What exactly do error messages like:
Sep 30 12:56:36 newdvlanb radiusd[10152]: rlm_eap: No EAP session
matching the State variable.
Sep 30 12:00:21 dvlanc radiusd[16053]: WARNING: Child is hung for
request 782076 in component authenticate module peap.
Sep 30 12:57:08 newdvlanb radiusd[10152
On 30 Sep 2013, at 18:17, John Douglass john.dougl...@oit.gatech.edu wrote:
What exactly do error messages like:
Sep 30 12:56:36 newdvlanb radiusd[10152]: rlm_eap: No EAP session matching
the State variable.
The State attribute is returned in Access-Challenges by the RADIUS server
Hi,
Sep 30 12:56:36 newdvlanb radiusd[10152]: rlm_eap: No EAP session
matching the State variable.
Sep 30 12:00:21 dvlanc radiusd[16053]: WARNING: Child is hung for
request 782076 in component authenticate module peap.
Sep 30 12:57:08 newdvlanb radiusd[10152]: Discarding duplicate
request
John Douglass wrote:
Any one have any similar battle scars that I can learn from (server
performance tweaks, optimizations, etc?). I've optimized as best I can
the SQL component. This all seems related to the samba/winbind/ntlm_auth.
FreeRADIUS is dependent on other systems. So if Samba or
), but just algorithms 1-3 are
still useful.
Actually it's not, it's published in the 3GGP standards, neat :)
*3GPP even
And if you want to find something to test against for GSM-Milenage and
EAP-SIM (or Milenage with EAP-AKA/AKA' for that matter), wpa_supplicant
includes an implementation
inside inner-eap?
No. You have to configure the ntlm_auth module, and the ntlm_auth
sub-section of the authenticate section. All of that is documented in
the deployingradius.com page.
See my comment earlier. Did I place the configuration at the right
sub-section?
I have no idea. You've been
it in this case.
Do I have to place this under gtc sub-section inside inner-eap?
No. You have to configure the ntlm_auth module, and the ntlm_auth
sub-section of the authenticate section. All of that is documented in
the deployingradius.com page.
See my comment earlier. Did I place
that, but that didn't work.
See the FAQ for it doesn't work
Perhaps I didn't configure the
ntlm_auth module though there is modules/ntlm_auth created when I
configured EAP-MSCHAPv2 with ntlm_auth.
Perhaps you could try following the examples on deployingradius.com,
or the examples distributed
Alan,
I finally made EAP-GTC using ntlm_auth to work. Basically my initial
configuration inside gtc sub-section of raddb/eap.conf was correct and
modifying raddb/modules/ntlm_auth from %{mschap:User-Name} to
%{User-Name} was also correct. I can also use
%{%{mschap:User-Name}:-%{User-Name
All,
I have successfully configured freeRadius using EAP-PEAP with:
1. GTC to authenticate user against local password
2. MSCHAPv2 to authenticate user against Active Directory via ntlm_auth
following instructions on this link:
http://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory
Don wrote:
That said, if EAP-GTC can be used along with ntlm_auth how do I
configure it to make that work?
Read the gtc sub-section of eap.conf. It tells you how to make
EAP-GTC use a particular authentication method.
I tried to execute ntlm_auth passing
--password=%{User-Password
Alan,
Thank you for your reply and please find my inline response below.
On Thu, Sep 26, 2013 at 7:54 PM, Alan DeKok al...@deployingradius.comwrote:
Don wrote:
That said, if EAP-GTC can be used along with ntlm_auth how do I
configure it to make that work?
Read the gtc sub-section
Just out of interest is anyone using EAP-AKA with the EAP2 module in FreeRADIUS
2.x.x?
If so what sorts of services are you using for? Have any telcos successfully
deployed EAP-SIM/EAP-AKA['] for authenticating handsets to GSM and 802.11
networks to facilitate cross medium roaming?
-Arran
for in
the control list, whereas they were previously looked for in the reply list.
update control {
EAP-Sim-RAND1 := reply:EAP-Sim-RAND1
EAP-Sim-RAND2 := reply:EAP-Sim-RAND2
EAP-Sim-RAND3 := reply:EAP-Sim-RAND3
EAP-Sim-SRES1 := reply:EAP-Sim-SRES1
EAP-Sim-SRES2 := reply:EAP
Note: Comp128-4 (milenage) is still unknown (please contact one of the
developers
if you have access to it's specification), but just algorithms 1-3 are still
useful.
Actually it's not, it's published in the 3GGP standards, neat :)
Arran Cudbard-Bell a.cudba...@freeradius.org
On 24 Sep 2013, at 18:12, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
Note: Comp128-4 (milenage) is still unknown (please contact one of the
developers
if you have access to it's specification), but just algorithms 1-3 are still
useful.
Actually it's not, it's published in
file.
Also, in the simtriplets files at the bottom, I have tried the entries with a 1
at the beiging of the IMSI, and without and with the word SIM there also.
On packet captures over the air, I get
P1 - eap identity request
P2 - eap identity response
P3 - eap-failure
So I beleive the radius
entry in the sites-enabled/default,
as I assume this is now covered in the radiusd.conf file.
No, it's not, that is a version 1.x.x configuration. You have to list it in
sites-enabled/default before EAP for it to work.
Honestly though you don't need the sim_files stuff as you can set
this is happening.
Please see below.
The only think I dont have is sim_files entry in the
sites-enabled/default, as I assume this is now covered in the radiusd.conf
file.
No, it's not, that is a version 1.x.x configuration. You have to list it in
sites-enabled/default before EAP
Also, if I put the sim_files entry before eap in the default file I get the
following error when I try and start Radiusd -s -X
Module: Linked to sub-module rlm_eap_sim
Module: Instantiating eap-sim
Module: Checking authorize {...} for more modules to load
/usr/local/etc/raddb/radiusd.conf[643
Hi,
I am facing some issues with 802.1x EAP-TLS Authentication.
Please suggest any document which can help in better understanding on TLS
Authentication.
Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hey I wanted to say thanks for the tips! I convinced the peers that it was
not a good idea to allow auto certificate acceptance and to just have the
clients accept it when the new certificate went online.
Cheers,
- Trevor
On Thu, Sep 12, 2013 at 3:46 PM, Brian Julin bju...@clarku.edu wrote:
wrote:
Hi,
I am facing some issues with 802.1x EAP-TLS Authentication.
Please suggest any document which can help in better understanding on TLS
Authentication.
Thanks.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Best Regards
Muhammad Nadeem
In strongswan for ikev1 it uses xauth-eap that I use to do validation with
RADIUS (that's the only way for ikev1 clients with strongswan).
My design is that I don't actually care about secondary authentication with
RADIUS since it's already doing certificate validation from strongswan side
for Accounting only and also does
the user expiration check?
No. User expiration checks are done on authentication.
2) is it possible for me in any way to reject expired user but accept eap
based authentication (from configuration or code modification)?
Yes.
3) when connection is rejected
of action:
1) is there a way to configure freeradius for Accounting only and also
does
the user expiration check?
No. User expiration checks are done on authentication.
2) is it possible for me in any way to reject expired user but accept
eap
based authentication (from
WorkingMan wrote:
Can you give me an example on how to always accept connection on EAP-*
authentication (it will be password based from xauth-eap from strongswan)
No. EAP doesn't (and can't) work that way.
but at the same time still honour Expiration logic? I am not sure what to
do
Hi,
I'm trying to setup eap-ttls with freeradius, all my tests in LAB was
successful. I've test it with both users file and sql and it was working.
Now I'm going to prepare it for real setup, my only problem is that all my
User-Passwords is database is stored with SMD5-Password attribute
Hi,
I'm trying to setup eap-ttls with freeradius, all my tests in LAB was
successful. I've test it with both users file and sql and it was working.
Now I'm going to prepare it for real setup, my only problem is that all my
User-Passwords is database is stored with SMD5-Password attribute
On 20 Sep 2013, at 17:04, Nasser Heidari nas...@rasana.net wrote:
Hi,
I'm trying to setup eap-ttls with freeradius, all my tests in LAB was
successful. I've test it with both users file and sql and it was working.
Now I'm going to prepare it for real setup, my only problem is that all my
Hi,
I've got a Windows 7 machine attempting to connect to FreeRADIUS 2.2.0.
EAP-TLS with a client certificate works fine, but with PEAP/EAP-TLS it
doesn't.
Is there anything I'm missing? The problem appears to be that the client
doesn't send over the client cert. I know Windows is very fussy
On Tue, Sep 17, 2013 at 07:54:12AM +0100, John Carter wrote:
I've got a Windows 7 machine attempting to connect to FreeRADIUS 2.2.0.
EAP-TLS with a client certificate works fine, but with PEAP/EAP-TLS it
doesn't.
Hi.
make fragment_size in modules/inner-eap smaller then fragment_size
Thanks Martin,
I had already changed this in the config, but it lead me to the real issue
which was that I'd added a eap inner-eap section to my eap.conf, but I
also had a modules/inner-eap file from the default config. When I removed
modules/inner-eap file it all works fine.
Thanks again,
John
I run two freeradius servers (both 2.2.0 x86_64) with MySQL backends
doing ntlm_auth (RHEL 6 Samba 3.6.9) for EAP-PEAP-MSChapV2 for our
client devices.
I have enabled the server debug using radmin (the debug file is HUGE
so that is why I am not posting it along with). I have googled
Hi,
Sep 16 09:57:56 newdvlanb radiusd[15211]: rlm_eap: No EAP session
matching the State variable.
turn on full debug for just a single User-Name or Calling-Station-Id
(check radmin docs). whats your authentication clean-up/tidy up times -
as if the clients dont respond then the session
Hello,
We are using freeradius with EAP/SSL and although it is working fine, I
was wondering if there was a way to prevent the user from getting the
prompt to accept the certificate? I have combined the intermediate and
server certificates to one file and used that file in the
'certificate_file
Trevor Jennings wrote:
We are using freeradius with EAP/SSL and although it is working fine, I was
wondering if there was a way to prevent the user from getting the prompt to
accept the certificate? I have combined the intermediate and server
certificates to one file and used that file
2013/9/12 Brian Julin bju...@clarku.edu
Trevor Jennings wrote:
[...]
On OSX, the certificates are marked as valid, including the root,
intermediate
and server, but still prompts the user to accept. Is there a way around
this?
About the only way I can think of is to install a profile
Mathieu wrote:
At least from that side there is hope for improvements with Android 4.3
onwards there
are API calls for enterprise wireless configuration.
Maybe someone steps up by making an application that can manage
profiles or something like this.
That is promising, but I hope this
Hi All,
Just to let you all know I did get all my setup working (took me a while being
not a linux guru) but it does work as expected. Just in case anyone was
wondering :)
Many thanks all
Ken
:)
On 29 August 2013 at 16:05 ken.farrington ken.farring...@802.co.uk wrote:
Hi All,
Is there a
}:--}) auth-type %{control:Auth-Type}/%{EAP-Type} realm %{%{Realm}:--} nas %{
%{NAS-IP-Address}:-%{%{NAS-IPv6-Address}:--}-}/%{%{NAS-Port}:--} (operator %{%{O
perator-Name}:--}) client %{%{Packet-Src-IP-Address}:-%{%{Packet-Src-IPv6-Addres
s}:--}} (%{Client-Shortname}) ap '%{%{UCam-AP-Name
. an EAP request into line-log,
Read doc/aaa.rst
You don't passd information into a module. The incoming packet (and
associated data) is given to the module. The module then decides what
to do.
sites-enabled/eap-inner-tunnel, how
I tell f_ticks (or linelog, or any other modules
I'm trying to do a proxy from the inner-tunnel over to another radius server.
The primary reason for this is that we need to strip off the realm before
passing to the proxy.
I'm getting an EAP error response from the other server about it not liking the
id number
Supplicant sent
On 29/08/13 14:35, Robert Roll wrote:
I'm trying to do a proxy from the inner-tunnel over to another radius server.
The primary reason for this is that we need to strip off the realm before
passing to the proxy.
I'm getting an EAP error response from the other server about it not liking
On Thu, Aug 29, 2013 at 01:35:25PM +, Robert Roll wrote:
I'm getting an EAP error response from the other server about it not liking
the
id number
Supplicant sent unmatched EAP response packet identifier
EAP Response identifier sent by the client has to match EAP Request
I guess I assumed the id: in the TCP dump below was the EAP Response
Identifier maybe not ? Is there a different
EAP response identifier ?
I actually have been running with debug radius -X. Obviously a lot longer
output than just the TCP dump.
That is why I first tried just the TCP dump
Hi All,
Is there a way if I had 10 clients in my home lab and all the certs expire
tomorrow, that rather than re-provide all the certs to my clients, I can frigg
the radius server time, to still accpet them.
Im guessing this is a no, but from what I see, the client cert is presented, and
check
On Thu, Aug 29, 2013 at 02:56:44PM +, Robert Roll wrote:
I guess I assumed the id: in the TCP dump below was the EAP Response
Identifier maybe not ? Is there a different
EAP response identifier ?
That is the id of the radius packet. EAP lives insided radius packet AVPs
called EAP
On 29/08/13 15:56, Robert Roll wrote:
I guess I assumed the id: in the TCP dump below was the EAP Response
Identifier maybe not ? Is there a different
EAP response identifier ?
Yes, in the EAP-Message attribute (EAP packet)
I actually have been running with debug radius -X
...@imperial.ac.uk]
Sent: Thursday, August 29, 2013 7:58 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: EAP-Peap-MSchapv2 proxy from innertunnel
On 29/08/13 14:35, Robert Roll wrote:
I'm trying to do a proxy from the inner-tunnel over to another radius
server.
The primary reason
= no
#
eap
I see that eap needs be invoked if using
proxy_tunneled_request_as_eap = no
Does it actually need to NOT be there for
proxy_tunneled_request_as_eap = no
I should say I'm actually NOT using the proxy-inner-tunnel server, but
rather the default inner-tunnl with:
# If you
EAP-identity, and the proxy server
responds with an EAP-TLS start i.e. you would be doing EAP-TLS inside
PEAP, if this worked:
rad_recv: Access-Challenge packet from host 155.97.185.76 port 1812,
id=216, length=128
State = ...
Proxy-State = 0x313231
EAP-Message
Phil Mayers wrote:
[peap] Got tunneled request
EAP-Message = 0x02090006031a
0x03 == 3 = NAK, 0x1a == 26 == MS-EAP (SoH, I think?)
That's EAP-MSCHAP-v2.
...which the proxy server then rejects:
rad_recv: Access-Reject packet from host 155.97.185.76 port 1812, id=71,
length=49
Robert Roll wrote:
If I actually look at the proxy-inner-tunnel I see the following for
post-proxy..
The post-proxy stage has NOTHING to do with the home server. If the
home server rejects the request, the issue is WAY before the
post-process stage.
I see that eap needs be invoked
On 29/08/13 18:16, Alan DeKok wrote:
Phil Mayers wrote:
[peap] Got tunneled request
EAP-Message = 0x02090006031a
0x03 == 3 = NAK, 0x1a == 26 == MS-EAP (SoH, I think?)
That's EAP-MSCHAP-v2.
Doh, yes, brain fade. TBH this page could be clearer:
http://www.iana.org/assignments/eap
On 29/08/13 18:16, Alan DeKok wrote:
i.e. set proxy_tunneled_request_as_eap = no
Although IIRC that *definitely* had issues in 2.1.10, right?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Phil Mayers wrote:
On 29/08/13 18:16, Alan DeKok wrote:
i.e. set proxy_tunneled_request_as_eap = no
Although IIRC that *definitely* had issues in 2.1.10, right?
I don't recall... that was a long time ago, and I'm trying to get 3.0
out the door.
Alan DeKok.
-
List
Your reference is wrong/unknown which means that there's a noop. This means no
operation which means no fticks output
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mechanism?
I think I still don't fully understand how modules hang together, how
I pass information
from e.g. an EAP request into line-log, or, looking at
sites-enabled/eap-inner-tunnel, how
I tell f_ticks (or linelog, or any other modules for that matter)
which values I'd like to work
with.
I
question: what values are available
where, and when,
via which mechanism?
I think I still don't fully understand how modules hang together, how
I pass information
from e.g. an EAP request into line-log, or, looking at
sites-enabled/eap-inner-tunnel, how
I tell f_ticks (or linelog, or any
rlm_eap_sim
Module: Instantiating eap-sim
rlm_eap_sim is compiled in.
/usr/local/etc/raddb/modules/sim_files[1]: Failed to link to module
'rlm_sim_files': rlm_sim_files.so: cannot open shared object file: No
such file or directory
rlm_sim_files is not compiled in.
In fact you do
On 27.08.2013 10:57, ken.farrington wrote:
Many thanks indeed. Are you saying I can just take out sim_files from
the authorise in the default file and it should work anyway?
If so, fantastic :)
My raddb/sites-enabled/default:
authorize {
preprocess
auth_log
chap
mschap
suffix
eap
, fantastic :)
My raddb/sites-enabled/default:
authorize {
preprocess
auth_log
chap
mschap
suffix
eap {
ok = return
}
files
pap
}
My raddb/users:
1250016490216...@wlan.mnc001.mcc250.3gppnetwork.org
EAP-Sim-RAND1 = 0x09844aff4ccf66cdb95e59dba8ec291c,
EAP-Sim-RAND2
Hi,
I'm trying to find a way to log EAP requests and responses on an IdP in
such way that the inner and outer identity of a request end up on one
line; using linelog via f_ticks I managed to get a slightly more concise
logging going than the detail level in accounting messages. But I'd like
On 27 Aug 2013, at 17:59, Andrej andrej.gro...@gmail.com wrote:
Hi,
I'm trying to find a way to log EAP requests and responses on an IdP in such
way that the inner and outer identity of a request end up on one line; using
linelog via f_ticks I managed to get a slightly more concise
On 28 August 2013 05:09, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
Hi Arran,
Is there a way to e.g. pass information from the outer processing on to the
inner so I can log both from there, rather than logging both identities
individually? While it's feasible to have both when
Andrej wrote:
Cool - I'll give that a go. Is there a comprehensive list anywhere of
which kind of values
is permissible in which context?
See the debug output. If it's in the debug output, you can use it.
If it's not in the debug output, it doesn't exist. And you can't use it.
You can
On 28 August 2013 09:09, Alan DeKok al...@deployingradius.com wrote:
See the debug output. If it's in the debug output, you can use it.
If it's not in the debug output, it doesn't exist. And you can't use it.
You can always reference the outer tunnel from the inner one.
OK. So, I found
On 25.08.2013 15:03, ken.farrington wrote:
Module: Linked to sub-module rlm_eap_sim
Module: Instantiating eap-sim
rlm_eap_sim is compiled in.
/usr/local/etc/raddb/modules/sim_files[1]: Failed to link to module
'rlm_sim_files': rlm_sim_files.so: cannot open shared object file: No
such file
On 08/26/2013 12:11 PM, Iliya Peregoudov wrote:
On 25.08.2013 15:03, ken.farrington wrote:
Module: Linked to sub-module rlm_eap_sim
Module: Instantiating eap-sim
rlm_eap_sim is compiled in.
/usr/local/etc/raddb/modules/sim_files[1]: Failed to link to module
'rlm_sim_files': rlm_sim_files.so
Hello all,
I hope this email finds you all well and is my first post.
I think I have a small problem with my backtrack distro and I am trying to
load eap-sim onto my free radius server 2.1.11. I have followed the guide to
add the relevant parts of the config and when I put
On 25/08/2013 12:03, ken.farrington wrote:
/usr/local/etc/raddb/modules/sim_files[1]: Failed to link to module
'rlm_sim_files': rlm_sim_files.so: cannot open shared object file: No
such file or directory
Your version of FreeRADIUS wasn't compiled with rlm_eap_sim enabled, or
it wasn't
Thanks so much I will try that. Much regards ken.farring...@802.co.uk
Phil Mayers p.may...@imperial.ac.uk wrote:
On 25/08/2013 12:03, ken.farrington wrote:
/usr/local/etc/raddb/modules/sim_files[1]: Failed to link to module
'rlm_sim_files': rlm_sim_files.so: cannot open shared object file:
No
dear guest, i have problem in eap-sim authentication.
I'm using freeradius 2.2.0, blackberry 9220
here my simtripletsdat. file
1510012660372465,AF6876E748BD46bf853A99DC2032F0A7,95762655,449177635B92bc00
1510012660372465,A1A9AC744E8D49819D27A79B067BCA69,257b31c6,64ff9467DEa1e400
Right now we have freeradius configured so that EAP and non-EAP are handled by
separate virtual servers which are listening on separate virtual ports.
We'd like to simplify our configuration and use the same port for both. I've
looked through the documentation without much success.
Does anyone
Bruce Bauman wrote:
Right now we have freeradius configured so that EAP and non-EAP are
handled by separate virtual servers which are listening on separate
virtual ports.
Why?
We'd like to simplify our configuration and use the same port for both.
I've looked through the documentation
On 03/07/13 15:29, Bruce Bauman wrote:
Right now we have freeradius configured so that EAP and non-EAP are
handled by separate virtual servers which are listening on separate
virtual ports.
We'd like to simplify our configuration and use the same port for both.
I've looked through
Hi,
We'd like to simplify our configuration and use the same port for both.
the default configuration does that
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can I know what brand of radius server you are going to use for EAP-SIM/AKA
? I am interesting on this
On Tue, Jul 2, 2013 at 3:51 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 07/02/2013 07:56 AM, Ming-Ching Tiew wrote:
So this
[^@]*@wlan.mncX.mccY.**3gppnetwork.orghttp
On 01.07.2013 18:34, Alan DeKok wrote:
It's not possible for one proxy radius to send request to different EAP
SIM/EAP AKA radius server (based on certain criteria) ?
When you're proxying an EAP packet, the ONLY criteria you have is the
EAP identity. You do NOT have the EAP type available
From: Iliya Peregoudov iperegu...@cboss.ru
To: freeradius-users@lists.freeradius.org
Sent: Tuesday, July 2, 2013 2:20 PM
Subject: Re: Using freeradius as proxy for EAP-SIM/EAP-AKA
On 01.07.2013 18:34, Alan DeKok wrote:
It's not possible for one proxy radius to send request to different EAP
On 07/02/2013 07:56 AM, Ming-Ching Tiew wrote:
So this [^@]*@wlan.mncX.mccY.3gppnetwork.org is unique ? All the SIMs
from the same mobile operator will have the same string and it will be
different from another mobile operator ?
Yes, though be aware the pattern given isn't exactly valid; X
--I am wondering if it is possible to proxy EAP-SIM/EAP-AKA
authentication using FreeRadius ?
yes it is possible , but you have to make sure that all requests of an EAP
session are being entertain by the same server, ( as proxy can have
multipile freeradius servers), Read proxy.config
If I understand you correctly, it means it is only possible to have ONE radius
server which does EAP SIM/EAP AKA authentication in the entire chain of
connections ?
It's not possible for one proxy radius to send request to different EAP SIM/EAP
AKA radius server (based on certain criteria
There is a clear distinction between the two cases.
First case: user record is found in users file:
rad_recv: Access-Request packet from host 192.168.2.1 port 2048, id=1,
length=215
[skipped]
+- entering group authorize {...}
[skipped]
[files] users: Matched entry
Ming-Ching Tiew wrote:
If I understand you correctly, it means it is only possible to have ONE
radius server which does EAP SIM/EAP AKA authentication in the entire
chain of connections ?
No.
It means that you don't KNOW it's EAP-SIM until after you decide to
proxy it.
It's not possible
Hi
I am wondering if it is possible to proxy EAP-SIM/EAP-AKA authentication using
FreeRadius ?
Assuming brand X radius server has support for EAP-SIM/EAP-AKA, but it's
located at the final end of the food chain, and in-between the brand X radius
server and the Access point, there are 2
,B0354bf3402e42ed
my users format
1510019760806...@wlan.mnc001.mcc510.3gppnetwork.org EAP-Type := SIM
EAP-Sim-Rand1 = 0x 326258E6F77C40f3866DB25DEA60AE4D,
EAP-Sim-SRES1 = 0x DD287535,
EAP-Sim-KC1 = 0x 7F743521EBabb000,
EAP-Sim-Rand2 = 0x
.mcc510.3gppnetwork.orgEAP-Type
:= SIM
EAP-Sim-Rand1 = 0x 326258E6F77C40f3866DB25DEA60AE**4D,
EAP-Sim-SRES1 = 0x DD287535,
EAP-Sim-KC1 = 0x 7F743521EBabb000,
EAP-Sim-Rand2 = 0x FD9989BD90AD4a03962E6C08C000C1**4B,
EAP-Sim-SRES2 = 0x BFf89ad2,
EAP-Sim-KC2 = 0x 1C7098005Fea8c00,
EAP-Sim-Rand3 = 0x
.**mcc510.3gppnetwork.org1510019760806...@wlan.mnc001.mcc510.3gppnetwork.orgEAP-Type
:= SIM
EAP-Sim-Rand1 = 0x 326258E6F77C40f3866DB25DEA60AE**4D,
EAP-Sim-SRES1 = 0x DD287535,
EAP-Sim-KC1 = 0x 7F743521EBabb000,
EAP-Sim-Rand2 = 0x FD9989BD90AD4a03962E6C08C000C1**4B,
EAP-Sim-SRES2 = 0x BFf89ad2,
EAP-Sim
On 20.06.2013 17:56, raptor raptor wrote:
my users format
1510019760806...@wlan.mnc001.mcc510.3gppnetwork.org EAP-Type := SIM
EAP-Sim-Rand1 = 0x 326258E6F77C40f3866DB25DEA60AE4D,
EAP-Sim-SRES1 = 0x DD287535,
EAP-Sim-KC1 = 0x 7F743521EBabb000,
EAP-Sim-Rand2 = 0x FD9989BD90AD4a03962E6C08C000C14B
On 20.06.2013 8:38, raptor raptor wrote:
i just try one client and success but when i use another client and it fails
Post debug log if you want to diagnose authentication failure.
is it correct if i add other client in users and simtriplets.dat?
Yes, you should add auth vectors for all
= 48f8b315461a
Calling-Station-Id = 1814563e5189
NAS-Identifier = 48f8b315461a
NAS-Port = 38
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message
On 20.06.2013 13:38, raptor raptor wrote:
Sending Access-Accept of id 0 to 192.168.2.1 port 2048
MS-MPPE-Recv-Key =
0x9d0b6b0a9151822473399a9fed44e8f0d74df083532a7d437e436f60866252d8
MS-MPPE-Send-Key =
0xebf07da25ca3cd97267d1fc6a1ce18d68ad2737902f610284bdb45c6eed0cb7f
EAP-Message = 0x03760004
What I really need to do is proxy the inner message to another
Radius server which will do the authentication but I cannot get this
to work. Whatever I try, I always see an EAP-Message avp heading off
to the remote server. I have looked at the proxy-inner-tunnel
virtual server but am
1510080325656501,5A8F4C0677DE4930B47825B55534CC79,94d66001,AC85d79439b564c0
1510080325656501,8E29A03F8E13466fBF84D12F6A9D4734,E284e39e,13a524d040094ef4
1510080325656501,BC5D3CEB1EAC4164AA463E289222C450,AE8bdfc6,B0354bf3402e42ed
my users format
1510019760806...@wlan.mnc001.mcc510.3gppnetwork.org EAP-Type := SIM
need to do is proxy the inner message to another Radius
server which will do the authentication but I cannot get this to work.
Whatever I try, I always see an EAP-Message avp heading off to the remote
server. I have looked at the proxy-inner-tunnel virtual server but am
unsure how
On 19/06/13 13:28, adrian.p.sm...@bt.com wrote:
What I really need to do is proxy the inner message to another Radius
server which will do the authentication but I cannot get this to work.
Whatever I try, I always see an EAP-Message avp heading off to the
remote server. I have looked
What I really need to do is proxy the inner message to another Radius
server which will do the authentication but I cannot get this to work.
Whatever I try, I always see an EAP-Message avp heading off to the
remote server. I have looked at the proxy-inner-tunnel virtual server
but am
Hi,
This *is* proxying the inner tunnel; the inner tunnel auth is also EAP, and
you're sending it to the remote server.
Thanks, this is NOT what I want to do. I want to send the inner message, not
the tunnel and do PAP on the remote server.
okay. so you need to start by terminating
1 - 100 of 5611 matches
Mail list logo