[EXTERNAL] Help in Configuring EAP-SIM
Alan DeKok
aland at deployingradius.com
Tue Feb 8 03:31:34 UTC 2022
On Feb 7, 2022, at 6:29 PM, Shane Guan via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Thanks for the response! I put everything in the first line as per your suggestion and the server did put them in the control list. Unfortunately, the server ran into a segfault after parsing a packet from the peer and I have attached the logs below.
That's pretty bad. :(
> I did some preliminary investigations on this and gdb says that the segfault happened at src/modules/rlm_eap/libeap/eapsimlib.c:341
> To be exact,
> fr_pair_afrom_num(r, eapsim_attribute+PW_EAP_SIM_BASE, 0);
> returned a null pointer, because the attr/vendor combination was not recognized by the server. I noticed that in the comments for that function, it says that it is supposed to call a function to create a dynamic DICT_ATTR, but the function never did.
I don't see any such comments there.
The function is supposed to create a new VALUE_PAIR, which references a DICT_ATTR. But if the DICT_ATTR doesn't exist... it runs into the problem you saw.
> Could you direct me to the documentation on this? Perhaps I didn't configure the server to recognize some attribute sent by eapol_test? Thanks!
There really isn't much documentation on EAP-SIM. It hasn't been widely used that I can recall. The code was written in 2003, and then largely left untouched since then.
I've pushed a patch to the v3.0.x branch on GitHub so it won't crash any more. But... v3 doesn't do identity negotiation, session resumption, identity hints, or resync for EAP-SIM. So it's a bare-bones implementation.
The code in "master" has a full implementation of EAP-SIM with all of that. It's also been tested with real-world traffic, so it's a lot better. We hope to release v4 real soon now. :(
Alan DeKok.
More information about the Freeradius-Users
mailing list