EAP-sim using freeradius

Siddharth Katragadda siddharthk at google.com
Fri Aug 14 19:16:34 CEST 2015 

Hi Alan,
After looking up the dictionary file for EAP-SIM attributes, I used the
following settings:

*passwd file in mods-enabled:*
passwd passwd {
        filename = /usr/local/etc/raddb/simtriplets.dat
        format =
"*EAP-Sim-IMSI:EAP-Sim-RAND1:EAP-Sim-SRES1:EAP-Sim-KC1:EAP-Sim-RAND2:EAP-Sim-SRES2:EAP-Sim-KC2:EAP-Sim-RAND2:EAP-Sim-SRES2:EAP-Sim-KC2"
        hash_size = 100
        ignore_nislike = no
        allow_multiple_keys = no
}

*simtriplets.dat file (IMSI followed by 3 sets of triplets):*
1001010123456789 at wlan.mnc001.mcc001.3gppnetwork.org:2
ADE1426F93045258CCD7B9CF739CD51:CA1a6a73:44163dcd3063ee06:A7DB577E986F41e999981FE01E8E9351:9E0ec181:2B3182377B3d2e05:92F13B6BB93641b0914DD3D6DAAFB78C:9Ca5541a:767e395d867fa4b0



I get this error when I run the test. I'm using a phone with a test SIM in
it (IMSI: 1001010123456789):
eap: Expiring EAP session with state 0x4e4609474d431cf0
(37) eap: Finished EAP session with state 0x50b3a7b250b1a3eb
(37) eap: Previous EAP request found for state 0x50b3a7b250b1a3eb, released
from the list
(37) eap: Peer sent packet with method EAP NAK (3)
(37) eap: Found mutually acceptable type SIM (18)
(37) eap: Calling submodule eap_sim to process data
(37)* eap_sim: ERROR: EAP-SIM-RAND1 not found*
(37) eap: ERROR: Failed starting EAP SIM (18) session.  EAP sub-module
failed
(37) eap: Sending EAP Failure (code 4) ID 2 length 4
(37) eap: Failed in EAP select
(37)     [eap] = invalid
(37)   } # authenticate = invalid
(37) Failed to authenticate the user
(37) Using Post-Auth-Type Reject
(37) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(37)   Post-Auth-Type REJECT {
(37) attr_filter.access_reject: EXPAND %{User-Name}
(37) attr_filter.access_reject:    -->
1001010123456789 at wlan.mnc001.mcc001.3gppnetwork.org
(37) attr_filter.access_reject: Matched entry DEFAULT at line 18
(37)     [attr_filter.access_reject] = updated
(37) eap: Reply already contained an EAP-Message, not inserting EAP-Failure
(37)     [eap] = noop
(37)     policy remove_reply_message_if_eap {
(37)       if (&reply:EAP-Message && &reply:Reply-Message) {
(37)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(37)       else {
(37)         [noop] = noop
(37)       } # else = noop
(37)     } # policy remove_reply_message_if_eap = noop
(37)   } # Post-Auth-Type REJECT = updated
(37) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(37) <delay>: Sending delayed response
(37) <delay>: Sent Access-Reject Id 91 from 192.168.1.98:1812 to
192.168.1.14:32768 length 44


I don't think the passwd file is being processed properly.  Am I missing
something?

Thanks
Sid



On Fri, Aug 14, 2015 at 10:11 AM, Siddharth Katragadda <
siddharthk at google.com> wrote:

> Alan,
> After looking up the dictionary file for EAP-SIM attributes, I used the
> following settings:
>
>
>
> On Fri, Aug 14, 2015 at 2:08 AM, Alan DeKok <aland at deployingradius.com>
> wrote:
>
>> On Aug 12, 2015, at 9:25 PM, Siddharth Katragadda <siddharthk at google.com>
>> wrote:
>> > format = "*IMSI:RAND:SRES:KC"
>>
>>   Those aren't RADIUS attribute names.  Go read
>> dictionary.freeradius.internal, and look for "EAP-SIM".  There are a bunch
>> of SIM related attributes.
>>
>>   Alan DeKok.
>>
>>
>

More information about the Freeradius-Users mailing list