EAP-AKA set-up failure on 4.0 dev. stream
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Apr 13 07:29:42 CEST 2018
> On Apr 13, 2018, at 8:37 AM, yukou katori <k10lie.gm at gmail.com> wrote:
>
> I'm setting up EAP-AKA on 4.0 dev. stream, because I have to set up EAP-AKA.
>
> I got the following error.
>
> Radiusd -X
>
> /// snip ///
>
> Loaded module "rlm_eap_aka"
> aka {
> /usr/local/etc/raddb/mods-enabled/eap[1190]: Configuration item
> "network_id" must have a value
> /usr/local/etc/raddb/mods-enabled/eap[1190]: Failed evaluating
> configuration for module "rlm_eap_aka"
> /usr/local/etc/raddb/mods-enabled/eap[15]: Failed evaluating configuration
> for module "rlm_eap"
The module code is written in such a way that it prefers AKA' over AKA.
The supplicant can still negotiate EAP-AKA, but the code will include
AT_BIDDING indicating that AKA' is supported and should be used.
network_id (now network_name to match RFC 5448) is a KDF input parameter
which binds EAP-AKA' authentication to a particular access network.
We could add manual KDF toggles like we have for TLS versions, and only
require network_name be set if an AKA' KDF (i.e. > 0) is allowed.
If someone wants to put together a patch for that then i'd be happy to
review it.
Detail of the network name format are in RFC5448 section 3.1
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20180413/9f04ca6a/attachment-0001.sig>
More information about the Freeradius-Users
mailing list