I just have a sec.. If you're taking the time to upgrade, maybe try 2.1.10? I think it's the latest "stable" release?
Also, I've seen many times on this list to not simply copy config files from one version to another. I would assume this is especially true when going from FR 1.x to 2.x as they are very different. Not sure if you did this or not, but if so I'd start there. G -----Original Message----- From: freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org] On Behalf Of Teva AVRIL-TEIPOARII Sent: Friday, May 13, 2011 5:02 PM To: FreeRadius users mailing list Subject: Users attributes missing from Access accept messages Greetings, I have a FreeRadius 1.1.5 that I'm using in a Wimax network. I'd like to upgrade it so I've installed a FreeRadius 2.1.7. Authentication is EAP-TTLS on both. The network architecture is the same on both side. My issue is that some users attributes are missing from Access accept messages coming from the FreeRadius 2, whereas the FreeRadius 1 is working perfectly. Here below the config of both of its: FREE RADIUS 1.1.5: ACCESS ACCEPT OK WITH ALL ATTRIBUTES REQUESTED rad_recv: Access-Request packet from host 192.168.1.111:33102, id=185, length=210 User-Name = "ABCDEFGHIJKL" Calling-Station-Id = "\000\037\373"\214@" NAS-IP-Address = 192.168.1.111 NAS-Port = 1 Framed-MTU = 1400 Service-Type = Framed-User Called-Station-Id = "000084800711" NAS-Identifier = "636170632D73632D70726F64" NAS-Port-Type = 27 Attr-89 = 0x00 NWG-WiMAX-Capability = 0x000106312e3000020301 NWG-GMT-Time-Zone-Offset = 0x0000000000 NWG-BS-ID = 0x00000084800711 NWG-NSP-ID = 0x000001f9 EAP-Message = 0x029d001101423836313646303044333437 Message-Authenticator = 0x163079cdfd5e95cbbdf12114567d5225 Tue May 10 12:28:23 2011 : Debug: Processing the authorize section of radiusd.conf Sending Access-Challenge of id 185 to 192.168.1.111 port 33102 Session-Timeout = 64800 NWG-AAA-Session-Id = 0x00000001 Motorola-WiMAX-Convergence-Sublayer = 0x00 Motorola-WiMAX-Network-Domain-Name = "wimax.test" Motorola-WiMAX-EMS-Address = 10.10.10.1 Motorola-WiMAX-NTP-Server = 0x0171c54402 Motorola-WiMAX-HO-SVC-CLASS = 0x02 Motorola-WiMAX-DNS-Server-IP-Address = 0x71c2250421c22522 Motorola-WiMAX-Service-Flows = "2|Default" Motorola-WiMAX-VLAN-ID = 0x0111 Motorola-WiMAX-Maximum-Total-Bandwidth = 0x0000c3500000c350 Motorola-WiMAX-Maximum-Commit-Bandwidth = 0x0000c3500000c350 EAP-Message = 0x019e00060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x42dd4346756c2acf80fbc1fd8ab0560f Tue May 10 12:28:23 2011 : Debug: Finished request 0 Tue May 10 12:28:23 2011 : Debug: Going to the next request Tue May 10 12:28:23 2011 : Debug: --- Walking the entire request list --- Tue May 10 12:28:23 2011 : Debug: Waking up in 3 seconds... rad_recv: Access-Request packet from host 192.168.1.111:33102, id=186, length=217 User-Name = "ABCDEFGHIJKL" Calling-Station-Id = "\000\037\373"\214@" NAS-IP-Address = 192.168.1.111 State = 0x42dd4346756c2acf80fbc1fd8ab0560f NAS-Port = 1 Framed-MTU = 1400 Service-Type = Framed-User Called-Station-Id = "000084800711" NAS-Identifier = "636170632D73632D70726F64" NAS-Port-Type = 27 Attr-89 = 0x00 NWG-WiMAX-Capability = 0x000106312e3000020301 NWG-GMT-Time-Zone-Offset = 0x0000000000 NWG-BS-ID = 0x00000084800711 NWG-NSP-ID = 0x000001f9 EAP-Message = 0x029e00060315 Message-Authenticator = 0x07cec79be43d3d5bf70a09d2210054f9 Tue May 10 12:28:23 2011 : Debug: Processing the authorize section of radiusd.conf Sending Access-Challenge of id 186 to 192.168.1.111 port 33102 Session-Timeout = 64800 NWG-AAA-Session-Id = 0x00000001 Motorola-WiMAX-Convergence-Sublayer = 0x00 Motorola-WiMAX-Network-Domain-Name = "wimax.test" Motorola-WiMAX-EMS-Address = 10.10.10.1 Motorola-WiMAX-NTP-Server = 0x0171c54402 Motorola-WiMAX-HO-SVC-CLASS = 0x02 Motorola-WiMAX-DNS-Server-IP-Address = 0x71c2250421c22522 Motorola-WiMAX-Service-Flows = "2|Default" Motorola-WiMAX-VLAN-ID = 0x0111 Motorola-WiMAX-Maximum-Total-Bandwidth = 0x0000c3500000c350 Motorola-WiMAX-Maximum-Commit-Bandwidth = 0x0000c3500000c350 EAP-Message = 0x019f00061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd5efd74ea5bf2690ca9b30b80c0c0d1f Tue May 10 12:28:23 2011 : Debug: Finished request 1 Tue May 10 12:28:23 2011 : Debug: Going to the next request Tue May 10 12:28:23 2011 : Debug: Waking up in 3 seconds... rad_recv: Access-Request packet from host 192.168.1.111:33102, id=187, length=291 User-Name = "ABCDEFGHIJKL" Calling-Station-Id = "\000\037\373"\214@" NAS-IP-Address = 192.168.1.111 State = 0xd5efd74ea5bf2690ca9b30b80c0c0d1f NAS-Port = 1 Framed-MTU = 1400 Service-Type = Framed-User Called-Station-Id = "000084800711" NAS-Identifier = "636170632D73632D70726F64" NAS-Port-Type = 27 Attr-89 = 0x00 NWG-WiMAX-Capability = 0x000106312e3000020301 NWG-GMT-Time-Zone-Offset = 0x0000000000 NWG-BS-ID = 0x00000084800711 NWG-NSP-ID = 0x000001f9 EAP-Message = 0x029f005015001603010045010000410301bd274996a0d2a8dfc66a64a99828716e17e9b2f7 0921563de9b960534980670600001a0015001600330009000a002f000700670039006b003c00 35003d0100 Message-Authenticator = 0xc84be94975c1643cb9bb387a864959b5 Tue May 10 12:28:23 2011 : Debug: rlm_eap: EAP/ttls Sending Access-Challenge of id 187 to 192.168.1.111 port 33102 Session-Timeout = 64800 NWG-AAA-Session-Id = 0x00000001 Motorola-WiMAX-Convergence-Sublayer = 0x00 Motorola-WiMAX-Network-Domain-Name = "wimax.test" Motorola-WiMAX-EMS-Address = 10.10.10.1 Motorola-WiMAX-NTP-Server = 0x0171c54402 Motorola-WiMAX-HO-SVC-CLASS = 0x02 Motorola-WiMAX-DNS-Server-IP-Address = 0x71c2250421c22522 Motorola-WiMAX-Service-Flows = "2|Default" Motorola-WiMAX-VLAN-ID = 0x0111 Motorola-WiMAX-Maximum-Total-Bandwidth = 0x0000c3500000c350 Motorola-WiMAX-Maximum-Commit-Bandwidth = 0x0000c3500000c350 EAP-Message = 0x01a004051580000003fb160301004a0200004603014dc9bc07dbe88ec6106c4f128ef68386 473398aca2842adc3a4eaaee8614ce8e20779bcc1aa204f5d6e489f46ea6322950177f6a81a1 c45bde9741076dd5052144000900160301039e0b00039a0003970003943082039030820278a0 0302010202070100195ec9d00e300d06092a864886f70d0101050500307b310b300906035504 061302555331173015060355040a130e4d6f746f726f6c612c20496e632e312b302906035504 0b132257694d41582044657669636520436572746966696361746520417574686f7269747931 2630240603550403131d4d6f746f726f6c612057694d41582044 EAP-Message = 0x657669636520526f6f74204341301e170d3036303932383230353034335a170d3336303932 383230353034335a3072310b300906035504061302555331173015060355040a130e4d6f746f 726f6c612c20496e632e31153013060355040b130c57694d415820446576696365311c301a06 0355040b13134d6f746f726f6c6120504b492043656e746572311530130603550403130c3030 3139354543394430304530819f300d06092a864886f70d010101050003818d00308189028181 00e054813a6131a8ffa8212b75685f7e57c5e0f5194f33774b417b9d81178d7303e4983bf393 41386ccceac0cf3cd39da83ba27377b9dc3199edb43d4dd109d0 EAP-Message = 0x318893741855abca98290310bb50b41cc6e09d586c0ff98015f48ca02732b8f29f8e69661f 769e72690dcd3c71b1397a6cc235cbeff011123669c77eb24206171b0203010001a381a53081 a2300e0603551d0f0101ff0404030205a030200603551d250101ff0416301406082b06010505 07030206082b06010505070301301f0603551d23041830168014749ff62c2b6080531779a039 6d7784fdbad88865304d0603551d1f044630443042a040a03e863c687474703a2f2f7777772e 6174736563656e672e636f6d2f43524c2f4d6f746f57694d4158446576696365526f6f744341 2f6465766963652e63726c300d06092a864886f70d0101050500 EAP-Message = 0x038201010021be251ae9a0a1a428b5c9475eed95e4b5d9fc5493cd7ab2975a0344d39af891 9ace14bff5f39d2fb8aa235356d99e2b23d2ba1747cc383a2c4ae672c6ed98f8fce46043ff63 013ed19d6f6854c571ac22eb4725f45480b7983b93c8ee76114cad7ada64e32ae96ffc9b215f 68089bc11f2583194eee2d5dedb453868e9c688f3d48a0fbd2d5f0808c51b99e4967dc330200 8a2199c5bc2056ed2341140aff7389a2fdcbab3d5ce2ce9ce265cf1655263b9b8850c61b2199 fa4ac19fee01414de48b4b3955c213e4aa39571b2ff09713ae1a761e0b281d64f81e09ff8b65 fa47b39c54e0d8daf943c62040cc1ce13b950a4f340d4d918896 EAP-Message = 0xccf661e6b9980fdd16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x797d6859978d85bd05c3d3563531b789 Tue May 10 12:28:23 2011 : Debug: Finished request 2 Tue May 10 12:28:23 2011 : Debug: Going to the next request Tue May 10 12:28:23 2011 : Debug: Waking up in 3 seconds... rad_recv: Access-Request packet from host 192.168.1.111:33102, id=188, length=407 User-Name = "ABCDEFGHIJKL" Calling-Station-Id = "\000\037\373"\214@" NAS-IP-Address = 192.168.1.111 State = 0x797d6859978d85bd05c3d3563531b789 NAS-Port = 1 Framed-MTU = 1400 Service-Type = Framed-User Called-Station-Id = "000084800711" NAS-Identifier = "636170632D73632D70726F64" NAS-Port-Type = 27 Attr-89 = 0x00 NWG-WiMAX-Capability = 0x000106312e3000020301 NWG-GMT-Time-Zone-Offset = 0x0000000000 NWG-BS-ID = 0x00000084800711 NWG-NSP-ID = 0x000001f9 EAP-Message = 0x02a000c41500160301008610000082008023d40d3c7050fd4d414fd95cc39d8a810fdc5b69 7b964512b3d1e1fee2c67bef3a77995ae8276347a07162e17fef80092e3ae3f6a9a33af95c79 0e37a01c4648e2702a16b3c72f778f21488658fa2fd9d6e013da3d0fb15654c9df9f1d8ade55 c0d94c8d05a022c2509602e93cfc688ecbb9c4ef5e622b4f8c14c356dcd6eef4140301000101 1603010028721f3b5868dd99ea3a9d91dc70f8da97cf8c817432503dce2b7a147446b932dd2d 96d683b9ce6ae0 Message-Authenticator = 0xb83011d6deee1bc5a068aca1cf7d3401 Sending Access-Challenge of id 188 to 192.168.1.111 port 33102 Session-Timeout = 64800 NWG-AAA-Session-Id = 0x00000001 Motorola-WiMAX-Convergence-Sublayer = 0x00 Motorola-WiMAX-Network-Domain-Name = "wimax.test" Motorola-WiMAX-EMS-Address = 10.10.10.1 Motorola-WiMAX-NTP-Server = 0x0171c54402 Motorola-WiMAX-HO-SVC-CLASS = 0x02 Motorola-WiMAX-DNS-Server-IP-Address = 0x71c2250421c22522 Motorola-WiMAX-Service-Flows = "2|Default" Motorola-WiMAX-VLAN-ID = 0x0111 Motorola-WiMAX-Maximum-Total-Bandwidth = 0x0000c3500000c350 Motorola-WiMAX-Maximum-Commit-Bandwidth = 0x0000c3500000c350 EAP-Message = 0x01a1003d1580000000331403010001011603010028c4fc69856441301a816285f1754f1b17 c76dce7f6a0452fc56f9975a51aa58b6babbf545b2c8b4a4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa131f428a180d28e0d94a607853650a7 rad_recv: Access-Request packet from host 192.168.1.111:33102, id=189, length=358 User-Name = "ABCDEFGHIJKL" Calling-Station-Id = "\000\037\373"\214@" NAS-IP-Address = 192.168.1.111 State = 0xa131f428a180d28e0d94a607853650a7 NAS-Port = 1 Framed-MTU = 1400 Service-Type = Framed-User Called-Station-Id = "000084800711" NAS-Identifier = "636170632D73632D70726F64" NAS-Port-Type = 27 Attr-89 = 0x00 NWG-WiMAX-Capability = 0x000106312e3000020301 NWG-GMT-Time-Zone-Offset = 0x0000000000 NWG-BS-ID = 0x00000084800711 NWG-NSP-ID = 0x000001f9 EAP-Message = 0x02a10093150017030100886f506af88817f95f825287a053de88848946a8e8d5e919f0742d 42a8e8f7726d8d45374503e98fe12c9bba9a574e97b9e78018a011894d17ea6bb64913009155 6fb3f810250bdf0deac74be2ea6bfe7957284df32385b135cab5ab624f39f08ee91ae5f266e4 a5e0af9e032575bdd0ff182c8ceb229b331bf833b6b83cb50e77e148c0eceed741fa Message-Authenticator = 0x682093618c0d9a0717464733d93bcafb Sending Access-Challenge of id 189 to 192.168.1.111 port 33102 Session-Timeout = 64800 NWG-AAA-Session-Id = 0x00000001 Motorola-WiMAX-Convergence-Sublayer = 0x00 Motorola-WiMAX-Network-Domain-Name = "wimax.test" Motorola-WiMAX-EMS-Address = 10.10.10.1 Motorola-WiMAX-NTP-Server = 0x0171c54402 Motorola-WiMAX-HO-SVC-CLASS = 0x02 Motorola-WiMAX-DNS-Server-IP-Address = 0x71c2250421c22522 Motorola-WiMAX-Service-Flows = "2|Default" Motorola-WiMAX-VLAN-ID = 0x0111 Motorola-WiMAX-Maximum-Total-Bandwidth = 0x0000c3500000c350 Motorola-WiMAX-Maximum-Commit-Bandwidth = 0x0000c3500000c350 EAP-Message = 0x01a2005f1580000000551703010050ebd22c76d84467560a7c9ec2d14f85378b6a0198e137 820df6d48e338ae7df4e01ac57ee64ca1d63e8841c093bd8df4812b2309ee039a4e9402a595c 7363d31d58c17b61c20b49fab7182f38a5529517 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbfb482684b5f736f6a4520780d45024c Tue May 10 12:28:23 2011 : Debug: Finished request 4 Tue May 10 12:28:23 2011 : Debug: Going to the next request Tue May 10 12:28:23 2011 : Debug: Waking up in 3 seconds... rad_recv: Access-Request packet from host 192.168.1.111:33102, id=190, length=217 User-Name = "ABCDEFGHIJKL" Calling-Station-Id = "\000\037\373"\214@" NAS-IP-Address = 192.168.1.111 State = 0xbfb482684b5f736f6a4520780d45024c NAS-Port = 1 Framed-MTU = 1400 Service-Type = Framed-User Called-Station-Id = "000084800711" NAS-Identifier = "636170632D73632D70726F64" NAS-Port-Type = 27 Attr-89 = 0x00 NWG-WiMAX-Capability = 0x000106312e3000020301 NWG-GMT-Time-Zone-Offset = 0x0000000000 NWG-BS-ID = 0x00000084800711 NWG-NSP-ID = 0x000001f9 EAP-Message = 0x02a200061500 Message-Authenticator = 0x01a65022fbcbf916e7db8a9aec5d11d6 Sending Access-Accept of id 190 to 192.168.1.111 port 33102 Session-Timeout = 64800 NWG-AAA-Session-Id = 0x00000001 Motorola-WiMAX-Convergence-Sublayer = 0x00 Motorola-WiMAX-Network-Domain-Name = "wimax.test" Motorola-WiMAX-EMS-Address = 10.10.10.1 Motorola-WiMAX-NTP-Server = 0x0171c54402 Motorola-WiMAX-HO-SVC-CLASS = 0x02 Motorola-WiMAX-DNS-Server-IP-Address = 0x71c2250421c22522 Motorola-WiMAX-Service-Flows = "2|Default" Motorola-WiMAX-VLAN-ID = 0x0111 Motorola-WiMAX-Maximum-Total-Bandwidth = 0x0000c3500000c350 Motorola-WiMAX-Maximum-Commit-Bandwidth = 0x0000c3500000c350 MS-MPPE-Recv-Key = 0xac420687cf25af1258037359ed46a9fb206ef03923fd295b058d7b7bb057bcc3 MS-MPPE-Send-Key = 0x53c8e311cf376e6d6482197c2c000c48cc09232f9c3ef821f2b393322da32db2 EAP-Message = 0x03a20004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "ABCDEFGHIJKL" FREERADIUS 2: ACCESS ACCEPT MESSAGE NOK, Missing attributes rad_recv: Access-Request packet from host 192.168.1.111 port 33096, id=169, length=210 User-Name = "ABCDEFGHIJKL" Calling-Station-Id = "\000\037\373\"\214@" NAS-IP-Address = 192.168.1.111 NAS-Port = 1 Framed-MTU = 1400 Service-Type = Framed-User Called-Station-Id = "000084800711" NAS-Identifier = "636170632D73632D70726F64" NAS-Port-Type = 27 Chargeable-User-Identity = "" NWG-WiMAX-Capability = 0x000106312e3000020301 NWG-GMT-Time-Zone-Offset = 0x0000000000 NWG-BS-ID = 0x00000084800711 NWG-NSP-ID = 0x000001f9 EAP-Message = 0x0289001101423836313646303044333437 Message-Authenticator = 0x9f9f3cbb6a2b7487bfa5feba9e7191e9 Sending Access-Challenge of id 169 to 192.168.1.111 port 33096 Session-Timeout = 64800 NWG-AAA-Session-Id = 0x00000001 Motorola-WiMAX-Convergence-Sublayer = 0x00 Motorola-WiMAX-Network-Domain-Name = "wimax.test" Motorola-WiMAX-EMS-Address = 10.10.10.1 Motorola-WiMAX-NTP-Server = 0x0171c54402 Motorola-WiMAX-HO-SVC-CLASS = 0x02 Motorola-WiMAX-DNS-Server-IP-Address = 0x71c2250421c22522 Motorola-WiMAX-Service-Flows = "2|Default" Motorola-WiMAX-VLAN-ID = 0x0111 Motorola-WiMAX-Maximum-Total-Bandwidth = 0x0000c3500000c350 Motorola-WiMAX-Maximum-Commit-Bandwidth = 0x0000c3500000c350 EAP-Message = 0x018a00060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1f1aab301f90a699efb30c2336a4a7f8 rad_recv: Access-Request packet from host 192.168.1.111 port 33096, id=170, length=217 User-Name = "ABCDEFGHIJKL" Calling-Station-Id = "\000\037\373\"\214@" NAS-IP-Address = 192.168.1.111 State = 0x1f1aab301f90a699efb30c2336a4a7f8 NAS-Port = 1 Framed-MTU = 1400 Service-Type = Framed-User Called-Station-Id = "000084800711" NAS-Identifier = "636170632D73632D70726F64" NAS-Port-Type = 27 Chargeable-User-Identity = "" NWG-WiMAX-Capability = 0x000106312e3000020301 NWG-GMT-Time-Zone-Offset = 0x0000000000 NWG-BS-ID = 0x00000084800711 NWG-NSP-ID = 0x000001f9 EAP-Message = 0x028a00060315 Message-Authenticator = 0x9bfe543a80d2b666c535ecec4716540c Sending Access-Challenge of id 170 to 192.168.1.111 port 33096 Session-Timeout = 64800 NWG-AAA-Session-Id = 0x00000001 Motorola-WiMAX-Convergence-Sublayer = 0x00 Motorola-WiMAX-Network-Domain-Name = "wimax.test" Motorola-WiMAX-EMS-Address = 10.10.10.1 Motorola-WiMAX-NTP-Server = 0x0171c54402 Motorola-WiMAX-HO-SVC-CLASS = 0x02 Motorola-WiMAX-DNS-Server-IP-Address = 0x71c2250421c22522 Motorola-WiMAX-Service-Flows = "2|Default" Motorola-WiMAX-VLAN-ID = 0x0111 Motorola-WiMAX-Maximum-Total-Bandwidth = 0x0000c3500000c350 Motorola-WiMAX-Maximum-Commit-Bandwidth = 0x0000c3500000c350 EAP-Message = 0x018b00061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1f1aab301e91be99efb30c2336a4a7f8 rad_recv: Access-Request packet from host 192.168.1.111 port 33096, id=171, length=291 User-Name = "ABCDEFGHIJKL" Calling-Station-Id = "\000\037\373\"\214@" NAS-IP-Address = 192.168.1.111 State = 0x1f1aab301e91be99efb30c2336a4a7f8 NAS-Port = 1 Framed-MTU = 1400 Service-Type = Framed-User Called-Station-Id = "000084800711" NAS-Identifier = "636170632D73632D70726F64" NAS-Port-Type = 27 Chargeable-User-Identity = "" NWG-WiMAX-Capability = 0x000106312e3000020301 NWG-GMT-Time-Zone-Offset = 0x0000000000 NWG-BS-ID = 0x00000084800711 NWG-NSP-ID = 0x000001f9 EAP-Message = 0x028b0050150016030100450100004103010fc6de0dabfd728862b435215018375f0925555c a0c3841817c989017b4e208a00001a0015001600330009000a002f000700670039006b003c00 35003d0100 Message-Authenticator = 0xe8a191b0ed61fc61e1d2ef3bdaf83cc3 Tue May 10 12:32:06 2011 : Debug: rlm_wimax: Fixing WiMAX binary Calling-Station-Id to 00-1f-fb-22-8c-40 Tue May 10 12:32:06 2011 : Info: ++[wimax] returns ok Tue May 10 12:32:06 2011 : Info: [suffix] No '@' in User-Name = "ABCDEFGHIJKL", looking up realm NULL Tue May 10 12:32:06 2011 : Info: [eap] Request found, released from the list Tue May 10 12:32:06 2011 : Info: [eap] EAP/ttls Tue May 10 12:32:06 2011 : Info: [eap] processing type ttls Tue May 10 12:32:06 2011 : Info: [ttls] Authenticate Tue May 10 12:32:06 2011 : Info: [ttls] processing EAP-TLS Tue May 10 12:32:06 2011 : Info: [ttls] eaptls_verify returned 7 Tue May 10 12:32:06 2011 : Info: [ttls] Done initial handshake Tue May 10 12:32:06 2011 : Info: [ttls] (other): before/accept initialization Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: before/accept initialization Tue May 10 12:32:07 2011 : Info: [ttls] <<< TLS 1.0 Handshake [length 0045], ClientHello Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 read client hello A Tue May 10 12:32:07 2011 : Info: [ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 write server hello A Tue May 10 12:32:07 2011 : Info: [ttls] >>> TLS 1.0 Handshake [length 07a4], Certificate Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 write certificate A Tue May 10 12:32:07 2011 : Info: [ttls] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 write key exchange A Tue May 10 12:32:07 2011 : Info: [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 write server done A Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 flush data Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A Tue May 10 12:32:07 2011 : Debug: In SSL Handshake Phase Tue May 10 12:32:07 2011 : Debug: In SSL Accept mode Tue May 10 12:32:07 2011 : Info: [ttls] eaptls_process returned 13 Tue May 10 12:32:07 2011 : Info: ++[eap] returns handled Sending Access-Challenge of id 171 to 192.168.1.111 port 33096 EAP-Message = 0x018c057415c000000973160301002a0200002603014dc9bce7d40cda888a43688210a00314 9c994d366a65124da0269c9e686e5c220000150016030107a40b0007a000079d0003c9308203 c53082032ea003020102020102300d06092a864886f70d01010505003081a5310b3009060355 04061302504631193017060355040813104672656e636820506f6c796e65736961310f300d06 035504071306546168697469310d300b060355040a13045669546931253023060355040b131c 566954692043657274696669636174696f6e20417574686f726974793110300e060355040313 07566954692043413122302006092a864886f70d010901161373 EAP-Message = 0x75706572766973696f6e40766974692e7066301e170d3131303531303139303630305a170d 3231303531303139303530305a3081a4310b3009060355040613025046311930170603550408 13104672656e636820506f6c796e65736961310f300d06035504071306546168697469310d30 0b060355040a1304566954693120301e060355040b1317566954692044657669636520436572 7469666963617465311430120603550403130b56695469204465766963653122302006092a86 4886f70d01090116137375706572766973696f6e40766974692e706630819f300d06092a8648 86f70d010101050003818d0030818902818100cf146e3aec377c EAP-Message = 0xf2e1bec0453263b1b4127e0027a8adb9c3b4ccef2b8d855c0f961a7a25d10150dd7a33aa19 1576f0f33d2caf6645138cc5e8746320af632696db3a13daccc1a48eae75162b2eba2a9458a5 4d005203f2c70380c3be402b08118a92bee2c0325459cd31e666bd160a5d479adaaa079aa683 ae42ce4f5d05c9210203010001a38201023081ff30090603551d1304023000301d0603551d0e 04160414a4c6acab08366f6bb61fd9b8a4ed15b92112846c3081d20603551d230481ca3081c7 80148e5db1d2720ee7812a816ef4617fab6a05fbe5cda181aba481a83081a5310b3009060355 04061302504631193017060355040813104672656e636820506f EAP-Message = 0x6c796e65736961310f300d06035504071306546168697469310d300b060355040a13045669 546931253023060355040b131c566954692043657274696669636174696f6e20417574686f72 6974793110300e06035504031307566954692043413122302006092a864886f70d0109011613 7375706572766973696f6e40766974692e7066820101300d06092a864886f70d010105050003 8181005851ca7ba587bbd42a7be05bb08e6b5498828d647ea5dde26637c7534f7744aa6b4f66 d4b74d32445c14cf62aa98ee96d0ba6315eddbbfa2aa53d572c42cfa9a833f527082a874beae 39d5afce6a81c86b2538ddabb7186f2bd1ed3dc041b15a15387b EAP-Message = 0xeb64a2f8b9f7eb4f88196b08bea65dd215b15c8257c7164f86f99298190003ce308203ca30 820333a003020102020101300d06092a864886f70d01010505003081a5310b30090603550406 1302504631193017060355040813104672656e636820506f6c796e65736961310f300d060355 04071306546168697469310d300b060355040a13045669546931253023060355040b131c5669 54692043657274696669636174696f6e20417574686f726974793110300e0603550403130756 6954692043413122302006092a864886f70d01090116137375706572766973696f6e40766974 692e7066301e170d3131303531303139303530305a170d323130 EAP-Message = 0x3531303139303530305a3081a5310b30090603550406130250463119301706035504081310 4672656e636820506f6c796e65736961310f300d06035504071306546168697469310d300b06 0355040a13045669546931253023060355040b131c566954692043657274696669636174696f 6e20417574686f726974793110300e060355 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1f1aab301d96be99efb30c2336a4a7f8 rad_recv: Access-Request packet from host 192.168.1.111 port 33096, id=172, length=217 User-Name = "ABCDEFGHIJKL" Calling-Station-Id = "\000\037\373\"\214@" NAS-IP-Address = 192.168.1.111 State = 0x1f1aab301d96be99efb30c2336a4a7f8 NAS-Port = 1 Framed-MTU = 1400 Service-Type = Framed-User Called-Station-Id = "000084800711" NAS-Identifier = "636170632D73632D70726F64" NAS-Port-Type = 27 Chargeable-User-Identity = "" NWG-WiMAX-Capability = 0x000106312e3000020301 NWG-GMT-Time-Zone-Offset = 0x0000000000 NWG-BS-ID = 0x00000084800711 NWG-NSP-ID = 0x000001f9 EAP-Message = 0x028c00061500 Message-Authenticator = 0x4feb13773e367f2f9bb82e5476b30c4e Tue May 10 12:32:07 2011 : Info: [eap] EAP/ttls Tue May 10 12:32:07 2011 : Info: [eap] processing type ttls Tue May 10 12:32:07 2011 : Info: [ttls] Authenticate Tue May 10 12:32:07 2011 : Info: [ttls] processing EAP-TLS Tue May 10 12:32:07 2011 : Info: [ttls] Received TLS ACK Tue May 10 12:32:07 2011 : Info: [ttls] ACK handshake fragment handler Tue May 10 12:32:07 2011 : Info: [ttls] eaptls_verify returned 1 Tue May 10 12:32:07 2011 : Info: [ttls] eaptls_process returned 13 Tue May 10 12:32:07 2011 : Info: ++[eap] returns handled Sending Access-Challenge of id 172 to 192.168.1.111 port 33096 EAP-Message = 0x018d041315800000097304031307566954692043413122302006092a864886f70d01090116 137375706572766973696f6e40766974692e706630819f300d06092a864886f70d0101010500 03818d0030818902818100b7ac51ec399b15d7cf0643216d5306d93aa4452657d7fbe44d1fa3 1af4075d73a4a3a35ef85ae05c447ffa77af62936416062468c17c15786ae6ee8550515693f0 c7f65607bf195f36099fe3d109055734f0ed3cff4aee4dc47f151985ba949b3f5a3777cae7b0 524d668f2037ebba783780f2713dadbf11a705f98de8c0a21b0203010001a382010630820102 300c0603551d13040530030101ff301d0603551d0e041604148e EAP-Message = 0x5db1d2720ee7812a816ef4617fab6a05fbe5cd3081d20603551d230481ca3081c780148e5d b1d2720ee7812a816ef4617fab6a05fbe5cda181aba481a83081a5310b300906035504061302 504631193017060355040813104672656e636820506f6c796e65736961310f300d0603550407 1306546168697469310d300b060355040a13045669546931253023060355040b131c56695469 2043657274696669636174696f6e20417574686f726974793110300e06035504031307566954 692043413122302006092a864886f70d01090116137375706572766973696f6e40766974692e 7066820101300d06092a864886f70d01010505000381810090c8 EAP-Message = 0x0c65f81c8ceb5b62904cff1b80456c04f697c3adc26a164949a51dfdfdd3edc5f3533a9c66 f49823621c06ba4a3b336f79bb2359cf9f141a1f56d32461dc5b035ccdf96bcc0f9a8a16f59b 6fe8ad12eb5e52d2f0e801a502b003623d3e58a857cdff666ab7109ba20d97374cf24605ba50 4399f3fa0aa349a78d2690c75e160301018d0c000189008096c63659641fe69224a150344e09 f5640eff816b755ed2919b4abdd624f52b357de4d8eed363296dec7f49cab77e5d3fa71100a6 31ea006653da6da4b01b5ef0a8716ac1f8358a78d24862c2b79390e0e94a8e31c4192197b95f eaa631910015d7494823fa06817313a5f9e7cb46982abc4a59a1 EAP-Message = 0x98eb701ea03966bc5233a08300010200803b555aa3c5417163d1d890a41131b06ad88dfef4 9ffd1fc3c2547845112efce1b818a21b6ed46bad7ae412cd100a23b10162c372ec7f618dbd1f 50812450f4b60addefc8fb2698a27fbbc5abdc1a5eb137aec15bdccd596b1d52d1d69ef9f206 4f0be3de750413eb6508f19c8e2cf4807f57e1e3aaef4232d1c4f5f6450e6c980080ae642d91 204dc58bcf2de45a3a2dcc1a92ffcdfeb5d9bc1832e969528b42b5b0b12350a995e1219874f5 0717be1cb7f42f4d7a664134d1a479e34ae3ee7f0136dff6b37edc3021ad865783e0a868f23b 2ffcee78f99b32d2d4f16db950159c29964d51711b82826258d9 EAP-Message = 0xbd4a4e36d91b7047288f4f78254763134f61152f942816030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1f1aab301c97be99efb30c2336a4a7f8 rad_recv: Access-Request packet from host 192.168.1.111 port 33096, id=173, length=407 User-Name = "ABCDEFGHIJKL" Calling-Station-Id = "\000\037\373\"\214@" NAS-IP-Address = 192.168.1.111 State = 0x1f1aab301c97be99efb30c2336a4a7f8 NAS-Port = 1 Framed-MTU = 1400 Service-Type = Framed-User Called-Station-Id = "000084800711" NAS-Identifier = "636170632D73632D70726F64" NAS-Port-Type = 27 Chargeable-User-Identity = "" NWG-WiMAX-Capability = 0x000106312e3000020301 NWG-GMT-Time-Zone-Offset = 0x0000000000 NWG-BS-ID = 0x00000084800711 NWG-NSP-ID = 0x000001f9 EAP-Message = 0x028d00c415001603010086100000820080041043d5921043658e7021b4dc0c4766668c5254 518f4c66ef3aee6c5b050bd710b8a99b4d2efed361a5aee69673ee2f497ea993705b8ca5c95a b86e00d96882a9e249b225b91bf7ce5ed734164ac29e17fc55de89e345444bd241a875e22d4c 51b6fb7318e376938005ed77138d2836b648a59c38cb0ebd681998473d06ad57140301000101 1603010028fb9cb199122793285220fa9435f91dfe2c8106081c1761645cde53593aa9bc0104 ebccc13f74afee Message-Authenticator = 0x72753965c681bd3edfb36ef6b39909ae Tue May 10 12:32:07 2011 : Info: +- entering group authorize {...} Tue May 10 12:32:07 2011 : Info: ++[preprocess] returns ok Tue May 10 12:32:07 2011 : Info: [auth_log] expand: %t -> Tue May 10 12:32:07 2011 Tue May 10 12:32:07 2011 : Info: ++[auth_log] returns ok Tue May 10 12:32:07 2011 : Info: ++[chap] returns noop Tue May 10 12:32:07 2011 : Info: ++[mschap] returns noop Tue May 10 12:32:07 2011 : Debug: rlm_wimax: Fixing WiMAX binary Calling-Station-Id to 00-1f-fb-22-8c-40 Tue May 10 12:32:07 2011 : Info: ++[wimax] returns ok Tue May 10 12:32:07 2011 : Info: [eap] EAP/ttls Tue May 10 12:32:07 2011 : Info: [eap] processing type ttls Tue May 10 12:32:07 2011 : Info: [ttls] Authenticate Tue May 10 12:32:07 2011 : Info: [ttls] processing EAP-TLS Tue May 10 12:32:07 2011 : Info: [ttls] eaptls_verify returned 7 Tue May 10 12:32:07 2011 : Info: [ttls] Done initial handshake Tue May 10 12:32:07 2011 : Info: [ttls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 read client key exchange A Tue May 10 12:32:07 2011 : Info: [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] Tue May 10 12:32:07 2011 : Info: [ttls] <<< TLS 1.0 Handshake [length 0010], Finished Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 read finished A Tue May 10 12:32:07 2011 : Info: [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 write change cipher spec A Tue May 10 12:32:07 2011 : Info: [ttls] >>> TLS 1.0 Handshake [length 0010], Finished Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 write finished A Tue May 10 12:32:07 2011 : Info: [ttls] TLS_accept: SSLv3 flush data Tue May 10 12:32:07 2011 : Info: [ttls] (other): SSL negotiation finished successfully Tue May 10 12:32:07 2011 : Debug: SSL Connection Established Tue May 10 12:32:07 2011 : Info: [ttls] eaptls_process returned 13 Tue May 10 12:32:07 2011 : Info: ++[eap] returns handled Sending Access-Challenge of id 173 to 192.168.1.111 port 33096 EAP-Message = 0x018e003d158000000033140301000101160301002836597205ba27c7eb6f6c282853dfcd01 b4a82000561ad791379a623c527aabadff705be58f4392b9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1f1aab301b94be99efb30c2336a4a7f8 rad_recv: Access-Request packet from host 192.168.1.111 port 33096, id=174, length=358 User-Name = "ABCDEFGHIJKL" Calling-Station-Id = "\000\037\373\"\214@" NAS-IP-Address = 192.168.1.111 State = 0x1f1aab301b94be99efb30c2336a4a7f8 NAS-Port = 1 Framed-MTU = 1400 Service-Type = Framed-User Called-Station-Id = "000084800711" NAS-Identifier = "636170632D73632D70726F64" NAS-Port-Type = 27 Chargeable-User-Identity = "" NWG-WiMAX-Capability = 0x000106312e3000020301 NWG-GMT-Time-Zone-Offset = 0x0000000000 NWG-BS-ID = 0x00000084800711 NWG-NSP-ID = 0x000001f9 EAP-Message = 0x028e0093150017030100880c7f64a5f5184085fb897a83be464d3c99883f7949f8c30d76e7 09e44c3154dcd14dbdcc0f76ef33368959613f398b868bf96f797187b9edcc0a280b20994284 6660822fd2efa60ea39da6ada99dc8ce28cc7caaaaa26fd10308af7fbf16d1421e4cda944739 bddeb2474188f0017d24ec3f657301733ddd1229c0a031a2462ee9cfc5f67e2d0df5 Message-Authenticator = 0x0f0f1ba3f356aa9b52e19c3f338f57f9 Tue May 10 12:32:07 2011 : Debug: rlm_wimax: Fixing WiMAX binary Calling-Station-Id to 00-1f-fb-22-8c-40 Tue May 10 12:32:07 2011 : Info: ++[wimax] returns ok Tue May 10 12:32:07 2011 : Info: [suffix] No '@' in User-Name = "ABCDEFGHIJKL", looking up realm NULL Tue May 10 12:32:07 2011 : Info: [eap] EAP/ttls Tue May 10 12:32:07 2011 : Info: [eap] processing type ttls Tue May 10 12:32:07 2011 : Info: [ttls] Authenticate Tue May 10 12:32:07 2011 : Info: [ttls] processing EAP-TLS Tue May 10 12:32:07 2011 : Info: [ttls] eaptls_verify returned 7 Tue May 10 12:32:07 2011 : Info: [ttls] Done initial handshake Tue May 10 12:32:07 2011 : Info: [ttls] eaptls_process returned 7 Tue May 10 12:32:07 2011 : Info: [ttls] Session established. Proceeding to decode tunneled attributes. Tue May 10 12:32:07 2011 : Info: [ttls] Got tunneled request User-Name = "usertest" MS-CHAP-Challenge = 0x4f40452a49e66f3394fe5472d7a6c8a3 MS-CHAP2-Response = 0x730014ff97bffc0a475fbe7d800f95b76e9e00000000000000008873ec5c5e2f2abe748678 133c983a865c80980b3b532e24 FreeRADIUS-Proxied-To = 127.0.0.1 Tue May 10 12:32:07 2011 : Info: [ttls] Sending tunneled request User-Name = "usertest" MS-CHAP-Challenge = 0x4f40452a49e66f3394fe5472d7a6c8a3 MS-CHAP2-Response = 0x730014ff97bffc0a475fbe7d800f95b76e9e00000000000000008873ec5c5e2f2abe748678 133c983a865c80980b3b532e24 FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { Tue May 10 12:32:07 2011 : Info: [mschap] Told to do MS-CHAPv2 for usertest with NT-Password Tue May 10 12:32:07 2011 : Info: [mschap] adding MS-CHAPv2 MPPE keys Tue May 10 12:32:07 2011 : Info: ++[mschap] returns ok Tue May 10 12:32:07 2011 : Info: WARNING: Empty section. Using default return values. } # server inner-tunnel Tue May 10 12:32:07 2011 : Info: [ttls] Got tunneled reply code 2 MS-CHAP2-Success = 0x73533d45434435323936393145304539454433384342423831354245354644433446384631 384533454139 MS-MPPE-Recv-Key = 0x2dacf31b4e71f823de59fbab96d683d3 MS-MPPE-Send-Key = 0x4e126126cbeee506002c7e8b418b7c37 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 Tue May 10 12:32:07 2011 : Info: [ttls] Got tunneled Access-Accept Tue May 10 12:32:07 2011 : Info: [ttls] Got MS-CHAP2-Success, tunneling it to the client in a challenge. Tue May 10 12:32:07 2011 : Info: ++[eap] returns handled Sending Access-Challenge of id 174 to 192.168.1.111 port 33096 EAP-Message = 0x018f005f1580000000551703010050a7dd22c4c960fac1b93edcce9e2caa6bc6cd1c3daf00 b30b64cb7ca999bac133b6bf01f33f00c8848a60de395ec93a2abaa09cd35fbaaf4e357c8cd1 4ab7e499121d53cb61cd60ad8e4efc534b0a1b5b Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1f1aab301a95be99efb30c2336a4a7f8 Tue May 10 12:32:07 2011 : Info: Finished request 8. Tue May 10 12:32:07 2011 : Debug: Going to the next request Tue May 10 12:32:07 2011 : Debug: Waking up in 1.3 seconds. rad_recv: Access-Request packet from host 192.168.1.111 port 33096, id=175, length=217 User-Name = "ABCDEFGHIJKL" Calling-Station-Id = "\000\037\373\"\214@" NAS-IP-Address = 192.168.1.111 State = 0x1f1aab301a95be99efb30c2336a4a7f8 NAS-Port = 1 Framed-MTU = 1400 Service-Type = Framed-User Called-Station-Id = "000084800711" NAS-Identifier = "636170632D73632D70726F64" NAS-Port-Type = 27 Chargeable-User-Identity = "" NWG-WiMAX-Capability = 0x000106312e3000020301 NWG-GMT-Time-Zone-Offset = 0x0000000000 NWG-BS-ID = 0x00000084800711 NWG-NSP-ID = 0x000001f9 EAP-Message = 0x028f00061500 Message-Authenticator = 0x39b7c4e6f117eeb2972893b5de5fa739 Tue May 10 12:32:07 2011 : Info: +- entering group authorize {...} Tue May 10 12:32:07 2011 : Info: ++[preprocess] returns ok Tue May 10 12:32:07 2011 : Info: ++[chap] returns noop Tue May 10 12:32:07 2011 : Info: ++[mschap] returns noop Tue May 10 12:32:07 2011 : Debug: rlm_wimax: Fixing WiMAX binary Calling-Station-Id to 00-1f-fb-22-8c-40 Tue May 10 12:32:07 2011 : Info: ++[wimax] returns ok Tue May 10 12:32:07 2011 : Info: [eap] Freeing handler Tue May 10 12:32:07 2011 : Info: ++[eap] returns ok Tue May 10 12:32:07 2011 : Info: [wimax] MIP-RK = 0xb53187ac09a8638b39ccece5d545ddcddfe9039dd4ca0d87fbfb11eb8d28bfed72fd0b846c b227a4bfef736b776521f1f9f65399d97663622de78645392e829a Tue May 10 12:32:07 2011 : Info: [wimax] MIP-SPI = c3962fc7 Tue May 10 12:32:07 2011 : Info: [wimax] WARNING: WiMAX-MN-NAI was not found in the request or in the reply. Tue May 10 12:32:07 2011 : Info: [wimax] WARNING: We cannot calculate MN-HA keys. Tue May 10 12:32:07 2011 : Info: [wimax] WARNING: WiMAX-IP-Technology not found in reply. Tue May 10 12:32:07 2011 : Info: [wimax] WARNING: Not calculating MN-HA keys Tue May 10 12:32:07 2011 : Info: ++[wimax] returns updated Sending Access-Accept of id 175 to 192.168.1.111 port 33096 MS-MPPE-Recv-Key = 0x6ac20e0ae330ec47259e11c1c88604adaf0bf8b2fed16dcd36676a114f989c50 MS-MPPE-Send-Key = 0x6c6881e76c18bae61afc53895744ccee92b7c95acc83cff8f59fcad428930e68 EAP-Message = 0x038f0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "ABCDEFGHIJKL" If you have some clues please let me know. Regards, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
