EAP-sim using freeradius

Matthew Newton mcn4 at leicester.ac.uk
Fri Aug 21 23:37:30 CEST 2015


On Fri, Aug 21, 2015 at 10:15:16AM -0700, Siddharth Katragadda wrote:
> but I still get the  eap_sim: ERROR: EAP-SIM-RAND1 not found
> Although the  passwd file now says:  [passwd] = ok
> 
> So it looks like passwd file was able to find the User-Name in
> simtriplets.dat, so it should have extracted the  EAP-SIM-RAND1 etc from it
> right?

No idea: when I drop your simtriplets file and passwd config into
a clean 3.0.x HEAD build here, then use radtest (so no eap) I get:

...
(0) suffix: Checking for suffix after "@"
(0) suffix: Looking up realm "wlan.mnc001.mcc001.3gppnetwork.org" for User-Name = "1001010123456789 at wlan.mnc001.mcc001.3gppnetwork.org"
(0) suffix: No such realm "wlan.mnc001.mcc001.3gppnetwork.org"
(0)     [suffix] = noop
(0) passwd: Added EAP-SIM-RAND1: '2ADE1426F93045258CCD7B9CF739CD51' to config 
(0) passwd: Added EAP-SIM-SRES1: 'CA1a6a73' to config 
(0) passwd: Added EAP-SIM-KC1: '44163dcd3063ee06' to config 
(0) passwd: Added EAP-SIM-RAND2: 'A7DB577E986F41e999981FE01E8E9351' to config 
(0) passwd: Added EAP-SIM-SRES2: '9E0ec181' to config 
(0) passwd: Added EAP-SIM-KC2: '2B3182377B3d2e05' to config 
(0) passwd: Added EAP-SIM-RAND3: '92F13B6BB93641b0914DD3D6DAAFB78C' to config 
(0) passwd: Added EAP-SIM-SRES3: '9Ca5541a' to config 
(0) passwd: Added EAP-SIM-KC3: '767e395d867fa4b0' to config 
(0)     [passwd] = ok
(0) eap: No EAP-Message, not doing EAP
(0)     [eap] = noop
...

That looks good enough to me - and checking the code, eap_sim just looks for
eap-sim-rand1 in the control attributes.

You've trimmed the debug output, so I've no idea what version you are using to
test against.

You could try adding something like this after your call to passwd
to force a debug expansion and see what the value has actually
been set to


if ("%{escape:%{control:EAP-Sim-Rand1}}" == "h") {
noop
}

e.g.

(0)     if ("%{escape:%{control:EAP-Sim-Rand1}}" == "h") {
(0)     EXPAND %{escape:%{control:EAP-Sim-Rand1}}
(0)        --> 0x3241444531343236463933303435323538434344374239434637333943443531
(0)     if ("%{escape:%{control:EAP-Sim-Rand1}}" == "h")  -> FALSE

If you get

  -->

instead, then EAP-Sim-Rand1 wasn't set properly for some reason.

> Btw, I did have 10 fields in the simtriplets.dat (delimited by colon). Why
> did you find only 4??

Failing eyesight, dementia, or the fact that in your first e-mail there were
only four fields in that file.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list