Hi Krzystof, You need to use the new Alvarion dictionary which is included in the 3.0 version I believe, Alan will undoubtedly correct me.
In addition you will need to change the TOS range and mask values. Here is what I send to set up 1 IPCS flow on an Alvarion 4-Motion ASN. Alvarion-R3-IF-Name += SGVLAN13 Alvarion-PDFID += 1 WiMAX-Packet-Data-Flow-Id += 1 WiMAX-Service-Data-Flow-Id += 1 WiMAX-Direction += 3 WiMAX-Transport-Type += 1 WiMAX-Uplink-QOS-Id += 1 WiMAX-Downlink-QOS-Id += 1 WiMAX-ClassifierID += 1 WiMAX-Classifier-Priority += 1 WiMAX-Classifier-Direction += 1 WiMAX-IP-TOS-DSCP-Range-and-Mask += 0x1818FF WiMAX-Transport-Type += 1 WiMAX-ClassifierID += 2 WiMAX-Classifier-Priority += 1 WiMAX-Classifier-Direction += 2 WiMAX-IP-TOS-DSCP-Range-and-Mask += 0x0000FF WiMAX-QoS-Id += 1 WiMAX-Schedule-Type += 2 WiMAX-Traffic-Priority += 1 WiMAX-Maximum-Sustained-Traffic-Rate += 256000 David Peterson Senior WiMax Engineer Wireless Connections -----Original Message----- From: freeradius-users-bounces+david.peterson=acc-corp....@lists.freeradius.org [mailto:freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradiu s.org] On Behalf Of Krzysztof Grobelak Sent: Wednesday, October 19, 2011 11:06 AM To: FreeRadius users mailing list Subject: No connection after access-accept. Hello. I am trying to configure freeradius to work with Alvarion devices. It is working fine with Extreme but for some reason it does not work with 4motion. I installed the "master" version from git and I edited the dictionary files. My problem is that i see access-accept being sent but the connection is not established and radio keeps trying to authenticate with freeradius. Each attempt ends with access-accept being sent. Thanks in advance P.S. I am new to freeradius and wimax so please dont eat me alive... Regards, Krzysztof Debug: FreeRADIUS Version 3.0.0, for host i686-pc-linux-gnu, built on Oct 17 2011 at 10:26:54 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Compilation options: Regex flavour: Posix Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/redis including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/sql including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/replicate including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/sqlippool including configuration file /usr/local/etc/raddb/sql/postgresql/ippool.conf including configuration file /usr/local/etc/raddb/modules/opendirectory including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/rediswho including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/eap including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/utf8 including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/soh including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/dynamic_clients including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including configuration file /usr/local/etc/raddb/sites-enabled/control-socket main { security { allow_core_dumps = no } } including dictionary file /usr/local/etc/raddb/dictionary main { name = "radiusd" prefix = "/usr/local" localstatedir = "/usr/local/var" sbindir = "/usr/local/sbin" logdir = "/usr/local/var/log/radius" run_dir = "/usr/local/var/run/radiusd" libdir = "/usr/local/lib" radacctdir = "/usr/local/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/usr/local/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" max_connections = 16 } client 10.190.0.2 { require_message_authenticator = no secret = "pass" shortname = "Testing" nastype = "other" max_connections = 16 } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /usr/local/etc/raddb/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /usr/local/etc/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /usr/local/etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /usr/local/etc/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /usr/local/etc/raddb/radiusd.conf modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /usr/local/etc/raddb/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /usr/local/etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no passchange { } allow_retry = yes } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /usr/local/etc/raddb/modules/eap eap { default_eap_type = "ttls" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/usr/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" CA_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/usr/local/etc/raddb/certs/dh" random_file = "/usr/local/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/usr/local/etc/raddb/certs/bootstrap" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/"; } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess preprocess { huntgroups = "/usr/local/etc/raddb/huntgroups" hints = "/usr/local/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /usr/local/etc/raddb/modules/files files { usersfile = "/usr/local/etc/raddb/users" acctusersfile = "/usr/local/etc/raddb/acct_users" preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" compat = "no" } Module: Checking preacct {...} for more modules to load Module: Loading virtual module acct_unique Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /usr/local/etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_wimax Module: Instantiating module "wimax" from file /usr/local/etc/raddb/modules/wimax wimax { delete_mppe_keys = no } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /usr/local/etc/raddb/modules/unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp radutmp { filename = "/usr/local/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/usr/local/etc/raddb/attrs.accounting_response" key = "%{User-Name}" relaxed = no } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/usr/local/etc/raddb/attrs.access_reject" key = "%{User-Name}" relaxed = no } } # modules } # server server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/usr/local/var/run/radiusd/radiusd.sock" } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Opening new proxy address * port 1814 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=225, length=226 User-Name = "{sm=1}[email protected]" EAP-Message = 0x0201002a017b736d3d317d6d61676e612e74616c6c616768742e7465737440616972737065 65642e6965 Message-Authenticator = 0xb0e4f53c239e82a5a9424643abac90c5 NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (0) group authorize { (0) - entering group authorize {...} (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) eap : EAP packet type response id 1 length 42 (0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) Found Auth-Type = ? (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (0) group authenticate { (0) - entering group authenticate {...} (0) eap : EAP Identity (0) eap : processing type tls (0) tls : Initiate (0) tls : Start returned 1 (0) [eap] = handled Sending Access-Challenge of id 225 to 10.190.0.2 port 1812 EAP-Message = 0x010200061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4524932a452686bf0e6f9b30d966adf3 (0) Finished request 0. Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=226, length=290 User-Name = "{sm=1}[email protected]" EAP-Message = 0x0202005815800000004e16030100490100004503014d6f0492446dcf37684a8ba3964276e6 a0af14e11c0c66ba0bfe09bee47296d900001e00390038003500160013000a00330032002f00 15001200090014001100080100 Message-Authenticator = 0x16b9a8766e5ca7d66bd4109f08badf56 NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a State = 0x4524932a452686bf0e6f9b30d966adf3 (1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (1) group authorize { (1) - entering group authorize {...} (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) eap : EAP packet type response id 2 length 88 (1) eap : Continuing tunnel setup. (1) [eap] = ok (1) Found Auth-Type = ? (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (1) group authenticate { (1) - entering group authenticate {...} (1) eap : Request found, released from the list (1) eap : EAP/ttls (1) eap : processing type ttls (1) ttls : Authenticate (1) ttls : processing EAP-TLS TLS Length 78 (1) ttls : Length Included (1) ttls : eaptls_verify returned 11 (1) ttls : (other): before/accept initialization (1) ttls : TLS_accept: before/accept initialization (1) ttls : <<< TLS 1.0 Handshake [length 0049], ClientHello (1) ttls : TLS_accept: SSLv3 read client hello A (1) ttls : >>> TLS 1.0 Handshake [length 002a], ServerHello (1) ttls : TLS_accept: SSLv3 write server hello A (1) ttls : >>> TLS 1.0 Handshake [length 085e], Certificate (1) ttls : TLS_accept: SSLv3 write certificate A (1) ttls : >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange (1) ttls : TLS_accept: SSLv3 write key exchange A (1) ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone (1) ttls : TLS_accept: SSLv3 write server done A (1) ttls : TLS_accept: SSLv3 flush data (1) ttls : TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode (1) ttls : eaptls_process returned 13 (1) [eap] = handled Sending Access-Challenge of id 226 to 10.190.0.2 port 1812 EAP-Message = 0x0103040015c000000aad160301002a0200002603014e9ee50972fa598b689b6f459a90c557 abd4de3970630ee299ae5a309acdf4ec00003900160301085e0b00085a0008570003a6308203 a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355 040613024652310f300d060355040813065261646975733112301006035504071309536f6d65 776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886 f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d457861 6d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3131313031333039353734375a170d3132313031323039353734375a307c310b30 09060355040613024652310f300d0603550408130652616469757331153013060355040a130c 4578616d706c6520496e632e312330210603550403131a4578616d706c652053657276657220 43657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d 706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a028201 0100caef6b9b67bdef4ad8e1e44128bc7e4d59b10f7fea2f25a815df34e36e48223a3812b6b4 c9005ddf99cf79afe5a4645eb7847cdaa444ad11ad858447f05e EAP-Message = 0xbb17624bb71f12a488110b381a1a629f04fe7811e5589b7cfebad4e16d89ce6b982880f28d b5f6817bda4db85b83520a6d47f682e224f70e9a104fc421ca712b8fa4c1b9e6c98329a5db41 50bb6d06fe29729e2842c5ecb6960b89cbdadc1ec91e7eadbdb4288023659fef46b02ec89bb4 7026e86c85aefb37d6df74167a3e12279d32b42199ba04013f8d4985c218365f0f60c3d9af22 7a3949125925db3ffb1bdccf34548f7626dac63e22b0624b6f16669d47fbc7ca4ddf2f794d00 4b901ecb090203010001a317301530130603551d25040c300a06082b06010505070301300d06 092a864886f70d01010405000382010100b676c0afe25190b575 EAP-Message = 0x1fa8ec975b02e09c61c8b25c4e2b7fe96b9275018524ef5bfecace1625ea8a09aaccc1a0b9 cdb2ebe7d1780ecf6a2bf775d639944c27881d5ea4d6fb013799ca759216777b46ee8dbdd9b6 6346ad9ee5b4e1854f04fa495bc64ce62702c50f3ba637d28c835c3113ca9984a94b1b3e6402 8034c73d734af96bdbb3e7bbb427372fb069af913eb2ced4ef9253a87050138334320cd2f563 c457de969f8472fd861282613fb501a0732e1bc2e9a0eb41caa6cb481c773f79737c1a9bc0e9 5e795ee5a0974fb2752d947606422dfba0e2c45b046c834c0553aecdd2b3a37952050de7a2d6 e27be9065dc29bc10b90188a7faf20beed7b904c0004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4524932a442786bf0e6f9b30d966adf3 (1) Finished request 1. Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=227, length=208 User-Name = "{sm=1}[email protected]" EAP-Message = 0x020300061500 Message-Authenticator = 0x9a77a1ab1819f89e18fb8f7a8d263dbc NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a State = 0x4524932a442786bf0e6f9b30d966adf3 (2) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (2) group authorize { (2) - entering group authorize {...} (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) eap : EAP packet type response id 3 length 6 (2) eap : Continuing tunnel setup. (2) [eap] = ok (2) Found Auth-Type = ? (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (2) group authenticate { (2) - entering group authenticate {...} (2) eap : Request found, released from the list (2) eap : EAP/ttls (2) eap : processing type ttls (2) ttls : Authenticate (2) ttls : processing EAP-TLS (2) ttls : Received TLS ACK (2) ttls : Received TLS ACK (2) ttls : ACK handshake fragment handler (2) ttls : eaptls_verify returned 1 (2) ttls : eaptls_process returned 13 (2) [eap] = handled Sending Access-Challenge of id 227 to 10.190.0.2 port 1812 EAP-Message = 0x0104040015c000000aad00ec1d720e4a7e8a98300d06092a864886f70d0101050500308193 310b3009060355040613024652310f300d060355040813065261646975733112301006035504 071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e312030 1e06092a864886f70d010901161161646d696e406578616d706c652e636f6d31263024060355 0403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d31 31313031333039353734375a170d3132313031323039353734375a308193310b300906035504 0613024652310f300d0603550408130652616469757331123010 EAP-Message = 0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e 632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126 30240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 30820122300d06092a864886f70d01010105000382010f003082010a0282010100be734cc62e cb7177f45d9f49d0dc7c67f1e8f71f9ad048dd67a12de738c98729d524e687e47b801bf912a3 ce76ff5c35cbbae16eed0733b5e51b53633123803af7f8bdb2a456b82f3c022ab8aa75e09e55 f898044a1de747799af4506d191327f3cb2fd28c87d277828b1b EAP-Message = 0x5372af25f28e4dc8ece69051878c673e3036fad0165be210ee1e208c762dbd201af930f8d3 0c2d8e1f112afa92bec4462e0f812d645e0572c991a9f1ff3fb7938f9aa1c92db6464ea6025f c34af023dc152c09ac6074742f3b1766cfca4c352255553bea37de71ea152bb306cd1893e111 19326b7a5bdf957fc90726ffcf49b542285aeda0480ced4f180547fe0449400dfd786fc50203 010001a381fb3081f8301d0603551d0e04160414b57317268d6d7a07453f567b60d8e38ab31a f2a13081c80603551d230481c03081bd8014b57317268d6d7a07453f567b60d8e38ab31af2a1 a18199a48196308193310b3009060355040613024652310f300d EAP-Message = 0x060355040813065261646975733112301006035504071309536f6d65776865726531153013 060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d01090116116164 6d696e406578616d706c652e636f6d312630240603550403131d4578616d706c652043657274 6966696361746520417574686f72697479820900ec1d720e4a7e8a98300c0603551d13040530 030101ff300d06092a864886f70d010105050003820101000145888b12dc92a1ae57d9cf122d 90702ccf6fdeacf92f4e46bdab9773d80bb5373ddacd234f03fd8d8f8587b515ba24b28931ff ec882ad044f8bc07f3c510b90f86e302639082c1d1fbc9fd9d2b EAP-Message = 0x29f6a43153b63396708d1c2a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4524932a472086bf0e6f9b30d966adf3 (2) Finished request 2. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=228, length=208 User-Name = "{sm=1}[email protected]" EAP-Message = 0x020400061500 Message-Authenticator = 0xe3f7dbd13796664921230156fd4a7f0b NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a State = 0x4524932a472086bf0e6f9b30d966adf3 (3) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (3) group authorize { (3) - entering group authorize {...} (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) eap : EAP packet type response id 4 length 6 (3) eap : Continuing tunnel setup. (3) [eap] = ok (3) Found Auth-Type = ? (3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (3) group authenticate { (3) - entering group authenticate {...} (3) eap : Request found, released from the list (3) eap : EAP/ttls (3) eap : processing type ttls (3) ttls : Authenticate (3) ttls : processing EAP-TLS (3) ttls : Received TLS ACK (3) ttls : Received TLS ACK (3) ttls : ACK handshake fragment handler (3) ttls : eaptls_verify returned 1 (3) ttls : eaptls_process returned 13 (3) [eap] = handled Sending Access-Challenge of id 228 to 10.190.0.2 port 1812 EAP-Message = 0x010502cb158000000aad6b687c3b13bd2cbcdc94906e01fea4a72a53605631056850f7c340 7a5d7b7a88d58a990667955f91c7e7fd1d4bcc1cb32597585648a06987428bb59b80040251ea 1eb36ca37e6b08d6dcff0bbac544ee590b97dcdd3043216a8d7c43b3b8177a6d50c34a1954b7 97f6ce1b83260aec1f9cd4f49b89bf166b6fcbe2169a6cdfdd381bfdc0210904a4332192d206 d220b4227586268fe877dec3e39b6c9cfa223f5af7f750fd76160301020d0c0002090080f261 ea67ca98641e7618ffeaf9dbfbfeba8524299d1674bbae7d654b45ddb4d4d56cfc334a0d31a3 3b07a51ec227e83c6111384da4c513b3799894ab435ab01f0308 EAP-Message = 0xbae422a62095161d878138f148293e9d8bbdd8e1f17eeb6aea213178d729efd10049433c42 9ea9685564ff39a81b78828cd381e4ebb6ff4a2022e92349230001020080cf073ac84159ffdf 2a3954bc6d8c5b241548eef76ea49c6f5648bf586017e4f8038d6956580fa5bd17a7199c7b05 bec37333162d8c6302c80092a8339aaecdcd44d3f77964b938c579d2fe5f5e2eb90d52b0215d ec2972f639283ac415d95b1aecb8d856e28eababe9ee8f662b385efb60b09741356027269b5a 089c7c85738001004c76e655fcfb777d949b3e64e0018f329eedb978f1294c0f4fe10736b52d f39df6edf0f5634de3dc17614893582df2e251c5b6acd61276d0 EAP-Message = 0xb71e3de49e55f6775effac0d28046d1510714dbd68c4d55dedb7329f9ba3de55154a4ffd8d 2aad7081dc07b232ff609ca8c19743ba19ccd2d1b3bf35dd1ccd78c1d54f477a4336188fb929 8426a941501972562ed1fca0efad8c451b0ec15674ff86500e67617241c95625ddecc82feefc 41c0eb91cdab0cc56176884e28aab3c850a81bd7736e1ec133d6b83db28db10623c552c5f7a2 d7a6d59e0f1cf362b155e415a274088d2eb875d07acd63236660e40f200f6055bd2c0c934777 c61d55c1a57d7983d867c016030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4524932a462186bf0e6f9b30d966adf3 (3) Finished request 3. Waking up in 0.2 seconds. Waking up in 4.3 seconds. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=229, length=410 User-Name = "{sm=1}[email protected]" EAP-Message = 0x020500d01580000000c61603010086100000820080e3190ec3957550a29a5f545907823a1e adcd83d25d26b74f1858aae52bac948aef1e3d75bc2adff031a57ad656d2d09066f0cae0630e 0c66d0487abc980cb7d6631a6531f05cba19b4a94f628a6bda9a90aae7e58f33fe204399f1fc d215d007dba697579f7bcb002baa5d67c06a10d82953c53a31b100711f4f0d07e550a3d41403 0100010116030100308a7e900fbfb4f5de1ef3c91092938dee297c5a4b41f537309996762989 cffc3aa2475130e85a6cfcbd3cc5d4f4a38b01 Message-Authenticator = 0x4f4cb9ffdb83cca6564a6d11de9eca5e NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a State = 0x4524932a462186bf0e6f9b30d966adf3 (4) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (4) group authorize { (4) - entering group authorize {...} (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) eap : EAP packet type response id 5 length 208 (4) eap : Continuing tunnel setup. (4) [eap] = ok (4) Found Auth-Type = ? (4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (4) group authenticate { (4) - entering group authenticate {...} (4) eap : Request found, released from the list (4) eap : EAP/ttls (4) eap : processing type ttls (4) ttls : Authenticate (4) ttls : processing EAP-TLS TLS Length 198 (4) ttls : Length Included (4) ttls : eaptls_verify returned 11 (4) ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange (4) ttls : TLS_accept: SSLv3 read client key exchange A (4) ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] (4) ttls : <<< TLS 1.0 Handshake [length 0010], Finished (4) ttls : TLS_accept: SSLv3 read finished A (4) ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] (4) ttls : TLS_accept: SSLv3 write change cipher spec A (4) ttls : >>> TLS 1.0 Handshake [length 0010], Finished (4) ttls : TLS_accept: SSLv3 write finished A (4) ttls : TLS_accept: SSLv3 flush data (4) ttls : (other): SSL negotiation finished successfully SSL Connection Established (4) ttls : eaptls_process returned 13 (4) [eap] = handled Sending Access-Challenge of id 229 to 10.190.0.2 port 1812 EAP-Message = 0x0106004515800000003b14030100010116030100303a882b92af53c50ce085959593e73fca 32ab9a7bd2e2e0a895c165c0a4163a638e8f12fef6f0bc8878a70cfcda0548a8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4524932a412286bf0e6f9b30d966adf3 (4) Finished request 4. Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=230, length=378 User-Name = "{[email protected]" EAP-Message = 0x020600b0150017030100201783b2821501d183457ee81425c3bcbfd372c1207cc52b44e4af 3250a771e4181703010080a65edf5e1fddb09f70ebffef22b5811ebb4d7f3143b2d1ecf88e2a f29edd0178dc38aa45de3e8ac0106fa7259392dbb721ed242bf6fd1a79cdc10faad024b583e8 710f2396246d34353b915f3a49771b11ed93e106564b0f94f208631a4f9852c21452c53492d5 302b2571ec8f1b95d0b1abdaf202da0f42b9b68c863653886c Message-Authenticator = 0x064bdfc96ada80a4ac9a92242232b9ae NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a State = 0x4524932a412286bf0e6f9b30d966adf3 (5) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (5) group authorize { (5) - entering group authorize {...} (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) eap : EAP packet type response id 6 length 176 (5) eap : Continuing tunnel setup. (5) [eap] = ok (5) Found Auth-Type = ? (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (5) group authenticate { (5) - entering group authenticate {...} (5) eap : Request found, released from the list (5) eap : EAP/ttls (5) eap : processing type ttls (5) ttls : Authenticate (5) ttls : processing EAP-TLS (5) ttls : eaptls_verify returned 7 (5) ttls : Done initial handshake (5) ttls : eaptls_process returned 7 (5) ttls : Session established. Proceeding to decode tunneled attributes. (5) ttls : Got tunneled request User-Name = "30001020" MS-CHAP-Challenge = 0x967d3f6435e31b63 MS-CHAP-Response = 0xb801000000000000000000000000000000000000000000000000b32723b5ce6e52ba066370 add032fa03fecc6350d759fa7f FreeRADIUS-Proxied-To = 127.0.0.1 (5) ttls : Sending tunneled request User-Name = "30001020" MS-CHAP-Challenge = 0x967d3f6435e31b63 MS-CHAP-Response = 0xb801000000000000000000000000000000000000000000000000b32723b5ce6e52ba066370 add032fa03fecc6350d759fa7f FreeRADIUS-Proxied-To = 127.0.0.1 NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a server inner-tunnel { (5) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (5) group authorize { (5) - entering group authorize {...} (5) [chap] = noop (5) mschap : Found MS-CHAP attributes. Setting 'Auth-Type = mschap' (5) [mschap] = ok (5) eap : No EAP-Message, not doing EAP (5) [eap] = noop (5) files : users: Matched entry 30001020 at line 99 (5) [files] = ok (5) [preprocess] = ok (5) Found Auth-Type = ? (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (5) group MS-CHAP { (5) - entering group MS-CHAP {...} (5) mschap : Told to do MS-CHAPv1 with NT-Password (5) mschap : adding MS-CHAPv1 MPPE keys (5) [mschap] = ok (5) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (5) group post-auth { (5) - entering group post-auth {...} (5) update outer.reply { (5) expand: %{request:User-Name} -> 30001020 (5) } # update outer.reply = noop (5) wimax : No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys. (5) [wimax] = noop } # server inner-tunnel (5) ttls : Got tunneled reply code 2 Alvarion-R3-IF-Name += "CPEL3Mgmt" Alvarion-PDFID += 1 WiMAX-Packet-Data-Flow-Id += 1 WiMAX-Direction += Bi-Directional WiMAX-Transport-Type += IPv4-CS WiMAX-Uplink-QOS-Id += 1 WiMAX-Downlink-QOS-Id += 1 WiMAX-ClassifierID += 2 WiMAX-Classifier-Priority += 1 WiMAX-Classifier-Direction += IN WiMAX-IP-TOS-DSCP-Range-and-Mask += 0x31353739323633 WiMAX-ClassifierID += 1 WiMAX-Classifier-Priority += 1 WiMAX-Classifier-Direction += OUT WiMAX-IP-TOS-DSCP-Range-and-Mask += 0x3635353335 WiMAX-QoS-Id += 1 WiMAX-Schedule-Type += Best-Effort WiMAX-Traffic-Priority += 4 WiMAX-Maximum-Sustained-Traffic-Rate += 512000 WiMAX-IP-Technology += PMIP4 Alvarion-R3-IF-Name += "HazelL2Service" Alvarion-PDFID += 2 WiMAX-Packet-Data-Flow-Id += 2 WiMAX-Direction += Bi-Directional WiMAX-Transport-Type += Ethernet WiMAX-Uplink-QOS-Id += 2 WiMAX-Downlink-QOS-Id += 2 WiMAX-ClassifierID += 1 WiMAX-Classifier-Priority += 1 WiMAX-Classifier-Direction += Bi-Directional WiMAX-VLAN-ID += 175 WiMAX-QoS-Id += 2 WiMAX-Schedule-Type += nrtPS WiMAX-Traffic-Priority += 1 WiMAX-Maximum-Sustained-Traffic-Rate += 4096000 WiMAX-Minimum-Reserved-Traffic-Rate += 1024000 WiMAX-IP-Technology += Ethernet-CS WiMAX-hHA-IP-MIP4 += 12.12.12.12 Session-Timeout = 3600 Reply-Message = "4motion test" MS-CHAP-MPPE-Keys = 0x250838025ed089c5740e1ec19c1d0bedd9776bd85e9fca880000000000000000 MS-MPPE-Encryption-Policy = Encryption-Allowed MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (5) ttls : Got tunneled Access-Accept (5) eap : Freeing handler (5) [eap] = ok (5) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default (5) group post-auth { (5) - entering group post-auth {...} (5) update request { (5) expand: %{User-Name} -> {sm=1}[email protected] (5) } # update request = noop (5) update reply { (5) expand: %{reply:EAP-MSK} -> 0x1fb12ddd1fa37055e2178c1525d32d189d720d0987006686a6a5306992df472e3c1a0fade5 9132dd591aed447610e20c90a230fa5e7e345461261f8893588691 (5) } # update reply = noop (5) wimax : MIP-RK = 0x34cb0114be346973d5832ba7410516ed882d1fb1fb0ae3ad608e687c48b01ab6948fd63668 f8d0e5fbdb1c3169e676b44aea80064919ae759cc997505584dbf7 (5) wimax : MIP-SPI = dd1974b7 (5) [wimax] = updated Sending Access-Accept of id 230 to 10.190.0.2 port 1812 User-Name = "30001020" Alvarion-R3-IF-Name = "CPEL3Mgmt" Alvarion-PDFID = 1 WiMAX-Packet-Data-Flow-Id = 1 WiMAX-Direction = Bi-Directional WiMAX-Transport-Type = IPv4-CS WiMAX-Uplink-QOS-Id = 1 WiMAX-Downlink-QOS-Id = 1 WiMAX-ClassifierID = 2 WiMAX-Classifier-Priority = 1 WiMAX-Classifier-Direction = IN WiMAX-IP-TOS-DSCP-Range-and-Mask = 0x31353739323633 WiMAX-ClassifierID = 1 WiMAX-Classifier-Priority = 1 WiMAX-Classifier-Direction = OUT WiMAX-IP-TOS-DSCP-Range-and-Mask = 0x3635353335 WiMAX-QoS-Id = 1 WiMAX-Schedule-Type = Best-Effort WiMAX-Traffic-Priority = 4 WiMAX-Maximum-Sustained-Traffic-Rate = 512000 WiMAX-IP-Technology = Ethernet-CS Alvarion-R3-IF-Name = "HazelL2Service" Alvarion-PDFID = 2 WiMAX-Packet-Data-Flow-Id = 2 WiMAX-Direction = Bi-Directional WiMAX-Transport-Type = Ethernet WiMAX-Uplink-QOS-Id = 2 WiMAX-Downlink-QOS-Id = 2 WiMAX-ClassifierID = 1 WiMAX-Classifier-Priority = 1 WiMAX-Classifier-Direction = Bi-Directional WiMAX-VLAN-ID = 175 WiMAX-QoS-Id = 2 WiMAX-Schedule-Type = nrtPS WiMAX-Traffic-Priority = 1 WiMAX-Maximum-Sustained-Traffic-Rate = 4096000 WiMAX-Minimum-Reserved-Traffic-Rate = 1024000 WiMAX-IP-Technology = Ethernet-CS WiMAX-hHA-IP-MIP4 = 12.12.12.12 Session-Timeout = 3600 Reply-Message = "4motion test" MS-CHAP-MPPE-Keys = 0x250838025ed089c5740e1ec19c1d0bedd9776bd85e9fca880000000000000000 MS-MPPE-Encryption-Policy = Encryption-Allowed MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed MS-MPPE-Recv-Key = 0x1fb12ddd1fa37055e2178c1525d32d189d720d0987006686a6a5306992df472e MS-MPPE-Send-Key = 0x3c1a0fade59132dd591aed447610e20c90a230fa5e7e345461261f8893588691 EAP-Message = 0x03060004 Message-Authenticator = 0x00000000000000000000000000000000 WiMAX-MSK = 0x1fb12ddd1fa37055e2178c1525d32d189d720d0987006686a6a5306992df472e3c1a0fade5 9132dd591aed447610e20c90a230fa5e7e345461261f8893588691 (5) Finished request 5. Waking up in 0.1 seconds. Waking up in 0.1 seconds. Waking up in 2.9 seconds. (0) Cleaning up request packet ID 225 with timestamp +85 Waking up in 0.1 seconds. (1) Cleaning up request packet ID 226 with timestamp +85 (2) Cleaning up request packet ID 227 with timestamp +85 (3) Cleaning up request packet ID 228 with timestamp +85 Waking up in 1.2 seconds. (4) Cleaning up request packet ID 229 with timestamp +86 Waking up in 0.1 seconds. (5) Cleaning up request packet ID 230 with timestamp +86 Ready to process requests. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=231, length=226 User-Name = "{sm=1}[email protected]" EAP-Message = 0x0201002a017b736d3d317d6d61676e612e74616c6c616768742e7465737440616972737065 65642e6965 Message-Authenticator = 0x2304870d06de86fa88b3ccd2de56a789 NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a (6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (6) group authorize { (6) - entering group authorize {...} (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) eap : EAP packet type response id 1 length 42 (6) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (6) [eap] = ok (6) Found Auth-Type = ? (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (6) group authenticate { (6) - entering group authenticate {...} (6) eap : EAP Identity (6) eap : processing type tls (6) tls : Initiate (6) tls : Start returned 1 (6) [eap] = handled Sending Access-Challenge of id 231 to 10.190.0.2 port 1812 EAP-Message = 0x010200061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfdcbcc4afdc9d9fe908aaa2f4bb4f780 (6) Finished request 6. Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=232, length=290 User-Name = "{sm=1}[email protected]" EAP-Message = 0x0202005815800000004e16030100490100004503014d6f049b50d6ea950c49e9ddac3c33c4 a0477aefbe9119045fd3313c4148aa9300001e00390038003500160013000a00330032002f00 15001200090014001100080100 Message-Authenticator = 0xab2efdd42f1f345c5b0ff3654e5fbeb1 NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a State = 0xfdcbcc4afdc9d9fe908aaa2f4bb4f780 (7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (7) group authorize { (7) - entering group authorize {...} (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) eap : EAP packet type response id 2 length 88 (7) eap : Continuing tunnel setup. (7) [eap] = ok (7) Found Auth-Type = ? (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (7) group authenticate { (7) - entering group authenticate {...} (7) eap : Request found, released from the list (7) eap : EAP/ttls (7) eap : processing type ttls (7) ttls : Authenticate (7) ttls : processing EAP-TLS TLS Length 78 (7) ttls : Length Included (7) ttls : eaptls_verify returned 11 (7) ttls : (other): before/accept initialization (7) ttls : TLS_accept: before/accept initialization (7) ttls : <<< TLS 1.0 Handshake [length 0049], ClientHello (7) ttls : TLS_accept: SSLv3 read client hello A (7) ttls : >>> TLS 1.0 Handshake [length 002a], ServerHello (7) ttls : TLS_accept: SSLv3 write server hello A (7) ttls : >>> TLS 1.0 Handshake [length 085e], Certificate (7) ttls : TLS_accept: SSLv3 write certificate A (7) ttls : >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange (7) ttls : TLS_accept: SSLv3 write key exchange A (7) ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone (7) ttls : TLS_accept: SSLv3 write server done A (7) ttls : TLS_accept: SSLv3 flush data (7) ttls : TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode (7) ttls : eaptls_process returned 13 (7) [eap] = handled Sending Access-Challenge of id 232 to 10.190.0.2 port 1812 EAP-Message = 0x0103040015c000000aad160301002a0200002603014e9ee512e286821d40c5caafa8f5cd1b 8a1ed466ce0608d778ac01ab923d418c00003900160301085e0b00085a0008570003a6308203 a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355 040613024652310f300d060355040813065261646975733112301006035504071309536f6d65 776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886 f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d457861 6d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3131313031333039353734375a170d3132313031323039353734375a307c310b30 09060355040613024652310f300d0603550408130652616469757331153013060355040a130c 4578616d706c6520496e632e312330210603550403131a4578616d706c652053657276657220 43657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d 706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a028201 0100caef6b9b67bdef4ad8e1e44128bc7e4d59b10f7fea2f25a815df34e36e48223a3812b6b4 c9005ddf99cf79afe5a4645eb7847cdaa444ad11ad858447f05e EAP-Message = 0xbb17624bb71f12a488110b381a1a629f04fe7811e5589b7cfebad4e16d89ce6b982880f28d b5f6817bda4db85b83520a6d47f682e224f70e9a104fc421ca712b8fa4c1b9e6c98329a5db41 50bb6d06fe29729e2842c5ecb6960b89cbdadc1ec91e7eadbdb4288023659fef46b02ec89bb4 7026e86c85aefb37d6df74167a3e12279d32b42199ba04013f8d4985c218365f0f60c3d9af22 7a3949125925db3ffb1bdccf34548f7626dac63e22b0624b6f16669d47fbc7ca4ddf2f794d00 4b901ecb090203010001a317301530130603551d25040c300a06082b06010505070301300d06 092a864886f70d01010405000382010100b676c0afe25190b575 EAP-Message = 0x1fa8ec975b02e09c61c8b25c4e2b7fe96b9275018524ef5bfecace1625ea8a09aaccc1a0b9 cdb2ebe7d1780ecf6a2bf775d639944c27881d5ea4d6fb013799ca759216777b46ee8dbdd9b6 6346ad9ee5b4e1854f04fa495bc64ce62702c50f3ba637d28c835c3113ca9984a94b1b3e6402 8034c73d734af96bdbb3e7bbb427372fb069af913eb2ced4ef9253a87050138334320cd2f563 c457de969f8472fd861282613fb501a0732e1bc2e9a0eb41caa6cb481c773f79737c1a9bc0e9 5e795ee5a0974fb2752d947606422dfba0e2c45b046c834c0553aecdd2b3a37952050de7a2d6 e27be9065dc29bc10b90188a7faf20beed7b904c0004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfdcbcc4afcc8d9fe908aaa2f4bb4f780 (7) Finished request 7. Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 10.190.0.2 port 1812, id=233, length=208 User-Name = "{sm=1}[email protected]" EAP-Message = 0x020300061500 Message-Authenticator = 0xe4548d83804e1e53f53cce5d4e69eede NAS-Identifier = "BTS105" NAS-IP-Address = 10.190.0.2 Calling-Station-Id = "00-26-82-D0-B6-F6" WiMAX-BS-Id = 0xffc6c8690100 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 0 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Hotlining-Capabilities = Hotline-Profile-Id Attr-26.24757.1.7 = 0x0000028a State = 0xfdcbcc4afcc8d9fe908aaa2f4bb4f780 (8) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (8) group authorize { (8) - entering group authorize {...} (8) [preprocess] = ok (8) [chap] = noop (8) [mschap] = noop (8) eap : EAP packet type response id 3 length 6 (8) eap : Continuing tunnel setup. (8) [eap] = ok (8) Found Auth-Type = ? (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (8) group authenticate { (8) - entering group authenticate {...} (8) eap : Request found, released from the list (8) eap : EAP/ttls (8) eap : processing type ttls (8) ttls : Authenticate (8) ttls : processing EAP-TLS (8) ttls : Received TLS ACK (8) ttls : Received TLS ACK (8) ttls : ACK handshake fragment handler (8) ttls : eaptls_verify returned 1 (8) ttls : eaptls_process returned 13 (8) [eap] = handled Sending Access-Challenge of id 233 to 10.190.0.2 port 1812 EAP-Message = 0x0104040015c000000aad00ec1d720e4a7e8a98300d06092a864886f70d0101050500308193 310b3009060355040613024652310f300d060355040813065261646975733112301006035504 071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e312030 1e06092a864886f70d010901161161646d696e406578616d706c652e636f6d31263024060355 0403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d31 31313031333039353734375a170d3132313031323039353734375a308193310b300906035504 0613024652310f300d0603550408130652616469757331123010 EAP-Message = 0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e 632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126 30240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 30820122300d06092a864886f70d01010105000382010f003082010a0282010100be734cc62e cb7177f45d9f49d0dc7c67f1e8f71f9ad048dd67a12de738c98729d524e687e47b801bf912a3 ce76ff5c35cbbae16eed0733b5e51b53633123803af7f8bdb2a456b82f3c022ab8aa75e09e55 f898044a1de747799af4506d191327f3cb2fd28c87d277828b1b EAP-Message = 0x5372af25f28e4dc8ece69051878c673e3036fad0165be210ee1e208c762dbd201af930f8d3 0c2d8e1f112afa92bec4462e0f812d645e0572c991a9f1ff3fb7938f9aa1c92db6464ea6025f c34af023dc152c09ac6074742f3b1766cfca4c352255553bea37de71ea152bb306cd1893e111 19326b7a5bdf957fc90726ffcf49b542285aeda0480ced4f180547fe0449400dfd786fc50203 010001a381fb3081f8301d0603551d0e04160414b57317268d6d7a07453f567b60d8e38ab31a f2a13081c80603551d230481c03081bd8014b57317268d6d7a07453f567b60d8e38ab31af2a1 a18199a48196308193310b3009060355040613024652310f300d EAP-Message = 0x060355040813065261646975733112301006035504071309536f6d65776865726531153013 060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d01090116116164 6d696e406578616d706c652e636f6d312630240603550403131d4578616d706c652043657274 6966696361746520417574686f72697479820900ec1d720e4a7e8a98300c0603551d13040530 030101ff300d06092a864886f70d010105050003820101000145888b12dc92a1ae57d9cf122d 90702ccf6fdeacf92f4e46bdab9773d80bb5373ddacd234f03fd8d8f8587b515ba24b28931ff ec882ad044f8bc07f3c510b90f86e302639082c1d1fbc9fd9d2b EAP-Message = 0x29f6a43153b63396708d1c2a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfdcbcc4affcfd9fe908aaa2f4bb4f780 (8) Finished request 8. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
