Hello, Can anyone else be of help.
Thanks Rajesh. On Fri, Jun 25, 2010 at 2:39 PM, Hugh Irvine <[email protected]> wrote: > > Hello Rajesh - > > Mike is away until next week. > > regards > > Hugh > > > On 25 Jun 2010, at 18:20, Rajesh Thota wrote: > > > Hi Mike, > > > > Appreciate your quick response. I modified the code to pull 3 triplets > from the HTTP server and pass it like this. I also modified the radius.cfg > (NumTriplets 3). > > > > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > > > > sub sim_request_triplets > > { > > my ($self, $context, $p, $n) = @_; > > > > my $ua = new LWP::UserAgent; > > $ua->agent("AgentName/0.1 " . $ua->agent); > > > > # Create a request > > my $req = new HTTP::Request GET => ' > http://192.168.1.127:8080/cgi-bin/hlr_hex_cgi?TRANS_ID=102&IMSI=405803190032618 > '; > > $req->content_type('application/x-www-form-urlencoded'); > > $req->content('match=www&errors=0'); > > > > # Pass request to the user agent and get a response back > > my $res = $ua->request($req); > > my $webOut; > > > > # Check the outcome of the response > > if ($res->is_success) { > > $webOut = $res->content; > > } else { > > print "Bad luck this time\n"; > > } > > my $row; > > @$row = split( /\n/, $webOut); > > > > my $ua1 = new LWP::UserAgent; > > $ua1->agent("AgentName/0.1 " . $ua1->agent); > > > > # Create a request > > my $req1 = new HTTP::Request GET => ' > http://192.168.1.127:8080/cgi-bin/hlr_hex_cgi?TRANS_ID=103&IMSI=405803190032618 > '; > > $req1->content_type('application/x-www-form-urlencoded'); > > $req1->content('match=www&errors=0'); > > > > # Pass request to the user agent and get a response back > > my $res1 = $ua1->request($req1); > > my $webOut1; > > > > # Check the outcome of the response > > if ($res1->is_success) { > > $webOut1 = $res1->content; > > } else { > > print "Bad luck this time\n"; > > } > > my $row1; > > @$row1 = split( /\n/, $webOut1); > > > > my $ua2 = new LWP::UserAgent; > > $ua2->agent("AgentName/0.1 " . $ua2->agent); > > > > # Create a request > > my $req2 = new HTTP::Request GET => ' > http://192.168.1.127:8080/cgi-bin/hlr_hex_cgi?TRANS_ID=104&IMSI=405803190032618 > '; > > $req2->content_type('application/x-www-form-urlencoded'); > > $req2->content('match=www&errors=0'); > > > > # Pass request to the user agent and get a response back > > my $res2 = $ua1->request($req2); > > my $webOut2; > > > > # Check the outcome of the response > > if ($res2->is_success) { > > $webOut2 = $res2->content; > > } else { > > print "Bad luck this time\n"; > > } > > my $row2; > > @$row2 = split( /\n/, $webOut2); > > > > my $myARand; > > my $myARand1; > > my $myARand2; > > my $myASres; > > my $myASres1; > > my $myASres2; > > my $myAKc; > > my $myAKc1; > > my $myAKc2; > > > > @$myARand=split(/\=/, @$row[6]); > > @$myASres=split(/\=/, @$row[7]); > > @$myAKc=split(/\=/, @$row[8]); > > > > @$myARand1=split(/\=/, @$row1[6]); > > @$myASres1=split(/\=/, @$row1[7]); > > @$myAKc1=split(/\=/, @$row1[8]); > > > > @$myARand2=split(/\=/, @$row2[6]); > > @$myASres2=split(/\=/, @$row2[7]); > > @$myAKc2=split(/\=/, @$row2[8]); > > > > my $myKc = @$myAKc[1]; > > my $mySres = @$myASres[1]; > > my $myRand = @$myARand[1]; > > > > my $myKc1 = @$myAKc1[1]; > > my $mySres1 = @$myASres1[1]; > > my $myRand1 = @$myARand1[1]; > > > > my $myKc2 = @$myAKc2[1]; > > my $mySres2 = @$myASres2[1]; > > my $myRand2 = @$myARand2[1]; > > > > $self->log($main::LOG_DEBUG, ".......................... $myRand | > $mySres | $myKc ..................."); > > $self->log($main::LOG_DEBUG, ".......................... $myRand1 | > $mySres1 | $myKc1 ..................."); > > $self->log($main::LOG_DEBUG, ".......................... $myRand2 | > $mySres2 | $myKc2 ..................."); > > > > return ( > > pack('H*', $myKc), pack('H*', $mySres), pack('H*', $myRand), > > pack('H*', $myKc1), pack('H*', $mySres1), pack('H*', > $myRand1), > > pack('H*', $myKc2), pack('H*', $mySres2), pack('H*', > $myRand2), > > ); > > } > > > > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > > > > The Client seems to still send the same ERROR. The IMSI which I am > passing to the CGI is the same I am testing with. I have just removed the > leading '1' and anything after @ in the identity attribute of the EAP > Message. Somehow it is not going into SIM_CHALLENGE sub. Any help would be > much appreciated. > > > > Thanks > > > > Rajesh. > > > > > > > > > > On Fri, Jun 25, 2010 at 1:53 AM, Mike McCauley <[email protected]> > wrote: > > HEllo, > > > > On Thursday 24 June 2010 11:55:12 pm Rajesh Thota wrote: > > > Hello All, > > > > > > I am in the process of evaluating Radiator. 2 Main features I would be > > > needing is EAP-SIM and EAP-PEAP. > > > > > > I have been working on modifying the EAP-SIM.pm file I have just > modified > > > the sim_request_triplets subroutine to pull the GSM triplets using a > HTTP > > > GET request to a server. The HTTP Server talks to the MAP gateway > passing > > > the IMSI. For the time being I have hard-coded the IMSI onto the URL. > > > The IMSI on the URL and the request is same. I am passing the RAND, > SRES & > > > Kc from this routine as shown in the sample code(comment). > > > > That looks OK, although I see you are passing the same triplet back 3 > times. > > > > The last message indicates the client found a problem with the triplets > sent > > to it. Suggest you look at the client side logs to determine why it did > not > > like the triplets. May be related to the above point? > > > > Or may through some error, the triplets are not for the IMSI you are > > requesting. > > > > Cheers. > > > > > > > > Any help is appreciated on this front. > > > > > > Thanks & Regards > > > > > > Rajesh > > > > > > > --------------------------------------------------------------------------- > > > >---------------------------------------------------------------------------- > > >---------------------- > > > > > > sub sim_request_triplets > > > { > > > my ($self, $context, $p, $n) = @_; > > > > > > my $ua1 = new LWP::UserAgent; > > > $ua1->agent("AgentName/0.1 " . $ua1->agent); > > > > > > # Create a request > > > my $req = new HTTP::Request GET => ' > > > > http://192.168.1.127:8080/cgi-bin/hlr_hex_cgi?TRANS_ID=102&IMSI=40580319003 > > >2618 '; > > > $req->content_type('application/x-www-form-urlencoded'); > > > $req->content('match=www&errors=0'); > > > > > > # Pass request to the user agent and get a response back > > > my $res = $ua1->request($req); > > > my $webOut; > > > > > > # Check the outcome of the response > > > if ($res->is_success) { > > > $webOut = $res->content; > > > } else { > > > print "Bad luck this time\n"; > > > } > > > > > > my $row; > > > @$row = split( /\n/, $webOut); > > > > > > my $myARand; > > > my $myASres; > > > my $myAKc; > > > > > > @$myARand=split(/\=/, @$row[6]); > > > @$myASres=split(/\=/, @$row[7]); > > > @$myAKc=split(/\=/, @$row[8]); > > > > > > my $myKc = @$myAKc[1]; > > > my $mySres = @$myASres[1]; > > > my $myRand = @$myARand[1]; > > > > > > $self->log($main::LOG_DEBUG, "$myRand | $mySres | $myKc > > > ..................."); > > > > > > return ( > > > pack('H*', $myKc), pack('H*', $mySres), pack('H*', > $myRand), > > > pack('H*', $myKc), pack('H*', $mySres), pack('H*', > $myRand), > > > pack('H*', $myKc), pack('H*', $mySres), pack('H*', > $myRand), > > > ); > > > > > > return; > > > } > > > > > > > --------------------------------------------------------------------------- > > > >---------------------------------------------------------------------------- > > >---------------------- > > > > > > The Radius LOG file prints the following : > > > > > > *** Received from 192.168.1.152 port 2049 .... > > > Code: Access-Request > > > Identifier: 9 > > > Authentic: <145>BZ<135><209><1>Qi<214><11>r<248>e<174><141><224> > > > Attributes: > > > User-Name = " > [email protected]" > > > NAS-IP-Address = 192.168.1.152 > > > NAS-Identifier = "Wireless LAN Access Point" > > > NAS-Port = 0 > > > Called-Station-Id = "00-80-48-67-43-25:SIM-Test" > > > Calling-Station-Id = "00-24-7D-4A-52-87" > > > Framed-MTU = 1400 > > > NAS-Port-Type = Wireless-IEEE-802-11 > > > Connect-Info = "CONNECT 11Mbps 802.11b" > > > EAP-Message = <2><0><0>8<1> > > > [email protected] > > > Message-Authenticator = > <212>I<163>k?gNAGu<5><228><7><200>"<197> > > > > > > Thu Jun 24 19:02:13 2010: DEBUG: Handling request with Handler > > > 'Realm=DEFAULT' > > > Thu Jun 24 19:02:13 2010: DEBUG: Deleting session for > > > [email protected], 192.168.1.152, 0 > > > Thu Jun 24 19:02:13 2010: DEBUG: Handling with Radius::AuthSIM: > > > Thu Jun 24 19:02:13 2010: DEBUG: Handling with EAP: code 2, 0, 56, 1 > > > Thu Jun 24 19:02:13 2010: DEBUG: Response type 1 > > > Thu Jun 24 19:02:13 2010: DEBUG: EAP result: 3, EAP SIM/Start > > > Thu Jun 24 19:02:13 2010: DEBUG: AuthBy SIM result: CHALLENGE, EAP > > > SIM/Start Thu Jun 24 19:02:13 2010: DEBUG: Access challenged for > > > [email protected]: EAP SIM/Start > > > Thu Jun 24 19:02:13 2010: DEBUG: Packet dump: > > > *** Sending to 192.168.1.152 port 2049 .... > > > Code: Access-Challenge > > > Identifier: 9 > > > Authentic: > <179><251><218><160><134><176><0><241>m'<240><216><136><188>kF > > > Attributes: > > > EAP-Message = > <1><1><0><16><18><10><0><0><15><2><0><4><0><0><0><1> > > > Message-Authenticator = > > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > > > > > > Thu Jun 24 19:02:13 2010: DEBUG: Packet dump: > > > *** Received from 192.168.1.152 port 2049 .... > > > Code: Access-Request > > > Identifier: 10 > > > Authentic: > > > <205><19><175><222><132><4>#<7><128><206><241><232><144><169><205>2 > > > Attributes: > > > User-Name = " > [email protected]" > > > NAS-IP-Address = 192.168.1.152 > > > NAS-Identifier = "Wireless LAN Access Point" > > > NAS-Port = 0 > > > Called-Station-Id = "00-80-48-67-43-25:SIM-Test" > > > Calling-Station-Id = "00-24-7D-4A-52-87" > > > Framed-MTU = 1400 > > > NAS-Port-Type = Wireless-IEEE-802-11 > > > Connect-Info = "CONNECT 11Mbps 802.11b" > > > EAP-Message = <2><1><0> > > > > <18><10><0><0><7><5><0><0><4><171><176><171><217>[$<216><231><10><135>|<181 > > >><172><167><245><16><1><0><1> Message-Authenticator = > > > i<26>=/<243><153>,<192><215><237>~<157><240><163><S > > > > > > Thu Jun 24 19:02:13 2010: DEBUG: Handling request with Handler > > > 'Realm=DEFAULT' > > > Thu Jun 24 19:02:13 2010: DEBUG: Deleting session for > > > [email protected], 192.168.1.152, 0 > > > Thu Jun 24 19:02:13 2010: DEBUG: Handling with Radius::AuthSIM: > > > Thu Jun 24 19:02:13 2010: DEBUG: Handling with EAP: code 2, 1, 32, 18 > > > Thu Jun 24 19:02:13 2010: DEBUG: Response type 18 > > > Thu Jun 24 19:02:13 2010: DEBUG: .......................... > > > 2c191a3d8f1a2fd2553ff272433f142 | c56c879a | 2098f32fbf3e86b1 > > > ................... > > > Thu Jun 24 19:02:13 2010: DEBUG: EAP result: 3, EAP SIM/Challenge > > > Thu Jun 24 19:02:13 2010: DEBUG: AuthBy SIM result: CHALLENGE, EAP > > > SIM/Challenge > > > Thu Jun 24 19:02:13 2010: DEBUG: Access challenged for > > > [email protected]: EAP SIM/Challenge > > > Thu Jun 24 19:02:13 2010: DEBUG: Packet dump: > > > *** Sending to 192.168.1.152 port 2049 .... > > > Code: Access-Challenge > > > Identifier: 10 > > > Authentic: g<141><12><241>Bt<201>zf<202>lG<216>W<166>} > > > Attributes: > > > EAP-Message = > > > > <1><2><0>P<18><11><0><0><1><13><0><0>,<25><26>=<143><26>/<210>U?<242>rC?<20 > > >> ,<25><26>=<143><26>/<210>U?<242>rC?<20> > > > ,<25><26>=<143><26>/<210>U?<242>rC?<20> > > > > <11><5><0><0><234><197>L'<152><227><237><153><164>^<200><152>P<239><10>h > > > Message-Authenticator = > > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > > > > > > Thu Jun 24 19:02:17 2010: DEBUG: Packet dump: > > > *** Received from 192.168.1.152 port 2049 .... > > > Code: Access-Request > > > Identifier: 11 > > > Authentic: > <238>H<203><145><189><211><135>g<230><145><233><234>R<170>+5 > > > Attributes: > > > User-Name = " > [email protected]" > > > NAS-IP-Address = 192.168.1.152 > > > NAS-Identifier = "Wireless LAN Access Point" > > > NAS-Port = 0 > > > Called-Station-Id = "00-80-48-67-43-25:SIM-Test" > > > Calling-Station-Id = "00-24-7D-4A-52-87" > > > Framed-MTU = 1400 > > > NAS-Port-Type = Wireless-IEEE-802-11 > > > Connect-Info = "CONNECT 11Mbps 802.11b" > > > EAP-Message = <2><2><0><12><18><14><0><0><22><1><0><0> > > > Message-Authenticator = > > > <164>.n<14><227><19>szL<200><175><193><221><21>#' > > > > > > Thu Jun 24 19:02:17 2010: DEBUG: Handling request with Handler > > > 'Realm=DEFAULT' > > > Thu Jun 24 19:02:17 2010: DEBUG: Deleting session for > > > [email protected], 192.168.1.152, 0 > > > Thu Jun 24 19:02:17 2010: DEBUG: Handling with Radius::AuthSIM: > > > Thu Jun 24 19:02:17 2010: DEBUG: Handling with EAP: code 2, 2, 12, 18 > > > Thu Jun 24 19:02:17 2010: DEBUG: Response type 18 > > > Thu Jun 24 19:02:17 2010: WARNING: EAP SIM Client Error code 0: Unable > to > > > Process > > > Thu Jun 24 19:02:17 2010: DEBUG: EAP result: 1, EAP SIM Client Error > > > Thu Jun 24 19:02:17 2010: DEBUG: AuthBy SIM result: REJECT, EAP SIM > Client > > > Error > > > Thu Jun 24 19:02:17 2010: INFO: Access rejected for > > > [email protected]: EAP SIM Client > Error > > > Thu Jun 24 19:02:17 2010: DEBUG: Packet dump: > > > *** Sending to 192.168.1.152 port 2049 .... > > > Code: Access-Reject > > > Identifier: 11 > > > Authentic: > > > #<145><185><187><185>y<216><180><140><26>B<217><176><210><146><224> > > > Attributes: > > > EAP-Message = <4><2><0><4> > > > Message-Authenticator = > > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > > > Reply-Message = "Request Denied" > > > > > > > --------------------------------------------------------------------------- > > > >---------------------------------------------------------------------------- > > >---------------------- > > > > > > The CGI program I am invoking returns the following > > > > > > TRANS_ID=102 > > > PRIM_ID=56242 > > > IMSI=405803190032618 > > > RESPONSE_CODE=0 > > > VECTOR_COUNT=1 > > > VECTOR_TYPE=2G > > > RAND=c2de1c1ec4d73dc1e6ece5ce624e85 > > > SRES=84566be > > > KC=bb2a2c1388718b99 > > > ; > > > > > > > > > > --------------------------------------------------------------------------- > > > >---------------------------------------------------------------------------- > > >---------------------- > > > > > > > > > Wondering What is going Wrong ? Any help is much appreciated. > > > > > > > > -- > > Mike McCauley [email protected] > > Open System Consultants Pty. Ltd > > 9 Bulbul Place Currumbin Waters QLD 4223 Australia > http://www.open.com.au > > Phone +61 7 5598-7474 Fax +61 7 5598-7070 > > > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare > etc. > > > > > > _______________________________________________ > > radiator mailing list > > [email protected] > > http://www.open.com.au/mailman/listinfo/radiator > > > > NB: > > Have you read the reference manual ("doc/ref.html")? > Have you searched the mailing list archive ( > www.open.com.au/archives/radiator)? > Have you had a quick look on Google (www.google.com)? > Have you included a copy of your configuration file (no secrets), > together with a trace 4 debug showing what is happening? > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows, MacOS X. > Includes support for reliable RADIUS transport (RadSec), > and DIAMETER translation agent. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > - > CATool: Private Certificate Authority for Unix and Unix-like systems. > > > > -- RAJESH THOTA Pronto Networks Inc IDC., Bangalore, India.
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
