EAP-SIM on 2.2.0
Iliya Peregoudov
iperegudov at cboss.ru
Fri Sep 14 09:18:59 CEST 2012
Hello Francois
I have looked into rlm_eap_sim source and found that is incorrectly
decode AT_IDENTITY attribute. This leads to incorrect AT_MAC attribute
calculation. MAC mismatch detected by supplicant and it refuses to
continue EAP-SIM authentication.
Please try to apply patch I've attached. This patch fixes AT_IDENTITY
attribute decoding.
Francois Gaudreault wrote:
> Hi,
>
>>
>> Don't know then. The client is sending the reject - it doesn't like
>> something the server is sending it. Clock sync - is the 2.2.0 machine a
>> different server?
> Nope. Simple yum remove / install.
>
>>
>> Beyond that I'm only passing familiar with EAP-SIM, so would be guessing
>> I'm afraid. I think you might have to do some debugging yourself.
> I am not familiar with bisect. So I guess it will take a while
> (build/test/tag as good or bad).
>
> By the way, I removed that * from the rlm_eap_sim.c (typo fix), and the
> auth did work, but then RADIUS segfault a bit after.
>
> Another question I have is, do I need more than 3 triplets line with 2.2.0?
>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: eapsim.patch
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120914/13b2c044/attachment.ksh>
More information about the Freeradius-Users
mailing list