Problems with EAP-SIM in Freeradius 2.2.5

Alan DeKok aland at deployingradius.com
Sun Oct 5 04:02:06 CEST 2014


rizal.m.nur at arc.itb.ac.id wrote:
> I curious why EAP-Message from phone was detected as EAP-SIM type but
> can't be handled/decoded

  The EAP-Message attribute contains an EAP packet.  That packet
contains a type, which is EAP-SIM.

  The *rest* of the data in the EAP-Message is data specific to EAP-SIM.
 That data may be malformed, or contain the wrong authentication
information.

> I dont think its because value of RAND, SRES, and KC.

  Yes, it is because of those values.  They serve a similar purpose to
the password supplied by the user.  They're used to calculate the
EAP-SIM authentication data.

> I tried to test
> using false RAND, SRES, and KC before with radeapclient command, and then
> server still be able to process it as EAP-SIM, although it just end with
> Access-Challenge reply (not Access-Accept).

  Because EAP-SIM involves multiple challenges.  If the client doesn't
like the response from the server, it stops talking to the server.  This
is what you're seeing.

  Alan DeKok.


More information about the Freeradius-Users mailing list