[EXTERNAL] Help in Configuring EAP-SIM

[Arran Cudbard-Bell]

> On Feb 10, 2022, at 4:46 PM, Alan DeKok <aland at deployingradius.com> wrote:
> 
> On Feb 10, 2022, at 3:11 PM, Shane Guan via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>> 
>> Thanks for the tip about libkqueue. I built and installed the latest version of that library and then was able to compile, install, and run the master branch with freeradius -Xf. However, I am still having difficulty with the configuration for eap-sim. For some reason the eapol_test client says that it can't process a packet? I have attached logs.
> 
>  The eapol_test log says:
> 
> EAP-SIM: Unexpected Challenge in state CONTINUE
> EAP-SIM: CONTINUE -> FAILURE
> 
>  and FreeRADIUS says:
> 
> Debug : (1.0)      eap-sim - New EAP-SIM session
> Debug : (1.0)      eap-sim - Changed state INIT -> SIM-CHALLENGE
> Debug : (1.0)      send Challenge-Request {
> 
>  So FreeRADIUS is intending to do this, but eapol_test doesn't like it.  I'll have to defer to Arran about this.  :(

Yeah, my fault.  Moved to a unified state machine for all three EAP-Methods.

EAP-SIM requires you to always send EAP-SIM-START, EAP-AKA and EAP-AKA' allow you to jump straight
into the challenge round if you recognise the identity.

I've corrected the state machine to always enter SIM-Start, even when no identity is being requested when
we're running EAP-SIM.

f4c433d4ef1494cc40fbe84da91046d0333bb8c7 - Fixes the problem by always requesting an ID
6be2c02b3a12930e31f9a46bc677a8a562acea46 - Expands on the previous commit to allow SIM-Start
without identity requests.

I've tested locally and it appears to fix the issue, could you rebuild with HEAD and verify it corrects the
problem for you also.

-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20220211/8a34977b/attachment.sig>