Make sure you configure FR to delete the MPPE keys. This can be found in the /modules/wimax file. Set the value from No to Yes.
As well, you need to configure the server to use the inner-tunnel. I would start from the default FR settings, uncomment the wimax entries you see in sites-available/default and sites-available/inner-tunnel, make the change in the /modules/wimax file and make sure your profile names match as this is case sensitive. David -----Original Message----- From: freeradius-users-bounces+david.peterson=acc-corp....@lists.freeradius.org [mailto:freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradiu s.org] On Behalf Of Hahusseau, Thomas Sent: Tuesday, May 31, 2011 1:18 PM To: [email protected] Subject: Freeradius + Alvarion 4Motion specify filter-id value inaccess-accept from value in user conf file ? Hello, I'm running latest version form Master Branch of Freeradius. I managed to connect an Alvarion CPE to an Alvarion 4M BS with Freeradius server as authenticator. Everything works well except that I directly specified in my /site-enable/default configuration file the value of "Filter-Id" attribute required by the base station. ----------- /site-enabled/default post-auth { exec update request { WiMAX-MN-NAI = "%{User-Name}" } update reply { WiMAX-FA-RK-Key = 0x00 WiMAX-MSK = "%{reply:EAP-MSK}" Filter-Id = "Profile1" } wimax Post-Auth-Type REJECT { # log failed authentications in SQL, too. # sql attr_filter.access_reject } } ----------- I would like to use different value of attribute "Filter-Id" for different users (specific QoS setting in Alvarion ASN-GW for each Filter-Id). I would like to use the "Filter-ID"'s value specified in my users conf file : ----------- users #standard customer [email protected] Cleartext-Password := "cpe1" Session-Timeout = 3600, Termination-Action = Radius-Request, Filter-Id = "Profile1" #VIP customer [email protected] Cleartext-Password := "cpe2" Session-Timeout = 3600, Termination-Action = Radius-Request, Filter-Id = "Profile2" ----------- I tried to use the same syntax as for WiMAX-MSK attribute: Filter-ID ="%{Filter-Id}" but it doesn't work (Filter-ID value in access-accept is empty). I googled "Filter-Id freeradius" and found nothing relevant. Is it possible to use Filter-ID value form users conf file in access-accept ? Here is an example on access-accept message with filter-id specified directly in site-enable/default conf file. ----------- radiusd -X (7) Found Auth-Type = ? (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (7) group authenticate { (7) - entering group authenticate {...} (7) eap : Request found, released from the list (7) eap : EAP/ttls (7) eap : processing type ttls (7) ttls : Authenticate (7) ttls : processing EAP-TLS (7) ttls : Received TLS ACK (7) ttls : Received TLS ACK (7) ttls : ACK handshake is finished (7) ttls : eaptls_verify returned 3 (7) ttls : eaptls_process returned 3 (7) ttls : Using saved attributes from the original Access-Accept (7) eap : Freeing handler (7) [eap] = ok (7) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default (7) group post-auth { (7) - entering group post-auth {...} (7) [exec] = noop (7) update request { (7) expand: %{User-Name} -> {am=1}[email protected] (7) } # update request = noop (7) update reply { (7) expand: %{reply:EAP-MSK} -> 0x0473dcd65638bc4ef089945467f25e24f252b53f34e4d2f220d157c3d1192528cb185a0437 d0a641fd5434d28738eae8f013d4b0308662a0e1b365d8ad542ce0 (7) } # update reply = noop (7) wimax : MIP-RK = 0x9ec871a65c3033e03c0d77ed55a1517d4b7dbbbeb2d782bcf369635861e64925c5db13c362 86e2032c789ad6fe2c09cd21eda782a9a4758e9ce73f8f384c46b6 (7) wimax : MIP-SPI = bb9d949a (7) wimax : WARNING: WiMAX-IP-Technology not found in reply. (7) wimax : WARNING: Not calculating MN-HA keys (7) [wimax] = updated Sending Access-Accept of id 246 to 192.168.100.10 port 1812 MS-MPPE-Recv-Key = 0x0473dcd65638bc4ef089945467f25e24f252b53f34e4d2f220d157c3d1192528 MS-MPPE-Send-Key = 0xcb185a0437d0a641fd5434d28738eae8f013d4b0308662a0e1b365d8ad542ce0 EAP-Message = 0x03080004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "{am=1}[email protected]" WiMAX-FA-RK-Key = 0xb37b0b5832687e02c31b94319b2ba3077479411f WiMAX-MSK = 0x0473dcd65638bc4ef089945467f25e24f252b53f34e4d2f220d157c3d1192528cb185a0437 d0a641fd5434d28738eae8f013d4b0308662a0e1b365d8ad542ce0 Filter-Id = "Profile1" WiMAX-FA-RK-SPI = 2593430971 (7) Finished request 7. ----------- Regards, Mr Thomas Hahusseau, Ingénieur réseau Cassidian (EADS) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
