radiusd startup failure for EAP-AKA configuration
Alan DeKok
aland at deployingradius.com
Mon Feb 4 14:51:28 CET 2013
Mark Sincerbox wrote:
> Relatively new to freeradius. Have had success testing an EAP-MD5
> and EAP-TLS configuration. I have patched freeradius-server-2.1.10
> to add EAP-AKA support but am experiencing a radiusd startup failure
> as follows:
If you're patching the code... it helps to understand how it works.
And where did you get the patch? You're asking us to support some
un-named third party software? Why not go ask the authors of the patch
why their software doesn't work?
> /usr/local/etc/raddb/users[3]: Parse error (check) for entry akauser at domain: Unknown value AKA for attribute EAP-Type
Hmm.. see share/dictionary.freeradius.internal. It has "VALUE
EAP-Type UTMS 23". That looks to be wrong. It should be AKA.
> Errors reading /usr/local/etc/raddb/users
> /usr/local/etc/raddb/modules/files[7]: Instantiation failed for module "files"
> /usr/local/etc/raddb/sites-enabled/inner-tunnel[124]: Failed to load module "files".
> /usr/local/etc/raddb/sites-enabled/inner-tunnel[47]: Errors parsing authorize section.
>
>
> Struggling with determining what is missing in my configuration that
> might be causing this issue. I see that the above error
> is coming from src/lib/valuepair.c but am having difficulty
> determining the root cause. I've read doc and man pages
> but so far cannot spot the problem.
Don't look at the source. Look at the dictionaries.
> +ATTRIBUTE EAP-Type-AKA 3100 octets
> +ATTRIBUTE EAP-Sim-AUTN 3101 octets
> +ATTRIBUTE EAP-Aka-IK 3102 octets
> +ATTRIBUTE EAP-Aka-CK 3103 octets
> +ATTRIBUTE EAP-Sim-RES 3104 octets
Don't do that. It's not necessary.
> +#akauser at domain Auth-Type := EAP, EAP-Type := AKA
Delete "EAP-Type := AKA". It's not necessary.
Alan DeKok.
More information about the Freeradius-Users
mailing list