[RADIATOR] RV: Problem Radiator configuration WIMAX

Augusto Cabrera acabrera at etapa.net.ec
Wed Mar 2 16:53:21 CST 2011



      Saludos,

      Ing. Augusto Cabrera Duffaut.
    TELECOMUNICACIONES ISP
      Telefono Directo:   4050057
      Ext Interna: 4057




-----Mensaje original-----
De: Augusto Cabrera 
Enviado el: miércoles, 02 de marzo de 2011 17:47
Para: 'Heikki Vatiainen'
CC: radiator at open.com.au
Asunto: RE: [RADIATOR] Problem Radiator configuration WIMAX

Hello Heikky, 
Thanks for responding, I have the server certificates. Pem and client. Der incurs with openssl 
But I have this problem according to the logs: 


ERR: Could not handle an EAP request: Undefined subroutine &Radius::MSCHAP::ASCIItoUnicode called at /usr/lib/perl5/site_perl/Radius/AuthGeneric.pm line 866.

The logs are:

Code:       Access-Request
Identifier: 27
Authentic:  <0><0>V<6><0><0>v<31><0><0>n<11><0><0>d<195>
Attributes:
	User-Name = "wimax at wimaxtest"
	NAS-IP-Address = 3.3.3.3
	Calling-Station-Id = "00256831312f"
	NAS-Identifier = "WASN9770"
	Event-Timestamp = 1299099954
	EAP-Message = <2><225><0><196><21><128><0><0><0><186><23><3><1><0> <191><10>ZY<162><226><129><185><185>A:~K<235><131>F'Cb<182><225><208>W<242><9><227>v%k,,N<23><3><1><0><144><1>.<238><30><244><14><4>N<0><219><184>3<247><4><8><248><249><217>@3<20><188>}<247><165>m<209><159><25><239><209><11><213><152><222><14><166><250><228><152><166><2><9><220><24>w&<4><15><200><127><163><145><178><165><162><17><203>{<<179><<233><190><227><224><136><31><28>,ed <211><4><157><6><154>u!U<<30><169><174>FX=<200>~<220>N<149><176>0X<12>p<207><217><216><9><175>Kc<18>z<127><187><144><3><134><188><129><253>-(<128><164><189><198>z|7K<231><20><30><129><19><9>(<197>4<196>@<25><221><244><133><198>?k<165>
	WiMAX-Capability = <1><5>1.1<2><3><2><3><3><1><5><3><1><4><3><1>
	WiMAX-BS-ID = 00000203f110
	WiMAX-GMT-Timezone-Offset = -18000
	NAS-Port-Type = Wireless-IEEE-802.16
	WiMAX-PPAC = <1><6><0><0><0>c
	Service-Type = Framed-User
	Message-Authenticator = <198><156><178>n<247><177><243><137><224><210>L<11><6>NH<244>

Wed Mar  2 16:05:20 2011: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Wed Mar  2 16:05:20 2011: DEBUG:  Deleting session for wimax at wimaxtest, 3.3.3.3, 
Wed Mar  2 16:05:20 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed Mar  2 16:05:20 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed Mar  2 16:05:20 2011: DEBUG: Query is: 'select reason from blacklist where nai='00256831312f'': 
Wed Mar  2 16:05:20 2011: DEBUG: Radius::AuthSQL looks for match with 00256831312f [wimax at wimaxtest]
Wed Mar  2 16:05:20 2011: DEBUG: Radius::AuthSQL REJECT: No such user: 00256831312f [wimax at wimaxtest]
Wed Mar  2 16:05:20 2011: DEBUG: Query is: 'select reason from blacklist where nai='DEFAULT'': 
Wed Mar  2 16:05:20 2011: DEBUG: AuthBy SQL result: ACCEPT, No such user
Wed Mar  2 16:05:20 2011: DEBUG: Handling with Radius::AuthWIMAX: AAA-WIMAX
Wed Mar  2 16:05:20 2011: DEBUG: Handling with Radius::AuthWIMAX: AAA-WIMAX
Wed Mar  2 16:05:20 2011: DEBUG: Handling with EAP: code 2, 225, 196, 21
Wed Mar  2 16:05:20 2011: DEBUG: Response type 21
Wed Mar  2 16:05:20 2011: DEBUG: EAP TTLS data, 3, 225, 224
Wed Mar  2 16:05:20 2011: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code:       UNDEF
Identifier: UNDEF
Authentic:  UNDEF
Attributes:
	User-Name = "wimax"
	MS-CHAP-Challenge = T|}M<140><255><165><195><3><211>s<0><186><210><236><152>
	MS-CHAP2-Response = U<0>!@#$%^&*()_+:3|~<0><0><0><0><0><0><0><0>-<17><2><129><24>*<217><224>V<1><158><209><169><192>&&<20><227><13><10><189><143><215><174>

Wed Mar  2 16:05:20 2011: DEBUG: EAP TTLS inner authentication request for wimax
Wed Mar  2 16:05:20 2011: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Wed Mar  2 16:05:20 2011: DEBUG:  Deleting session for wimax, 3.3.3.3, 
Wed Mar  2 16:05:20 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed Mar  2 16:05:20 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed Mar  2 16:05:20 2011: DEBUG: Query is: 'select reason from blacklist where nai=NULL': 
Wed Mar  2 16:05:20 2011: DEBUG: Radius::AuthSQL looks for match with  [wimax]
Wed Mar  2 16:05:20 2011: DEBUG: Radius::AuthSQL REJECT: No such user:  [wimax]
Wed Mar  2 16:05:20 2011: DEBUG: Query is: 'select reason from blacklist where nai='DEFAULT'': 
Wed Mar  2 16:05:20 2011: DEBUG: AuthBy SQL result: ACCEPT, No such user
Wed Mar  2 16:05:20 2011: DEBUG: Handling with Radius::AuthWIMAX: AAA-WIMAX
Wed Mar  2 16:05:20 2011: DEBUG: Handling with Radius::AuthWIMAX: AAA-WIMAX
Wed Mar  2 16:05:20 2011: DEBUG: Query is: 'select psk, cui, hotlineprofile from subscription where nai=?': wimax
Wed Mar  2 16:05:20 2011: DEBUG: Query is: 'select profileid, httpredirectionrule, ipredirectionrule, nasfilterrule, sessiontimer from hotlineprofile where id=?': 0
Wed Mar  2 16:05:20 2011: DEBUG: Radius::AuthWIMAX looks for match with wimax [wimax]
Wed Mar  2 16:05:20 2011: ERR: Could not handle an EAP request: Undefined subroutine &Radius::MSCHAP::ASCIItoUnicode called at /usr/lib/perl5/site_perl/Radius/AuthGeneric.pm line 866.

Wed Mar  2 16:05:20 2011: DEBUG: AuthBy WIMAX result: REJECT, Could not handle an EAP request
Wed Mar  2 16:05:20 2011: INFO: Access rejected for 00256831312f: Could not handle an EAP request
Wed Mar  2 16:05:20 2011: DEBUG: Packet dump:
*** Sending to 3.3.3.3 port 10033 ....

Packet length = 36
03 1b 00 24 60 fc ea e7 98 51 59 ae 23 eb dc a9
ca 25 a7 1f 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code:       Access-Reject
Identifier: 27
Authentic:  `<252><234><231><152>QY<174>#<235><220><169><202>%<167><31>
Attributes:
	Reply-Message = "Request Denied"

Wed Mar  2 16:05:20 2011: DEBUG: Monitor received command: STATS .
Wed Mar  2 16:05:21 2011: DEBUG: Monitor received command: STATS .
Wed Mar  2 16:05:22 2011: DEBUG: Monitor received command: STATS .
Wed Mar  2 16:05:23 2011: DEBUG: Monitor received command: STATS .


      Saludos,

     Augusto Cabrera Duffaut.




-----Mensaje original-----
De: Heikki Vatiainen [mailto:hvn at open.com.au] 
Enviado el: miércoles, 02 de marzo de 2011 16:48
Para: Augusto Cabrera
CC: radiator at open.com.au
Asunto: Re: [RADIATOR] Problem Radiator configuration WIMAX

On 03/02/2011 06:08 PM, Augusto Cabrera wrote:
> 
> Hi I am configuring WiMAX radiator for authentication with the CPES are
> zyxel, but I have authentication errors please i need help, the setup I
> have is the following:

Hello,

can you tell us a bit more what the problem is? From the log below it
looks like there are TTLS authentication Access-Requests and
Access-Challenges, but there is no clear error as far as I can tell.

If the error is TTLS authentication not finishing, you should check the
client configuration. Please check that the clients trust this root
certificate:

EAPTLS_CAFile /etc/radiator/certificados/cacert.pem

It is possible that the client does not recognize or trust the root
certificate and for that reasons stops the authentication process. It
looks like the TTLS inner authentication does not start so you should
concentrate on the certificate setup.

Thanks!
Heikki


> [root at wimax radiator]# vi radius.cfg
> 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list