[RADIATOR] Radiator config for Alvarion WiMAX?
Louis Twomey
louis.twomey at heanet.ie
Fri Dec 11 04:59:10 CST 2009
Hi Hugh,
I have attached a copy of both the minimal (no WiMAX settings at all) config
file and the debug output of the successful authentication of a WiMAX device.
Regards,
Louis.
"Hugh Irvine" wrote the following on 11/12/09 05:44:
> Hello Louis -
>
> Thanks for sending the configuration file and debug log.
>
> As you mention, it appears that Radiator is sending a TTLS challenge, but then hears nothing further.
>
> Can you send us a copy of the configuration file using the AuthBy FILE and the successful debug?
>
> thanks and regards
>
> Hugh
>
>
> On 11 Dec 2009, at 00:32, Louis Twomey wrote:
>
>> Hi,
>> I am trying to get a new install of Radiator v4.5.1 to authenticate Alvarion
>> WiMAX kit. My radius.cfg is almost identical to goodies/wimax.cfg but with some
>> minor localised settings. Testing with goodies/wimaxtest is successful, but
>> testing from the WiMAX kit (using TTLS+MSCHAPv2, with the same username and
>> password that work with wimaxtest) seems to fail before the SSL tunnel is
>> successfully established during authentication.
>>
>> I have verified that the WiMAX kit is happy with the default dummy/test
>> certificate that I am using, by testing authentication against "AuthBy FILE" -
>> in that scenario I can see the SSL tunnel being established and the internal
>> identity being extracted and successfully verified.
>>
>> Has anyone successfully used goodies/wimax.cfg with Alvarion WiMAX kit, or does
>> the Alvarion kit require alternative/additional settings? Radiator is new to me
>> so perhaps I am missing something obvious.
>>
>> I have attached a copy of my radius.cfg and a trace 4 debug of a failed
>> session. Thanks in advance for any help or advice.
>>
>> Regards,
>> Louis Twomey.
>> --
>> HEAnet Limited louis.twomey at heanet.ie
>> 5 George's Dock, IFSC, Dublin 1 Tel: +353-1-6609040
>> Web: http://www.heanet.ie Fax: +353-1-6603666
>> Registered in Ireland, no 275301 PGP key: C77D9256
>>
>> --- Please consider the environment before printing this e-mail ---
>> # wimax.cfg
>> #
>> # Example Radiator configuration file.
>> # This very simple file will allow you to get started with
>> # a simple WiMAX system. You can then add and change features.
>> # We suggest you start simple, prove to yourself that it
>> # works and then develop a more complicated configuration.
>> Foreground
>> LogStdout
>> LogDir .
>> DbDir .
>> # User a lower trace level in production systems:
>> Trace 4
>>
>> # AuthPort specifies the port to list on for authentication requests
>> # Can be a numeric port number or a service name from /etc/services
>> # Defaults to 1645. You can specify multiple comma-separated ports
>> AuthPort 1812
>>
>> # AcctPort specifies the port to list on for accounting requests
>> # Can be a numeric port number or a service name from /etc/services
>> # Defaults to 1646. You can specify multiple comma-separated ports
>> AcctPort 1813
>>
>> # On Unix you can control the actual user that the server runs as
>> # provided it starts as a suitable priveleged user. You can specifiy
>> # unix user name or UID here
>> #User radius
>> # or group name/GID
>> #Group radius
>>
>>
>> # You will probably want to add other Clients to suit your site,
>> # one for each NAS you want to work with
>> <Client 1.1.1.1>
>> Secret secret
>> DupInterval 0
>> </Client>
>>
>> <Client DEFAULT>
>> Secret mysecret
>> DupInterval 0
>> </Client>
>>
>>
>> # This works with the sample SQL tables created by
>> # goodies/wimax.sql
>> # test with goodies/wimaxtest as a simple test client
>> <Realm DEFAULT>
>> # Implement MS Revocation List using a table in the SQL database
>> # Other modules such as SQl can be used. Required by Alcatel-Lucent
>> AuthByPolicy ContinueWhileAccept
>> <AuthBy SQL>
>> # Details for accessing the SQL database that contains
>> # user/device passwords, Device-Sessions etc.
>> # This should match the username created in wimax.sql
>> DBSource dbi:mysql:wimax
>> DBUsername mikem
>> DBAuth fred
>> NoEAP
>> Blacklist
>> AuthenticateAttribute Calling-Station-Id
>> AuthSelect select reason from blacklist where nai=%0
>> </AuthBy>
>>
>> <AuthBy WIMAX>
>> # Details for accessing the SQL database that contains
>> # user/device passwords, Device-Sessions etc.
>> # This should match the username created in wimax.sql
>> DBSource dbi:mysql:wimax
>> DBUsername mikem
>> DBAuth fred
>>
>> # The max lifetime of eack key, in seconds.
>> # Defaults to 3600 seconds (1 hour)
>> #KeyLifetime 3600
>>
>> # If WiMAX-DHCPv4-Server or WiMAX-DHCPv6-Server are set
>> # in the reply, AuthBY WIMAX wil automatically generate
>> # a DHCP key for that address, and wil provide that key
>> # if the DHCP server later asks for it
>> AddToReplyIfNotExist WiMAX-DHCPv4-Server=1.2.3.4
>>
>> # Indicates whether to honour various hotlining options
>> # If any are set, and the subscription has a hotlineprofile
>> # then appropriate columns will be returned from the
>> # hotlineprofiles table
>> # They are also used to set the Hotlining capabilities
>> # in WiMAX-Capability
>> ProfileHotlining
>> #RulebasedHotlining
>> HTTPRedirectionHotlining
>> IPRedirectionHotlining
>>
>> # WiMAX is required to handle at least TTLS
>> # We can handle any tpe that generates MSK and EMSK
>> EAPType TTLS, TLS, PEAP, MSCHAP-V2, PSK, PAX, FAST, SIM, AKA
>> EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>> EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>> EAPTLS_CertificateType PEM
>> EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>> EAPTLS_PrivateKeyPassword whatever
>>
>> # Try to match a certificate CN against an attribute in the
>> # incoming request. If matched, return the match else undef
>> # Called like EAPTLS_CommonNameHook($cn, $username, $identity, $p)
>> # This example attempts to match the CN against the
>> # Calling-Station-Id, as rewuired by some WiMAX devices.
>> # EAPTLS_CommonNameHook sub {my $cn = $_[0]; my $p = $_[3]; return $cn if $cn eq $p->get_attr('Calling-Station-Id'); return undef;}
>>
>> # IF HAPassword is defined, the the HA must send this password
>> # in requests sent to this HAAA. The HA must be configured to
>> # send this password, otherwise its requests will be REJECTed
>> # HAPassword mysecret
>>
>> # You can alter the authentication query with AuthSelect, and
>> # process extra columns with AuthColumnDef. Replies attrs
>> # WiMAX-Packet-Flow-Descriptor and WiMAX-QoS-Descriptor will be
>> # converted from ASCII to binary format.
>> #AuthSelect select subscription.psk, subscription.cui, subscription.hotlineprofile, replyprofile.reply from subscription,replyprofile where subscription.nai=? and replyprofile.profile=subscription.replyprofile
>> #AuthColumnDef 3,GENERIC,reply
>>
>> # You can add support for simple accounting using
>> # AcctSQLStatement the same as AuthBy SQL
>> #AccountingTable ACCOUNTING
>> #AcctColumnDef USERNAME,User-Name
>> # etc....
>>
>> # You can customise other SQL queries using during WiMAX
>> # processing with GetCachedKeyQuery, GetHotlineProfileQuery,
>> # GetQosProfileQuery.
>>
>> # MSKInMPPEKeys Forces the MSK to be encoded in
>> # MS-MPPE-Send-Key and MS-MPPE-Recv-Key, as well as
>> # the usual WiMAX-MSK reply attributes. This is required
>> # by some non-compliant clients, such as some Alcatel-Lucent
>> # devices.
>> #MSKInMPPEKeys 1
>> </AuthBy>
>>
>> </Realm>
>>
>> Thu Dec 10 12:34:02 2009: DEBUG: Finished reading configuration file '/usr/local/etc/raddb/radius.cfg'
>> Thu Dec 10 12:34:02 2009: DEBUG: Reading dictionary file './dictionary'
>> Thu Dec 10 12:34:02 2009: DEBUG: Creating authentication port 0.0.0.0:1812
>> Thu Dec 10 12:34:02 2009: DEBUG: Creating accounting port 0.0.0.0:1813
>> Thu Dec 10 12:34:02 2009: NOTICE: Server started: Radiator 4.5.1 on myserver (LOCKED)
>> Thu Dec 10 12:34:09 2009: DEBUG: Packet dump:
>> *** Received from 1.1.1.1 port 1814 ....
>> Code: Access-Request
>> Identifier: 0
>> Authentic: @<143><196><8><8><183><16>V<232>-<22><129><208><215><14>K
>> Attributes:
>> User-Name = "{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie"
>> EAP-Message = <2><1><0>8<1>{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie
>> Message-Authenticator = &97<6><173><161><9>7<7><218><19><176>V<194><149><2>
>> NAS-Identifier = "NPU"
>> NAS-IP-Address = 2.2.2.2
>> Calling-Station-Id = "XX-XX-XX-XX-XX-7A"
>> WiMAX-BS-ID = <1><2><3><0><0><3>
>> NAS-Port-Type = Wireless-IEEE-802.16
>> Framed-MTU = 2000
>> Service-Type = Framed-User
>> WiMAX-GMT-Timezone-Offset = 0
>> Proxy-State = 170
>> Proxy-State = 80
>>
>> Thu Dec 10 12:34:09 2009: DEBUG: Handling request with Handler 'Realm=DEFAULT'
>> Thu Dec 10 12:34:09 2009: DEBUG: Deleting session for {am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie, 2.2.2.2,
>> Thu Dec 10 12:34:09 2009: DEBUG: Handling with Radius::AuthSQL:
>> Thu Dec 10 12:34:09 2009: DEBUG: Handling with Radius::AuthSQL:
>> Thu Dec 10 12:34:09 2009: DEBUG: Query is: 'select reason from blacklist where nai='XX-XX-XX-XX-XX-7A'':
>> Thu Dec 10 12:34:09 2009: DEBUG: Radius::AuthSQL looks for match with XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
>> Thu Dec 10 12:34:09 2009: DEBUG: Radius::AuthSQL REJECT: No such user: XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
>> Thu Dec 10 12:34:09 2009: DEBUG: Query is: 'select reason from blacklist where nai='DEFAULT'':
>> Thu Dec 10 12:34:09 2009: DEBUG: AuthBy SQL result: ACCEPT, No such user
>> Thu Dec 10 12:34:09 2009: DEBUG: Handling with Radius::AuthWIMAX:
>> Thu Dec 10 12:34:09 2009: DEBUG: Handling with Radius::AuthWIMAX:
>> Thu Dec 10 12:34:09 2009: DEBUG: Handling with EAP: code 2, 1, 56, 1
>> Thu Dec 10 12:34:09 2009: DEBUG: Response type 1
>> Thu Dec 10 12:34:10 2009: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Dec 10 12:34:10 2009: DEBUG: AuthBy WIMAX result: CHALLENGE, EAP TTLS Challenge
>> Thu Dec 10 12:34:10 2009: DEBUG: Access challenged for XX-XX-XX-XX-XX-7A: EAP TTLS Challenge
>> Thu Dec 10 12:34:10 2009: DEBUG: Packet dump:
>> *** Sending to 1.1.1.1 port 1814 ....
>> Code: Access-Challenge
>> Identifier: 0
>> Authentic: -<219>$<147>65<136><23>W<194><185><137><242>YKL
>> Attributes:
>> EAP-Message = <1><2><0><6><21>
>> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Proxy-State = 170
>> Proxy-State = 80
>>
>> Thu Dec 10 12:34:10 2009: DEBUG: Packet dump:
>> *** Received from 1.1.1.1 port 1814 ....
>> Code: Access-Request
>> Identifier: 1
>> Authentic: <166><241><27>7<4>=<202><171>F<160><8><250>3<199><26><164>
>> Attributes:
>> User-Name = "{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie"
>> EAP-Message = <2><2><0><140><21><0><22><3><1><0><129><1><0><0>}<3><1>G<164><212><214><254><3><253><139>B0f<221><220>y<210><7><210><1>~\<192><168><130><163><245>F<193><237><164>}#<254> <154><152>E<143><17><175><218><31><148><1>6<11><14><137><192>d<129><218>U)v<162><231><240><191>6iFa<198><215><177><0>6<0>9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/<0><7><0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0><17><0><8><0><6><0><3><1><0>
>> Message-Authenticator = <138><207>ekI<158><193>c<143><206>H<14><181>6<13><142>
>> NAS-Identifier = "NPU"
>> NAS-IP-Address = 2.2.2.2
>> Calling-Station-Id = "XX-XX-XX-XX-XX-7A"
>> WiMAX-BS-ID = <1><2><3><0><0><3>
>> NAS-Port-Type = Wireless-IEEE-802.16
>> Framed-MTU = 2000
>> Service-Type = Framed-User
>> WiMAX-GMT-Timezone-Offset = 0
>> Proxy-State = 171
>> Proxy-State = 242
>>
>> Thu Dec 10 12:34:10 2009: DEBUG: Handling request with Handler 'Realm=DEFAULT'
>> Thu Dec 10 12:34:10 2009: DEBUG: Deleting session for {am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie, 2.2.2.2,
>> Thu Dec 10 12:34:10 2009: DEBUG: Handling with Radius::AuthSQL:
>> Thu Dec 10 12:34:10 2009: DEBUG: Handling with Radius::AuthSQL:
>> Thu Dec 10 12:34:10 2009: DEBUG: Query is: 'select reason from blacklist where nai='XX-XX-XX-XX-XX-7A'':
>> Thu Dec 10 12:34:10 2009: DEBUG: Radius::AuthSQL looks for match with XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
>> Thu Dec 10 12:34:10 2009: DEBUG: Radius::AuthSQL REJECT: No such user: XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
>> Thu Dec 10 12:34:10 2009: DEBUG: Query is: 'select reason from blacklist where nai='DEFAULT'':
>> Thu Dec 10 12:34:10 2009: DEBUG: AuthBy SQL result: ACCEPT, No such user
>> Thu Dec 10 12:34:10 2009: DEBUG: Handling with Radius::AuthWIMAX:
>> Thu Dec 10 12:34:10 2009: DEBUG: Handling with Radius::AuthWIMAX:
>> Thu Dec 10 12:34:10 2009: DEBUG: Handling with EAP: code 2, 2, 140, 21
>> Thu Dec 10 12:34:10 2009: DEBUG: Response type 21
>> Thu Dec 10 12:34:10 2009: DEBUG: EAP TTLS data, 24576, 2, -1
>> Thu Dec 10 12:34:10 2009: DEBUG: EAP TTLS SSL_accept result: -1, 2, 8576
>> Thu Dec 10 12:34:10 2009: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Dec 10 12:34:10 2009: DEBUG: AuthBy WIMAX result: CHALLENGE, EAP TTLS Challenge
>> Thu Dec 10 12:34:10 2009: DEBUG: Access challenged for XX-XX-XX-XX-XX-7A: EAP TTLS Challenge
>> Thu Dec 10 12:34:10 2009: DEBUG: Packet dump:
>> *** Sending to 1.1.1.1 port 1814 ....
>> Code: Access-Challenge
>> Identifier: 1
>> Authentic: [<160><225><131>NVo<169>0<15><3><13>i<12>w6
>> Attributes:
>> EAP-Message = <1><3><7><188><21><128><0><0><7><178><22><3><1><0>J<2><0><0>F<3><1>K <234><194>I<155><249>A<227><176>d<193>`1<25><187>T<226>V<134><127><23>Et<128><17>]B<194><219>z<227> <160><18><204><130><211><208>O<151>C$<143>OA<251><4>$<132>w<189><221>9g<137><148>Q<151>I<132><127><14><251><15><0>5<0><22><3><1><7>U<11><0><7>Q<0><7>N<0><2><251>0<130><2><247>0<130><2>`<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><12><8>Victoria1<18>0<16><6><3>U<4><7><12><9>Melbourne1<30>0<28><6><3>U<4><10><12><21>OSC Demo Certificates1!0<31><6><3>U<4><11><12><24>Test Certificate Sec
>> EAP-Message = tion1/0-<6><3>U<4><3><12>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>080114034256Z<23><13>100113034256Z0<129><158>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><12><8>Victoria1<18>0<16><6><3>U<4><7><12><9>Melbourne1<30>0<28><6><3>U<4><10><12><21>OSC Demo Certificates1!0<31><6><3>U<4><11><12><24>Test Certificate Section1%0#<6><3>U<4><3><12><28>t
>> EAP-Message = est.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><205><161><30><136><181><243>B|<133>A~<193>E<170><159><190><231><179><25><207><203> I<218><28>%<217>/<11>b<242><185><255><202><178><235>Ok<229><13><219><240>v<13><10><174>F<243>e<222>q;<206><161><166>c<201>n<246>Y<168>AbKCM<165><150><134>;<13><176>9Y<171><30><18>=+c<151>]<218><145>):?<157><250><26><242><187>0?<31>1<31>G<3><176><181><152><166><207>@<167>B<155>I_<220>&]| <11>6<7><193>p<16><238>^,<242>d<200><235><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><29>%<151><218>|$x <127><16><7>e<167>)<240><209>d<246>?"
>> EAP-Message = or7<166><151><240><143><157><154>3`[<200><12><180><17>r<139><180><243><148><7>4<194><141>e:<173><183>w<142><147><140><144>?!<253>b}<176><201><243>#j<254><188><28> s<214>U<143><17><1><209>KE<255><19><150>.<177>B+b<226><164><250><179><155><229>'<250>!3<223>?W<129><5><253><200>hO<145><179>@<184><164>~<133><158>)<237>"<246>@<206><234><25><239><3><224>O<232>t<147><235><0><4>M0<130><4>I0<130><3><178><160><3><2><1><2><2><9><0><190>J<223><236><255><245>@l0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><12><8>Victoria1<18>0<16><6><3>U<4><7><12><9>Melbourne1<30>0<28><6><3>U<4><10><12><21>OSC Demo Certificates1!0<31><6><3>U<4><11><12><24>Test
>> EAP-Message = Certificate Section1/0-<6><3>U<4><3><12>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>080114034247Z<23><13>100113034247Z0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><12><8>Victoria1<18>0<16><6><3>U<4><7><12><9>Melbourne1<30>0<28><6><3>U<4><10><12><21>OSC Demo Certificates1!0<31><6><3>U<4><11><12><24>Test Certificate Sect
>> EAP-Message = ion1/0-<6><3>U<4><3><12>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><221>F<219><167><208><171>f<250>+<156>[<26><25>Q9B<212><185><25><249><6><210><185><216><171>6<29>{..<24><198><152>$<180><138><238><216>m<238>X<191><169><249><149><207>"<224><212><240><176><204><172><230>$3&Yl<186><164>mT<21><129>'gQ<139><193><235>3<230><203>0<174><237><254><28>_<171>q<186>f<143><221><178><144><167>@<176><16><205><223><205>Z<235>)^+"<140><167><150><189>kQ.i<213>n<17>|H<248>jA!<197><130><198>J<175>N<226><17><225>!<2><3><1><0><1><163><130><1>30
>> EAP-Message = <130><1>/0<29><6><3>U<29><14><4><22><4><20>D<17>o<145><21><19><197><198>jL<17>h<219><17><149><182><214><135><158><23>0<129><255><6><3>U<29>#<4><129><247>0<129><244><128><20>D<17>o<145><21><19><197><198>jL<17>h<219><17><149><182><214><135><158><23><161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><12><8>Victoria1<18>0<16><6><3>U<4><7><12><9>Melbourne1<30>0<28><6><3>U<4><10><12><21>OSC Demo Certificates1!0<31><6><3>U<4><11><12><24>Test Certificate Section1/0-<6><3>U<4><3><12>&OSC Test CA (do not use in production)1 0<30><6><9>
>> EAP-Message = *<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130><9><0><190>J<223><236><255><245>@l0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><192>i<147><134>k<206>9<139><223>8SNlE}<219><29><173>OK<146><229>e<137>\<152><252><243><195><193><11>Y<203><234><193><243>&z<23>)[<24>D n<228><230><228><246>(2e<192>'K<218><143><161><224><131><203><193><159><155>A1^nS<176><191>R<20>WV<182><147>T<21><247><255><195><249>YZ<198>k<147><209>L<171><130><185><177><241>|<179>U<171><232><129><200><253><212><152><19>M<211>_<135>y<25><163><130><175><131><155>hh~<178>AQf<144><217>wM<22><3><1><0><4><14><0><0><0>
>> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Proxy-State = 171
>> Proxy-State = 242
>>
>> Thu Dec 10 12:34:20 2009: DEBUG: Packet dump:
>> *** Received from 1.1.1.1 port 1814 ....
>> Code: Access-Request
>> Identifier: 2
>> Authentic: <221><180><232><194><187>b<156><189><148><214><211>|U5(<24>
>> Attributes:
>> User-Name = "{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie"
>> EAP-Message = <2><2><0><140><21><0><22><3><1><0><129><1><0><0>}<3><1>G<164><212><214><254><3><253><139>B0f<221><220>y<210><7><210><1>~\<192><168><130><163><245>F<193><237><164>}#<254> <154><152>E<143><17><175><218><31><148><1>6<11><14><137><192>d<129><218>U)v<162><231><240><191>6iFa<198><215><177><0>6<0>9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/<0><7><0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0><17><0><8><0><6><0><3><1><0>
>> Message-Authenticator = <145><242><135><128><185>@<208>.<210><25><245>JI<155><169><8>
>> NAS-Identifier = "NPU"
>> NAS-IP-Address = 2.2.2.2
>> Calling-Station-Id = "XX-XX-XX-XX-XX-7A"
>> WiMAX-BS-ID = <1><2><3><0><0><3>
>> NAS-Port-Type = Wireless-IEEE-802.16
>> Framed-MTU = 2000
>> Service-Type = Framed-User
>> WiMAX-GMT-Timezone-Offset = 0
>> Proxy-State = 171
>> Proxy-State = 185
>>
>> Thu Dec 10 12:34:20 2009: DEBUG: Handling request with Handler 'Realm=DEFAULT'
>> Thu Dec 10 12:34:20 2009: DEBUG: Deleting session for {am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie, 2.2.2.2,
>> Thu Dec 10 12:34:20 2009: DEBUG: Handling with Radius::AuthSQL:
>> Thu Dec 10 12:34:20 2009: DEBUG: Handling with Radius::AuthSQL:
>> Thu Dec 10 12:34:20 2009: DEBUG: Query is: 'select reason from blacklist where nai='XX-XX-XX-XX-XX-7A'':
>> Thu Dec 10 12:34:20 2009: DEBUG: Radius::AuthSQL looks for match with XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
>> Thu Dec 10 12:34:20 2009: DEBUG: Radius::AuthSQL REJECT: No such user: XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
>> Thu Dec 10 12:34:20 2009: DEBUG: Query is: 'select reason from blacklist where nai='DEFAULT'':
>> Thu Dec 10 12:34:20 2009: DEBUG: AuthBy SQL result: ACCEPT, No such user
>> Thu Dec 10 12:34:20 2009: DEBUG: Handling with Radius::AuthWIMAX:
>> Thu Dec 10 12:34:20 2009: DEBUG: Handling with Radius::AuthWIMAX:
>> Thu Dec 10 12:34:20 2009: DEBUG: Handling with EAP: code 2, 2, 140, 21
>> Thu Dec 10 12:34:20 2009: DEBUG: Response type 21
>> Thu Dec 10 12:34:20 2009: DEBUG: EAP TTLS data, 8576, 2, 2
>> Thu Dec 10 12:34:20 2009: DEBUG: EAP TTLS SSL_accept result: -1, 2, 8576
>> Thu Dec 10 12:34:20 2009: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Dec 10 12:34:20 2009: DEBUG: AuthBy WIMAX result: CHALLENGE, EAP TTLS Challenge
>> Thu Dec 10 12:34:20 2009: DEBUG: Access challenged for XX-XX-XX-XX-XX-7A: EAP TTLS Challenge
>> Thu Dec 10 12:34:20 2009: DEBUG: Packet dump:
>> *** Sending to 1.1.1.1 port 1814 ....
>> Code: Access-Challenge
>> Identifier: 2
>> Authentic: T<171>Y<246><214><152><6>!<12><13><23>r`<175>}<150>
>> Attributes:
>> EAP-Message = <1><3><0><6><21><0>
>> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Proxy-State = 171
>> Proxy-State = 185
>>
>> Thu Dec 10 12:34:20 2009: DEBUG: Packet dump:
>> *** Received from 1.1.1.1 port 1814 ....
>> Code: Access-Request
>> Identifier: 3
>> Authentic: 1<22>E<159><161><197><215>p<0>h<188><223>:|<247><140>
>> Attributes:
>> User-Name = "{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie"
>> EAP-Message = <2><3><0><6><21><0>
>> Message-Authenticator = <200><152><247><161>p<12>?<230><185><133><141>/<11><12>>$
>> NAS-Identifier = "NPU"
>> NAS-IP-Address = 2.2.2.2
>> Calling-Station-Id = "XX-XX-XX-XX-XX-7A"
>> WiMAX-BS-ID = <1><2><3><0><0><3>
>> NAS-Port-Type = Wireless-IEEE-802.16
>> Framed-MTU = 2000
>> Service-Type = Framed-User
>> WiMAX-GMT-Timezone-Offset = 0
>> Proxy-State = 172
>> Proxy-State = 223
>>
>> Thu Dec 10 12:34:20 2009: DEBUG: Handling request with Handler 'Realm=DEFAULT'
>> Thu Dec 10 12:34:20 2009: DEBUG: Deleting session for {am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie, 2.2.2.2,
>> Thu Dec 10 12:34:20 2009: DEBUG: Handling with Radius::AuthSQL:
>> Thu Dec 10 12:34:20 2009: DEBUG: Handling with Radius::AuthSQL:
>> Thu Dec 10 12:34:20 2009: DEBUG: Query is: 'select reason from blacklist where nai='XX-XX-XX-XX-XX-7A'':
>> Thu Dec 10 12:34:20 2009: DEBUG: Radius::AuthSQL looks for match with XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
>> Thu Dec 10 12:34:20 2009: DEBUG: Radius::AuthSQL REJECT: No such user: XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
>> Thu Dec 10 12:34:20 2009: DEBUG: Query is: 'select reason from blacklist where nai='DEFAULT'':
>> Thu Dec 10 12:34:20 2009: DEBUG: AuthBy SQL result: ACCEPT, No such user
>> Thu Dec 10 12:34:20 2009: DEBUG: Handling with Radius::AuthWIMAX:
>> Thu Dec 10 12:34:20 2009: DEBUG: Handling with Radius::AuthWIMAX:
>> Thu Dec 10 12:34:20 2009: DEBUG: Handling with EAP: code 2, 3, 6, 21
>> Thu Dec 10 12:34:20 2009: DEBUG: Response type 21
>> Thu Dec 10 12:34:20 2009: DEBUG: EAP result: 2, EAP TTLS Nothing to read or write
>> Thu Dec 10 12:34:20 2009: DEBUG: AuthBy WIMAX result: IGNORE, EAP TTLS Nothing to read or write
>> Thu Dec 10 12:34:26 2009: DEBUG: Packet dump:
>> *** Received from 1.1.1.1 port 1814 ....
>> Code: Access-Request
>> Identifier: 3
>> Authentic: 1<22>E<159><161><197><215>p<0>h<188><223>:|<247><140>
>> Attributes:
>> User-Name = "{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie"
>> EAP-Message = <2><3><0><6><21><0>
>> Message-Authenticator = <200><152><247><161>p<12>?<230><185><133><141>/<11><12>>$
>> NAS-Identifier = "NPU"
>> NAS-IP-Address = 2.2.2.2
>> Calling-Station-Id = "XX-XX-XX-XX-XX-7A"
>> WiMAX-BS-ID = <1><2><3><0><0><3>
>> NAS-Port-Type = Wireless-IEEE-802.16
>> Framed-MTU = 2000
>> Service-Type = Framed-User
>> WiMAX-GMT-Timezone-Offset = 0
>> Proxy-State = 172
>> Proxy-State = 223
>>
>> Thu Dec 10 12:34:26 2009: DEBUG: Handling request with Handler 'Realm=DEFAULT'
>> Thu Dec 10 12:34:26 2009: DEBUG: Deleting session for {am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie, 2.2.2.2,
>> Thu Dec 10 12:34:26 2009: DEBUG: Handling with Radius::AuthSQL:
>> Thu Dec 10 12:34:26 2009: DEBUG: Handling with Radius::AuthSQL:
>> Thu Dec 10 12:34:26 2009: DEBUG: Query is: 'select reason from blacklist where nai='XX-XX-XX-XX-XX-7A'':
>> Thu Dec 10 12:34:26 2009: DEBUG: Radius::AuthSQL looks for match with XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
>> Thu Dec 10 12:34:26 2009: DEBUG: Radius::AuthSQL REJECT: No such user: XX-XX-XX-XX-XX-7A [{am=1}F10A6723C0B2C9A5C3C679985BF12FB7 at wimax.site.ie]
>> Thu Dec 10 12:34:26 2009: DEBUG: Query is: 'select reason from blacklist where nai='DEFAULT'':
>> Thu Dec 10 12:34:26 2009: DEBUG: AuthBy SQL result: ACCEPT, No such user
>> Thu Dec 10 12:34:26 2009: DEBUG: Handling with Radius::AuthWIMAX:
>> Thu Dec 10 12:34:26 2009: DEBUG: Handling with Radius::AuthWIMAX:
>> Thu Dec 10 12:34:26 2009: DEBUG: Handling with EAP: code 2, 3, 6, 21
>> Thu Dec 10 12:34:26 2009: DEBUG: Response type 21
>> Thu Dec 10 12:34:26 2009: DEBUG: EAP result: 2, EAP TTLS Nothing to read or write
>> Thu Dec 10 12:34:26 2009: DEBUG: AuthBy WIMAX result: IGNORE, EAP TTLS Nothing to read or write
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
--
HEAnet Limited louis.twomey at heanet.ie
5 George's Dock, IFSC, Dublin 1 Tel: +353-1-6609040
Web: http://www.heanet.ie Fax: +353-1-6603666
Registered in Ireland, no 275301 PGP key: C77D9256
--- Please consider the environment before printing this e-mail ---
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: debug-of-authby-file-test.txt
Url: http://www.open.com.au/pipermail/radiator/attachments/20091211/8ebefd99/attachment-0001.txt
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius-authby-file.cfg
Url: http://www.open.com.au/pipermail/radiator/attachments/20091211/8ebefd99/attachment-0001.pl
More information about the radiator
mailing list