Judging by that access-accept message you don't have all of the attributes
needed to set up a WiMax service flow.  There are far more attributes that
need to be sent than you have listed below, and they all have to be sent in
the order listed in dictionary.wimax.  Check the archives of this list for
WiMax service flow replies, this is fairly well documented.  

Your ASN manufacturer should be able to supply you with an IOT document or
other radius documentation.

David

-----Original Message-----
From:
freeradius-users-bounces+davidp=wirelessconnections....@lists.freeradius.org
[mailto:freeradius-users-bounces+davidp=wirelessconnections.net@lists.freera
dius.org] On Behalf Of Rathod Subhashchandra
Sent: Monday, June 11, 2012 9:10 AM
To: 'Fajar A. Nugraha'; 'FreeRadius users mailing list'
Subject: RE: WING-ASN throwing error - Mandatory HA Mode parameter
Importance: High

Dear Fajar,

ACCESS-ACCEPT screen logs shows following attributes but not in pcap.
Screen logs:
Sending Access-Accept of id 6 to 125.125.40.38 port 1812
        WiMAX-MN-NAI = "u...@tataelxsi.com"
        Service-Type = Authenticate-Only
        State = 0xd2be425bd6b84f57c4a7ea648e1803b6
        MS-MPPE-Recv-Key =
0xd967448623358aa2149aee72c8d59c7640ca9b7fb4c06836781533bb9ae7679d
        MS-MPPE-Send-Key =
0x49a17afa5f030067f31c8a3e44d14e88a312af0a90e1299e73019fa1c27e7fb3
        WiMAX-MSK =
0xd967448623358aa2149aee72c8d59c7640ca9b7fb4c06836781533bb9ae7679d49a17afa5f
030067f31c8a3e44d14e88a312af0a90e1299e73019fa1c27e7fb3
        EAP-Message = 0x03060004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "u...@tataelxsi.com"
        WiMAX-IP-Technology = PMIP4
        WiMAX-hHA-IP-MIP4 = 172.16.104.175
        WiMAX-DNS-Server = 192.168.10.3
        WiMAX-Accounting-Capabilities = IP-Session-Based
        WiMAX-Idle-Mode-Notification-Cap = Supported
        WiMAX-AAA-Session-Id = 0x30313032
        WiMAX-Packet-Data-Flow-Id = 1
        WiMAX-Service-Data-Flow-Id = 1
        WiMAX-Service-Profile-Id = 1
        WiMAX-Direction = Bi-Directional
        WiMAX-FA-RK-Key = 0xb977ed6f9bf2231bba840d7cf1c02cd1bd7f47fa
        Framed-IP-Address = 192.168.10.3
        Session-Timeout = 172800
        Termination-Action = 3
        Chargeable-User-Identity = "u...@tataelxsi.com"
        WiMAX-HA-RK-Lifetime = 900
        WiMAX-HA-RK-SPI = 0
        WiMAX-HA-RK-Key = 0x2b83c9fd0e5c3e2f8af0aa4464ba27ff8372fe4b
        WiMAX-FA-RK-SPI = 2474926121


The content of Wireshark is attached.
Wireshark ACCESS-ACCEPT message does not reflect WiMAX-HA-RK-Lifetime,
WiMAX-HA-RK-SPI, WiMAX-HA-RK-Key, and WiMAX-FA-RK-SPI.

Does it mean that above attributes are not added in the message and simply
printed by FreeRadius server? Or Vendor specific HA mode parameters are
different?



Thanks !
Rathod.



-----Original Message-----
From: Fajar A. Nugraha [mailto:l...@fajar.net]
Sent: Monday, June 11, 2012 11:39 AM
To: rat...@tataelxsi.co.in; FreeRadius users mailing list
Subject: Re: WING-ASN throwing error - Mandatory HA Mode parameter

On Mon, Jun 11, 2012 at 12:50 PM, Rathod Subhashchandra
<rat...@tataelxsi.co.in> wrote:
> I am using Free Radius only.
> I would like to know whether FreeRadius supports following attributes 
> in ACCESS-ACCEPT.
>
> HA_RK_Lifetime, HA_RK_SPI, HA_RK_KEY, Duration Quota, MN_HA_SPI,
HA_IP_ADDR,
> MN_HA_KEY

freeradius supports adding custom or vendor-specific attributes. You need to
know what they are to add them. Ask your NAS vendor for the radius
dictionary file, and what the values should be for a successful
authentication.

IF (and ONLY if) you already have a working radius server for that NAS, you
could probably use wireshark/tcpdump/whatever to capture what attributes
were sent, and configure FR to send those attributes as well. I don't
recommend this method for newbies though, better ask your vendor.

--
Fajar

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to