Radius Packet Simulator
This is a discussion on Radius Packet Simulator within the FreeRADIUS Users forums, part of the Networking and Network Related category; Hi All I need a RADIUS Packet simulator, which could simulate RADIUS packet for me, If is there any Plz ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-02-2007
|
|||
|
|||
Radius Packet Simulator
Hi All I need a RADIUS Packet simulator, which could simulate RADIUS packet for me, If is there any Plz tell me, As I needed it bcz I m developing a Translation Agent which could translate (convert) RADIS packet in to Diameter Packet. Is there any Idea Plz help me Khursheed Ahmed QAU >From: freeradius-users-request@lists.freeradius.org >Reply-To: freeradius-users@lists.freeradius.org >To: freeradius-users@lists.freeradius.org >Subject: Freeradius-Users Digest, Vol 24, Issue 3 >Date: Mon, 02 Apr 2007 07:59:28 +0200 > >Send Freeradius-Users mailing list submissions to > freeradius-users@lists.freeradius.org > >To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freeradius.org/mailman/...eeradius-users >or, via email, send a message with subject or body 'help' to > freeradius-users-request@lists.freeradius.org > >You can reach the person managing the list at > freeradius-users-owner@lists.freeradius.org > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of Freeradius-Users digest..." > > >Today's Topics: > > 1. Re: Attributes (Shawn Mitchell) > 2. Re: passing Calling-Station-ID (Adil Azmi Bikarbass) > 3. Re: Freeradius-Users Digest, Vol 24, Issue 2 (Arran Cudbard-Bell) > 4. RE: Attributes [unclas] (Ranner, Frank MR) > 5. Re: Attributes [unclas] (Shawn Mitchell) > 6. RE: Anyone using dd-wrt for AP? (Aren Chua) > 7. EAP-AKA patch for Freeradius 1.1.2 (awaneesh kumar) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Sun, 01 Apr 2007 16:45:22 -0500 >From: Shawn Mitchell <shawnm@iodamedia.net> >Subject: Re: Attributes >To: FreeRadius users mailing list > <freeradius-users@lists.freeradius.org> >Message-ID: <461027F2.3020605@iodamedia.net> >Content-Type: text/plain; charset=ISO-8859-1; format=flowed > >Ok, here's what I'm doing: > >DEFAULT Client-IP-Address == xx.xx.xx.xx > Ascend-Data-Filter = "ip in forward tcp est", > Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24", > Ascend-Data-Filter = "ip in drop tcp dstport = 25", > Ascend-Data-Filter = "ip in forward", > Fall-Through = Yes > >I turned on logging of reply's, but all I'm seeing it send is: > >Sun Apr 1 16:31:21 2007 > Ascend-Data-Filter = "ip in forward tcp est" > >I put this into the 'users' file btw. > > > >Alan DeKok wrote: > > Shawn Mitchell wrote: > > > >> Where can I say "If client is 'x', then also send these attributes to > >> users being authenticated..."? > >> > > > > In the "users" file. > > > > DEFAULT Client-IP-Address == 1.2.3.4 > > Reply-Message = "You're coming from 1.2.3.4" > > > > Alan DeKok. > > -- > > http://deployingradius.com - The web site of the book > > http://deployingradius.com/blog/ - The blog > > - > > List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html > > > > > >------------------------------ > >Message: 2 >Date: Sun, 01 Apr 2007 22:59:14 +0000 >From: Adil Azmi Bikarbass <adil@mtds.com> >Subject: Re: passing Calling-Station-ID >To: Alan DeKok <aland@deployingradius.com> >Cc: FreeRadius users mailing list > <freeradius-users@lists.freeradius.org> >Message-ID: <46103942.2070008@mtds.com> >Content-Type: text/plain; charset=ISO-8859-1; format=flowed > >Hello All, > >Do i need to create a whole DB for only one filed that i will pass from >one NAS to another? > >Knowing that my Freeradius is running on Solaris 10 which DB you suggest >to use? > >Thank you > > >Alan DeKok a ?crit : > > Adil Azmi Bikarbass wrote: > > > >> The issue is that we want the second NAS to get the calling-station-ID > >> from the "someuser" session on Radius > >> > > > > To do... what? > > > > > >> is there a way we can have this to work and pass this attribute from >one > >> session to another? > >> > > > > Sure. Store the Calling-Station-Id in a database when you receive it > > from the first NAS, then pull it out of the DB, and send it to the > > second NAS. > > > > Alan DeKok. > > -- > > http://deployingradius.com - The web site of the book > > http://deployingradius.com/blog/ - The blog > > > > > >-- >|-Adil Bikarbass >|-IT Manager, MTDS >|-tel +212.3.767.4861 >|-fax +212.3.767.4863 >|-gsm +212.6.139. 4541 >|-14, rue 16 novembre >|-Rabat, Kingdom of Morocco > > > >------------------------------ > >Message: 3 >Date: Mon, 02 Apr 2007 00:00:43 +0100 >From: Arran Cudbard-Bell <A.Cudbard-Bell@sussex.ac.uk> >Subject: Re: Freeradius-Users Digest, Vol 24, Issue 2 >To: freeradius-users@lists.freeradius.org >Message-ID: <4610399B.6010008@sussex.ac.uk> >Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > > >> Does anyone have a draft list of which clients actually support the > >> Reply-Message and by which methods they can recieve them? > >> > > > > All clients will accept it. Very few will do anything useful with it. > > > > > >> The reason why I ask , it during initial tests (using chap) the built >in > >> windows CHAP supplicant would display the reply-messages being sent >back > >> from the server. > >> Now we've moved on from CHAP to using EAP and the windows supplicant no > >> longer displays the messages. > >> > > > > Yes. > > > > > >> Am I right in assuming that with EAP attributes from the access-accept > >> packet only get to the NAS and that the NAS will strip out of the EAP > >> message > >> and pass it on to the supplicant and thats all the supplicant will ever >get? > >> > > > > Yes. > > > > > >> In which case, although the Reply-Message attribute is also supported >in > >> PoD the client will never actually recieve it when using EAP ? > >> > > > > Yes. > > > > Alan DeKok. > > >Ahh, Thanks for clearing that up ! > >Don't suppose EAP supports encoding the equivalent of a Reply-Message ? > >P.S Well done for understanding my poorly punctuated morning ramblings :) > >Arran > > > >------------------------------ > >Message: 4 >Date: Mon, 2 Apr 2007 11:14:47 +1000 >From: "Ranner, Frank MR" <Frank.Ranner@defence.gov.au> >Subject: RE: Attributes [unclas] >To: "FreeRadius users mailing list" > <freeradius-users@lists.freeradius.org> >Message-ID: > <3497E314EE23D54EACE26B5CFFD896980A6125@drnrxm01.d rn.mil.au> >Content-Type: text/plain; charset="US-ASCII" > >Use the += operator, eg Ascend-Data-Filter += "ip in forward dstip >xx.xx.xx.0/24", to append to >a multi-valued list. > >FR > > > -----Original Message----- > > From: > > freeradius-users-bounces+frank.ranner=defence.gov.au@lists.fre > > eradius.org > > [mailto:freeradius-users-bounces+frank.ranner=defence.gov.au@l > > ists.freeradius.org] On Behalf Of Shawn Mitchell > > Sent: Monday, 2 April 2007 07:45 > > To: FreeRadius users mailing list > > Subject: Re: Attributes > > > > Ok, here's what I'm doing: > > > > DEFAULT Client-IP-Address == xx.xx.xx.xx > > Ascend-Data-Filter = "ip in forward tcp est", > > Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24", > > Ascend-Data-Filter = "ip in drop tcp dstport = 25", > > Ascend-Data-Filter = "ip in forward", > > Fall-Through = Yes > > > > I turned on logging of reply's, but all I'm seeing it send is: > > > > Sun Apr 1 16:31:21 2007 > > Ascend-Data-Filter = "ip in forward tcp est" > > > > I put this into the 'users' file btw. > > > > > > > > Alan DeKok wrote: > > > Shawn Mitchell wrote: > > > > > >> Where can I say "If client is 'x', then also send these > > attributes to > > >> users being authenticated..."? > > >> > > > > > > In the "users" file. > > > > > > DEFAULT Client-IP-Address == 1.2.3.4 > > > Reply-Message = "You're coming from 1.2.3.4" > > > > > > Alan DeKok. > > > -- > > > http://deployingradius.com - The web site of the book > > > http://deployingradius.com/blog/ - The blog > > > - > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > >------------------------------ > >Message: 5 >Date: Sun, 01 Apr 2007 20:44:05 -0500 >From: Shawn Mitchell <shawnm@iodamedia.net> >Subject: Re: Attributes [unclas] >To: FreeRadius users mailing list > <freeradius-users@lists.freeradius.org> >Message-ID: <46105FE5.3090904@iodamedia.net> >Content-Type: text/plain; charset=ISO-8859-1; format=flowed > >Thanks! > >That seems to have fixed it > >radtest blarg blarg localhost 111 testing123 > >Sending Access-Request of id 145 to 127.0.0.1:1812 > User-Name = "blarg" > User-Password = "blarg" > NAS-IP-Address = xxxxxxxxxxxxxx > NAS-Port = 111 >rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=145, length=180 > Ascend-Data-Filter = "ip in forward tcp est" > Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24 0" > Ascend-Data-Filter = "ip in drop tcp dstport = 25" > Ascend-Data-Filter = "ip in forward 0" > > >Ranner, Frank MR wrote: > > Use the += operator, eg Ascend-Data-Filter += "ip in forward dstip > > xx.xx.xx.0/24", to append to > > a multi-valued list. > > > > FR > > > > > >> -----Original Message----- > >> From: > >> freeradius-users-bounces+frank.ranner=defence.gov.au@lists.fre > >> eradius.org > >> [mailto:freeradius-users-bounces+frank.ranner=defence.gov.au@l > >> ists.freeradius.org] On Behalf Of Shawn Mitchell > >> Sent: Monday, 2 April 2007 07:45 > >> To: FreeRadius users mailing list > >> Subject: Re: Attributes > >> > >> Ok, here's what I'm doing: > >> > >> DEFAULT Client-IP-Address == xx.xx.xx.xx > >> Ascend-Data-Filter = "ip in forward tcp est", > >> Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24", > >> Ascend-Data-Filter = "ip in drop tcp dstport = 25", > >> Ascend-Data-Filter = "ip in forward", > >> Fall-Through = Yes > >> > >> I turned on logging of reply's, but all I'm seeing it send is: > >> > >> Sun Apr 1 16:31:21 2007 > >> Ascend-Data-Filter = "ip in forward tcp est" > >> > >> I put this into the 'users' file btw. > >> > >> > >> > >> Alan DeKok wrote: > >> > >>> Shawn Mitchell wrote: > >>> > >>> > >>>> Where can I say "If client is 'x', then also send these > >>>> > >> attributes to > >> > >>>> users being authenticated..."? > >>>> > >>>> > >>> In the "users" file. > >>> > >>> DEFAULT Client-IP-Address == 1.2.3.4 > >>> Reply-Message = "You're coming from 1.2.3.4" > >>> > >>> Alan DeKok. > >>> -- > >>> http://deployingradius.com - The web site of the book > >>> http://deployingradius.com/blog/ - The blog > >>> - > >>> List info/subscribe/unsubscribe? See > >>> http://www.freeradius.org/list/users.html > >>> > >>> > >> - > >> List info/subscribe/unsubscribe? See > >> http://www.freeradius.org/list/users.html > >> > >> > > > > - > > List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html > > > > > >------------------------------ > >Message: 6 >Date: Mon, 2 Apr 2007 03:03:25 +0000 >From: Aren Chua <cclian18@hotmail.com> >Subject: RE: Anyone using dd-wrt for AP? >To: FreeRadius users mailing list > <freeradius-users@lists.freeradius.org> >Message-ID: <BAY130-W126EC141C8DD048BA432ECCC600@phx.gbl> >Content-Type: text/plain; charset="iso-8859-1" > > >Ian Truelsen > >you can try the hotspot(chillispot) under DD-WRT firmware to configure your >AP to authenticate against the radius server. >Regards, >Aren Chua> Date: Sun, 1 Apr 2007 10:16:25 +0200> From: >aland@deployingradius.com> To: freeradius-users@lists.freeradius.org> >Subject: Re: Anyone using dd-wrt for AP?> > Ian Truelsen wrote:> >> > >Hopefully that is not the case. The freeradius server is on an external> > >machine. I am trying to get the AP to authenticate against that server,> > >but I am having trouble sorting out how to get it to do this.> > There >should be a RADIUS server configuration. But you'll have to> enable 802.1x >authentication, too.> > Alan DeKok.> --> http://deployingradius.com - The >web site of the book> http://deployingradius.com/blog/ - The blog> - > List >info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html >_________________________________________________ ________________ >Your friends are close to you.?Keep them that way. >http://spaces.live.com/signup.aspx >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: >https://lists.freeradius.org/piperma...ment-0001.html > >------------------------------ > >Message: 7 >Date: Sun, 1 Apr 2007 22:59:20 -0700 (PDT) >From: awaneesh kumar <awaneeshkmr@yahoo.com> >Subject: EAP-AKA patch for Freeradius 1.1.2 >To: freeradius-users@lists.freeradius.org >Message-ID: <181530.30637.qm@web58815.mail.re1.yahoo.com> >Content-Type: text/plain; charset="iso-8859-1" > >Hi All, > > I have downloaded patch from >http://bugs.freeradius.org/show_bug.cgi?id=386. > I have succesfully applied patch to Freeradius1.1.2. Few questions i >have.. > > a) Does patch supports optional identity privacy support, optional >result indications, and an optional fast re-authentication procedure. > > b) After receiving EAP-Request/AKA-Challenge from server, client >should calculate AT_MAC and compares with the received one. If it matches >it should send back the EAP-Response/AKA-Challenge with AT_RES and new >AT_MAC. > As per section 10.8 of RFC 4187, AT_RES should be encoded as follows. > > The value field of this attribute begins with the 2-byte > RES Length,which identifies the exact length of the >RES in bits. The RES length is followed by the AKA RES parameter. >According to [TS33.105], the length of the AKA RES can vary between 32 and >128 bits. Because the length of the AT_RES attribute must be a >multiple of 4 bytes, the sender pads the RES with zero bits where >necessary > > Trace below is packet from client to server:- > > 0x024200301701000003050000d0d0d0d0d0d0d0d0d0d0d0d0 d0d0d0d00b0500 > 000d6eb3a8082c9d2c0a031505b7a0fac0 > > c) As per section 3 (Figure 2) from RFC 4187, if server is unable to >authenticate client if AT_MAC or AT_RES is incorrect, it should back the >EAP-Request/AKA-Notification to client and client should respond back with >EAP-Response/AKA-Notification. Then only server should send back EAP result >as Failure. But Freeradius1.1.2 sends back the EAP Result (FAILURE) with >Access-Reject. How ever success scenarion works perfectly. > > d) After receiving AKA-Challenge from Radius server, does patch supports >the checking of Sequence No from AUTN parameter? > > Do we have any latest patch to support EAP-AKA? > > Thanks > > > > > > >--------------------------------- >Sucker-punch spam with award-winning protection. > Try the free Yahoo! Mail Beta. >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: >https://lists.freeradius.org/piperma...ttachment.html > >------------------------------ > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html > > >End of Freeradius-Users Digest, Vol 24, Issue 3 >*********************************************** __________________________________________________ _______________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/g...ave/direct/01/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
