[EXTERNAL] Help in Configuring EAP-SIM

Shane Guan shaneguan at microsoft.com
Mon Feb 7 23:29:09 UTC 2022 

Hi Alan,

Thanks for the response! I put everything in the first line as per your suggestion and the server did put them in the control list. Unfortunately, the server ran into a segfault after parsing a packet from the peer and I have attached the logs below.

I did some preliminary investigations on this and gdb says that the segfault happened at src/modules/rlm_eap/libeap/eapsimlib.c:341
To be exact,
fr_pair_afrom_num(r, eapsim_attribute+PW_EAP_SIM_BASE, 0);
returned a null pointer, because the attr/vendor combination was not recognized by the server. I noticed that in the comments for that function, it says that it is supposed to call a function to create a dynamic DICT_ATTR, but the function never did.

Could you direct me to the documentation on this? Perhaps I didn't configure the server to recognize some attribute sent by eapol_test? Thanks!

Shane
________________________________
From: Alan DeKok <aland at deployingradius.com>
Sent: Monday, February 7, 2022 12:46 PM
To: Shane Guan <shaneguan at microsoft.com>
Cc: Paul Irwin <Irwin.Paul at microsoft.com>; Davut Karabay <davutk at microsoft.com>; Corbin Phipps <corbinphipps at microsoft.com>; Shane Guan via Freeradius-Users <freeradius-users at lists.freeradius.org>
Subject: Re: [EXTERNAL] Help in Configuring EAP-SIM

On Feb 7, 2022, at 3:26 PM, Shane Guan <shaneguan at microsoft.com> wrote:
> I tried putting the Ki and OP into the /etc/freeradius/users file as follows
> DEFAULT     Suffix == "3gppnetwork.org"
>     EAP-Type := SIM,
>     EAP-SIM-Ki := 0xd0356b75c19b4a62b1a5423aacc96e42,
>     EAP-Sim-Algo-Version := 1

  See "man users".

> I know that this will apply for any user with a suffix of 3gppnetwork.org but I just wanted to do a sanity check with it.
>
> Unfortunately, this doesn't cause the attributes to be put in the control list, but instead in request->reply->vps. What would be the best way to configure the server to put those attributes in the control list?

  See "man users".  This is documented extensively.  Control items are on the first line.  Reply items are on other lines.

  The server can't magically figure out where things go.  The configuration files have a specific format, and that format helps to tell the server what you want it to do.

  Alan DeKok.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeradius.log
Type: application/octet-stream
Size: 40810 bytes
Desc: freeradius.log
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20220207/1b677804/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eapol_test.log
Type: application/octet-stream
Size: 17101 bytes
Desc: eapol_test.log
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20220207/1b677804/attachment-0003.obj>

More information about the Freeradius-Users mailing list