I've rebuilt with the latest 3.0.x HEAD commit. I still have the same issue: Received Access-Request Id 193 from 10.67.106.10:58041 to 10.67.141.74:31812 length 189 Code: 1 Id: 193 Length: 189 Vector: 35d595e426b9322bff64f012f33e1119 Data: 01 35 31 32 30 38 30 31 30 30 30 30 30 30 30 30 30 32 40 77 6c 61 6e 2e 6d 6e 63 30 30 31 2e 6d 63 63 32 30 38 2e 33 67 70 70 6e 65 74 77 6f 72 6b 2e 6f 72 67 50 12 60 1c 1a fe 28 fd b9 c9 0e 36 49 1f 51 09 13 cb 04 06 0a 14 00 00 20 0a 4c 69 76 65 42 6f 78 31 1f 13 46 37 3a 42 42 3a 43 38 3a 32 45 3a 42 36 3a 36 31 4f 3a 02 3f 00 38 01 31 32 30 38 30 31 30 30 30 30 30 30 30 30 30 32 40 77 6c 61 6e 2e 6d 6e 63 30 30 31 2e 6d 63 63 32 30 38 2e 33 67 70 70 6e 65 74 77 6f 72 6b 2e 6f 72 67 21 05 31 36 31 User-Name = '1208010000000002@wlan.mnc001.mcc208.3gppnetwork.org' Message-Authenticator = 0x601c1afe28fdb9c90e36491f510913cb NAS-IP-Address = 10.20.0.0 NAS-Identifier = 'LiveBox1' Calling-Station-Id = 'F7:BB:C8:2E:B6:61' EAP-Message = 0x023f0038013132303830313030303030303030303240776c616e2e6d6e633030312e6d63633230382e336770706e6574776f726b2e6f7267 Proxy-State = 0x313631 Thu Jun 12 10:19:05 2014 : Debug: (0) # Executing section authorize from file /opt/application/sim3gppb/current/etc/raddb/sites-enabled/server-sim3gpp-b Thu Jun 12 10:19:05 2014 : Debug: (0) authorize { Thu Jun 12 10:19:05 2014 : Debug: (0) modsingle[authorize]: calling files (rlm_files) for request 0 Thu Jun 12 10:19:05 2014 : Debug: (0) files : users: Matched entry DEFAULT at line 1 Thu Jun 12 10:19:05 2014 : Debug: (0) files : ::: FROM 0 TO 0 MAX 0 Thu Jun 12 10:19:05 2014 : Debug: (0) files : ::: TO in 0 out 0 Thu Jun 12 10:19:05 2014 : Debug: (0) modsingle[authorize]: returned from files (rlm_files) for request 0 Thu Jun 12 10:19:05 2014 : Debug: (0) [files] = ok Thu Jun 12 10:19:05 2014 : Debug: (0) modsingle[authorize]: calling eap (rlm_eap) for request 0 Thu Jun 12 10:19:05 2014 : Debug: (0) eap : EAP packet type response id 63 length 56 Thu Jun 12 10:19:05 2014 : Debug: (0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize Thu Jun 12 10:19:05 2014 : Debug: (0) modsingle[authorize]: returned from eap (rlm_eap) for request 0 Thu Jun 12 10:19:05 2014 : Debug: (0) [eap] = ok Thu Jun 12 10:19:05 2014 : Debug: (0) } # authorize = ok Thu Jun 12 10:19:05 2014 : Debug: (0) Found Auth-Type = EAP Thu Jun 12 10:19:05 2014 : Debug: (0) # Executing group from file /opt/application/sim3gppb/current/etc/raddb/sites-enabled/server-sim3gpp-b Thu Jun 12 10:19:05 2014 : Debug: (0) authenticate { Thu Jun 12 10:19:05 2014 : Debug: (0) modsingle[authenticate]: calling eap (rlm_eap) for request 0 Thu Jun 12 10:19:05 2014 : Debug: (0) eap : Peer sent Identity (1) Thu Jun 12 10:19:05 2014 : Debug: (0) eap : Calling eap_sim to process EAP data Thu Jun 12 10:19:05 2014 : Debug: (0) eap : Underlying EAP-Type set EAP ID to 121 Thu Jun 12 10:19:05 2014 : Debug: (0) eap : New EAP session, adding 'State' attribute to reply 0xa8ab2afea8d238ec Thu Jun 12 10:19:05 2014 : Debug: (0) modsingle[authenticate]: returned from eap (rlm_eap) for request 0 Thu Jun 12 10:19:05 2014 : Debug: (0) [eap] = handled Thu Jun 12 10:19:05 2014 : Debug: (0) } # authenticate = handled Sending Access-Challenge Id 193 from 10.67.141.74:31812 to 10.67.106.10:58041 EAP-Message = 0x01790008120a0000 4f 0a 01 79 00 08 12 0a 00 00 Message-Authenticator = 0x00000000000000000000000000000000 50 12 ... State = 0xa8ab2afea8d238ec4956f8ce757a9e32 18 12 a8 ab 2a fe a8 d2 38 ec 49 56 f8 ce 75 7a 9e 32 Proxy-State = 0x313631 21 05 31 36 31 Code: 11 Id: 193 Length: 71 Vector: 0e34bd79e3526936947128728e3576b1 Data: 4f 0a 01 79 00 08 12 0a 00 00 50 12 12 8a 55 2f a5 f5 61 bd ef e8 85 a4 e2 2a 97 83 18 12 a8 ab 2a fe a8 d2 38 ec 49 56 f8 ce 75 7a 9e 32 21 05 31 36 31 Thu Jun 12 10:19:05 2014 : Debug: (0) Finished request Thu Jun 12 10:19:05 2014 : Debug: Waking up in 0.3 seconds. Thu Jun 12 10:19:05 2014 : Debug: (0) Cleaning up request packet ID 193 with timestamp +76 Thu Jun 12 10:19:05 2014 : Info: Ready to process requests -----Message d'origine----- De : freeradius-users-bounces+nicolas.chaigneau=capgemini.com@lists.freeradius.org [mailto:freeradius-users-bounces+nicolas.chaigneau=capgemini.com@lists.freeradius.org] De la part de Arran Cudbard-Bell Envoyé : mercredi 11 juin 2014 19:58 À : FreeRadius users mailing list Objet : Re: 3.0.x - Issue with EAP-SIM - EAP-Message too short in Challenge On 11 Jun 2014, at 18:42, Alan DeKok <aland@deployingradius.com> wrote:
Chaigneau, Nicolas wrote:
I've noticed some changes to eapsimlib.c (not sure if it's linked...) in the following commit : https://github.com/FreeRADIUS/freeradius-server/commit/39df09e42d80a9 6363be0bddee2ff0ba97fdb035
So I tried a prior commit : https://github.com/FreeRADIUS/freeradius-server/tree/7edb8dd4a91d0111 da0950e21c113cfc3e4d2a28 With this version I don't have the problem.
The only differences in eapsimlib are to change some header definitions:
.... $ git diff 7edb8dd4a91..39df09e42d80 src/modules/rlm_eap/libeap/eapsimlib.c diff --git a/src/modules/rlm_eap/libeap/eapsimlib.c b/src/modules/rlm_eap/libeap/eapsimlib.c index 8afed40..c2975ed 100644 --- a/src/modules/rlm_eap/libeap/eapsimlib.c +++ b/src/modules/rlm_eap/libeap/eapsimlib.c @@ -408,7 +408,7 @@ int eapsim_checkmac(TALLOC_CTX *ctx, VALUE_PAIR *rvps, uint8_t key[EAPSIM_AUTH_S */ attr = buffer+8; while(attr < (buffer+elen)) { - if(attr[0] == PW_EAP_SIM_MAC) { + if (attr[0] == (PW_EAP_SIM_MAC - + PW_EAP_SIM_BASE)) { /* zero the data portion, after making sure * the size is >=5. Maybe future versions. * will use more bytes, so be liberal. ....
That shouldn't affect anything.
Can you confirm that the commit before 39df09e42d works? If so, the fix should be simple.
Or try the latest head... we still had a bunch of duplicate c preprocessor macros for the attribute numbers, and i'd messed up the fallback to searching in the reply list. That broke between v3.0.2 and v3.0.3, though it could be worked around by putting the triplets in the control list, which i'm guessing is what you're doing... Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2 This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.