>Using basic setup, Freeradius successfully authenticate request coming >from CPE Wimax through ASN Alcatel GW (called WAC) using EAP/TTLS > >Fri Apr 3 01:05:10 2009 : Auth: Login OK: [[email protected]/<via >Auth-Type = EAP>] (from client wimax port 0 cli 00-21-04-00-E0-D7) >Fri Apr 3 01:05:19 2009 : Auth: Login OK: [[email protected]/<via >Auth-Type = mschap>] (from client wimax port 0 via TLS tunnel) > >I now have 2 issues to fill properly the access accept with correct >attribute. (This needs might be weird, but it is the way this ASN GW works) > >1. I would like that the outer access accept contains attributes coming >from the inner access accept > >So I tried to use the update outer.reply on post-auth section of the >inner-tunnel virtual server > > update outer.reply { > #User-Name = "%{request:User-Name}" > WiMAX-Packet-Data-Flow-Id = >"%{request:WiMAX-Packet-Data-Flow-Id}" > } > >But as I understand, you can only use "request" from the inner tunnel, >but not the attribute contained in the reply of the inner tunnel. Is >that true ? Is there a way to do that. > >To be more precise this is the reply in the inner tunnel > >Fri Apr 3 01:13:33 2009 > Packet-Type = Access-Accept > WiMAX-Packet-Data-Flow-Id = 1 > WiMAX-Service-Data-Flow-Id = 1 > WiMAX-Service-Profile-Id = 1 > WiMAX-Direction = Bi-Directional > WiMAX-QoS-Id = 1 > WiMAX-Media-Flow-Type = Robust-Browser > WiMAX-Schedule-Type = Best-Effort > WiMAX-Traffic-Priority = 0 > WiMAX-Maximum-Sustained-Traffic-Rate = 512000 > MS-CHAP2-Success = >0xdf533d37443041423038393133393032414333353841304630414336383132453546434243364130323046 > MS-MPPE-Recv-Key = 0x1d7c9b57392b589e2849640bad969199 > MS-MPPE-Send-Key = 0x4aa107e5fa9573846af44d21c5080749 > MS-MPPE-Encryption-Policy = 0x00000001 > MS-MPPE-Encryption-Types = 0x00000006 > >and the one in the outer tunnel > >Fri Apr 3 01:13:34 2009 > Packet-Type = Access-Accept > MS-MPPE-Recv-Key = >0x6b185c55d7785700e6f52c9ae0160945476aa4ab9e5b699dc6cffb5427c06395 > MS-MPPE-Send-Key = >0x009d98e233e6911f97346381a77e90d01b7d41b3aa82dbf6ce56f54bb9b2598b > EAP-MSK = >0x6b185c55d7785700e6f52c9ae0160945476aa4ab9e5b699dc6cffb5427c06395009d98e233e6911f97346381a77e90d01b7d41b3aa82dbf6ce56f54bb9b2598b > EAP-EMSK = >0xc5f48626093f9313c5090254ffc375d4594bf6570025a260801e4b8d0ff852167d0748bd50b27d214b0ee67c1bbe1a4395faf094a8cb56663177fa8f32586f40 > EAP-Message = 0x03f00004 > Message-Authenticator = 0x00000000000000000000000000000000 > User-Name = "[email protected]" > > >I would like the reply of the outer tunnel to contain all the Wimax >Attribute I got in the inner. >
Set use_tunneled_reply in ttls section of eap.conf. >2. For some weird reason again, Alcatel ASN needs to receive two times >the same attribute with differente value (Actually this >WiMAX-QoS-Descriptor (TLV Attribute)) >I guess this is not very compliant with RFC, but is there a way to send >2 times the same attribute in the same reply. > >I've tried that but without surprise this send only the first part of >the attribute > >[email protected] Cleartext-Password := "xxx" > WiMAX-Packet-Data-Flow-Id=1, > WiMAX-Service-Data-Flow-Id=1, > WiMAX-Service-Profile-Id=1, > WiMAX-Direction=Bi-Directional, > WiMAX-QoS-Id=01, > WiMAX-Media-Flow-Type=Robust-Browser, > WiMAX-Schedule-Type=BEST-EFFORT, > WiMAX-Traffic-Priority=0, > WiMAX-Maximum-Sustained-Traffic-Rate=512000, > WiMAX-QoS-Id=02, > WiMAX-Media-Flow-Type=Robust-Browser, > WiMAX-Schedule-Type=BEST-EFFORT, > WiMAX-Traffic-Priority=0, > WiMAX-Maximum-Sustained-Traffic-Rate=512000 > > >Maybe using perl module in the post-auth ? > Use += operator and add them twice. In whatever module you added them first time. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
