EAP-AKA set-up failure on 4.0 dev. stream
yukou katori
k10lie.gm at gmail.com
Mon Apr 16 16:31:44 CEST 2018
Thank you, Arran
I will think about it. I will try to keep you posted.
Regards,
On 13 April 2018 at 14:29, Arran Cudbard-Bell <a.cudbardb at freeradius.org>
wrote:
>
>
> > On Apr 13, 2018, at 8:37 AM, yukou katori <k10lie.gm at gmail.com> wrote:
> >
> > I'm setting up EAP-AKA on 4.0 dev. stream, because I have to set up
> EAP-AKA.
> >
> > I got the following error.
> >
> > Radiusd -X
> >
> > /// snip ///
> >
> > Loaded module "rlm_eap_aka"
> > aka {
> > /usr/local/etc/raddb/mods-enabled/eap[1190]: Configuration item
> > "network_id" must have a value
> > /usr/local/etc/raddb/mods-enabled/eap[1190]: Failed evaluating
> > configuration for module "rlm_eap_aka"
> > /usr/local/etc/raddb/mods-enabled/eap[15]: Failed evaluating
> configuration
> > for module "rlm_eap"
>
> The module code is written in such a way that it prefers AKA' over AKA.
> The supplicant can still negotiate EAP-AKA, but the code will include
> AT_BIDDING indicating that AKA' is supported and should be used.
>
> network_id (now network_name to match RFC 5448) is a KDF input parameter
> which binds EAP-AKA' authentication to a particular access network.
>
> We could add manual KDF toggles like we have for TLS versions, and only
> require network_name be set if an AKA' KDF (i.e. > 0) is allowed.
>
> If someone wants to put together a patch for that then i'd be happy to
> review it.
>
> Detail of the network name format are in RFC5448 section 3.1
>
> -Arran
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
More information about the Freeradius-Users
mailing list