radiusd startup failure for EAP-AKA configuration

Alan DeKok aland at deployingradius.com
Mon Feb 4 14:51:28 CET 2013

Mark Sincerbox wrote:
> Relatively new to freeradius.  Have had success testing an EAP-MD5 
> and EAP-TLS configuration.  I have patched freeradius-server-2.1.10 
> to add EAP-AKA support but am experiencing a radiusd startup failure 
> as follows:

  If you're patching the code... it helps to understand how it works.

  And where did you get the patch?  You're asking us to support some
un-named third party software?  Why not go ask the authors of the patch
why their software doesn't work?

> /usr/local/etc/raddb/users[3]: Parse error (check) for entry akauser at domain: Unknown value AKA for attribute EAP-Type

  Hmm.. see share/dictionary.freeradius.internal.  It has "VALUE
EAP-Type UTMS 23".  That looks to be wrong.  It should be AKA.

> Errors reading /usr/local/etc/raddb/users
> /usr/local/etc/raddb/modules/files[7]: Instantiation failed for module "files"
> /usr/local/etc/raddb/sites-enabled/inner-tunnel[124]: Failed to load module "files".
> /usr/local/etc/raddb/sites-enabled/inner-tunnel[47]: Errors parsing authorize section.
> Struggling with determining what is missing in my configuration that
> might be causing this issue.  I see that the above error
> is coming from src/lib/valuepair.c but am having difficulty 
> determining the root cause.  I've read doc and man pages 
> but so far cannot spot the problem.

  Don't look at the source.  Look at the dictionaries.

> +ATTRIBUTE      EAP-Type-AKA            3100    octets
> +ATTRIBUTE      EAP-Sim-AUTN            3101    octets
> +ATTRIBUTE      EAP-Aka-IK              3102    octets
> +ATTRIBUTE      EAP-Aka-CK              3103    octets
> +ATTRIBUTE      EAP-Sim-RES             3104    octets

  Don't do that.  It's not necessary.

> +#akauser at domain                Auth-Type := EAP, EAP-Type := AKA

  Delete "EAP-Type := AKA".  It's not necessary.

  Alan DeKok.

More information about the Freeradius-Users mailing list