EAP-SIM on 2.2.0

Iliya Peregoudov iperegudov at cboss.ru
Fri Sep 14 09:18:59 CEST 2012

Hello Francois

I have looked into rlm_eap_sim source and found that is incorrectly 
decode AT_IDENTITY attribute. This leads to incorrect AT_MAC attribute 
calculation. MAC mismatch detected by supplicant and it refuses to 
continue EAP-SIM authentication.

Please try to apply patch I've attached. This patch fixes AT_IDENTITY 
attribute decoding.

Francois Gaudreault wrote:
> Hi,
>> Don't know then. The client is sending the reject - it doesn't like
>> something the server is sending it. Clock sync - is the 2.2.0 machine a
>> different server?
> Nope.  Simple yum remove / install.
>> Beyond that I'm only passing familiar with EAP-SIM, so would be guessing
>> I'm afraid. I think you might have to do some debugging yourself.
> I am not familiar with bisect.  So I guess it will take a while 
> (build/test/tag as good or bad).
> By the way, I removed that * from the rlm_eap_sim.c (typo fix), and the 
> auth did work, but then RADIUS segfault a bit after.
> Another question I have is, do I need more than 3 triplets line with 2.2.0?
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: eapsim.patch
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120914/13b2c044/attachment.ksh>

More information about the Freeradius-Users mailing list