EAP-SIM on 2.2.0
Francois Gaudreault
fgaudreault at inverse.ca
Tue Sep 11 20:49:16 CEST 2012
Hi,
I am playing with EAP-SIM on 2.2.0, but I am facing an issue I cannot
even understand :S Not because I don't want to, but the error messages
are not talking much.
I did compute SRES/Kc for my SIM, but after the third triplet, I just have:
rlm_perl: Added pair EAP-Sim-Rand3 = 0xff626ed6104164234aabebecafecafe3
rlm_perl: Added pair EAP-Sim-Rand2 = 0x771634015641aabcd4e5a2a3ab521242
rlm_perl: Added pair EAP-Sim-SRES1 = 0xa0a116fe
rlm_perl: Added pair EAP-Sim-SRES2 = 0xc891c365
rlm_perl: Added pair EAP-Sim-KC1 = 0x603c63ecd59340cb
rlm_perl: Added pair EAP-Sim-Rand1 = 0xab521824610aca27814bbde2810347a1
rlm_perl: Added pair EAP-Sim-KC3 = 0xa62f0f3aca277041
rlm_perl: Added pair EAP-Sim-KC2 = 0xbdaf3f47b1fc2520
rlm_perl: Added pair EAP-Sim-SRES3 = 0x6daeb494
rlm_perl: Added pair Auth-Type = EAP
rlm_perl: Added pair EAP-Type = SIM
++[packetfence] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/sim
[eap] processing type sim
[eap] Handler failed in EAP/sim
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
I am using sim_files to populate the attributes. Anyone can enlight me?
By the way, the same config works on 2.1.12 (just tested it):
rlm_perl: Added pair EAP-Sim-Rand3 = 0xff626ed6104164234aabebecafecafe3
rlm_perl: Added pair EAP-Sim-Rand2 = 0x771634015641aabcd4e5a2a3ab521242
rlm_perl: Added pair EAP-Sim-SRES1 = 0xa0a116fe
rlm_perl: Added pair EAP-Sim-SRES2 = 0xc891c365
rlm_perl: Added pair EAP-Sim-KC1 = 0x603c63ecd59340cb
rlm_perl: Added pair EAP-Sim-Rand1 = 0xab521824610aca27814bbde2810347a1
rlm_perl: Added pair EAP-Sim-KC3 = 0xa62f0f3aca277041
rlm_perl: Added pair EAP-Sim-KC2 = 0xbdaf3f47b1fc2520
rlm_perl: Added pair EAP-Sim-SRES3 = 0x6daeb494
rlm_perl: Added pair Auth-Type = EAP
rlm_perl: Added pair EAP-Type = SIM
++[packetfence] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/sim
[eap] processing type sim
MAC check succeed
[eap] Underlying EAP-Type set EAP ID to 27
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file
/usr/local/pf/raddb/sites-enabled/packetfence
+- entering group post-auth {...}
++[exec] returns noop
++[reply] returns noop
} # server packetfence
Sending Access-Accept of id 34 to 10.0.0.24 port 1051
Thanks!
--
Francois Gaudreault, ing. jr
fgaudreault at inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
More information about the Freeradius-Users
mailing list