EAP-sim using freeradius

Song Zou a13519 at me.com
Mon Nov 19 13:24:54 CET 2018


please don’t send email

On Aug 15, 2015, at 01:16, Siddharth Katragadda via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:

> Hi Alan,
> After looking up the dictionary file for EAP-SIM attributes, I used the
> following settings:
> 
> *passwd file in mods-enabled:*
> passwd passwd {
>        filename = /usr/local/etc/raddb/simtriplets.dat
>        format =
> "*EAP-Sim-IMSI:EAP-Sim-RAND1:EAP-Sim-SRES1:EAP-Sim-KC1:EAP-Sim-RAND2:EAP-Sim-SRES2:EAP-Sim-KC2:EAP-Sim-RAND2:EAP-Sim-SRES2:EAP-Sim-KC2"
>        hash_size = 100
>        ignore_nislike = no
>        allow_multiple_keys = no
> }
> 
> *simtriplets.dat file (IMSI followed by 3 sets of triplets):*
> 1001010123456789 at wlan.mnc001.mcc001.3gppnetwork.org:2
> ADE1426F93045258CCD7B9CF739CD51:CA1a6a73:44163dcd3063ee06:A7DB577E986F41e999981FE01E8E9351:9E0ec181:2B3182377B3d2e05:92F13B6BB93641b0914DD3D6DAAFB78C:9Ca5541a:767e395d867fa4b0
> 
> 
> 
> I get this error when I run the test. I'm using a phone with a test SIM in
> it (IMSI: 1001010123456789):
> eap: Expiring EAP session with state 0x4e4609474d431cf0
> (37) eap: Finished EAP session with state 0x50b3a7b250b1a3eb
> (37) eap: Previous EAP request found for state 0x50b3a7b250b1a3eb, released
> from the list
> (37) eap: Peer sent packet with method EAP NAK (3)
> (37) eap: Found mutually acceptable type SIM (18)
> (37) eap: Calling submodule eap_sim to process data
> (37)* eap_sim: ERROR: EAP-SIM-RAND1 not found*
> (37) eap: ERROR: Failed starting EAP SIM (18) session.  EAP sub-module
> failed
> (37) eap: Sending EAP Failure (code 4) ID 2 length 4
> (37) eap: Failed in EAP select
> (37)     [eap] = invalid
> (37)   } # authenticate = invalid
> (37) Failed to authenticate the user
> (37) Using Post-Auth-Type Reject
> (37) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> (37)   Post-Auth-Type REJECT {
> (37) attr_filter.access_reject: EXPAND %{User-Name}
> (37) attr_filter.access_reject:    -->
> 1001010123456789 at wlan.mnc001.mcc001.3gppnetwork.org
> (37) attr_filter.access_reject: Matched entry DEFAULT at line 18
> (37)     [attr_filter.access_reject] = updated
> (37) eap: Reply already contained an EAP-Message, not inserting EAP-Failure
> (37)     [eap] = noop
> (37)     policy remove_reply_message_if_eap {
> (37)       if (&reply:EAP-Message && &reply:Reply-Message) {
> (37)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
> (37)       else {
> (37)         [noop] = noop
> (37)       } # else = noop
> (37)     } # policy remove_reply_message_if_eap = noop
> (37)   } # Post-Auth-Type REJECT = updated
> (37) Delaying response for 1.000000 seconds
> Waking up in 0.3 seconds.
> Waking up in 0.6 seconds.
> (37) <delay>: Sending delayed response
> (37) <delay>: Sent Access-Reject Id 91 from 192.168.1.98:1812 to
> 192.168.1.14:32768 length 44
> 
> 
> I don't think the passwd file is being processed properly.  Am I missing
> something?
> 
> Thanks
> Sid
> 
> 
> 
> On Fri, Aug 14, 2015 at 10:11 AM, Siddharth Katragadda <
> siddharthk at google.com> wrote:
> 
> Alan,
> After looking up the dictionary file for EAP-SIM attributes, I used the
> following settings:
> 
> 
> 
> On Fri, Aug 14, 2015 at 2:08 AM, Alan DeKok <aland at deployingradius.com>
> wrote:
> 
> On Aug 12, 2015, at 9:25 PM, Siddharth Katragadda <siddharthk at google.com>
> wrote:
> format = "*IMSI:RAND:SRES:KC"
> 
>  Those aren't RADIUS attribute names.  Go read
> dictionary.freeradius.internal, and look for "EAP-SIM".  There are a bunch
> of SIM related attributes.
> 
>  Alan DeKok.
> 
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list