Hi I am configuring WiMAX radiator for authentication with the CPES are zyxel,
but I have authentication errors please i need help, the setup I have is the
following:
[root@wimax radiator]# vi radius.cfg
# wimax.cfg
#
# Example Radiator configuration file.
# This very simple file will allow you to get started with
# a simple WiMAX system. You can then add and change features.
# We suggest you start simple, prove to yourself that it
# works and then develop a more complicated configuration.
#Foreground
#LogStdout
DefineFormattedGlobalVar RadiatorDir /etc/radiator
LogDir %{GlobalVar:RadiatorDir}/logs
DbDir %{GlobalVar:RadiatorDir}/raddb
LogFile %L/%Y-%m-%d-radius.txt
RewriteUsername tr/A-Z/a-z/
RewriteUsername s/\s+//g
DictionaryFile %{GlobalVar:RadiatorDir}/dictionary
# User a lower trace level in production systems:
Trace 4
AuthPort 1812
AcctPort 1813
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
#
# Secret mysecret
# DupInterval 0
#
# Definicion del CLIENTE WIMAX HUAWEI - CUE
Secret wimaxwimax
Identifier WIMAX
DupInterval 5
Secret mysecret
Identifier totoracocha
SNMPCommunity ras
IgnoreAcctSignature
# DupInterval 0
# This works with the sample SQL tables created by
# goodies/wimax.sql
# test with goodies/wimaxtest as a simple test client
# Implement MS Revocation List using a table in the SQL database
# Other modules such as SQl can be used. Required by Alcatel-Lucent
AuthByPolicy ContinueWhileAccept
# Details for accessing the SQL database that contains
# user/device passwords, Device-Sessions etc.
# This should match the username created in wimax.sql
DBSource dbi:mysql:wimax
DBUsername mikem
DBAuth fred
NoEAP
Blacklist
AuthenticateAttribute Calling-Station-Id
AuthSelect select reason from blacklist where nai=%0
Identifier AAA-WIMAX
# Details for accessing the SQL database that contains
# user/device passwords, Device-Sessions etc.
# This should match the username created in wimax.sql
DBSource dbi:mysql:wimax
DBUsername mikem
DBAuth fred
# The max lifetime of eack key, in seconds.
# Defaults to 3600 seconds (1 hour)
#KeyLifetime 3600
# If WiMAX-DHCPv4-Server or WiMAX-DHCPv6-Server are set
# in the reply, AuthBY WIMAX wil automatically generate
# a DHCP key for that address, and wil provide that key
# if the DHCP server later asks for it
AddToReplyIfNotExist WiMAX-DHCPv4-Server=1.2.3.4
# Indicates whether to honour various hotlining options
# If any are set, and the subscription has a hotlineprofile
# then appropriate columns will be returned from the
# hotlineprofiles table
# They are also used to set the Hotlining capabilities
# in WiMAX-Capability
ProfileHotlining
#RulebasedHotlining
HTTPRedirectionHotlining
IPRedirectionHotlining
# WiMAX is required to handle at least TTLS
# We can handle any tpe that generates MSK and EMSK
EAPType TTLS, TLS, PEAP, MSCHAP-V2, PSK, PAX, FAST, SIM, AKA
EAPTLS_CAFile /etc/radiator/certificados/cacert.pem
EAPTLS_CertificateFile
/etc/radiator/certificados/servidor-cert.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile /etc/radiator/certificados/serv-priv.pem
EAPTLS_PrivateKeyPassword quitomiciudad
# Try to match a certificate CN against an attribute in the
# incoming request. If matched, return the match else undef
# Called like EAPTLS_CommonNameHook($cn, $username, $identity,
$p)
# This example attempts to match the CN against the
# Calling-Station-Id, as rewuired by some WiMAX devices.
# EAPTLS_CommonNameHook sub {my $cn = $_[0]; my $p = $_[3];
return $cn if $cn eq $p->get_attr('Calling-Station-Id'); return undef;}
# IF HAPassword is defined, the the HA must send this password
# in requests sent to this HAAA. The HA must be configured to
# send this password, otherwise its requests will be REJECTed
HAPassword mysecret
# You can alter the authentication query with AuthSelect, and
# process extra columns with AuthColumnDef. Replies attrs