EAP-sim using freeradius

Siddharth Katragadda siddharthk at google.com
Wed Aug 26 00:14:01 CEST 2015


Hi Matthew,

I tried adding this line as you suggested:

if ("%{escape:%{control:EAP-Sim-Rand1}}" == "h") {
        EXPAND %{escape:%{control:EAP-Sim-Rand1}}
 }

I get this error:
/usr/local/etc/raddb/sites-enabled/default[351]: Parse error after
"control:EAP-Sim-Rand1": unexpected token "}"

Not sure if I messed up the syntax somewhere.

Also this the version of Freeradius we're using:
radiusd: FreeRADIUS Version 3.0.9, for host x86_64-unknown-linux-gnu, built
on Aug  7 2015 at 16:25:45

Could you please let me know if it;'s an issue with the version of radius
we have.
Thanks
Sid


On Fri, Aug 21, 2015 at 2:37 PM, Matthew Newton <mcn4 at leicester.ac.uk>
wrote:

> On Fri, Aug 21, 2015 at 10:15:16AM -0700, Siddharth Katragadda wrote:
> > but I still get the  eap_sim: ERROR: EAP-SIM-RAND1 not found
> > Although the  passwd file now says:  [passwd] = ok
> >
> > So it looks like passwd file was able to find the User-Name in
> > simtriplets.dat, so it should have extracted the  EAP-SIM-RAND1 etc from
> it
> > right?
>
> No idea: when I drop your simtriplets file and passwd config into
> a clean 3.0.x HEAD build here, then use radtest (so no eap) I get:
>
> ...
> (0) suffix: Checking for suffix after "@"
> (0) suffix: Looking up realm "wlan.mnc001.mcc001.3gppnetwork.org" for
> User-Name = "1001010123456789 at wlan.mnc001.mcc001.3gppnetwork.org"
> (0) suffix: No such realm "wlan.mnc001.mcc001.3gppnetwork.org"
> (0)     [suffix] = noop
> (0) passwd: Added EAP-SIM-RAND1: '2ADE1426F93045258CCD7B9CF739CD51' to
> config
> (0) passwd: Added EAP-SIM-SRES1: 'CA1a6a73' to config
> (0) passwd: Added EAP-SIM-KC1: '44163dcd3063ee06' to config
> (0) passwd: Added EAP-SIM-RAND2: 'A7DB577E986F41e999981FE01E8E9351' to
> config
> (0) passwd: Added EAP-SIM-SRES2: '9E0ec181' to config
> (0) passwd: Added EAP-SIM-KC2: '2B3182377B3d2e05' to config
> (0) passwd: Added EAP-SIM-RAND3: '92F13B6BB93641b0914DD3D6DAAFB78C' to
> config
> (0) passwd: Added EAP-SIM-SRES3: '9Ca5541a' to config
> (0) passwd: Added EAP-SIM-KC3: '767e395d867fa4b0' to config
> (0)     [passwd] = ok
> (0) eap: No EAP-Message, not doing EAP
> (0)     [eap] = noop
> ...
>
> That looks good enough to me - and checking the code, eap_sim just looks
> for
> eap-sim-rand1 in the control attributes.
>
> You've trimmed the debug output, so I've no idea what version you are
> using to
> test against.
>
> You could try adding something like this after your call to passwd
> to force a debug expansion and see what the value has actually
> been set to
>
>
> if ("%{escape:%{control:EAP-Sim-Rand1}}" == "h") {
> noop
> }
>
> e.g.
>
> (0)     if ("%{escape:%{control:EAP-Sim-Rand1}}" == "h") {
> (0)     EXPAND %{escape:%{control:EAP-Sim-Rand1}}
> (0)        -->
> 0x3241444531343236463933303435323538434344374239434637333943443531
> (0)     if ("%{escape:%{control:EAP-Sim-Rand1}}" == "h")  -> FALSE
>
> If you get
>
>   -->
>
> instead, then EAP-Sim-Rand1 wasn't set properly for some reason.
>
> > Btw, I did have 10 fields in the simtriplets.dat (delimited by colon).
> Why
> > did you find only 4??
>
> Failing eyesight, dementia, or the fact that in your first e-mail there
> were
> only four fields in that file.
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
>


More information about the Freeradius-Users mailing list