Hi Heikki, Thanks for the PCSC package for windows. I am able to install the PCSC package and not getting the PCSC error now. Run the map.cfg file to test the EAP-SIM functionality. Now I am getting the message "unexpected MAP request" consistently which is causing the EAP-SIM failure. Attaching the map.cfg and server fail logs file for your references.
Regards, Shaikh -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Heikki Vatiainen Sent: Monday, May 28, 2012 1:58 PM To: [email protected] Cc: Saini, Ranjeet Subject: Re: [RADIATOR] EAP-SIM & EAP-AKA issues with radiator server On 05/25/2012 03:58 PM, Zaman, Shaikh wrote: > As mention in RAEDME the path for PCSC package is for Linux machine. > > Can you point me to PCSC package for windows as I am using radiator server > on windows machine? If you happen to have 32bit Perl 5.8, try this: ppm install http://www.open.com.au/radiator/free-downloads/Chipcard-PCSC.ppd If not, please tell me what Perl version you are using and if you are using 32bit or 64bit version. I'll see what is the best method to get PCSC-perl for your platform. Thanks! Heikki > Regards, > Shaikh > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Heikki Vatiainen > Sent: Tuesday, May 22, 2012 12:06 AM > To: [email protected] > Subject: Re: [RADIATOR] EAP-SIM & EAP-AKA issues with radiator server > > On 05/21/2012 02:52 PM, Zaman, Shaikh wrote: > >> 1) With SIM I am not able to connect the AP with Radiator server. >> In First setting I am *not seeing any logs going on in radius server. >> Trying to run the map.cfg and getting error* > >> Thu May 17 17:10:56 2012: ERR: Could not load AuthBy module Radius::AuthMAP: >> >> Can't locate Chipcard/PCSC.pm in @INC (@INC contains: . >> ..\Radiator-EAP-SIM C:/Perl/site/lib C:/Perl/lib .) at >> Radius/SimCard.pm line 13, <CONFIG> line 32. > > Please read the README file in EAP-SIM distribution. You are missing PCSC > packages as described in the prerequisites section. > >> 2) With another setting with SIM I am seeing *Access rejected >> happened. *Running eap_sim.cfg but don't know where to from this file >> is taking the SIM values(IMSI,KC,SRES,RAND)** > > Extracting the triplets with "gettriplets" command is described in the README > too. However, you need PCSC for this too, so first you need to get the PCSC > packages installed. > >> *_EAP-AKA_* > >> With AKA I am successfully able to connect the AP. When doing >> *reconnect it should go for re-auth* id that's not happening . I am >> *not finding the database where Server is storing the re-auth id and >> pseudonym is*. > > The AKA support in the package you are using does not support fast > reauthentication or pseudonyms (TMSI). That is why there is no database for > them. > >> *_Questions;-_* >> >> 1) In eap_sim.cfg file its mentioned that "NumTriplets 2". Where >> can I find the NumTriplets. Is it a file or database or any think else? > > See section 3 in http://tools.ietf.org/html/rfc4186 > > This is how you can tell the server to get and return 2 or 3 triplets for the > client. Use 3 for current clients. > >> 2) For EAP-SIM verification I have all the required >> values*(IMSI,RAND,KC,SRES),* Please tell me where can I use this for >> SIM verification. > > For testing the above information (IMSI + triplets) can be extract from the > SIM with a smart card reader. These values can then be used with AuthBy MAP. > See goodies/map.cfg and section "Testing with the Radius MAP gateway > simulator" in the README. > >> 3) As in EAP-AKA verification I have aka_db which store all the >> values. For SIM which One I should use to store the values. >> >> 4) If you have any other information for this please share with me. > > Please review the README. It has the information about setting up the > test environment. Also, http://tools.ietf.org/html/rfc4186 (the > EAP-SIM > RFC) is a valuable source of information. > > Thanks! > Heikki > > -- > Heikki Vatiainen <[email protected]> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, > PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full > source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
C:\Radiator_Server\WFA_Radiator20091023a\Radiator-Locked-4.3.1>perl -I
..\Radiator-EAP-SIM .\radiusd -config_file
..\Radiator-EAP-SIM\Radius-EAP-SIM-1.23\goodies\map.cfg
Mon May 28 15:04:18 2012: DEBUG: include ./license.cfg
Mon May 28 15:04:18 2012: DEBUG: Finished reading configuration file
'..\Radiator-EAP-SIM\Radius-EAP-SIM-1.23\goodies\map.cfg'
Mon May 28 15:04:18 2012: DEBUG: Reading dictionary file './dictionary'
Mon May 28 15:04:18 2012: DEBUG: Creating authentication port 0.0.0.0:1812
Mon May 28 15:04:18 2012: DEBUG: Creating accounting port 0.0.0.0:1813
Mon May 28 15:04:18 2012: NOTICE: Server started: Radiator 4.3.1 on server
Mon May 28 15:04:23 2012: DEBUG: Packet dump:
*** Received from 10.242.23.39 port 1645 ....
Code: Access-Request
Identifier: 55
Authentic: <250><197>%4<158><163>F%<207><152><165><184><4><24><158>I
Attributes:
User-Name = "[email protected]"
Framed-MTU = 1400
Called-Station-Id = "ecc8.82a5.6d90"
Calling-Station-Id = "000a.f589.8999"
Service-Type = Login-User
Message-Authenticator = <164><15>TX<206><14>ml]<163><30><208>`YL<226>
EAP-Message =
<2><1><0>6<1>[email protected]
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 712
NAS-Port-Id = "712"
NAS-IP-Address = 10.242.23.39
NAS-Identifier = "ap.qualcomm.com."
Mon May 28 15:04:23 2012: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Mon May 28 15:04:23 2012: DEBUG: Deleting session for
[email protected], 10.242.23.39, 712
Mon May 28 15:04:23 2012: WARNING: Unexpected MAP request
Mon May 28 15:04:23 2012: DEBUG: AuthBy MAP result: IGNORE, Unexpected MAP
request
Mon May 28 15:04:28 2012: DEBUG: Packet dump:
*** Received from 10.242.23.39 port 1645 ....
Code: Access-Request
Identifier: 55
Authentic: <250><197>%4<158><163>F%<207><152><165><184><4><24><158>I
Attributes:
User-Name = "[email protected]"
Framed-MTU = 1400
Called-Station-Id = "ecc8.82a5.6d90"
Calling-Station-Id = "000a.f589.8999"
Service-Type = Login-User
Message-Authenticator = <164><15>TX<206><14>ml]<163><30><208>`YL<226>
EAP-Message =
<2><1><0>6<1>[email protected]
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 712
NAS-Port-Id = "712"
NAS-IP-Address = 10.242.23.39
NAS-Identifier = "ap.qualcomm.com."
Mon May 28 15:04:28 2012: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Mon May 28 15:04:28 2012: DEBUG: Deleting session for
[email protected], 10.242.23.39, 712
Mon May 28 15:04:28 2012: WARNING: Unexpected MAP request
Mon May 28 15:04:28 2012: DEBUG: AuthBy MAP result: IGNORE, Unexpected MAP
request
Terminating on signal SIGINT(2)
C:\Radiator_Server\WFA_Radiator20091023a\Radiator-Locked-4.3.1>
map.cfg
Description: map.cfg
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
