WISPr doesn't work....help!

saman · 09-05-2010, 07:06 AM

Hi all,

I tried to run FreeRadius1.17 in RHEL5 using PEAP authentication.
#radiusd -X

Run fine.

authenticating only one user.
if "user" is authenticated and second user "user2" just looping and will not authenticated. Again if "user2" authenticated "user" is looping?

here the log
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 192.168.0.3 port 1028, id=239, length=219
User-Name = "user"
NAS-IP-Address = 0.0.0.0
Framed-MTU = 1488
Called-Station-Id = "00:30:1a:29:XX:XX"
Calling-Station-Id = "00:1c:f0:10:XX:XX"
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "127.0.0.1"
Connect-Info = "CONNECT 11Mbps 802.11b"
State = 0xea6dbf32ed64a6a8f74a27816ab43eb1
EAP-Message = 0x0209004019001703010018a1805bc2f5dbd7fd8fbe51f34d4957c3b6d3f89da8c26410170301001878afa5236b3337360b ffef064f89803da9a6399d05e16a37
Message-Authenticator = 0xac22562331c271a4aa5b8dec5f31f1dc
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.3/auth-detail-20100905
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.3/auth-detail-20100905
[auth_log] expand: %t -> Sun Sep 5 06:45:36 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 64
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020900061a03
server {
PEAP: Setting User-Name to user
Sending tunneled request
EAP-Message = 0x020900061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "user"
State = 0x8785a735868cbd784972418c2ca64d2e
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> user
[sql] sql_set_user escaped user --> 'user'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'user' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'user' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'user' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'basic' ORDER BY id
[sql] User found in group basic
[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'basic' ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
Login OK: [user] (from client radius port 0 via TLS tunnel)
} # server inner-tunnel
[peap] Got tunneled reply code 2
WISPr-Bandwidth-Max-Down := 64000
WISPr-Bandwidth-Max-Up := 32000
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "user"
[peap] Got tunneled reply RADIUS code 2
WISPr-Bandwidth-Max-Down := 64000
WISPr-Bandwidth-Max-Up := 32000
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "user"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 239 to 192.168.0.3 port 1028
EAP-Message = 0x010a002b190017030100204a93c54b7b0f816db5aad0334820dbdc0e1f8ad417c891bc2574323cf39fc3b0
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xea6dbf32e267a6a8f74a27816ab43eb1
Finished request 118.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 192.168.0.3 port 1028, id=241, length=227
User-Name = "user"
NAS-IP-Address = 0.0.0.0
Framed-MTU = 1488
Called-Station-Id = "00:30:1a:29:XX:XX"
Calling-Station-Id = "00:1c:f0:10:XX:XX"
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "127.0.0.1"
Connect-Info = "CONNECT 11Mbps 802.11b"
State = 0xea6dbf32e267a6a8f74a27816ab43eb1
EAP-Message = 0x020a004819001703010018c029aac33ea900db1de6ed8a9b7ec22d94eb07a51af6a59a17030100200ca9095c43e597ed0e fe22b4661d1f02fb35799729fcfac86533060080d7600e
Message-Authenticator = 0xd93cda15e308ff9c8d17fe3c12a54a2a
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.3/auth-detail-20100905
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.3/auth-detail-20100905
[auth_log] expand: %t -> Sun Sep 5 06:45:36 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 72
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
Login OK: [user] (from client radius port 0 cli 00:1c:f0:10:56:b8)
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> user
[sql] sql_set_user escaped user --> 'user'
[sql] expand: %{User-Password} ->
[sql] expand: %{Chap-Password} ->
[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'user', '', 'Access-Accept', '2010-09-05 06:45:36')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'user', '', 'Access-Accept', '2010-09-05 06:45:36')
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 241 to 192.168.0.3 port 1028
MS-MPPE-Recv-Key = 0xc14856742b4e69a455f55dc18f6c57f934cb76554289bac98e9e9777f62839f2
MS-MPPE-Send-Key = 0xdd89af7056d8dcbfd88948d4055b16549d306906e7e254578193155d5d418d52
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "user"
Finished request 119.
Going to the next request

WISPr doesn't work.. user traffic still run loose but not as I specific 64kbps.
I wonder if WISPR-Bandwidth-Max-Down is not in the appropriate place.
Is it should be in ACCEPT-ACCEPT?

Help appreciated

saman · 10-07-2010, 08:02 AM

Anyone...experience FreeRadius2.16 with the same problems?

My Device"smartbridges SB3210" is showing bandwidth upload and download as WISP attribute set, 32 kbps & 64 kbps but traffic is not as shown above but 200 kbps.

+ IPTABLES allow tun0 to pass thru.
+ I can surf Internet but can't ping server 192.168.10.5 "mycompany.com" or "google.com". Is this showing traffic is pass thru tun0 but not br0 (device port). ???????
+ How to force network traffic to use tun0 or br0 as long either way work fine.