<DIV>Hi All,</DIV> <DIV> </DIV> <DIV>I have downloaded patch from <A href="http://bugs.freeradius.org/show_bug.cgi?id=386" target=_blank rel=nofollow><SPAN id=lw_1175493775_0><FONT color=#003399>http://bugs.freeradius.org/show_bug.cgi?id=386</FONT></SPAN></A>.</DIV> <DIV>I have succesfully applied patch to Freeradius1.1.2. Few questions i have..</DIV> <DIV> </DIV> <DIV>a) Does patch supports <SPAN lang=EN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'">optional identity privacy support, optional result indications, and an optional fast re-authentication procedure.</SPAN></DIV> <DIV><SPAN lang=EN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"></SPAN> </DIV> <DIV><SPAN lang=EN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'">b) <SPAN><SPAN style="FONT: 7pt 'Times New Roman'"> </SPAN></SPAN>After receiving EAP-Request/AKA-Challenge from server, client should calculate AT_MAC and compares with the received one. If it
matches it should send back the EAP-Response/AKA-Challenge with AT_RES and new AT_MAC. </SPAN></DIV> <DIV><SPAN lang=EN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'">As per section 10.8 of RFC 4187, AT_RES should be encoded as follows. </SPAN></SPAN></DIV><SPAN lang=EN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"> <DIV class=MsoNormal style="MARGIN: 0in 0in 0pt; TEXT-ALIGN: justify"><EM><SPAN></SPAN></EM> </DIV> <DIV class=MsoNormal style="MARGIN: 0in 0in 0pt; TEXT-ALIGN: justify"><EM><SPAN> The value field of this attribute begins with the <FONT color=#000000><SPAN style="COLOR:
blue">2-byte RES Length,which </SPAN>identifies the exact length of the RES in bits</FONT></SPAN><SPAN lang=EN>.<SPAN> </SPAN><SPAN style="COLOR: black">The RES length is followed by t</SPAN></SPAN><SPAN lang=EN style="COLOR: black">he AKA RES parameter.<SPAN> </SPAN>According to [<A title='"3GPP Technical Specification 3GPP TS 33.105 4.1.0: "' href="http://tools.ietf.org/html/rfc4187#ref-TS33.105" target=_blank rel=nofollow><SPAN style="COLOR: black"><SPAN id=lw_1175493775_1>TS33.105</SPAN></SPAN></A>], the length of the AKA R</SPAN><SPAN lang=EN style="COLOR: black">ES can vary between 32 and 128 bits.<SPAN> </SPAN>Because the length of the AT_RES <SPAN> </SPAN><SPAN> </SPAN></SPAN><SPAN lang=EN style="COLOR: black">attribute
must be a multiple of 4 bytes, the sender pads the RES with zero bits </SPAN><SPAN lang=EN style="FONT-SIZE: 12pt; COLOR: black; FONT-FAMILY: 'Times New Roman'"><SPAN> </SPAN>where necessary</SPAN></EM></SPAN></SPAN></DIV> <DIV class=MsoNormal style="MARGIN: 0in 0in 0pt; TEXT-ALIGN: justify"><SPAN> </SPAN></DIV> <DIV class=MsoNormal style="MARGIN: 0in 0in 0pt; TEXT-ALIGN: justify"><SPAN>Trace below is packet from client to server:-</SPAN></DIV> <DIV class=MsoNormal style="MARGIN: 0in 0in 0pt; TEXT-ALIGN: justify"><SPAN></SPAN> </DIV> <DIV class=MsoNormal style="MARGIN: 0in 0in 0pt; TEXT-ALIGN: justify"><SPAN></SPAN>0x0242003017010000<B><SPAN style="COLOR: black">0305</SPAN><SPAN style="COLOR: blue">0000</SPAN><SPAN style="COLOR: black">d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0</SPAN></B>0b0500<SPAN>
</SPAN>000d6eb3a8082c9d2c0a031505b7a0fac0</DIV> <DIV></SPAN> </DIV> <DIV>c) <FONT face="Times New Roman"><SPAN><SPAN style="FONT: 7pt 'Times New Roman'"> </SPAN></SPAN><FONT size=3>As per section 3 (Figure 2) from RFC 4187, if server is unable to authenticate client if AT_MAC or AT_RES is incorrect, it should back the EAP-Request/AKA-Notification to client and client should respond back with EAP-Response/AKA-Notification. Then only server should send back EAP result as Failure. <SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'">But Freeradius1.1.2 sends back the EAP Result (FAILURE) with Access-Reject. <SPAN> </SPAN>How ever success scenarion works perfectly.</SPAN></FONT></FONT></DIV> <DIV><FONT face="Times New Roman"><FONT size=3><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"></SPAN></FONT></FONT> </DIV> <DIV><FONT face="Times New Roman"><FONT size=3><SPAN style="FONT-SIZE: 12pt;
FONT-FAMILY: 'Times New Roman'">d) After receiving AKA-Challenge from Radius server, does patch supports the checking of Sequence No from AUTN parameter? </SPAN></FONT></FONT></DIV> <DIV><FONT face="Times New Roman"><FONT size=3><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"></SPAN></FONT></FONT> </DIV> <DIV><FONT face="Times New Roman"><FONT size=3><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'">Do we have any latest patch to support EAP-AKA?</SPAN></FONT></FONT></DIV> <DIV><FONT face="Times New Roman"><FONT size=3><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"></SPAN></FONT></FONT> </DIV> <DIV><FONT face="Times New Roman"><FONT size=3><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'">Thanks</SPAN></FONT></FONT></DIV> <DIV><FONT face="Times New Roman"><FONT size=3><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"></SPAN></FONT></FONT> </DIV> <DIV><FONT face="Times New Roman"><FONT
size=3><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"></SPAN></FONT></FONT> </DIV><p>
<hr size=1><a href="http://answers.yahoo.com/dir/index;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTEwOARfcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx?link=ask&sid=396545367">Food fight?</a> Enjoy some healthy debate<br>in the <a href="http://answers.yahoo.com/dir/index;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTEwOARfcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx?link=ask&sid=396545367">Yahoo! Answers Food & Drink Q&A.</a>