Saludos,
Ing. Augusto Cabrera Duffaut. TELECOMUNICACIONES ISP Telefono Directo: 4050057 Ext Interna: 4057 -----Mensaje original----- De: Augusto Cabrera Enviado el: miƩrcoles, 02 de marzo de 2011 17:47 Para: 'Heikki Vatiainen' CC: radiator@open.com.au Asunto: RE: [RADIATOR] Problem Radiator configuration WIMAX Hello Heikky, Thanks for responding, I have the server certificates. Pem and client. Der incurs with openssl But I have this problem according to the logs: ERR: Could not handle an EAP request: Undefined subroutine &Radius::MSCHAP::ASCIItoUnicode called at /usr/lib/perl5/site_perl/Radius/AuthGeneric.pm line 866. The logs are: Code: Access-Request Identifier: 27 Authentic: <0><0>V<6><0><0>v<31><0><0>n<11><0><0>d<195> Attributes: User-Name = "wimax@wimaxtest" NAS-IP-Address = 3.3.3.3 Calling-Station-Id = "00256831312f" NAS-Identifier = "WASN9770" Event-Timestamp = 1299099954 EAP-Message = <2><225><0><196><21><128><0><0><0><186><23><3><1><0> <191><10>ZY<162><226><129><185><185>A:~K<235><131>F'Cb<182><225><208>W<242><9><227>v%k,,N<23><3><1><0><144><1>.<238><30><244><14><4>N<0><219><184>3<247><4><8><248><249><217>@3<20><188>}<247><165>m<209><159><25><239><209><11><213><152><222><14><166><250><228><152><166><2><9><220><24>w&<4><15><200><127><163><145><178><165><162><17><203>{<<179><<233><190><227><224><136><31><28>,ed <211><4><157><6><154>u!U<<30><169><174>FX=<200>~<220>N<149><176>0X<12>p<207><217><216><9><175>Kc<18>z<127><187><144><3><134><188><129><253>-(<128><164><189><198>z|7K<231><20><30><129><19><9>(<197>4<196>@<25><221><244><133><198>?k<165> WiMAX-Capability = <1><5>1.1<2><3><2><3><3><1><5><3><1><4><3><1> WiMAX-BS-ID = 00000203f110 WiMAX-GMT-Timezone-Offset = -18000 NAS-Port-Type = Wireless-IEEE-802.16 WiMAX-PPAC = <1><6><0><0><0>c Service-Type = Framed-User Message-Authenticator = <198><156><178>n<247><177><243><137><224><210>L<11><6>NH<244> Wed Mar 2 16:05:20 2011: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier '' Wed Mar 2 16:05:20 2011: DEBUG: Deleting session for wimax@wimaxtest, 3.3.3.3, Wed Mar 2 16:05:20 2011: DEBUG: Handling with Radius::AuthSQL: Wed Mar 2 16:05:20 2011: DEBUG: Handling with Radius::AuthSQL: Wed Mar 2 16:05:20 2011: DEBUG: Query is: 'select reason from blacklist where nai='00256831312f'': Wed Mar 2 16:05:20 2011: DEBUG: Radius::AuthSQL looks for match with 00256831312f [wimax@wimaxtest] Wed Mar 2 16:05:20 2011: DEBUG: Radius::AuthSQL REJECT: No such user: 00256831312f [wimax@wimaxtest] Wed Mar 2 16:05:20 2011: DEBUG: Query is: 'select reason from blacklist where nai='DEFAULT'': Wed Mar 2 16:05:20 2011: DEBUG: AuthBy SQL result: ACCEPT, No such user Wed Mar 2 16:05:20 2011: DEBUG: Handling with Radius::AuthWIMAX: AAA-WIMAX Wed Mar 2 16:05:20 2011: DEBUG: Handling with Radius::AuthWIMAX: AAA-WIMAX Wed Mar 2 16:05:20 2011: DEBUG: Handling with EAP: code 2, 225, 196, 21 Wed Mar 2 16:05:20 2011: DEBUG: Response type 21 Wed Mar 2 16:05:20 2011: DEBUG: EAP TTLS data, 3, 225, 224 Wed Mar 2 16:05:20 2011: DEBUG: TTLS Tunnelled Diameter Packet dump: Code: UNDEF Identifier: UNDEF Authentic: UNDEF Attributes: User-Name = "wimax" MS-CHAP-Challenge = T|}M<140><255><165><195><3><211>s<0><186><210><236><152> MS-CHAP2-Response = U<0>!@#$%^&*()_+:3|~<0><0><0><0><0><0><0><0>-<17><2><129><24>*<217><224>V<1><158><209><169><192>&&<20><227><13><10><189><143><215><174> Wed Mar 2 16:05:20 2011: DEBUG: EAP TTLS inner authentication request for wimax Wed Mar 2 16:05:20 2011: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier '' Wed Mar 2 16:05:20 2011: DEBUG: Deleting session for wimax, 3.3.3.3, Wed Mar 2 16:05:20 2011: DEBUG: Handling with Radius::AuthSQL: Wed Mar 2 16:05:20 2011: DEBUG: Handling with Radius::AuthSQL: Wed Mar 2 16:05:20 2011: DEBUG: Query is: 'select reason from blacklist where nai=NULL': Wed Mar 2 16:05:20 2011: DEBUG: Radius::AuthSQL looks for match with [wimax] Wed Mar 2 16:05:20 2011: DEBUG: Radius::AuthSQL REJECT: No such user: [wimax] Wed Mar 2 16:05:20 2011: DEBUG: Query is: 'select reason from blacklist where nai='DEFAULT'': Wed Mar 2 16:05:20 2011: DEBUG: AuthBy SQL result: ACCEPT, No such user Wed Mar 2 16:05:20 2011: DEBUG: Handling with Radius::AuthWIMAX: AAA-WIMAX Wed Mar 2 16:05:20 2011: DEBUG: Handling with Radius::AuthWIMAX: AAA-WIMAX Wed Mar 2 16:05:20 2011: DEBUG: Query is: 'select psk, cui, hotlineprofile from subscription where nai=?': wimax Wed Mar 2 16:05:20 2011: DEBUG: Query is: 'select profileid, httpredirectionrule, ipredirectionrule, nasfilterrule, sessiontimer from hotlineprofile where id=?': 0 Wed Mar 2 16:05:20 2011: DEBUG: Radius::AuthWIMAX looks for match with wimax [wimax] Wed Mar 2 16:05:20 2011: ERR: Could not handle an EAP request: Undefined subroutine &Radius::MSCHAP::ASCIItoUnicode called at /usr/lib/perl5/site_perl/Radius/AuthGeneric.pm line 866. Wed Mar 2 16:05:20 2011: DEBUG: AuthBy WIMAX result: REJECT, Could not handle an EAP request Wed Mar 2 16:05:20 2011: INFO: Access rejected for 00256831312f: Could not handle an EAP request Wed Mar 2 16:05:20 2011: DEBUG: Packet dump: *** Sending to 3.3.3.3 port 10033 .... Packet length = 36 03 1b 00 24 60 fc ea e7 98 51 59 ae 23 eb dc a9 ca 25 a7 1f 12 10 52 65 71 75 65 73 74 20 44 65 6e 69 65 64 Code: Access-Reject Identifier: 27 Authentic: `<252><234><231><152>QY<174>#<235><220><169><202>%<167><31> Attributes: Reply-Message = "Request Denied" Wed Mar 2 16:05:20 2011: DEBUG: Monitor received command: STATS . Wed Mar 2 16:05:21 2011: DEBUG: Monitor received command: STATS . Wed Mar 2 16:05:22 2011: DEBUG: Monitor received command: STATS . Wed Mar 2 16:05:23 2011: DEBUG: Monitor received command: STATS . Saludos, Augusto Cabrera Duffaut. -----Mensaje original----- De: Heikki Vatiainen [mailto:h...@open.com.au] Enviado el: miƩrcoles, 02 de marzo de 2011 16:48 Para: Augusto Cabrera CC: radiator@open.com.au Asunto: Re: [RADIATOR] Problem Radiator configuration WIMAX On 03/02/2011 06:08 PM, Augusto Cabrera wrote: > > Hi I am configuring WiMAX radiator for authentication with the CPES are > zyxel, but I have authentication errors please i need help, the setup I > have is the following: Hello, can you tell us a bit more what the problem is? From the log below it looks like there are TTLS authentication Access-Requests and Access-Challenges, but there is no clear error as far as I can tell. If the error is TTLS authentication not finishing, you should check the client configuration. Please check that the clients trust this root certificate: EAPTLS_CAFile /etc/radiator/certificados/cacert.pem It is possible that the client does not recognize or trust the root certificate and for that reasons stops the authentication process. It looks like the TTLS inner authentication does not start so you should concentrate on the certificate setup. Thanks! Heikki > [root@wimax radiator]# vi radius.cfg > Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator