), but just algorithms 1-3 are
still useful.
Actually it's not, it's published in the 3GGP standards, neat :)
*3GPP even
And if you want to find something to test against for GSM-Milenage and
EAP-SIM (or Milenage with EAP-AKA/AKA' for that matter), wpa_supplicant
includes an implementation
for in
the control list, whereas they were previously looked for in the reply list.
update control {
EAP-Sim-RAND1 := reply:EAP-Sim-RAND1
EAP-Sim-RAND2 := reply:EAP-Sim-RAND2
EAP-Sim-RAND3 := reply:EAP-Sim-RAND3
EAP-Sim-SRES1 := reply:EAP-Sim-SRES1
EAP-Sim-SRES2 := reply:EAP
Note: Comp128-4 (milenage) is still unknown (please contact one of the
developers
if you have access to it's specification), but just algorithms 1-3 are still
useful.
Actually it's not, it's published in the 3GGP standards, neat :)
Arran Cudbard-Bell a.cudba...@freeradius.org
On 24 Sep 2013, at 18:12, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
Note: Comp128-4 (milenage) is still unknown (please contact one of the
developers
if you have access to it's specification), but just algorithms 1-3 are still
useful.
Actually it's not, it's published in
rlm_eap_sim
Module: Instantiating eap-sim
rlm_eap_sim is compiled in.
/usr/local/etc/raddb/modules/sim_files[1]: Failed to link to module
'rlm_sim_files': rlm_sim_files.so: cannot open shared object file: No
such file or directory
rlm_sim_files is not compiled in.
In fact you do
{
ok = return
}
files
pap
}
My raddb/users:
1250016490216...@wlan.mnc001.mcc250.3gppnetwork.org
EAP-Sim-RAND1 = 0x09844aff4ccf66cdb95e59dba8ec291c,
EAP-Sim-RAND2 = 0x100446e9e8f553a9d87d0444a44b6cf5,
EAP-Sim-RAND3 = 0x753fdfc2d7e834002557a069462a1fa5,
EAP
, fantastic :)
My raddb/sites-enabled/default:
authorize {
preprocess
auth_log
chap
mschap
suffix
eap {
ok = return
}
files
pap
}
My raddb/users:
1250016490216...@wlan.mnc001.mcc250.3gppnetwork.org
EAP-Sim-RAND1 = 0x09844aff4ccf66cdb95e59dba8ec291c,
EAP-Sim-RAND2
On 25.08.2013 15:03, ken.farrington wrote:
Module: Linked to sub-module rlm_eap_sim
Module: Instantiating eap-sim
rlm_eap_sim is compiled in.
/usr/local/etc/raddb/modules/sim_files[1]: Failed to link to module
'rlm_sim_files': rlm_sim_files.so: cannot open shared object file: No
such file
On 08/26/2013 12:11 PM, Iliya Peregoudov wrote:
On 25.08.2013 15:03, ken.farrington wrote:
Module: Linked to sub-module rlm_eap_sim
Module: Instantiating eap-sim
rlm_eap_sim is compiled in.
/usr/local/etc/raddb/modules/sim_files[1]: Failed to link to module
'rlm_sim_files': rlm_sim_files.so
Hello all,
I hope this email finds you all well and is my first post.
I think I have a small problem with my backtrack distro and I am trying to
load eap-sim onto my free radius server 2.1.11. I have followed the guide to
add the relevant parts of the config and when I put
On 25/08/2013 12:03, ken.farrington wrote:
/usr/local/etc/raddb/modules/sim_files[1]: Failed to link to module
'rlm_sim_files': rlm_sim_files.so: cannot open shared object file: No
such file or directory
Your version of FreeRADIUS wasn't compiled with rlm_eap_sim enabled, or
it wasn't
Thanks so much I will try that. Much regards ken.farring...@802.co.uk
Phil Mayers p.may...@imperial.ac.uk wrote:
On 25/08/2013 12:03, ken.farrington wrote:
/usr/local/etc/raddb/modules/sim_files[1]: Failed to link to module
'rlm_sim_files': rlm_sim_files.so: cannot open shared object file:
No
dear guest, i have problem in eap-sim authentication.
I'm using freeradius 2.2.0, blackberry 9220
here my simtripletsdat. file
1510012660372465,AF6876E748BD46bf853A99DC2032F0A7,95762655,449177635B92bc00
1510012660372465,A1A9AC744E8D49819D27A79B067BCA69,257b31c6,64ff9467DEa1e400
Can I know what brand of radius server you are going to use for EAP-SIM/AKA
? I am interesting on this
On Tue, Jul 2, 2013 at 3:51 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 07/02/2013 07:56 AM, Ming-Ching Tiew wrote:
So this
[^@]*@wlan.mncX.mccY.**3gppnetwork.orghttp
On 01.07.2013 18:34, Alan DeKok wrote:
It's not possible for one proxy radius to send request to different EAP
SIM/EAP AKA radius server (based on certain criteria) ?
When you're proxying an EAP packet, the ONLY criteria you have is the
EAP identity. You do NOT have the EAP type available
From: Iliya Peregoudov iperegu...@cboss.ru
To: freeradius-users@lists.freeradius.org
Sent: Tuesday, July 2, 2013 2:20 PM
Subject: Re: Using freeradius as proxy for EAP-SIM/EAP-AKA
On 01.07.2013 18:34, Alan DeKok wrote:
It's not possible for one proxy radius to send request to different EAP
On 07/02/2013 07:56 AM, Ming-Ching Tiew wrote:
So this [^@]*@wlan.mncX.mccY.3gppnetwork.org is unique ? All the SIMs
from the same mobile operator will have the same string and it will be
different from another mobile operator ?
Yes, though be aware the pattern given isn't exactly valid; X
--I am wondering if it is possible to proxy EAP-SIM/EAP-AKA
authentication using FreeRadius ?
yes it is possible , but you have to make sure that all requests of an EAP
session are being entertain by the same server, ( as proxy can have
multipile freeradius servers), Read proxy.config
If I understand you correctly, it means it is only possible to have ONE radius
server which does EAP SIM/EAP AKA authentication in the entire chain of
connections ?
It's not possible for one proxy radius to send request to different EAP SIM/EAP
AKA radius server (based on certain criteria
There is a clear distinction between the two cases.
First case: user record is found in users file:
rad_recv: Access-Request packet from host 192.168.2.1 port 2048, id=1,
length=215
[skipped]
+- entering group authorize {...}
[skipped]
[files] users: Matched entry
Ming-Ching Tiew wrote:
If I understand you correctly, it means it is only possible to have ONE
radius server which does EAP SIM/EAP AKA authentication in the entire
chain of connections ?
No.
It means that you don't KNOW it's EAP-SIM until after you decide to
proxy it.
It's not possible
Hi
I am wondering if it is possible to proxy EAP-SIM/EAP-AKA authentication using
FreeRadius ?
Assuming brand X radius server has support for EAP-SIM/EAP-AKA, but it's
located at the final end of the food chain, and in-between the brand X radius
server and the Access point, there are 2
,B0354bf3402e42ed
my users format
1510019760806...@wlan.mnc001.mcc510.3gppnetwork.org EAP-Type := SIM
EAP-Sim-Rand1 = 0x 326258E6F77C40f3866DB25DEA60AE4D,
EAP-Sim-SRES1 = 0x DD287535,
EAP-Sim-KC1 = 0x 7F743521EBabb000,
EAP-Sim-Rand2 = 0x
.mcc510.3gppnetwork.orgEAP-Type
:= SIM
EAP-Sim-Rand1 = 0x 326258E6F77C40f3866DB25DEA60AE**4D,
EAP-Sim-SRES1 = 0x DD287535,
EAP-Sim-KC1 = 0x 7F743521EBabb000,
EAP-Sim-Rand2 = 0x FD9989BD90AD4a03962E6C08C000C1**4B,
EAP-Sim-SRES2 = 0x BFf89ad2,
EAP-Sim-KC2 = 0x 1C7098005Fea8c00,
EAP-Sim-Rand3 = 0x
.**mcc510.3gppnetwork.org1510019760806...@wlan.mnc001.mcc510.3gppnetwork.orgEAP-Type
:= SIM
EAP-Sim-Rand1 = 0x 326258E6F77C40f3866DB25DEA60AE**4D,
EAP-Sim-SRES1 = 0x DD287535,
EAP-Sim-KC1 = 0x 7F743521EBabb000,
EAP-Sim-Rand2 = 0x FD9989BD90AD4a03962E6C08C000C1**4B,
EAP-Sim-SRES2 = 0x BFf89ad2,
EAP-Sim
On 20.06.2013 17:56, raptor raptor wrote:
my users format
1510019760806...@wlan.mnc001.mcc510.3gppnetwork.org EAP-Type := SIM
EAP-Sim-Rand1 = 0x 326258E6F77C40f3866DB25DEA60AE4D,
EAP-Sim-SRES1 = 0x DD287535,
EAP-Sim-KC1 = 0x 7F743521EBabb000,
EAP-Sim-Rand2 = 0x FD9989BD90AD4a03962E6C08C000C14B
On 20.06.2013 8:38, raptor raptor wrote:
i just try one client and success but when i use another client and it fails
Post debug log if you want to diagnose authentication failure.
is it correct if i add other client in users and simtriplets.dat?
Yes, you should add auth vectors for all
...@wlan.mnc001.mcc510.3gppnetwork.org
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
[eap] EAP packet type response id 0 length 56
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry
1510019760806...@wlan.mnc001
On 20.06.2013 13:38, raptor raptor wrote:
Sending Access-Accept of id 0 to 192.168.2.1 port 2048
MS-MPPE-Recv-Key =
0x9d0b6b0a9151822473399a9fed44e8f0d74df083532a7d437e436f60866252d8
MS-MPPE-Send-Key =
0xebf07da25ca3cd97267d1fc6a1ce18d68ad2737902f610284bdb45c6eed0cb7f
EAP-Message = 0x03760004
EAP-Sim-Rand1 = 0x 326258E6F77C40f3866DB25DEA60AE4D,
EAP-Sim-SRES1 = 0x DD287535,
EAP-Sim-KC1 = 0x 7F743521EBabb000,
EAP-Sim-Rand2 = 0x FD9989BD90AD4a03962E6C08C000C14B,
EAP-Sim-SRES2 = 0x BFf89ad2,
EAP-Sim-KC2 = 0x 1C7098005Fea8c00,
EAP-Sim-Rand3
Hi, IIlya
Thanx for your advice
it works
On Thu, Jun 13, 2013 at 2:47 PM, Iliya Peregoudov iperegu...@cboss.ruwrote:
On 11.06.2013 12:27, raptor raptor wrote:
1.
when i change users entry, i get notification that access-accept has
succesfull
but unfortunately, when i restart the system
:
simtriplets.dat
151001xx,Rand1,SRES1,kC1
151001xx,Rand2,SRES2,kC2
151001xx,Rand3,SRES3,kC3
151002xx,Rand1,SRES1,kC1
151002xx,Rand2,SRES2,kC2
151002xx,Rand3,SRES3,kC3
and also in users
151001xxx...@wlan.mnc EAP-Type :=SIM
EAP-Sim-Rand1 = 0x
/freeradius/rlm_sim_files.so
that's it
may this helps your problem
On Thu, Jun 20, 2013 at 11:30 AM, romy rooman roomanro...@gmail.com wrote:
Hi all,
i have read many posts about eap sim
i have create simtriplets.dat and i want to use eap sim for tests
and i get notification
On 11.06.2013 22:21, Rodney Machado wrote:
After reading again the documentation, i got to this point:
[skipped]
I'm going to fix the user file and give it a try again.
rlm_eap_sim expects EAP-Sim-RAND1 (and friends) on reply list, not in
control list.
So correct users entry for EAP-SIM
On 11.06.2013 12:27, raptor raptor wrote:
1.
when i change users entry, i get notification that access-accept has
succesfull
but unfortunately, when i restart the system cant access-accept and i
must change attribute in users from agsm program
here the log:
I do not understand clearly whether
1510019760806391,BF9A9F6EEB36422895D010927D76972C,F49dd880,3Afbcf2fA9b0a000
1510019760806391,C63837CFECD348deB119C35CFECD4898,49312999,FD488938B6f2a000
Equivalent users entry should look like:
1510019760806391 EAP-Type:=SIM
EAP-Sim-Rand1:=0xAAC0FAFDC47D4524AC9E2A3D51BDBA39,
EAP-Sim
Hi Iliya,
I'm been trying my self EAP-SIM auth for a while, with nothing but odd results.
I'm using FreeRADIUS Version 3.0.0 (git #25b6fdd), in wich the support for
sim_files module have been dropped. I tryied setting the vectors vía the users
file for my IMSI but its not working, I was just
After reading again the documentation, i got to this point:
What's with the commas in the raddb/users file?
Commas link lists of attributes together. The general format for a raddb/users
file entry is:
name Check-Item = Value, ..., Check-Item = Value Reply-Item = Value, . . .
Reply-Item =
,C63837CFECD348deB119C35CFECD4898,49312999,FD488938B6f2a000
Your simtriplets.dat format is ok.
i add in users file:
DEFAULTAuth-Type := EAP, EAP-Type := SIM
EAP-Sim-Rand1 = 0x101112131415161718191a1b1c1d1e1f,
EAP-Sim-SRES1 = 0xd1d2d3d4,
EAP-Sim-Rand2 = 0x202122232425262728292a2b2c2d2e2f,
EAP-Sim-SRES2 = 0xe1e2e3e4,
EAP-Sim
understand about LF UNIX line ending, could you show me
what should i do to simtriplets.dat format?
is there any mistake?
2.
Your users format is ok: 16-octet RAND, 4-octet SRES, 8-octet Kc.
Auth vectors in users file differ from those in simtriplets.dat. You cannot
use arbitrary auth vectors. EAP-SIM
{
}
suffix should be called before sim_files in authorize section:
# raddb/sites-available/default:
authorize {
suffix
sim_files
}
On 01.06.2013 11:44, martin robertino wrote:
Hi all,
i'm using freeradius 2.1.9 for eap sim testing
i have simtriplets.dat with format : imsi.RAND
my simtriplets.dat :
1imsi
1510019760806391,AAC0FAFDC47D4524AC9E2A3D51BDBA39,2A71bac3,7868589a75fdc000
1510019760806391,BF9A9F6EEB36422895D010927D76972C,F49dd880,3Afbcf2fA9b0a000
1510019760806391,C63837CFECD348deB119C35CFECD4898,49312999,FD488938B6f2a000
On Mon, Jun 3, 2013 at 9:26 PM, Alan
in users file:
DEFAULT Auth-Type := EAP, EAP-Type := SIM
EAP-Sim-Rand1 = 0x101112131415161718191a1b1c1d1e1f,
EAP-Sim-SRES1 = 0xd1d2d3d4,
EAP-Sim-Rand2 = 0x202122232425262728292a2b2c2d2e2f,
EAP-Sim-SRES2 = 0xe1e2e3e4,
EAP-Sim-Rand3 = 0x303132333435363738393a3b3c3d3e3f
On 06/05/2013 04:45 AM, Kranthi K wrote:
Hi All,
I am Newbie to free radius. I installed freeradius version 2.2.0. i want
to configure the EAP-SIM Authentication. Can anyone tell me the steps
how to implement it.
What's with the sudden interest in EAP-SIM? Is there a school project
running
Hi Phil,
Thanks for your reply, It will be greatful if you show some way to
implement the EAP-SIM.
Thanks
On Wed, Jun 5, 2013 at 6:15 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 06/05/2013 04:45 AM, Kranthi K wrote:
Hi All,
I am Newbie to free radius. I installed freeradius version
Hi All,
I am Newbie to free radius. I installed freeradius version 2.2.0. i want to
configure the EAP-SIM Authentication. Can anyone tell me the steps how to
implement it.
Thanks
Kranthi
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Apparently there is an error in simtriplets.dat. Format is
1IMSI,RAND,SRES,KC
RAND, SRES, and KC should be in hexadecimal digits, without 0x
prefix. An even number of hexadecimal digits should be in there.
On 01.06.2013 5:51, raptor raptor wrote:
ASSERT FAILED rlm_sim_files.c[212]: k !=
in authorize section:
# raddb/sites-available/default:
authorize {
suffix
sim_files
}
On 01.06.2013 11:44, martin robertino wrote:
Hi all,
i'm using freeradius 2.1.9 for eap sim testing
i have simtriplets.dat with format : imsi.RAND,SRES,Kc
and i'm having message probleme:
rlm_sim_files
Iliya Peregoudov wrote:
Apparently there is an error in simtriplets.dat. Format is
1IMSI,RAND,SRES,KC
RAND, SRES, and KC should be in hexadecimal digits, without 0x
prefix. An even number of hexadecimal digits should be in there.
The simtriplets.dat dile doesn't have 0x prefixes in its
Hi all,
i'm using freeradius 2.1.9 for eap sim testing
i have simtriplets.dat with format : imsi.RAND,SRES,Kc
and i'm having message probleme:
rlm_sim_files : insufficient number of challenges for imsi
151008xx...@wlan.mnc008.mcc310.3gppnetwork.org
[sim_files] : returnnot found
i read that we
Call suffix before sim_files.
The rlm_sim_files module uses canonical username as a key for
searching authentication vectors. Initially canonical username points to
User-Name attribute. rlm_realm module (suffix is an instance of this
module) split User-Name to Stripped-User-Name and Realm and
i have added Stripped-User-Name in sites-enabled/default and also i
disabled suffix module
but, i found like fatal mistake
could someone tell me what i should do to fix this
this is my log
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1 port 2048, id=0,
++[logintime] returns noop
[pap] WARNING! No known good password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/sim
[eap] processing type sim
rlm_eap_sim
You should designate realm wlan.mnc001.mcc510.3gppnetwork.org as locally
served in raddb/proxy.conf:
# raddb/proxy.conf
realm wlan.mnc001.mcc510.3gppnetwork.org {
}
Then you should add authentication vectors to raddb/simtriplets.dat:
# raddb/simtriplets.dat
# 1IMSI,RAND,SRES,KC
On 30/05/2556 13:44, raptor raptor
wrote:
[pap] WARNING! No "known good"
password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
[pap] WARNING! No "known good"
On 30/05/13 08:16, Iliya Peregoudov wrote:
You should designate realm wlan.mnc001.mcc510.3gppnetwork.org as locally
served in raddb/proxy.conf:
Better yet, don't use the suffix module; look for the realm and strip
it yourself:
authorize {
if (User-Name =~ /^(.*)@(.+)$/) {
update
On 30/05/13 08:22, EasyHorpak.com wrote:
On 30/05/2556 13:44, raptor raptor wrote:
[pap] WARNING! No known good password found for the
user.Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
[pap] WARNING! No known good password found for the
Hi, Phil
Better yet, don't use the suffix module; look for the realm and strip it
yourself:
authorize {
if (User-Name =~ /^(.*)@(.+)$/) {
update request {
Stripped-User-Name := %{1}
Realm := %{2}
}
}
}
See the policy.conf/policy.d and list archives for better regexps for
-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/sim
[eap] processing type sim
+++ EAP-sim decoded packet:
User-Name =
1510019760806...@wlan.mnc001.mcc510.3gppnetwork.org
NAS-IP-Address = 192.168.1.1
Hi,
I am working on the implementation of an EAP-SIM supplicant,
when i send to freeradius a EAP-Response/SIM/Start packet i receive as
expected an EAP-Resquest/SIM/Challenge with AT_RAND (RAND value was
specified in users file [2]) and AT_MAC, after this I should calculate
MAC value and test
, RAND3
SRES1, SRES2, SRES3
KC1, KC2, KC3
Expected by FreeRadius EAP-SIM
Am I right ?
If so, How to fix it ?
Sincerely
-bino-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
b...@indoakses-online.com wrote:
I found same problem of old topic posted back in Feb-2012
For ref :
http://lists.freeradius.org/pipermail/freeradius-users/2012-February/058868.html
...
Look like The device didn\'t send :
...
If so, How to fix it ?
Fix the device.
You can't fix it by
...
Look like The device didn\\\'t send :
...
If so, How to fix it ?
Fix the device.
You can\'t fix it by poking FreeRADIUS.
Alan DeKok.
Dear Alan
What I want to know is it common for device telling AAA that it use
EAP-SIM but it don\'t send RAND,SRES, and KC ?
I Asking
b...@indoakses-online.com wrote:
What I want to know is it common for device telling AAA that it use
EAP-SIM but it don\'t send RAND,SRES, and KC ?
Read RFC 4186. Those fields are required for EAP-SIM to work.
If it common, I think it\'ll be great if FreeRadius can adjut
Read RFC 4186. Those fields are required for EAP-SIM to work.
If it common, I think it\\\'ll be great if FreeRadius can adjut to this.
but if it un-common, I think I\\\'ll need to find new device.
Some device manufacturers don\'t bother reading the specifications.
You should ask
b...@indoakses-online.com wrote:
My Apologize.
I think all the needed data is there.
The EAP-SIM code disagrees with you.
And since you haven't bothered read the specifications, or the code,
or running the server in debugging mode as suggested in the FAQ, web
pages, man page, and daily
Dear Alan and All
I Really sorry
b...@indoakses-online.com wrote:
My Apologize.
I think all the needed data is there.
The EAP-SIM code disagrees with you.
And since you haven\'t bothered read the specifications, or the code,
or running the server in debugging mode as suggested
You see to have a problem understanding me. I will try one last time to
explain. If you keep arguing, you will be be unsubscribed, and banned from the
list.
FreeRADIUS says that data is missing from EAP-SIM. It needs that data to do
EAP-SIM.
If you don't understand that, then you
Probably Aptilo is the solution for you.
On 8 January 2013 18:44, akinpelu emmanuel efakinp...@yahoo.com wrote:
Dear All,
Please has there been anyone that has successfully implemented EAP-SIM with
Huawei HLR? I would appreciate head-start on how possible this is.
Thank you
-
List info
on this??
Various eap-sim issues have been discussed on the lists in the last few
months. Read the archives for more details.
IIRC the fixes are in 2.x.x branch - not all were in the release version
of 2.2.0. Download 2.x.x from git and compile locally, and try again.
-
List info/subscribe/unsubscribe
Dear All,
Please has there been anyone that has successfully implemented EAP-SIM with
Huawei HLR? I would appreciate head-start on how possible this is.
Thank you-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 08/01/13 17:26, Muhammad Usman wrote:
Thanks for your reply..i tried but remained unsuccessful, can you kindly
send me any link or thread where it was discussed. Thanks again
See this thread:
http://lists.freeradius.org/pipermail/freeradius-users/2012-September/062721.html
However, the
Dear All, Any thoughts on this??
On Sun, Jan 6, 2013 at 5:05 PM, Muhammad Usman muhd.usma...@gmail.comwrote:
Dear All,
I am trying to configure freeradius for EAP-SIM authentication, for that i
compiled FreeRadius with ./configure --with-modules=rlm_sim
--with-modules=rlm_sim_files
On 01/07/2013 10:10 AM, Muhammad Usman wrote:
Dear All, Any thoughts on this??
Various eap-sim issues have been discussed on the lists in the last few
months. Read the archives for more details.
IIRC the fixes are in 2.x.x branch - not all were in the release version
of 2.2.0. Download 2
Dear All,
I am trying to configure freeradius for EAP-SIM authentication, for that i
compiled FreeRadius with ./configure --with-modules=rlm_sim
--with-modules=rlm_sim_files. Freeradius is installed successfully as i
have tested it using radtest, as suggested on Freeradius wikis.
i have installed
Hi guys,
i'm still trying to authenticate a EAP SIM Client with
the Freeraduis 3.0.0. By Using the Nokia E51 and E52, the eap-sim
authentication process just stops after the raduis has sent the
EAP-REQUEST, SIM-CHALLENGE (containing AT_RAND and AT_MAC) message (see
log info.).
I did some
, the wrong data is being fed
into the MAC at both ends.
Unfortunately, since FreeRADIUS works with *some* EAP-SIM/AKA
supplicants, I am guessing there are incompatible implementations out there.
You would need to read the SIM/AKA RFCs in detail, and possibly feed the
test data into FreeRADIUS
19017653
rlm_sim_files: Adding EAP-Type: eap-sim
(0) [sim_files] = ok
(0) eap : EAP packet type response id 1 length 56
(0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest
of authorize
(0) [eap] = ok
(0) Found Auth-Type = EAP
(0) # Executing group from file /usr
Didn't you make another fix afterward regarding AT_IDENTITY (commit
cfd61d24b99022eb613054bbf7e0da4fa3af1bde)? Not the patch from Microsoft.
I know I have to patch the 2.2.0 source in our RPMs with this commit otherwise
it fails ;)
On 2012-11-06, at 10:15 AM, Alan DeKok wrote:
Phil Mayers
-enabled/default
+- entering group authorize {...}
rlm_sim_files: authorized user/imsi 19017653
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name
I have the same problem with Nokia E51 handset. EAP-SIM authentication
interrupted by Nokia supplicant. Unfortunately there is no useful
diagnostic on the handset.
On other hand EAP-SIM authentication succeeds when I use wpa_supplicant
on Windows using smart card reader with the same SIM card
Hi guys,
for my thesis i need to realize a EAP-SIM Authentication testbed. I'm using a
Nokia E52 with EAP-SIM, a MIKROTIK router as access point and FreeRADIUS 2.1.10
as Radius server. I have added the necessary commands in the clients.conf,
radiusd.conf, eap.conf and default files in order
On 06/11/12 10:55, Yann R. Moupinda wrote:
Hi guys,
for my thesis i need to realize a EAP-SIM Authentication testbed. I'm
using a Nokia E52 with EAP-SIM, a MIKROTIK router as access point and
FreeRADIUS 2.1.10 as Radius server. I have added the necessary commands
Upgrade. Some fixes for EAP
in the 2.1.x branch (I
think) post release regarding EAP-SIM. Without it, it will not work.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to also add a patch that has been committed in the 2.1.x branch (I
think) post release regarding EAP-SIM. Without it, it will not work.
Was that after 2.2.0 was released?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Phil Mayers wrote:
Was that after 2.2.0 was released?
No, before.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Type = 18 (EAP-SIM)
0a Subtype = 10 (SIM-Start)
00 00 Reserved
0e Attr Type = 14
(AT_IDENTITY
Hello Francois
I have looked into rlm_eap_sim source and found that is incorrectly
decode AT_IDENTITY attribute. This leads to incorrect AT_MAC attribute
calculation. MAC mismatch detected by supplicant and it refuses to
continue EAP-SIM authentication.
Please try to apply patch I've
Iliya Peregoudov wrote:
Hello Francois
I have looked into rlm_eap_sim source and found that is incorrectly
decode AT_IDENTITY attribute. This leads to incorrect AT_MAC attribute
calculation. MAC mismatch detected by supplicant and it refuses to
continue EAP-SIM authentication.
Please try
Hi Iliya/Alan,
I have looked into rlm_eap_sim source and found that is incorrectly
decode AT_IDENTITY attribute. This leads to incorrect AT_MAC attribute
calculation. MAC mismatch detected by supplicant and it refuses to
continue EAP-SIM authentication.
Please try to apply patch I've attached
Francois Gaudreault wrote:
Ok so I did bisect, and this commit appears to be the problematic one:
177dbabdcef84353768551c0a39d29c566538c06 is the first bad commit
commit 177dbabdcef84353768551c0a39d29c566538c06
Author: Alan T. DeKok al...@freeradius.org
Date: Tue Feb 21 08:57:49 2012
On 13/09/12 11:51, Alan DeKok wrote:
Francois Gaudreault wrote:
Ok so I did bisect, and this commit appears to be the problematic one:
177dbabdcef84353768551c0a39d29c566538c06 is the first bad commit
commit 177dbabdcef84353768551c0a39d29c566538c06
Author: Alan T. DeKok al...@freeradius.org
Hi,
Ok so I did bisect, and this commit appears to be the problematic one:
177dbabdcef84353768551c0a39d29c566538c06 is the first bad commit
commit 177dbabdcef84353768551c0a39d29c566538c06
Author: Alan T. DeKok al...@freeradius.org
Date: Tue Feb 21 08:57:49 2012 +0100
Try to use
of thing.
Probably.
I tested with an iPhone 3GS device running 5.0.1. I still need some
bytes to make it work and test with our Android (get the SRES/Kc from
the Micro-SIM).
I don't know if others on the list made it work with that patch on.
I think few people are using EAP-SIM.
Alan
back an answer from them. The reason of the patch was
because when the supplicant was doing EAP negotiation between AKA-PRIME,
AKA, and SIM, for some reason the server was using the wrong Identity.
I asked them if they tested a forced EAP-SIM situation with their
supplicant. We'll see I guess
product.
That's a big if, IMO.
EAP-SIM would in theory be quite nice for a number of reasons right now,
even without offload. It's a built-in, secure credential.
Unfortunately, as our off-list emails suggests, you can't get easy
access to SIM secrets in the general case (for obvious reasons
Well you are probably right, but when providers will start pushing 3G/4G
offload for real (if they ever do), there are not many ways of doing
it... I think :P The reason of those tests on our side is to support
WISPr and/or NewGen hotspots with our product.
That's a big if, IMO.
EAP-SIM would
Francois Gaudreault wrote:
[eap] processing type sim
[eap] Handler failed in EAP/sim
[eap] Failed in EAP select
That's not nice. The module should return some kind of message.
This looks like an issue for digging into the code.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
Hi,
That's not nice. The module should return some kind of message.
If you say so :P
This looks like an issue for digging into the code.
Ok. Let me know if you need me to test anything, I will be glad to do so :)
Thanks!
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca ::
On 12 Sep 2012, at 13:12, Francois Gaudreault fgaudrea...@inverse.ca wrote:
Hi,
That's not nice. The module should return some kind of message.
If you say so :P
This looks like an issue for digging into the code.
Ok. Let me know if you need me to test anything, I will be glad
1 - 100 of 215 matches
Mail list logo