Re: eap-sim module can't be compiled!?
I'm afraid I can't find where the relevant is. can you explain that furthermore? Actually, I have tried to compile that at two PCs with different versions of redhat, 7.3 and 9.0. At the redhat 7.3, I chose "Full install", and I chose "Minimal install" at the other. I found out the eap-sim module can not be compiled at the redhat 9.0, but works at 7.3. That's why I wonder whether there is any other package should be installed. By the way, I have read the related docs and tried the test procedures at src/tests, but the eap-sim module seemed not worked. Besides the "users" and "simtriplets.dat", is there any other file I should edit or config? thanks in advance, alex - Original Message - On Mon, May 31, 2004 at 12:03:45PM +0800, Alex Wang wrote: > hi~ guys, I have downloaded the latest snapshot from the ftp site, but after > "make", > I found out the module, eap-sim, wasn't be compiled(i.e. without generating > object file). > My OS is RedHat 9.0, and I just chose "minimal install". > Is this reason that eap-sim module can't be compiled? If yes, which other > packages should I install? > thanks for any suggestion! > I recently made some changes to the EAP-SIM module's compilation, can you find the relevant section of the build logs? (It'll process the directory a few times, for "make static", "make dynamic" and "make install".) -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eap-sim module can't be compiled!?
hi~ guys, I have downloaded the latest snapshot from the ftp site, but after "make", I found out the module, eap-sim, wasn't be compiled(i.e. without generating object file). My OS is RedHat 9.0, and I just chose "minimal install". Is this reason that eap-sim module can't be compiled? If yes, which other packages should I install? thanks for any suggestion! alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to set the ki in eap-sim server?
Thanks, Mark~ I understand what you say, and I will give it a try. But I still wonder what you say is the only way to apply eap-sim? Can't radius server be the eap-sim authentication server? I mean, in real case, freeradius can authenticate the users via pap, chap, eap-md5, and etc alone, and does it can also provide the eap-sim authentication service by itself? Thanks for any suggestion~ alex - Original Message - 寄件者: "Pate Mark-marpate1" <[EMAIL PROTECTED]> 收件者: <[EMAIL PROTECTED]> 傳送日期: 2004年4月26日 下午 09:43 主旨: RE: how to set the ki in eap-sim server? Hi Alex, I've not used eap-sim, but I would think that you don't really need the Ki value (if my understanding of the documentation is right). The reason that I say this is that you need to specify the RAND value for the SIM and store the RAND and responses in the users file/database (interrogate the SIM with the RAND to determine the Kc and SRES). As being as you specify fixed RAND values, the Kc and SRES responses will be fixed too. rlm_eap doc file says ... The attributes are: EAP-Sim-Rand1 16 bytes EAP-Sim-SRES1 4 bytes EAP-Sim-KC1 8 bytes EAP-Sim-Rand2 16 bytes EAP-Sim-SRES2 4 bytes EAP-Sim-KC2 8 bytes EAP-Sim-Rand3 16 bytes EAP-Sim-SRES3 4 bytes EAP-Sim-KC3 8 bytes So, every time we send Rand1 to the SIM, we know that we will always get SRES1 back and the SIM will always cipher with KC1 ... does this make sense? Now, if eap really used a random RAND value, then you would need the Ki and the code to run the RAND against the Ki to produce the Kc and SRES for the Radius server to use. In this instance, you'd be better off trying to write a module to interface to an HLR and let that do the work for you. Hope this helps, Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alex Wang Sent: 26 April 2004 11:00 To: freeradius mailling-list Subject: how to set the ki in eap-sim server? hi guys, I have tried the snapshot to support the eap-sim, and understood what I should config roughly. But I have a question about how the eap-sim(radius) server authenticate the user. In the "tests", I can set the value of Kc, SRES, and RAND. But in the real environment, the key(Kc), SRES are derived from RAND and Ki, and I can't find where the Ki should be configed in radius server. Does the radius can be a eap-sim authenticator? or it have to collocate with another server(DB or HLR)? Does anyone have this aspect of experience? please give me some advice~ thanks a lot! alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to set the ki in eap-sim server?
hi guys, I have tried the snapshot to support the eap-sim, and understood what I should config roughly. But I have a question about how the eap-sim(radius) server authenticate the user. In the "tests", I can set the value of Kc, SRES, and RAND. But in the real environment, the key(Kc), SRES are derived from RAND and Ki, and I can't find where the Ki should be configed in radius server. Does the radius can be a eap-sim authenticator? or it have to collocate with another server(DB or HLR)? Does anyone have this aspect of experience? please give me some advice~ thanks a lot! alex
question of the config of eap-sim?
hi guys~ I have installed the snapshot-20040322, but I can't find any setup of the eap-sim in eap.conf. should I add a block, "eap-sim", in the file by myself or config it in another file? is there any example about that? thanks for your advice in advance, alex
eap-sim config?
hi guys~ I have installed the snapshot-20040322. I don't know how to config the eap_sim in eap.conf. is there anyone kindly give me any suggestion or an example about that? thanks in advance alex
where is the "eap.conf"?
hi guys~ I have installed the snapshot-20040322. I found out that the settings of eap was spread out to a individual file, eap.conf. but I can't find where that file is:( is there anyone who know how to config eap.conf or kindly give me an example about that? thanks in advance alex
does the 0.9.3 support EAP-SIM "proxy"?
my radius server is running 0.9.3 now, and I wish that can support EAP-SIM "proxy". is it possible to support that via adding some new modules? if it's possible, how should I do to support that? thanks a lot. alex
do I need upgrade with using EAP-SIM?
Hi~ My radius server is running freeradius-0.9.3 right now, and I wish that could support the EAP-SIM. What should I do? Using the snapshot version to take place the 0.9.3? or just only need to add a new module? In addition, when the authencation mechanism is EAP-SIM, is there any difference between to be a home server and to be a radius proxy server in config, modules, or something else? thanks a lot alex
Question about PAM + POP3
hi~ guys, have you ever had the experience about using PAM and POP3 to authenticate the users? I have configured the radiusd.conf and gotten the error message as follow: rad_recv: Access-Request packet from host 140.134.21.166:3228, id=6, length=58 User-Name = "[EMAIL PROTECTED]" User-Password = "chyu"modcall: entering group authorize for request 6 hints: Matched DEFAULT at 63 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6rlm_eap: EAP-Message not found modcall[authorize]: module "eap" returns noop for request 6 rlm_realm: No '@' in User-Name = "guest28", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 users: Matched DEFAULT at 1 modcall[authorize]: module "files" returns ok for request 6 modcall[authorize]: module "mschap" returns noop for request 6modcall: group authorize returns ok for request 6 rad_check_password: Found Auth-Type PAMauth: type "PAM"modcall: entering group authenticate for request 6pam_pass: using pamauth string for pam.conf lookuppam_pass: function pam_authenticate FAILED for . Reason: Module is unknown modcall[authenticate]: module "pam" returns reject for request 6modcall: group authenticate returns reject for request 6auth: Failed to validate the user.Login incorrect: [guest28/chyu] (from client sean port 0)Delaying request 6 for 1 secondsFinished request 6Going to the next request--- Walking the entire request list ---Waking up in 1 seconds...--- Walking the entire request list ---Waking up in 1 seconds...--- Walking the entire request list ---Sending Access-Reject of id 6 to 140.134.21.166:3228Waking up in 4 seconds...--- Walking the entire request list ---Cleaning up request 6 ID 6 with timestamp 4031ca75Nothing to do. Sleeping until we see a request. Is anybody kindly can help me figure out where the problem is? thanks~ alex