EAP-sim using freeradius
Song Zou
a13519 at me.com
Mon Nov 19 13:37:52 CET 2018
please don’t send email
On Nov 19, 2018, at 20:24, Song Zou via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> please don’t send email
>
> On Nov 19, 2018, at 20:18, Song Zou via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> please don’t send email
>
> On Nov 19, 2018, at 20:16, Song Zou via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> please don’t send email
>
> On Aug 26, 2015, at 06:14, Siddharth Katragadda via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> Hi Matthew,
>
> I tried adding this line as you suggested:
>
> if ("%{escape:%{control:EAP-Sim-Rand1}}" == "h") {
> EXPAND %{escape:%{control:EAP-Sim-Rand1}}
> }
>
> I get this error:
> /usr/local/etc/raddb/sites-enabled/default[351]: Parse error after
> "control:EAP-Sim-Rand1": unexpected token "}"
>
> Not sure if I messed up the syntax somewhere.
>
> Also this the version of Freeradius we're using:
> radiusd: FreeRADIUS Version 3.0.9, for host x86_64-unknown-linux-gnu, built
> on Aug 7 2015 at 16:25:45
>
> Could you please let me know if it;'s an issue with the version of radius
> we have.
> Thanks
> Sid
>
>
> On Fri, Aug 21, 2015 at 2:37 PM, Matthew Newton <mcn4 at leicester.ac.uk>
> wrote:
>
> On Fri, Aug 21, 2015 at 10:15:16AM -0700, Siddharth Katragadda wrote:
> but I still get the eap_sim: ERROR: EAP-SIM-RAND1 not found
> Although the passwd file now says: [passwd] = ok
>
> So it looks like passwd file was able to find the User-Name in
> simtriplets.dat, so it should have extracted the EAP-SIM-RAND1 etc from
> it
> right?
>
> No idea: when I drop your simtriplets file and passwd config into
> a clean 3.0.x HEAD build here, then use radtest (so no eap) I get:
>
> ...
> (0) suffix: Checking for suffix after "@"
> (0) suffix: Looking up realm "wlan.mnc001.mcc001.3gppnetwork.org" for
> User-Name = "1001010123456789 at wlan.mnc001.mcc001.3gppnetwork.org"
> (0) suffix: No such realm "wlan.mnc001.mcc001.3gppnetwork.org"
> (0) [suffix] = noop
> (0) passwd: Added EAP-SIM-RAND1: '2ADE1426F93045258CCD7B9CF739CD51' to
> config
> (0) passwd: Added EAP-SIM-SRES1: 'CA1a6a73' to config
> (0) passwd: Added EAP-SIM-KC1: '44163dcd3063ee06' to config
> (0) passwd: Added EAP-SIM-RAND2: 'A7DB577E986F41e999981FE01E8E9351' to
> config
> (0) passwd: Added EAP-SIM-SRES2: '9E0ec181' to config
> (0) passwd: Added EAP-SIM-KC2: '2B3182377B3d2e05' to config
> (0) passwd: Added EAP-SIM-RAND3: '92F13B6BB93641b0914DD3D6DAAFB78C' to
> config
> (0) passwd: Added EAP-SIM-SRES3: '9Ca5541a' to config
> (0) passwd: Added EAP-SIM-KC3: '767e395d867fa4b0' to config
> (0) [passwd] = ok
> (0) eap: No EAP-Message, not doing EAP
> (0) [eap] = noop
> ...
>
> That looks good enough to me - and checking the code, eap_sim just looks
> for
> eap-sim-rand1 in the control attributes.
>
> You've trimmed the debug output, so I've no idea what version you are
> using to
> test against.
>
> You could try adding something like this after your call to passwd
> to force a debug expansion and see what the value has actually
> been set to
>
>
> if ("%{escape:%{control:EAP-Sim-Rand1}}" == "h") {
> noop
> }
>
> e.g.
>
> (0) if ("%{escape:%{control:EAP-Sim-Rand1}}" == "h") {
> (0) EXPAND %{escape:%{control:EAP-Sim-Rand1}}
> (0) -->
> 0x3241444531343236463933303435323538434344374239434637333943443531
> (0) if ("%{escape:%{control:EAP-Sim-Rand1}}" == "h") -> FALSE
>
> If you get
>
> -->
>
> instead, then EAP-Sim-Rand1 wasn't set properly for some reason.
>
> Btw, I did have 10 fields in the simtriplets.dat (delimited by colon).
> Why
> did you find only 4??
>
> Failing eyesight, dementia, or the fact that in your first e-mail there
> were
> only four fields in that file.
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list