How to send Permanent ID request in EAP-SIM method?
Hello, As we know,EAP-SIM specifacation defines three kinds of identity.But when I read the source code of "rlm_eap_sim.c",freeradius only sends FULL_AUTH_ID_REQUEST. i.e.In function "eap_sim_sendstart",there is newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_FULLAUTH_ID_REQ, PW_TYPE_OCTETS); For sending eap permanent id request to peer,I tried to modify this sentence to: newvp = paircreate(ATTRIBUTE_EAP_SIM_BASE+PW_EAP_SIM_PERMANENT_ID_REQ, PW_TYPE_OCTETS); and compiled it successfully. But when I tried to test the server,with the command below: radeapclient -x localhost auth testing123 <eapsim-in.txt the server will return: rad_recv: Access-Request packet from host 127.0.0.1 port 57914, id=86, length=89 User-Name = "232420100000015" NAS-IP-Address = 209.87.252.247 Message-Authenticator = 0x745c37803f66ee28ae1e5de97b4dbafc NAS-Port = 0 EAP-Message = 0x0255001401323332343230313030303030303135 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "232420100000015", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 85 length 20 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry 232420100000015 at line 93 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type sim [eap] Underlying EAP-Type set EAP ID to 230 ++[eap] returns handled Sending Access-Challenge of id 86 to 127.0.0.1 port 57914 EAP-Message = 0x01e60014120a00000f020002000100000d010000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6548900d65ae82b9c8a9eb100d26724a Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 57914, id=87, length=85 User-Name = "232420100000015" NAS-IP-Address = 209.87.252.247 Message-Authenticator = 0x9a0e653561af56be21543aec5da35963 NAS-Port = 0 State = 0x6548900d65ae82b9c8a9eb100d26724a # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "232420100000015", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry 232420100000015 at line 93 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] ERROR: You set 'Auth-Type = EAP' for a request that does not contain an EAP-Message attribute! ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 232420100000015 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated I wonder why did this happen?How should I do if I want send a PERMANENT_ID request to the server?Thank you!! -- View this message in context: http://freeradius.1045715.n5.nabble.com/How-to-send-Permanent-ID-request-in-... Sent from the FreeRadius - Dev mailing list archive at Nabble.com.
participants (1)
-
lambertdev