Dec 10 12:34:10 2009: DEBUG: Packet dump:
> *** Sending to 1.1.1.1 port 1814 ....
> Code: Access-Challenge
> Identifier: 1
> Authentic: [<160><225><131>NVo<169>0<15><3><13>i<12>w6
> Attributes:
> EAP-Message = <1><3><7><188><21><128><0><0><7><178><22><3><1><0>J<2><0><0>F<3><1>K <234><194>I<155><249>A<227><176>d<193>`1<25><187>T<226>V<134><127><23>Et<128><17>]B<194><219>z<227> <160><18><204><130><211><208>O<151>C$<143>OA<251><4>$<132>w<189><221>9g<137><148>Q<151>I<132><127><14><251><15><0>5<0><22><3><1><7>U<11><0><7>Q<0><7>N<0><2><251>0<130><2><247>0<130><2>`<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><12><8>Victoria1<18>0<16><6><3>U<4><7><12><9>Melbourne1<30>0<28><6><3>U<4><10><12><21>OSC Demo Certificates1!0<31><6><3>U<4><11><12><24>Test Certificate Sec
> EAP-Message = tion1/0-<6><3>U<4><3><12>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>080114034256Z<23><13>100113034256Z0<129><158>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><12><8>Victoria1<18>0<16><6><3>U<4><7><12><9>Melbourne1<30>0<28><6><3>U<4><10><12><21>OSC Demo Certificates1!0<31><6><3>U<4><11><12><24>Test Certificate Section1%0#<6><3>U<4><3><12><28>t
> EAP-Message = est.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><205><161><30><136><181><243>B|<133>A~<193>E<170><159><190><231><179><25><207><203> I<218><28>%<217>/<11>b<242><185><255><202><178><235>Ok<229><13><219><240>v<13><10><174>F<243>e<222>q;<206><161><166>c<201>n<246>Y<168>AbKCM<165><150><134>;<13><176>9Y<171><30><18>=+c<151>]<218><145>):?<157><250><26><242><187>0?<31>1<31>G<3><176><181><152><166><207>@<167>B<155>I_<220>&]| <11>6<7><193>p<16><238>^,<242>d<200><235><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><29>%<151><218>|$x <127><16><7>e<167>)<240><209>d<246>?"
> EAP-Message = or7<166><151><240><143><157><154>3`[<200><12><180><17>r<139><180><243><148><7>4<194><141>e:<173><183>w<142><147><140><144>?!<253>b}<176><201><243>#j<254><188><28> s<214>U<143><17><1><209>KE<255><19><150>.<177>B+b<226><164><250><179><155><229>'<250>!3<223>?W<129><5><253><200>hO<145><179>@<184><164>~<133><158>)<237>"<246>@<206><234><25><239><3><224>O<232>t<147><235><0><4>M0<130><4>I0<130><3><178><160><3><2><1><2><2><9><0><190>J<223><236><255><245>@l0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><12><8>Victoria1<18>0<16><6><3>U<4><7><12><9>Melbourne1<30>0<28><6><3>U<4><10><12><21>OSC Demo Certificates1!0<31><6><3>U<4><11><12><24>Test
> EAP-Message = Certificate Section1/0-<6><3>U<4><3><12>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>080114034247Z<23><13>100113034247Z0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><12><8>Victoria1<18>0<16><6><3>U<4><7><12><9>Melbourne1<30>0<28><6><3>U<4><10><12><21>OSC Demo Certificates1!0<31><6><3>U<4><11><12><24>Test Certificate Sect
> EAP-Message = ion1/0-<6><3>U<4><3><12>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><221>F<219><167><208><171>f<250>+<156>[<26><25>Q9B<212><185><25><249><6><210><185><216><171>6<29>{..<24><198><152>$<180><138><238><216>m<238>X<191><169><249><149><207>"<224><212><240><176><204><172><230>$3&Yl<186><164>mT<21><129>'gQ<139><193><235>3<230><203>0<174><237><254><28>_<171>q<186>f<143><221><178><144><167>@<176><16><205><223><205>Z<235>)^+"<140><167><150><189>kQ.i<213>n<17>|H<248>jA!<197><130><198>J<175>N<226><17><225>!<2><3><1><0><1><163><130><1>30
> EAP-Message = <130><1>/0<29><6><3>U<29><14><4><22><4><20>D<17>o<145><21><19><197><198>jL<17>h<219><17><149><182><214><135><158><23>0<129><255><6><3>U<29>#<4><129><247>0<129><244><128><20>D<17>o<145><21><19><197><198>jL<17>h<219><17><149><182><214><135><158><23><161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><12><8>Victoria1<18>0<16><6><3>U<4><7><12><9>Melbourne1<30>0<28><6><3>U<4><10><12><21>OSC Demo Certificates1!0<31><6><3>U<4><11><12><24>Test Certificate Section1/0-<6><3>U<4><3><12>&OSC Test CA (do not use in production)1 0<30><6><9>
> EAP-Message = *<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130><9><0><190>J<223><236><255><245>@l0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><192>i<147><134>k<206>9<139><223>8SNlE}<219><29><173>OK<146><229>e<137>\<152><252><243><195><193><11>Y<203><234><193><243>&z<23>)[<24>D n<228><230><228><246>(2e<192>'K<218><143><161><224><131><203><193><159><155>A1^nS<176><191>R<20>WV<182><147>T<21><247><255><195><249>YZ<198>k<147><209>L<171><130><185><177><241>|<179>U<171><232><129><200><253><212><152><19>M<211>_<135>y<25><163><130><175><131><155>hh~<178>AQf<144><217>wM<22><3><1><0><4><14><0><0><0>
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 171
> Proxy-State = 242
>
> Thu Dec 10 12:34:20 2009: DEBUG: Packet dump:
> *** Received from 1.1.1.1 port 1814 ....
> Code: Access-Request
> Identifier: 2
> Authentic: <221><180><232><194><187>b<156><189><148><214><211>|U5(<24>
> Attributes:
> User-Name = "{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie"
> EAP-Message = <2><2><0><140><21><0><22><3><1><0><129><1><0><0>}<3><1>G<164><212><214><254><3><253><139>B0f<221><220>y<210><7><210><1>~\<192><168><130><163><245>F<193><237><164>}#<254> <154><152>E<143><17><175><218><31><148><1>6<11><14><137><192>d<129><218>U)v<162><231><240><191>6iFa<198><215><177><0>6<0>9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/<0><7><0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0><17><0><8><0><6><0><3><1><0>
> Message-Authenticator = <145><242><135><128><185>@<208>.<210><25><245>JI<155><169><8>
> NAS-Identifier = "NPU"
> NAS-IP-Address = 2.2.2.2
> Calling-Station-Id = "XX-XX-XX-XX-XX-7A"
> WiMAX-BS-ID = <1><2><3><0><0><3>
> NAS-Port-Type = Wireless-IEEE-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-Offset = 0
> Proxy-State = 171
> Proxy-State = 185
>
> Thu Dec 10 12:34:20 2009: DEBUG: Handling request with Handler 'Realm=DEFAULT'
> Thu Dec 10 12:34:20 2009: DEBUG: Deleting session for {am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie, 2.2.2.2,
> Thu Dec 10 12:34:20 2009: DEBUG: Handling with Radius::AuthSQL:
> Thu Dec 10 12:34:20 2009: DEBUG: Handling with Radius::AuthSQL:
> Thu Dec 10 12:34:20 2009: DEBUG: Query is: 'select reason from blacklist where nai='XX-XX-XX-XX-XX-7A'':
> Thu Dec 10 12:34:20 2009: DEBUG: Radius::AuthSQL looks for match with XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
> Thu Dec 10 12:34:20 2009: DEBUG: Radius::AuthSQL REJECT: No such user: XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
> Thu Dec 10 12:34:20 2009: DEBUG: Query is: 'select reason from blacklist where nai='DEFAULT'':
> Thu Dec 10 12:34:20 2009: DEBUG: AuthBy SQL result: ACCEPT, No such user
> Thu Dec 10 12:34:20 2009: DEBUG: Handling with Radius::AuthWIMAX:
> Thu Dec 10 12:34:20 2009: DEBUG: Handling with Radius::AuthWIMAX:
> Thu Dec 10 12:34:20 2009: DEBUG: Handling with EAP: code 2, 2, 140, 21
> Thu Dec 10 12:34:20 2009: DEBUG: Response type 21
> Thu Dec 10 12:34:20 2009: DEBUG: EAP TTLS data, 8576, 2, 2
> Thu Dec 10 12:34:20 2009: DEBUG: EAP TTLS SSL_accept result: -1, 2, 8576
> Thu Dec 10 12:34:20 2009: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Dec 10 12:34:20 2009: DEBUG: AuthBy WIMAX result: CHALLENGE, EAP TTLS Challenge
> Thu Dec 10 12:34:20 2009: DEBUG: Access challenged for XX-XX-XX-XX-XX-7A: EAP TTLS Challenge
> Thu Dec 10 12:34:20 2009: DEBUG: Packet dump:
> *** Sending to 1.1.1.1 port 1814 ....
> Code: Access-Challenge
> Identifier: 2
> Authentic: T<171>Y<246><214><152><6>!<12><13><23>r`<175>}<150>
> Attributes:
> EAP-Message = <1><3><0><6><21><0>
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 171
> Proxy-State = 185
>
> Thu Dec 10 12:34:20 2009: DEBUG: Packet dump:
> *** Received from 1.1.1.1 port 1814 ....
> Code: Access-Request
> Identifier: 3
> Authentic: 1<22>E<159><161><197><215>p<0>h<188><223>:|<247><140>
> Attributes:
> User-Name = "{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie"
> EAP-Message = <2><3><0><6><21><0>
> Message-Authenticator = <200><152><247><161>p<12>?<230><185><133><141>/<11><12>>$
> NAS-Identifier = "NPU"
> NAS-IP-Address = 2.2.2.2
> Calling-Station-Id = "XX-XX-XX-XX-XX-7A"
> WiMAX-BS-ID = <1><2><3><0><0><3>
> NAS-Port-Type = Wireless-IEEE-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-Offset = 0
> Proxy-State = 172
> Proxy-State = 223
>
> Thu Dec 10 12:34:20 2009: DEBUG: Handling request with Handler 'Realm=DEFAULT'
> Thu Dec 10 12:34:20 2009: DEBUG: Deleting session for {am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie, 2.2.2.2,
> Thu Dec 10 12:34:20 2009: DEBUG: Handling with Radius::AuthSQL:
> Thu Dec 10 12:34:20 2009: DEBUG: Handling with Radius::AuthSQL:
> Thu Dec 10 12:34:20 2009: DEBUG: Query is: 'select reason from blacklist where nai='XX-XX-XX-XX-XX-7A'':
> Thu Dec 10 12:34:20 2009: DEBUG: Radius::AuthSQL looks for match with XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
> Thu Dec 10 12:34:20 2009: DEBUG: Radius::AuthSQL REJECT: No such user: XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
> Thu Dec 10 12:34:20 2009: DEBUG: Query is: 'select reason from blacklist where nai='DEFAULT'':
> Thu Dec 10 12:34:20 2009: DEBUG: AuthBy SQL result: ACCEPT, No such user
> Thu Dec 10 12:34:20 2009: DEBUG: Handling with Radius::AuthWIMAX:
> Thu Dec 10 12:34:20 2009: DEBUG: Handling with Radius::AuthWIMAX:
> Thu Dec 10 12:34:20 2009: DEBUG: Handling with EAP: code 2, 3, 6, 21
> Thu Dec 10 12:34:20 2009: DEBUG: Response type 21
> Thu Dec 10 12:34:20 2009: DEBUG: EAP result: 2, EAP TTLS Nothing to read or write
> Thu Dec 10 12:34:20 2009: DEBUG: AuthBy WIMAX result: IGNORE, EAP TTLS Nothing to read or write
> Thu Dec 10 12:34:26 2009: DEBUG: Packet dump:
> *** Received from 1.1.1.1 port 1814 ....
> Code: Access-Request
> Identifier: 3
> Authentic: 1<22>E<159><161><197><215>p<0>h<188><223>:|<247><140>
> Attributes:
> User-Name = "{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie"
> EAP-Message = <2><3><0><6><21><0>
> Message-Authenticator = <200><152><247><161>p<12>?<230><185><133><141>/<11><12>>$
> NAS-Identifier = "NPU"
> NAS-IP-Address = 2.2.2.2
> Calling-Station-Id = "XX-XX-XX-XX-XX-7A"
> WiMAX-BS-ID = <1><2><3><0><0><3>
> NAS-Port-Type = Wireless-IEEE-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-Offset = 0
> Proxy-State = 172
> Proxy-State = 223
>
> Thu Dec 10 12:34:26 2009: DEBUG: Handling request with Handler 'Realm=DEFAULT'
> Thu Dec 10 12:34:26 2009: DEBUG: Deleting session for {am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie, 2.2.2.2,
> Thu Dec 10 12:34:26 2009: DEBUG: Handling with Radius::AuthSQL:
> Thu Dec 10 12:34:26 2009: DEBUG: Handling with Radius::AuthSQL:
> Thu Dec 10 12:34:26 2009: DEBUG: Query is: 'select reason from blacklist where nai='XX-XX-XX-XX-XX-7A'':
> Thu Dec 10 12:34:26 2009: DEBUG: Radius::AuthSQL looks for match with XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
> Thu Dec 10 12:34:26 2009: DEBUG: Radius::AuthSQL REJECT: No such user: XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
> Thu Dec 10 12:34:26 2009: DEBUG: Query is: 'select reason from blacklist where nai='DEFAULT'':
> Thu Dec 10 12:34:26 2009: DEBUG: AuthBy SQL result: ACCEPT, No such user
> Thu Dec 10 12:34:26 2009: DEBUG: Handling with Radius::AuthWIMAX:
> Thu Dec 10 12:34:26 2009: DEBUG: Handling with Radius::AuthWIMAX:
> Thu Dec 10 12:34:26 2009: DEBUG: Handling with EAP: code 2, 3, 6, 21
> Thu Dec 10 12:34:26 2009: DEBUG: Response type 21
> Thu Dec 10 12:34:26 2009: DEBUG: EAP result: 2, EAP TTLS Nothing to read or write
> Thu Dec 10 12:34:26 2009: DEBUG: AuthBy WIMAX result: IGNORE, EAP TTLS Nothing to read or write
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list