On 03/03/2011 12:53 AM, Augusto Cabrera wrote: > Hello Heikky, > Thanks for responding, I have the server certificates. Pem and client. Der > incurs with openssl
Looks like the certificate problems are solved since the TTLS inner authentication is trying to run. > But I have this problem according to the logs: Make sure you have Digest-MD4 module installed as described in http://www.open.com.au/radiator/install.html You need this module for MSCHAP and MSCHAPv2. > ERR: Could not handle an EAP request: Undefined subroutine > &Radius::MSCHAP::ASCIItoUnicode called at > /usr/lib/perl5/site_perl/Radius/AuthGeneric.pm line 866. I'd say this is the result of MSCHAP module not working at all since Digest-MD4 was not available. > The logs are: > > Code: Access-Request > Identifier: 27 > Authentic: <0><0>V<6><0><0>v<31><0><0>n<11><0><0>d<195> > Attributes: > User-Name = "wimax@wimaxtest" > NAS-IP-Address = 3.3.3.3 > Calling-Station-Id = "00256831312f" > NAS-Identifier = "WASN9770" > Event-Timestamp = 1299099954 > EAP-Message = <2><225><0><196><21><128><0><0><0><186><23><3><1><0> > <191><10>ZY<162><226><129><185><185>A:~K<235><131>F'Cb<182><225><208>W<242><9><227>v%k,,N<23><3><1><0><144><1>.<238><30><244><14><4>N<0><219><184>3<247><4><8><248><249><217>@3<20><188>}<247><165>m<209><159><25><239><209><11><213><152><222><14><166><250><228><152><166><2><9><220><24>w&<4><15><200><127><163><145><178><165><162><17><203>{<<179><<233><190><227><224><136><31><28>,ed > > <211><4><157><6><154>u!U<<30><169><174>FX=<200>~<220>N<149><176>0X<12>p<207><217><216><9><175>Kc<18>z<127><187><144><3><134><188><129><253>-(<128><164><189><198>z|7K<231><20><30><129><19><9>(<197>4<196>@<25><221><244><133><198>?k<165> > WiMAX-Capability = <1><5>1.1<2><3><2><3><3><1><5><3><1><4><3><1> > WiMAX-BS-ID = 00000203f110 > WiMAX-GMT-Timezone-Offset = -18000 > NAS-Port-Type = Wireless-IEEE-802.16 > WiMAX-PPAC = <1><6><0><0><0>c > Service-Type = Framed-User > Message-Authenticator = > <198><156><178>n<247><177><243><137><224><210>L<11><6>NH<244> > > Wed Mar 2 16:05:20 2011: DEBUG: Handling request with Handler > 'Realm=DEFAULT', Identifier '' > Wed Mar 2 16:05:20 2011: DEBUG: Deleting session for wimax@wimaxtest, > 3.3.3.3, > Wed Mar 2 16:05:20 2011: DEBUG: Handling with Radius::AuthSQL: > Wed Mar 2 16:05:20 2011: DEBUG: Handling with Radius::AuthSQL: > Wed Mar 2 16:05:20 2011: DEBUG: Query is: 'select reason from blacklist > where nai='00256831312f'': > Wed Mar 2 16:05:20 2011: DEBUG: Radius::AuthSQL looks for match with > 00256831312f [wimax@wimaxtest] > Wed Mar 2 16:05:20 2011: DEBUG: Radius::AuthSQL REJECT: No such user: > 00256831312f [wimax@wimaxtest] > Wed Mar 2 16:05:20 2011: DEBUG: Query is: 'select reason from blacklist > where nai='DEFAULT'': > Wed Mar 2 16:05:20 2011: DEBUG: AuthBy SQL result: ACCEPT, No such user > Wed Mar 2 16:05:20 2011: DEBUG: Handling with Radius::AuthWIMAX: AAA-WIMAX > Wed Mar 2 16:05:20 2011: DEBUG: Handling with Radius::AuthWIMAX: AAA-WIMAX > Wed Mar 2 16:05:20 2011: DEBUG: Handling with EAP: code 2, 225, 196, 21 > Wed Mar 2 16:05:20 2011: DEBUG: Response type 21 > Wed Mar 2 16:05:20 2011: DEBUG: EAP TTLS data, 3, 225, 224 > Wed Mar 2 16:05:20 2011: DEBUG: TTLS Tunnelled Diameter Packet dump: > Code: UNDEF > Identifier: UNDEF > Authentic: UNDEF > Attributes: > User-Name = "wimax" > MS-CHAP-Challenge = > T|}M<140><255><165><195><3><211>s<0><186><210><236><152> > MS-CHAP2-Response = > U<0>!@#$%^&*()_+:3|~<0><0><0><0><0><0><0><0>-<17><2><129><24>*<217><224>V<1><158><209><169><192>&&<20><227><13><10><189><143><215><174> > > Wed Mar 2 16:05:20 2011: DEBUG: EAP TTLS inner authentication request for > wimax > Wed Mar 2 16:05:20 2011: DEBUG: Handling request with Handler > 'Realm=DEFAULT', Identifier '' > Wed Mar 2 16:05:20 2011: DEBUG: Deleting session for wimax, 3.3.3.3, > Wed Mar 2 16:05:20 2011: DEBUG: Handling with Radius::AuthSQL: > Wed Mar 2 16:05:20 2011: DEBUG: Handling with Radius::AuthSQL: > Wed Mar 2 16:05:20 2011: DEBUG: Query is: 'select reason from blacklist > where nai=NULL': > Wed Mar 2 16:05:20 2011: DEBUG: Radius::AuthSQL looks for match with [wimax] > Wed Mar 2 16:05:20 2011: DEBUG: Radius::AuthSQL REJECT: No such user: > [wimax] > Wed Mar 2 16:05:20 2011: DEBUG: Query is: 'select reason from blacklist > where nai='DEFAULT'': > Wed Mar 2 16:05:20 2011: DEBUG: AuthBy SQL result: ACCEPT, No such user > Wed Mar 2 16:05:20 2011: DEBUG: Handling with Radius::AuthWIMAX: AAA-WIMAX > Wed Mar 2 16:05:20 2011: DEBUG: Handling with Radius::AuthWIMAX: AAA-WIMAX > Wed Mar 2 16:05:20 2011: DEBUG: Query is: 'select psk, cui, hotlineprofile > from subscription where nai=?': wimax > Wed Mar 2 16:05:20 2011: DEBUG: Query is: 'select profileid, > httpredirectionrule, ipredirectionrule, nasfilterrule, sessiontimer from > hotlineprofile where id=?': 0 > Wed Mar 2 16:05:20 2011: DEBUG: Radius::AuthWIMAX looks for match with wimax > [wimax] > Wed Mar 2 16:05:20 2011: ERR: Could not handle an EAP request: Undefined > subroutine &Radius::MSCHAP::ASCIItoUnicode called at > /usr/lib/perl5/site_perl/Radius/AuthGeneric.pm line 866. > > Wed Mar 2 16:05:20 2011: DEBUG: AuthBy WIMAX result: REJECT, Could not > handle an EAP request > Wed Mar 2 16:05:20 2011: INFO: Access rejected for 00256831312f: Could not > handle an EAP request > Wed Mar 2 16:05:20 2011: DEBUG: Packet dump: > *** Sending to 3.3.3.3 port 10033 .... > > Packet length = 36 > 03 1b 00 24 60 fc ea e7 98 51 59 ae 23 eb dc a9 > ca 25 a7 1f 12 10 52 65 71 75 65 73 74 20 44 65 > 6e 69 65 64 > Code: Access-Reject > Identifier: 27 > Authentic: `<252><234><231><152>QY<174>#<235><220><169><202>%<167><31> > Attributes: > Reply-Message = "Request Denied" > > Wed Mar 2 16:05:20 2011: DEBUG: Monitor received command: STATS . > Wed Mar 2 16:05:21 2011: DEBUG: Monitor received command: STATS . > Wed Mar 2 16:05:22 2011: DEBUG: Monitor received command: STATS . > Wed Mar 2 16:05:23 2011: DEBUG: Monitor received command: STATS . > > > Saludos, > > Augusto Cabrera Duffaut. > > > > > -----Mensaje original----- > De: Heikki Vatiainen [mailto:h...@open.com.au] > Enviado el: miƩrcoles, 02 de marzo de 2011 16:48 > Para: Augusto Cabrera > CC: radiator@open.com.au > Asunto: Re: [RADIATOR] Problem Radiator configuration WIMAX > > On 03/02/2011 06:08 PM, Augusto Cabrera wrote: >> >> Hi I am configuring WiMAX radiator for authentication with the CPES are >> zyxel, but I have authentication errors please i need help, the setup I >> have is the following: > > Hello, > > can you tell us a bit more what the problem is? From the log below it > looks like there are TTLS authentication Access-Requests and > Access-Challenges, but there is no clear error as far as I can tell. > > If the error is TTLS authentication not finishing, you should check the > client configuration. Please check that the clients trust this root > certificate: > > EAPTLS_CAFile /etc/radiator/certificados/cacert.pem > > It is possible that the client does not recognize or trust the root > certificate and for that reasons stops the authentication process. It > looks like the TTLS inner authentication does not start so you should > concentrate on the certificate setup. > > Thanks! > Heikki > > >> [root@wimax radiator]# vi radius.cfg >> > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > NetWare etc. > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
