Mike/Hugh, Appreciate your help on this. I got it working. The problem was with RAND attribute. Fixed the CGI which is delivering the Kc & RAND.
Thanks. Rajesh. On Fri, Jun 25, 2010 at 1:53 AM, Mike McCauley <[email protected]> wrote: > HEllo, > > On Thursday 24 June 2010 11:55:12 pm Rajesh Thota wrote: > > Hello All, > > > > I am in the process of evaluating Radiator. 2 Main features I would be > > needing is EAP-SIM and EAP-PEAP. > > > > I have been working on modifying the EAP-SIM.pm file I have just > modified > > the sim_request_triplets subroutine to pull the GSM triplets using a HTTP > > GET request to a server. The HTTP Server talks to the MAP gateway > passing > > the IMSI. For the time being I have hard-coded the IMSI onto the URL. > > The IMSI on the URL and the request is same. I am passing the RAND, SRES > & > > Kc from this routine as shown in the sample code(comment). > > That looks OK, although I see you are passing the same triplet back 3 > times. > > The last message indicates the client found a problem with the triplets > sent > to it. Suggest you look at the client side logs to determine why it did not > like the triplets. May be related to the above point? > > Or may through some error, the triplets are not for the IMSI you are > requesting. > > Cheers. > > > > > Any help is appreciated on this front. > > > > Thanks & Regards > > > > Rajesh > > > > > --------------------------------------------------------------------------- > > >---------------------------------------------------------------------------- > >---------------------- > > > > sub sim_request_triplets > > { > > my ($self, $context, $p, $n) = @_; > > > > my $ua1 = new LWP::UserAgent; > > $ua1->agent("AgentName/0.1 " . $ua1->agent); > > > > # Create a request > > my $req = new HTTP::Request GET => ' > > > http://192.168.1.127:8080/cgi-bin/hlr_hex_cgi?TRANS_ID=102&IMSI=40580319003 > >2618 '; > > $req->content_type('application/x-www-form-urlencoded'); > > $req->content('match=www&errors=0'); > > > > # Pass request to the user agent and get a response back > > my $res = $ua1->request($req); > > my $webOut; > > > > # Check the outcome of the response > > if ($res->is_success) { > > $webOut = $res->content; > > } else { > > print "Bad luck this time\n"; > > } > > > > my $row; > > @$row = split( /\n/, $webOut); > > > > my $myARand; > > my $myASres; > > my $myAKc; > > > > @$myARand=split(/\=/, @$row[6]); > > @$myASres=split(/\=/, @$row[7]); > > @$myAKc=split(/\=/, @$row[8]); > > > > my $myKc = @$myAKc[1]; > > my $mySres = @$myASres[1]; > > my $myRand = @$myARand[1]; > > > > $self->log($main::LOG_DEBUG, "$myRand | $mySres | $myKc > > ..................."); > > > > return ( > > pack('H*', $myKc), pack('H*', $mySres), pack('H*', $myRand), > > pack('H*', $myKc), pack('H*', $mySres), pack('H*', $myRand), > > pack('H*', $myKc), pack('H*', $mySres), pack('H*', $myRand), > > ); > > > > return; > > } > > > > > --------------------------------------------------------------------------- > > >---------------------------------------------------------------------------- > >---------------------- > > > > The Radius LOG file prints the following : > > > > *** Received from 192.168.1.152 port 2049 .... > > Code: Access-Request > > Identifier: 9 > > Authentic: <145>BZ<135><209><1>Qi<214><11>r<248>e<174><141><224> > > Attributes: > > User-Name = "[email protected] > " > > NAS-IP-Address = 192.168.1.152 > > NAS-Identifier = "Wireless LAN Access Point" > > NAS-Port = 0 > > Called-Station-Id = "00-80-48-67-43-25:SIM-Test" > > Calling-Station-Id = "00-24-7D-4A-52-87" > > Framed-MTU = 1400 > > NAS-Port-Type = Wireless-IEEE-802-11 > > Connect-Info = "CONNECT 11Mbps 802.11b" > > EAP-Message = <2><0><0>8<1> > > [email protected] > > Message-Authenticator = <212>I<163>k?gNAGu<5><228><7><200>"<197> > > > > Thu Jun 24 19:02:13 2010: DEBUG: Handling request with Handler > > 'Realm=DEFAULT' > > Thu Jun 24 19:02:13 2010: DEBUG: Deleting session for > > [email protected], 192.168.1.152, 0 > > Thu Jun 24 19:02:13 2010: DEBUG: Handling with Radius::AuthSIM: > > Thu Jun 24 19:02:13 2010: DEBUG: Handling with EAP: code 2, 0, 56, 1 > > Thu Jun 24 19:02:13 2010: DEBUG: Response type 1 > > Thu Jun 24 19:02:13 2010: DEBUG: EAP result: 3, EAP SIM/Start > > Thu Jun 24 19:02:13 2010: DEBUG: AuthBy SIM result: CHALLENGE, EAP > > SIM/Start Thu Jun 24 19:02:13 2010: DEBUG: Access challenged for > > [email protected]: EAP SIM/Start > > Thu Jun 24 19:02:13 2010: DEBUG: Packet dump: > > *** Sending to 192.168.1.152 port 2049 .... > > Code: Access-Challenge > > Identifier: 9 > > Authentic: > <179><251><218><160><134><176><0><241>m'<240><216><136><188>kF > > Attributes: > > EAP-Message = > <1><1><0><16><18><10><0><0><15><2><0><4><0><0><0><1> > > Message-Authenticator = > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > > > > Thu Jun 24 19:02:13 2010: DEBUG: Packet dump: > > *** Received from 192.168.1.152 port 2049 .... > > Code: Access-Request > > Identifier: 10 > > Authentic: > > <205><19><175><222><132><4>#<7><128><206><241><232><144><169><205>2 > > Attributes: > > User-Name = "[email protected] > " > > NAS-IP-Address = 192.168.1.152 > > NAS-Identifier = "Wireless LAN Access Point" > > NAS-Port = 0 > > Called-Station-Id = "00-80-48-67-43-25:SIM-Test" > > Calling-Station-Id = "00-24-7D-4A-52-87" > > Framed-MTU = 1400 > > NAS-Port-Type = Wireless-IEEE-802-11 > > Connect-Info = "CONNECT 11Mbps 802.11b" > > EAP-Message = <2><1><0> > > > <18><10><0><0><7><5><0><0><4><171><176><171><217>[$<216><231><10><135>|<181 > >><172><167><245><16><1><0><1> Message-Authenticator = > > i<26>=/<243><153>,<192><215><237>~<157><240><163><S > > > > Thu Jun 24 19:02:13 2010: DEBUG: Handling request with Handler > > 'Realm=DEFAULT' > > Thu Jun 24 19:02:13 2010: DEBUG: Deleting session for > > [email protected], 192.168.1.152, 0 > > Thu Jun 24 19:02:13 2010: DEBUG: Handling with Radius::AuthSIM: > > Thu Jun 24 19:02:13 2010: DEBUG: Handling with EAP: code 2, 1, 32, 18 > > Thu Jun 24 19:02:13 2010: DEBUG: Response type 18 > > Thu Jun 24 19:02:13 2010: DEBUG: .......................... > > 2c191a3d8f1a2fd2553ff272433f142 | c56c879a | 2098f32fbf3e86b1 > > ................... > > Thu Jun 24 19:02:13 2010: DEBUG: EAP result: 3, EAP SIM/Challenge > > Thu Jun 24 19:02:13 2010: DEBUG: AuthBy SIM result: CHALLENGE, EAP > > SIM/Challenge > > Thu Jun 24 19:02:13 2010: DEBUG: Access challenged for > > [email protected]: EAP SIM/Challenge > > Thu Jun 24 19:02:13 2010: DEBUG: Packet dump: > > *** Sending to 192.168.1.152 port 2049 .... > > Code: Access-Challenge > > Identifier: 10 > > Authentic: g<141><12><241>Bt<201>zf<202>lG<216>W<166>} > > Attributes: > > EAP-Message = > > > <1><2><0>P<18><11><0><0><1><13><0><0>,<25><26>=<143><26>/<210>U?<242>rC?<20 > >> ,<25><26>=<143><26>/<210>U?<242>rC?<20> > > ,<25><26>=<143><26>/<210>U?<242>rC?<20> > > <11><5><0><0><234><197>L'<152><227><237><153><164>^<200><152>P<239><10>h > > Message-Authenticator = > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > > > > Thu Jun 24 19:02:17 2010: DEBUG: Packet dump: > > *** Received from 192.168.1.152 port 2049 .... > > Code: Access-Request > > Identifier: 11 > > Authentic: <238>H<203><145><189><211><135>g<230><145><233><234>R<170>+5 > > Attributes: > > User-Name = "[email protected] > " > > NAS-IP-Address = 192.168.1.152 > > NAS-Identifier = "Wireless LAN Access Point" > > NAS-Port = 0 > > Called-Station-Id = "00-80-48-67-43-25:SIM-Test" > > Calling-Station-Id = "00-24-7D-4A-52-87" > > Framed-MTU = 1400 > > NAS-Port-Type = Wireless-IEEE-802-11 > > Connect-Info = "CONNECT 11Mbps 802.11b" > > EAP-Message = <2><2><0><12><18><14><0><0><22><1><0><0> > > Message-Authenticator = > > <164>.n<14><227><19>szL<200><175><193><221><21>#' > > > > Thu Jun 24 19:02:17 2010: DEBUG: Handling request with Handler > > 'Realm=DEFAULT' > > Thu Jun 24 19:02:17 2010: DEBUG: Deleting session for > > [email protected], 192.168.1.152, 0 > > Thu Jun 24 19:02:17 2010: DEBUG: Handling with Radius::AuthSIM: > > Thu Jun 24 19:02:17 2010: DEBUG: Handling with EAP: code 2, 2, 12, 18 > > Thu Jun 24 19:02:17 2010: DEBUG: Response type 18 > > Thu Jun 24 19:02:17 2010: WARNING: EAP SIM Client Error code 0: Unable to > > Process > > Thu Jun 24 19:02:17 2010: DEBUG: EAP result: 1, EAP SIM Client Error > > Thu Jun 24 19:02:17 2010: DEBUG: AuthBy SIM result: REJECT, EAP SIM > Client > > Error > > Thu Jun 24 19:02:17 2010: INFO: Access rejected for > > [email protected]: EAP SIM Client > Error > > Thu Jun 24 19:02:17 2010: DEBUG: Packet dump: > > *** Sending to 192.168.1.152 port 2049 .... > > Code: Access-Reject > > Identifier: 11 > > Authentic: > > #<145><185><187><185>y<216><180><140><26>B<217><176><210><146><224> > > Attributes: > > EAP-Message = <4><2><0><4> > > Message-Authenticator = > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > > Reply-Message = "Request Denied" > > > > > --------------------------------------------------------------------------- > > >---------------------------------------------------------------------------- > >---------------------- > > > > The CGI program I am invoking returns the following > > > > TRANS_ID=102 > > PRIM_ID=56242 > > IMSI=405803190032618 > > RESPONSE_CODE=0 > > VECTOR_COUNT=1 > > VECTOR_TYPE=2G > > RAND=c2de1c1ec4d73dc1e6ece5ce624e85 > > SRES=84566be > > KC=bb2a2c1388718b99 > > ; > > > > > > > --------------------------------------------------------------------------- > > >---------------------------------------------------------------------------- > >---------------------- > > > > > > Wondering What is going Wrong ? Any help is much appreciated. > > > > -- > Mike McCauley [email protected] > Open System Consultants Pty. Ltd > 9 Bulbul Place Currumbin Waters QLD 4223 Australia > http://www.open.com.au > Phone +61 7 5598-7474 Fax +61 7 5598-7070 > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare > etc. > -- RAJESH THOTA Pronto Networks Inc IDC., Bangalore, India.
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
