Hi Jan like Radtest, But radtest is used for the test of Radius installation Could it will give me AVPs of Radius so that may I convert them for Diameter packets
thnx >From: [EMAIL PROTECTED] >Reply-To: [email protected] >To: [email protected] >Subject: Freeradius-Users Digest, Vol 24, Issue 5 >Date: Mon, 02 Apr 2007 11:15:13 +0200 > >Send Freeradius-Users mailing list submissions to > [email protected] > >To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freeradius.org/mailman/listinfo/freeradius-users >or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > >You can reach the person managing the list at > [EMAIL PROTECTED] > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of Freeradius-Users digest..." > > >Today's Topics: > > 1. Re: Radius Packet Simulator (Jan Mulders) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Mon, 2 Apr 2007 10:15:03 +0100 >From: "Jan Mulders" <[EMAIL PROTECTED]> >Subject: Re: Radius Packet Simulator >To: "FreeRadius users mailing list" > <[email protected]> >Message-ID: > <[EMAIL PROTECTED]> >Content-Type: text/plain; charset="iso-8859-1" > >like Radtest, you mean? > >Jan > >On 02/04/07, khursheed Ahmed <[EMAIL PROTECTED]> wrote: > > > > > > > > Hi All > > > > I need a RADIUS Packet simulator, which could simulate RADIUS packet > > for > > me, > > If is there any Plz tell me, > > As I needed it bcz I m developing a Translation Agent which could > > translate > > (convert) > > RADIS packet in to Diameter Packet. > > > > Is there any Idea Plz help me > > > > > > Khursheed Ahmed QAU > > > > > > > > > > >From: [EMAIL PROTECTED] > > >Reply-To: [email protected] > > >To: [email protected] > > >Subject: Freeradius-Users Digest, Vol 24, Issue 3 > > >Date: Mon, 02 Apr 2007 07:59:28 +0200 > > > > > >Send Freeradius-Users mailing list submissions to > > > [email protected] > > > > > >To subscribe or unsubscribe via the World Wide Web, visit > > > http://lists.freeradius.org/mailman/listinfo/freeradius-users > > >or, via email, send a message with subject or body 'help' to > > > [EMAIL PROTECTED] > > > > > >You can reach the person managing the list at > > > [EMAIL PROTECTED] > > > > > >When replying, please edit your Subject line so it is more specific > > >than "Re: Contents of Freeradius-Users digest..." > > > > > > > > >Today's Topics: > > > > > > 1. Re: Attributes (Shawn Mitchell) > > > 2. Re: passing Calling-Station-ID (Adil Azmi Bikarbass) > > > 3. Re: Freeradius-Users Digest, Vol 24, Issue 2 (Arran >Cudbard-Bell) > > > 4. RE: Attributes [unclas] (Ranner, Frank MR) > > > 5. Re: Attributes [unclas] (Shawn Mitchell) > > > 6. RE: Anyone using dd-wrt for AP? (Aren Chua) > > > 7. EAP-AKA patch for Freeradius 1.1.2 (awaneesh kumar) > > > > > > > > >---------------------------------------------------------------------- > > > > > >Message: 1 > > >Date: Sun, 01 Apr 2007 16:45:22 -0500 > > >From: Shawn Mitchell <[EMAIL PROTECTED]> > > >Subject: Re: Attributes > > >To: FreeRadius users mailing list > > > <[email protected]> > > >Message-ID: <[EMAIL PROTECTED]> > > >Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > > > > >Ok, here's what I'm doing: > > > > > >DEFAULT Client-IP-Address == xx.xx.xx.xx > > > Ascend-Data-Filter = "ip in forward tcp est", > > > Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24", > > > Ascend-Data-Filter = "ip in drop tcp dstport = 25", > > > Ascend-Data-Filter = "ip in forward", > > > Fall-Through = Yes > > > > > >I turned on logging of reply's, but all I'm seeing it send is: > > > > > >Sun Apr 1 16:31:21 2007 > > > Ascend-Data-Filter = "ip in forward tcp est" > > > > > >I put this into the 'users' file btw. > > > > > > > > > > > >Alan DeKok wrote: > > > > Shawn Mitchell wrote: > > > > > > > >> Where can I say "If client is 'x', then also send these attributes >to > > > >> users being authenticated..."? > > > >> > > > > > > > > In the "users" file. > > > > > > > > DEFAULT Client-IP-Address == 1.2.3.4 > > > > Reply-Message = "You're coming from 1.2.3.4" > > > > > > > > Alan DeKok. > > > > -- > > > > http://deployingradius.com - The web site of the book > > > > http://deployingradius.com/blog/ - The blog > > > > - > > > > List info/subscribe/unsubscribe? See > > >http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > > >------------------------------ > > > > > >Message: 2 > > >Date: Sun, 01 Apr 2007 22:59:14 +0000 > > >From: Adil Azmi Bikarbass <[EMAIL PROTECTED]> > > >Subject: Re: passing Calling-Station-ID > > >To: Alan DeKok <[EMAIL PROTECTED]> > > >Cc: FreeRadius users mailing list > > > <[email protected]> > > >Message-ID: <[EMAIL PROTECTED]> > > >Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > > > > >Hello All, > > > > > >Do i need to create a whole DB for only one filed that i will pass from > > >one NAS to another? > > > > > >Knowing that my Freeradius is running on Solaris 10 which DB you >suggest > > >to use? > > > > > >Thank you > > > > > > > > >Alan DeKok a ?crit : > > > > Adil Azmi Bikarbass wrote: > > > > > > > >> The issue is that we want the second NAS to get the > > calling-station-ID > > > >> from the "someuser" session on Radius > > > >> > > > > > > > > To do... what? > > > > > > > > > > > >> is there a way we can have this to work and pass this attribute >from > > >one > > > >> session to another? > > > >> > > > > > > > > Sure. Store the Calling-Station-Id in a database when you receive > > it > > > > from the first NAS, then pull it out of the DB, and send it to the > > > > second NAS. > > > > > > > > Alan DeKok. > > > > -- > > > > http://deployingradius.com - The web site of the book > > > > http://deployingradius.com/blog/ - The blog > > > > > > > > > > > > > >-- > > >|-Adil Bikarbass > > >|-IT Manager, MTDS > > >|-tel +212.3.767.4861 > > >|-fax +212.3.767.4863 > > >|-gsm +212.6.139. 4541 > > >|-14, rue 16 novembre > > >|-Rabat, Kingdom of Morocco > > > > > > > > > > > >------------------------------ > > > > > >Message: 3 > > >Date: Mon, 02 Apr 2007 00:00:43 +0100 > > >From: Arran Cudbard-Bell <[EMAIL PROTECTED]> > > >Subject: Re: Freeradius-Users Digest, Vol 24, Issue 2 > > >To: [email protected] > > >Message-ID: <[EMAIL PROTECTED]> > > >Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > > > > > > > > >> Does anyone have a draft list of which clients actually support the > > > >> Reply-Message and by which methods they can recieve them? > > > >> > > > > > > > > All clients will accept it. Very few will do anything useful with > > it. > > > > > > > > > > > >> The reason why I ask , it during initial tests (using chap) the >built > > >in > > > >> windows CHAP supplicant would display the reply-messages being sent > > >back > > > >> from the server. > > > >> Now we've moved on from CHAP to using EAP and the windows >supplicant > > no > > > >> longer displays the messages. > > > >> > > > > > > > > Yes. > > > > > > > > > > > >> Am I right in assuming that with EAP attributes from the > > access-accept > > > >> packet only get to the NAS and that the NAS will strip out of the >EAP > > > >> message > > > >> and pass it on to the supplicant and thats all the supplicant will > > ever > > >get? > > > >> > > > > > > > > Yes. > > > > > > > > > > > >> In which case, although the Reply-Message attribute is also >supported > > >in > > > >> PoD the client will never actually recieve it when using EAP ? > > > >> > > > > > > > > Yes. > > > > > > > > Alan DeKok. > > > > > > >Ahh, Thanks for clearing that up ! > > > > > >Don't suppose EAP supports encoding the equivalent of a Reply-Message ? > > > > > >P.S Well done for understanding my poorly punctuated morning ramblings >:) > > > > > >Arran > > > > > > > > > > > >------------------------------ > > > > > >Message: 4 > > >Date: Mon, 2 Apr 2007 11:14:47 +1000 > > >From: "Ranner, Frank MR" <[EMAIL PROTECTED]> > > >Subject: RE: Attributes [unclas] > > >To: "FreeRadius users mailing list" > > > <[email protected]> > > >Message-ID: > > > <[EMAIL PROTECTED]> > > >Content-Type: text/plain; charset="US-ASCII" > > > > > >Use the += operator, eg Ascend-Data-Filter += "ip in forward dstip > > >xx.xx.xx.0/24", to append to > > >a multi-valued list. > > > > > >FR > > > > > > > -----Original Message----- > > > > From: > > > > [EMAIL PROTECTED] > > > > eradius.org > > > > [mailto:[EMAIL PROTECTED] > > > > ists.freeradius.org] On Behalf Of Shawn Mitchell > > > > Sent: Monday, 2 April 2007 07:45 > > > > To: FreeRadius users mailing list > > > > Subject: Re: Attributes > > > > > > > > Ok, here's what I'm doing: > > > > > > > > DEFAULT Client-IP-Address == xx.xx.xx.xx > > > > Ascend-Data-Filter = "ip in forward tcp est", > > > > Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24", > > > > Ascend-Data-Filter = "ip in drop tcp dstport = 25", > > > > Ascend-Data-Filter = "ip in forward", > > > > Fall-Through = Yes > > > > > > > > I turned on logging of reply's, but all I'm seeing it send is: > > > > > > > > Sun Apr 1 16:31:21 2007 > > > > Ascend-Data-Filter = "ip in forward tcp est" > > > > > > > > I put this into the 'users' file btw. > > > > > > > > > > > > > > > > Alan DeKok wrote: > > > > > Shawn Mitchell wrote: > > > > > > > > > >> Where can I say "If client is 'x', then also send these > > > > attributes to > > > > >> users being authenticated..."? > > > > >> > > > > > > > > > > In the "users" file. > > > > > > > > > > DEFAULT Client-IP-Address == 1.2.3.4 > > > > > Reply-Message = "You're coming from 1.2.3.4" > > > > > > > > > > Alan DeKok. > > > > > -- > > > > > http://deployingradius.com - The web site of the book > > > > > http://deployingradius.com/blog/ - The blog > > > > > - > > > > > List info/subscribe/unsubscribe? See > > > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > > >------------------------------ > > > > > >Message: 5 > > >Date: Sun, 01 Apr 2007 20:44:05 -0500 > > >From: Shawn Mitchell <[EMAIL PROTECTED]> > > >Subject: Re: Attributes [unclas] > > >To: FreeRadius users mailing list > > > <[email protected]> > > >Message-ID: <[EMAIL PROTECTED]> > > >Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > > > > >Thanks! > > > > > >That seems to have fixed it > > > > > >radtest blarg blarg localhost 111 testing123 > > > > > >Sending Access-Request of id 145 to 127.0.0.1:1812 > > > User-Name = "blarg" > > > User-Password = "blarg" > > > NAS-IP-Address = xxxxxxxxxxxxxx > > > NAS-Port = 111 > > >rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=145, > > length=180 > > > Ascend-Data-Filter = "ip in forward tcp est" > > > Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24 0" > > > Ascend-Data-Filter = "ip in drop tcp dstport = 25" > > > Ascend-Data-Filter = "ip in forward 0" > > > > > > > > >Ranner, Frank MR wrote: > > > > Use the += operator, eg Ascend-Data-Filter += "ip in forward dstip > > > > xx.xx.xx.0/24", to append to > > > > a multi-valued list. > > > > > > > > FR > > > > > > > > > > > >> -----Original Message----- > > > >> From: > > > >> [EMAIL PROTECTED] > > > >> eradius.org > > > >> [mailto:[EMAIL PROTECTED] > > > >> ists.freeradius.org] On Behalf Of Shawn Mitchell > > > >> Sent: Monday, 2 April 2007 07:45 > > > >> To: FreeRadius users mailing list > > > >> Subject: Re: Attributes > > > >> > > > >> Ok, here's what I'm doing: > > > >> > > > >> DEFAULT Client-IP-Address == xx.xx.xx.xx > > > >> Ascend-Data-Filter = "ip in forward tcp est", > > > >> Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24", > > > >> Ascend-Data-Filter = "ip in drop tcp dstport = 25", > > > >> Ascend-Data-Filter = "ip in forward", > > > >> Fall-Through = Yes > > > >> > > > >> I turned on logging of reply's, but all I'm seeing it send is: > > > >> > > > >> Sun Apr 1 16:31:21 2007 > > > >> Ascend-Data-Filter = "ip in forward tcp est" > > > >> > > > >> I put this into the 'users' file btw. > > > >> > > > >> > > > >> > > > >> Alan DeKok wrote: > > > >> > > > >>> Shawn Mitchell wrote: > > > >>> > > > >>> > > > >>>> Where can I say "If client is 'x', then also send these > > > >>>> > > > >> attributes to > > > >> > > > >>>> users being authenticated..."? > > > >>>> > > > >>>> > > > >>> In the "users" file. > > > >>> > > > >>> DEFAULT Client-IP-Address == 1.2.3.4 > > > >>> Reply-Message = "You're coming from 1.2.3.4" > > > >>> > > > >>> Alan DeKok. > > > >>> -- > > > >>> http://deployingradius.com - The web site of the book > > > >>> http://deployingradius.com/blog/ - The blog > > > >>> - > > > >>> List info/subscribe/unsubscribe? See > > > >>> http://www.freeradius.org/list/users.html > > > >>> > > > >>> > > > >> - > > > >> List info/subscribe/unsubscribe? See > > > >> http://www.freeradius.org/list/users.html > > > >> > > > >> > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > >http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > > >------------------------------ > > > > > >Message: 6 > > >Date: Mon, 2 Apr 2007 03:03:25 +0000 > > >From: Aren Chua <[EMAIL PROTECTED]> > > >Subject: RE: Anyone using dd-wrt for AP? > > >To: FreeRadius users mailing list > > > <[email protected]> > > >Message-ID: <[EMAIL PROTECTED]> > > >Content-Type: text/plain; charset="iso-8859-1" > > > > > > > > >Ian Truelsen > > > > > >you can try the hotspot(chillispot) under DD-WRT firmware to configure > > your > > >AP to authenticate against the radius server. > > >Regards, > > >Aren Chua> Date: Sun, 1 Apr 2007 10:16:25 +0200> From: > > >[EMAIL PROTECTED]> To: [email protected]> > > >Subject: Re: Anyone using dd-wrt for AP?> > Ian Truelsen wrote:> >> > > > >Hopefully that is not the case. The freeradius server is on an >external> > > > > > >machine. I am trying to get the AP to authenticate against that >server,> > > > > > >but I am having trouble sorting out how to get it to do this.> > There > > >should be a RADIUS server configuration. But you'll have to> enable > > 802.1x > > >authentication, too.> > Alan DeKok.> --> http://deployingradius.com - >The > > >web site of the book> http://deployingradius.com/blog/ - The blog> - > > > List > > >info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html > > >_________________________________________________________________ > > >Your friends are close to you.?Keep them that way. > > >http://spaces.live.com/signup.aspx > > >-------------- next part -------------- > > >An HTML attachment was scrubbed... > > >URL: > > > > > >https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070402/5e13df6d/attachment-0001.html > > > > > >------------------------------ > > > > > >Message: 7 > > >Date: Sun, 1 Apr 2007 22:59:20 -0700 (PDT) > > >From: awaneesh kumar <[EMAIL PROTECTED]> > > >Subject: EAP-AKA patch for Freeradius 1.1.2 > > >To: [email protected] > > >Message-ID: <[EMAIL PROTECTED]> > > >Content-Type: text/plain; charset="iso-8859-1" > > > > > >Hi All, > > > > > > I have downloaded patch from > > >http://bugs.freeradius.org/show_bug.cgi?id=386. > > > I have succesfully applied patch to Freeradius1.1.2. Few questions i > > >have.. > > > > > > a) Does patch supports optional identity privacy support, optional > > >result indications, and an optional fast re-authentication procedure. > > > > > > b) After receiving EAP-Request/AKA-Challenge from server, client > > >should calculate AT_MAC and compares with the received one. If it >matches > > >it should send back the EAP-Response/AKA-Challenge with AT_RES and new > > >AT_MAC. > > > As per section 10.8 of RFC 4187, AT_RES should be encoded as >follows. > > > > > > The value field of this attribute begins with the 2-byte > > > RES Length,which identifies the exact length of >the > > >RES in bits. The RES length is followed by the AKA RES parameter. > > >According to [TS33.105], the length of the AKA RES can vary between 32 > > and > > >128 bits. Because the length of the AT_RES attribute must be a > > >multiple of 4 bytes, the sender pads the RES with zero bits >where > > >necessary > > > > > > Trace below is packet from client to server:- > > > > > > 0x024200301701000003050000d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d00b0500 > > > 000d6eb3a8082c9d2c0a031505b7a0fac0 > > > > > > c) As per section 3 (Figure 2) from RFC 4187, if server is unable >to > > >authenticate client if AT_MAC or AT_RES is incorrect, it should back >the > > >EAP-Request/AKA-Notification to client and client should respond back > > with > > >EAP-Response/AKA-Notification. Then only server should send back EAP > > result > > >as Failure. But Freeradius1.1.2 sends back the EAP Result (FAILURE) >with > > >Access-Reject. How ever success scenarion works perfectly. > > > > > > d) After receiving AKA-Challenge from Radius server, does patch > > supports > > >the checking of Sequence No from AUTN parameter? > > > > > > Do we have any latest patch to support EAP-AKA? > > > > > > Thanks > > > > > > > > > > > > > > > > > > > > >--------------------------------- > > >Sucker-punch spam with award-winning protection. > > > Try the free Yahoo! Mail Beta. > > >-------------- next part -------------- > > >An HTML attachment was scrubbed... > > >URL: > > > > > >https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070401/1708475c/attachment.html > > > > > >------------------------------ > > > > > >- > > >List info/subscribe/unsubscribe? See > > >http://www.freeradius.org/list/users.html > > > > > > > > >End of Freeradius-Users Digest, Vol 24, Issue 3 > > >*********************************************** > > > > _________________________________________________________________ > > Express yourself instantly with MSN Messenger! Download today it's FREE! > > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: >https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070402/5b0b22be/attachment.html > >------------------------------ > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html > > >End of Freeradius-Users Digest, Vol 24, Issue 5 >*********************************************** _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
