ess to it's specification), but just algorithms 1-3 are
> still useful.
> > Actually it's not, it's published in the 3GGP standards, neat :)
>
> *3GPP even
>
And if you want to find something to test against for GSM-Milenage and
EAP-SIM (or Milenage with EAP-AKA/AKA
On 24 Sep 2013, at 18:12, Arran Cudbard-Bell wrote:
>>
>> Note: Comp128-4 (milenage) is still unknown (please contact one of the
>> developers
>> if you have access to it's specification), but just algorithms 1-3 are still
>> useful.
>
>
> Actually it's not, it's published in the 3GGP stan
>
> Note: Comp128-4 (milenage) is still unknown (please contact one of the
> developers
> if you have access to it's specification), but just algorithms 1-3 are still
> useful.
Actually it's not, it's published in the 3GGP standards, neat :)
Arran Cudbard-Bell
FreeRADIUS Development Team
-
control list, whereas they were previously looked for in the reply list.
update control {
EAP-Sim-RAND1 := &reply:EAP-Sim-RAND1
EAP-Sim-RAND2 := &reply:EAP-Sim-RAND2
EAP-Sim-RAND3 := &reply:EAP-Sim-RAND3
EAP-Sim-SRES1 := &reply:EAP-Sim-SRES1
> If so, fantastic :)
>
> My raddb/sites-enabled/default:
>
> authorize {
> preprocess
> auth_log
> chap
> mschap
> suffix
> eap {
> ok = return
> }
> files
> pap
> }
>
> My raddb/users:
>
> 1250016490216...@wlan.mnc001.mcc250.3gppnet
{
ok = return
}
files
pap
}
My raddb/users:
1250016490216...@wlan.mnc001.mcc250.3gppnetwork.org
EAP-Sim-RAND1 = 0x09844aff4ccf66cdb95e59dba8ec291c,
EAP-Sim-RAND2 = 0x100446e9e8f553a9d87d0444a44b6cf5,
EAP-Sim-RAND3 = 0x753fdfc2d7e834002557a069462a1fa5,
EAP
rlm_eap_sim
> >> Module: Instantiating eap-sim
>
> rlm_eap_sim is compiled in.
>
> >> /usr/local/etc/raddb/modules/sim_files[1]: Failed to link to module
> >> 'rlm_sim_files': rlm_sim_files.so: cannot open shared object file: No
> >> such file or
On 08/26/2013 12:11 PM, Iliya Peregoudov wrote:
On 25.08.2013 15:03, ken.farrington wrote:
Module: Linked to sub-module rlm_eap_sim
Module: Instantiating eap-sim
rlm_eap_sim is compiled in.
/usr/local/etc/raddb/modules/sim_files[1]: Failed to link to module
'rlm_sim_files': rlm_si
On 25.08.2013 15:03, ken.farrington wrote:
Module: Linked to sub-module rlm_eap_sim
Module: Instantiating eap-sim
rlm_eap_sim is compiled in.
/usr/local/etc/raddb/modules/sim_files[1]: Failed to link to module
'rlm_sim_files': rlm_sim_files.so: cannot open shared object file: No
su
Thanks so much I will try that. Much regards ken.farring...@802.co.uk
Phil Mayers wrote:
>On 25/08/2013 12:03, ken.farrington wrote:
>
>>> /usr/local/etc/raddb/modules/sim_files[1]: Failed to link to module
>>> 'rlm_sim_files': rlm_sim_files.so: cannot open shared object file:
>No
>>> such file
On 25/08/2013 12:03, ken.farrington wrote:
/usr/local/etc/raddb/modules/sim_files[1]: Failed to link to module
'rlm_sim_files': rlm_sim_files.so: cannot open shared object file: No
such file or directory
Your version of FreeRADIUS wasn't compiled with rlm_eap_sim enabled, or
it wasn't install
>
>
> Hello all,
>
> I hope this email finds you all well and is my first post.
>
> I think I have a small problem with my backtrack distro and I am trying to
> load eap-sim onto my free radius server 2.1.11. I have followed the guide to
> add the relevant par
dear guest, i have problem in eap-sim authentication.
I'm using freeradius 2.2.0, blackberry 9220
here my simtripletsdat. file
1510012660372465,AF6876E748BD46bf853A99DC2032F0A7,95762655,449177635B92bc00
1510012660372465,A1A9AC744E8D49819D27A79B067BCA69,257b31c6,64ff9467DEa
Can I know what brand of radius server you are going to use for EAP-SIM/AKA
? I am interesting on this
On Tue, Jul 2, 2013 at 3:51 PM, Phil Mayers wrote:
> On 07/02/2013 07:56 AM, Ming-Ching Tiew wrote:
>
> So this
> [^@]*@wlan.mncX.mccY.**3gppnetwork.org<http:/
On 07/02/2013 07:56 AM, Ming-Ching Tiew wrote:
So this [^@]*@wlan.mncX.mccY.3gppnetwork.org is unique ? All the SIMs
from the same mobile operator will have the same string and it will be
different from another mobile operator ?
Yes, though be aware the pattern given isn't exactly valid; X and
From: Iliya Peregoudov
To: freeradius-users@lists.freeradius.org
Sent: Tuesday, July 2, 2013 2:20 PM
Subject: Re: Using freeradius as proxy for EAP-SIM/EAP-AKA
On 01.07.2013 18:34, Alan DeKok wrote:
>>> It's not possible for one proxy radius to send request to different EAP
&
On 01.07.2013 18:34, Alan DeKok wrote:
It's not possible for one proxy radius to send request to different EAP
SIM/EAP AKA radius server (based on certain criteria) ?
When you're proxying an EAP packet, the ONLY criteria you have is the
EAP identity. You do NOT have the EAP type
Ming-Ching Tiew wrote:
> If I understand you correctly, it means it is only possible to have ONE
> radius server which does EAP SIM/EAP AKA authentication in the entire
> chain of connections ?
No.
It means that you don't KNOW it's EAP-SIM until after you decide to
pr
There is a clear distinction between the two cases.
First case: user record is found in users file:
rad_recv: Access-Request packet from host 192.168.2.1 port 2048, id=1,
length=215
[skipped]
+- entering group authorize {...}
[skipped]
[files] users: Matched entry
1510019760806...@wlan.mn
If I understand you correctly, it means it is only possible to have ONE radius
server which does EAP SIM/EAP AKA authentication in the entire chain of
connections ?
It's not possible for one proxy radius to send request to different EAP SIM/EAP
AKA radius server (based on certain cri
-->I am wondering if it is possible to proxy EAP-SIM/EAP-AKA
authentication using FreeRadius ?
yes it is possible , but you have to make sure that all requests of an EAP
session are being entertain by the same server, ( as proxy can have
multipile freeradius servers), Read proxy.config,
Hi
I am wondering if it is possible to proxy EAP-SIM/EAP-AKA authentication using
FreeRadius ?
Assuming brand X radius server has support for EAP-SIM/EAP-AKA, but it's
located at the final end of the food chain, and in-between the brand X radius
server and the Access point, there
4164AA463E289222C450,AE8bdfc6,B0354bf3402e42ed
my users format
1510019760806...@wlan.mnc001.mcc510.3gppnetwork.org EAP-Type := SIM
EAP-Sim-Rand1 = 0x 326258E6F77C40f3866DB25DEA60AE4D,
EAP-Sim-SRES1 = 0x DD287535,
EAP-Sim-KC1 = 0x 7F743521EBabb000,
1510019760806391@wlan.mnc001.**mcc510.3gppnetwork.org<1510019760806...@wlan.mnc001.mcc510.3gppnetwork.org>EAP-Type
>> := SIM
>> EAP-Sim-Rand1 = 0x 326258E6F77C40f3866DB25DEA60AE**4D,
>> EAP-Sim-SRES1 = 0x DD287535,
>> EAP-Sim-KC1 = 0x 7F743521EBabb000,
>> EAP-Sim-Rand2 = 0x FD9989BD9
c001.mcc510.3gppnetwork.org>EAP-Type
>> := SIM
>> EAP-Sim-Rand1 = 0x 326258E6F77C40f3866DB25DEA60AE**4D,
>> EAP-Sim-SRES1 = 0x DD287535,
>> EAP-Sim-KC1 = 0x 7F743521EBabb000,
>> EAP-Sim-Rand2 = 0x FD9989BD90AD4a03962E6C08C000C1**4B,
>> EAP-Sim-SRES2 = 0x BFf
On 20.06.2013 17:56, raptor raptor wrote:
my users format
1510019760806...@wlan.mnc001.mcc510.3gppnetwork.org EAP-Type := SIM
EAP-Sim-Rand1 = 0x 326258E6F77C40f3866DB25DEA60AE4D,
EAP-Sim-SRES1 = 0x DD287535,
EAP-Sim-KC1 = 0x 7F743521EBabb000,
EAP-Sim-Rand2 = 0x FD9989BD90AD4a03962E6C08C000C14B
EAP-Type := SIM
EAP-Sim-Rand1 = 0x 326258E6F77C40f3866DB25DEA60AE4D,
EAP-Sim-SRES1 = 0x DD287535,
EAP-Sim-KC1 = 0x 7F743521EBabb000,
EAP-Sim-Rand2 = 0x FD9989BD90AD4a03962E6C08C000C14B,
EAP-Sim-SRES2 = 0x BFf89ad2,
EAP-Sim-KC2 = 0x 1C7098005Fea8
On 20.06.2013 13:38, raptor raptor wrote:
Sending Access-Accept of id 0 to 192.168.2.1 port 2048
MS-MPPE-Recv-Key =
0x9d0b6b0a9151822473399a9fed44e8f0d74df083532a7d437e436f60866252d8
MS-MPPE-Send-Key =
0xebf07da25ca3cd97267d1fc6a1ce18d68ad2737902f610284bdb45c6eed0cb7f
EAP-Message = 0x03760004
M
rg"
++[suffix] returns noop
rlm_sim_files: authorized user/imsi
1510019760806...@wlan.mnc001.mcc510.3gppnetwork.org
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
[eap] EAP packet type response id 0 length 56
[eap] No EAP Start, assuming it's an on-going EAP conver
On 20.06.2013 8:38, raptor raptor wrote:
i just try one client and success but when i use another client and it fails
Post debug log if you want to diagnose authentication failure.
is it correct if i add other client in users and simtriplets.dat?
Yes, you should add auth vectors for all you
/freeradius/rlm_sim_files.so
that's it
may this helps your problem
On Thu, Jun 20, 2013 at 11:30 AM, romy rooman wrote:
> Hi all,
> i have read many posts about eap sim
> i have create simtriplets.dat and i want to use eap sim for tests
> and i get notification that
> rlm
?
ex:
simtriplets.dat
151001xx,Rand1,SRES1,kC1
151001xx,Rand2,SRES2,kC2
151001xx,Rand3,SRES3,kC3
151002xx,Rand1,SRES1,kC1
151002xx,Rand2,SRES2,kC2
151002xx,Rand3,SRES3,kC3
and also in users
151001xxx...@wlan.mnc EAP-Type :=SIM
EAP-Sim-Rand1
Hi, IIlya
Thanx for your advice
it works
On Thu, Jun 13, 2013 at 2:47 PM, Iliya Peregoudov wrote:
> On 11.06.2013 12:27, raptor raptor wrote:
>
>> 1.
>> when i change users entry, i get notification that access-accept has
>> succesfull
>> but unfortunately, when i restart the system cant access-
On 11.06.2013 12:27, raptor raptor wrote:
1.
when i change users entry, i get notification that access-accept has
succesfull
but unfortunately, when i restart the system cant access-accept and i
must change attribute in users from agsm program
here the log:
I do not understand clearly whether y
On 11.06.2013 22:21, Rodney Machado wrote:
After reading again the documentation, i got to this point:
[skipped]
I'm going to fix the user file and give it a try again.
rlm_eap_sim expects EAP-Sim-RAND1 (and friends) on reply list, not in
control list.
So correct users entry for EA
After reading again the documentation, i got to this point:
What's with the commas in the raddb/users file?
Commas link lists of attributes together. The general format for a raddb/users
file entry is:
name Check-Item = Value, ..., Check-Item = Value Reply-Item = Value, . . .
Reply-Item = Value
Hi Iliya,
I'm been trying my self EAP-SIM auth for a while, with nothing but odd results.
I'm using FreeRADIUS Version 3.0.0 (git #25b6fdd), in wich the support for
sim_files module have been dropped. I tryied setting the vectors vía the users
file for my IMSI but its not working,
t type response id 81 length 88
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 227
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type
dc000
1510019760806391,BF9A9F6EEB36422895D010927D76972C,F49dd880,3Afbcf2fA9b0a000
1510019760806391,C63837CFECD348deB119C35CFECD4898,49312999,FD488938B6f2a000
Equivalent users entry should look like:
1510019760806391 EAP-Type:=SIM
EAP-Sim-Rand1:=0xAAC0FAFDC47D4524AC9E2A3D51BDBA39,
EA
t;> 1510019760806391,**BF9A9F6EEB36422895D010927D7697**
>> 2C,F49dd880,3Afbcf2fA9b0a000
>> 1510019760806391,**C63837CFECD348deB119C35CFECD48**
>> 98,49312999,FD488938B6f2a000
>>
>
> Your simtriplets.dat format is ok.
>
> i add in users file:
>>
>>
,FD488938B6f2a000
Your simtriplets.dat format is ok.
i add in users file:
DEFAULTAuth-Type := EAP, EAP-Type := SIM
EAP-Sim-Rand1 = 0x101112131415161718191a1b1c1d1e1f,
EAP-Sim-SRES1 = 0xd1d2d3d4,
EAP-Sim-Rand2 = 0x202122232425262728292a2b2c2d2e2f,
EAP-Sim-SRES2 = 0xe1e2e3e4,
EAP-Sim-Rand3
:
DEFAULT Auth-Type := EAP, EAP-Type := SIM
EAP-Sim-Rand1 = 0x101112131415161718191a1b1c1d1e1f,
EAP-Sim-SRES1 = 0xd1d2d3d4,
EAP-Sim-Rand2 = 0x202122232425262728292a2b2c2d2e2f,
EAP-Sim-SRES2 = 0xe1e2e3e4,
EAP-Sim-Rand3 = 0x303132333435363738393a3b3c3d3e3f,
EAP-Sim
my simtriplets.dat :
1
1510019760806391,AAC0FAFDC47D4524AC9E2A3D51BDBA39,2A71bac3,7868589a75fdc000
1510019760806391,BF9A9F6EEB36422895D010927D76972C,F49dd880,3Afbcf2fA9b0a000
1510019760806391,C63837CFECD348deB119C35CFECD4898,49312999,FD488938B6f2a000
On Mon, Jun 3, 2013 at 9:26 PM, Alan DeKok w
> realm wlan.mncXXX.mccYYY.3gppnetwork.org {
> }
>
> suffix should be called before sim_files in authorize section:
>
> # raddb/sites-available/default:
> authorize {
> suffix
> sim_files
> }
>
>
> On 01.06.2013 11:44, martin robertino wrote:
>> Hi all,
Hi Phil,
Thanks for your reply, It will be greatful if you show some way to
implement the EAP-SIM.
Thanks
On Wed, Jun 5, 2013 at 6:15 PM, Phil Mayers wrote:
> On 06/05/2013 04:45 AM, Kranthi K wrote:
>
>> Hi All,
>>
>> I am Newbie to free radius. I installed freeradi
On 06/05/2013 04:45 AM, Kranthi K wrote:
Hi All,
I am Newbie to free radius. I installed freeradius version 2.2.0. i want
to configure the EAP-SIM Authentication. Can anyone tell me the steps
how to implement it.
What's with the sudden interest in EAP-SIM? Is there a school project
ru
Hi All,
I am Newbie to free radius. I installed freeradius version 2.2.0. i want to
configure the EAP-SIM Authentication. Can anyone tell me the steps how to
implement it.
Thanks
Kranthi
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Iliya Peregoudov wrote:
> Apparently there is an error in simtriplets.dat. Format is
>
> 1,,,
>
> , , and should be in hexadecimal digits, without 0x
> prefix. An even number of hexadecimal digits should be in there.
The simtriplets.dat dile doesn't have "0x" prefixes in its examples
In an
es in authorize section:
# raddb/sites-available/default:
authorize {
suffix
sim_files
}
On 01.06.2013 11:44, martin robertino wrote:
Hi all,
i'm using freeradius 2.1.9 for eap sim testing
i have simtriplets.dat with format : imsi.RAND,SRES,Kc
and i'm having message probleme
Apparently there is an error in simtriplets.dat. Format is
1,,,
, , and should be in hexadecimal digits, without 0x
prefix. An even number of hexadecimal digits should be in there.
On 01.06.2013 5:51, raptor raptor wrote:
ASSERT FAILED rlm_sim_files.c[212]: k != NULL
-
List info/subscribe
Hi all,
i'm using freeradius 2.1.9 for eap sim testing
i have simtriplets.dat with format : imsi.RAND,SRES,Kc
and i'm having message probleme:
rlm_sim_files : insufficient number of challenges for imsi
151008xx...@wlan.mnc008.mcc310.3gppnetwork.org
[sim_files] : returnnot found
i re
i have added Stripped-User-Name in sites-enabled/default and also i
disabled suffix module
but, i found like fatal mistake
could someone tell me what i should do to fix this
this is my log
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1 port 2048, id=0,
length=2
Call suffix before sim_files.
The rlm_sim_files module uses "canonical username" as a key for
searching authentication vectors. Initially canonical username points to
User-Name attribute. rlm_realm module (suffix is an instance of this
module) split User-Name to Stripped-User-Name and Realm an
1.mcc510.3gppnetwork.org at line 205
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/sim
[eap] processing type sim
+++> EAP-sim decoded packet:
Hi, Phil
Better yet, don't use the "suffix" module; look for the realm and strip it
yourself:
authorize {
if (User-Name =~ /^(.*)@(.+)$/) {
update request {
Stripped-User-Name := "%{1}"
Realm := "%{2}"
}
}
}
See the policy.conf/policy.d and list archives for better regexp
On 30/05/13 08:22, EasyHorpak.com wrote:
On 30/05/2556 13:44, raptor raptor wrote:
[pap] WARNING! No "known good" password found for the
user.Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
[pap] WARNING! No "known good" password found for the
user.Authe
On 30/05/13 08:16, Iliya Peregoudov wrote:
You should designate realm wlan.mnc001.mcc510.3gppnetwork.org as locally
served in raddb/proxy.conf:
Better yet, don't use the "suffix" module; look for the realm and strip
it yourself:
authorize {
if (User-Name =~ /^(.*)@(.+)$/) {
update requ
On 30/05/2556 13:44, raptor raptor
wrote:
[pap] WARNING! No "known good"
password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
[pap] WARNING! No "known good"
You should designate realm wlan.mnc001.mcc510.3gppnetwork.org as locally
served in raddb/proxy.conf:
# raddb/proxy.conf
realm wlan.mnc001.mcc510.3gppnetwork.org {
}
Then you should add authentication vectors to raddb/simtriplets.dat:
# raddb/simtriplets.dat
# 1,,,
1250991417456196,cf92007bd381
an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry i...@wlan.mnc001.mcc510.3gppnetwork.org at
line 205
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for
Hi,
I am working on the implementation of an EAP-SIM supplicant,
when i send to freeradius a EAP-Response/SIM/Start packet i receive as
expected an EAP-Resquest/SIM/Challenge with AT_RAND (RAND value was
specified in users file [2]) and AT_MAC, after this I should calculate
MAC value and test if
You see to have a problem understanding me. I will try one last time to
explain. If you keep arguing, you will be be unsubscribed, and banned from the
list.
FreeRADIUS says that data is missing from EAP-SIM. It needs that data to do
EAP-SIM.
If you don't understand that, the
Dear Alan and All
I Really sorry
> b...@indoakses-online.com wrote:
>> My Apologize.
>> I think all the needed data is there.
>
> The EAP-SIM code disagrees with you.
>
> And since you haven\'t bothered read the specifications, or the code,
> or runn
b...@indoakses-online.com wrote:
> My Apologize.
> I think all the needed data is there.
The EAP-SIM code disagrees with you.
And since you haven't bothered read the specifications, or the code,
or running the server in debugging mode as suggested in the FAQ, web
pages, "man&
> Read RFC 4186. Those fields are required for EAP-SIM to work.
>
>> If it common, I think it\\\'ll be great if FreeRadius can adjut to this.
>> but if it un-common, I think I\\\'ll need to find new device.
>
> Some device manufacturers don\'t bother r
b...@indoakses-online.com wrote:
> What I want to know is it common for device telling AAA that it use
> EAP-SIM but it don\'t send RAND,SRES, and KC ?
Read RFC 4186. Those fields are required for EAP-SIM to work.
> If it common, I think it\'ll be great if FreeRadius can a
> ...
>> Look like The device didn\\\'t send :
> ...
>> If so, How to fix it ?
>
> Fix the device.
>
> You can\'t fix it by poking FreeRADIUS.
>
> Alan DeKok.
Dear Alan
What I want to know is it common for device telling AAA that it use
EAP
b...@indoakses-online.com wrote:
> I found same problem of old topic posted back in Feb-2012
> For ref :
> http://lists.freeradius.org/pipermail/freeradius-users/2012-February/058868.html
...
> Look like The device didn\'t send :
...
> If so, How to fix it ?
Fix the device.
You can't fix it b
RAND2, RAND3
SRES1, SRES2, SRES3
KC1, KC2, KC3
Expected by FreeRadius EAP-SIM
Am I right ?
If so, How to fix it ?
Sincerely
-bino-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Probably Aptilo is the solution for you.
On 8 January 2013 18:44, akinpelu emmanuel wrote:
> Dear All,
>
> Please has there been anyone that has successfully implemented EAP-SIM with
> Huawei HLR? I would appreciate head-start on how possible this is.
>
> Thank you
>
On 08/01/13 17:26, Muhammad Usman wrote:
Thanks for your reply..i tried but remained unsuccessful, can you kindly
send me any link or thread where it was discussed. Thanks again
See this thread:
http://lists.freeradius.org/pipermail/freeradius-users/2012-September/062721.html
However, the ups
Dear All,
Please has there been anyone that has successfully implemented EAP-SIM with
Huawei HLR? I would appreciate head-start on how possible this is.
Thank you-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for your reply..i tried but remained unsuccessful, can you kindly
send me any link or thread where it was discussed. Thanks again
On Mon, Jan 7, 2013 at 4:07 PM, Phil Mayers wrote:
> On 01/07/2013 10:10 AM, Muhammad Usman wrote:
>
>> Dear All, Any thoughts on this??
>&g
On 01/07/2013 10:10 AM, Muhammad Usman wrote:
Dear All, Any thoughts on this??
Various eap-sim issues have been discussed on the lists in the last few
months. Read the archives for more details.
IIRC the fixes are in 2.x.x branch - not all were in the release version
of 2.2.0. Download 2
Dear All, Any thoughts on this??
On Sun, Jan 6, 2013 at 5:05 PM, Muhammad Usman wrote:
> Dear All,
> I am trying to configure freeradius for EAP-SIM authentication, for that i
> compiled FreeRadius with "./configure --with-modules="rlm_sim"
> --with-modules=&quo
Dear All,
I am trying to configure freeradius for EAP-SIM authentication, for that i
compiled FreeRadius with "./configure --with-modules="rlm_sim"
--with-modules="rlm_sim_files"". Freeradius is installed successfully as i
have tested it using radtest, as suggest
, the wrong data is being fed
into the MAC at both ends.
Unfortunately, since FreeRADIUS works with *some* EAP-SIM/AKA
supplicants, I am guessing there are incompatible implementations out there.
You would need to read the SIM/AKA RFCs in detail, and possibly feed the
test data into FreeRADI
Hi guys,
i'm still trying to authenticate a EAP SIM Client with
the Freeraduis 3.0.0. By Using the Nokia E51 and E52, the eap-sim
authentication process just stops after the raduis has sent the "
EAP-REQUEST, SIM-CHALLENGE" (containing AT_RAND and AT_MAC) message (see
log inf
ix : Adding Realm = "wlan.mnc070.mcc901.3gppnetwork.org"
(0) suffix : Authentication realm is LOCAL.
(0) [suffix] = ok
rlm_sim_files: authorized user/imsi 19017653
rlm_sim_files: Adding EAP-Type: eap-sim
(0) [sim_files] = ok
(0) eap : EAP packet type response id 1 len
I have the same problem with Nokia E51 handset. EAP-SIM authentication
interrupted by Nokia supplicant. Unfortunately there is no useful
diagnostic on the handset.
On other hand EAP-SIM authentication succeeds when I use wpa_supplicant
on Windows using smart card reader with the same SIM card
n"
NAS-IP-Address = 192.168.10.212
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
rlm_sim_files: authorized user/imsi 19017653
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
++[preprocess] returns ok
Didn't you make another fix afterward regarding AT_IDENTITY (commit
cfd61d24b99022eb613054bbf7e0da4fa3af1bde)? Not the patch from Microsoft.
I know I have to patch the 2.2.0 source in our RPMs with this commit otherwise
it fails ;)
On 2012-11-06, at 10:15 AM, Alan DeKok wrote:
> Phil Mayers wr
Phil Mayers wrote:
> Was that after 2.2.0 was released?
No, before.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ed to also add a patch that has been committed in the 2.1.x branch (I
think) post release regarding EAP-SIM. Without it, it will not work.
Was that after 2.2.0 was released?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ch that has been committed in the 2.1.x branch (I
think) post release regarding EAP-SIM. Without it, it will not work.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 06/11/12 10:55, Yann R. Moupinda wrote:
Hi guys,
for my thesis i need to realize a EAP-SIM Authentication testbed. I'm
using a Nokia E52 with EAP-SIM, a MIKROTIK router as access point and
FreeRADIUS 2.1.10 as Radius server. I have added the necessary commands
Upgrade. Some fixes fo
Hi guys,
for my thesis i need to realize a EAP-SIM Authentication testbed. I'm using a
Nokia E52 with EAP-SIM, a MIKROTIK router as access point and FreeRADIUS 2.1.10
as Radius server. I have added the necessary commands in the clients.conf,
radiusd.conf, eap.conf and default files in
Hi Iliya/Alan,
I have looked into rlm_eap_sim source and found that is incorrectly
decode AT_IDENTITY attribute. This leads to incorrect AT_MAC attribute
calculation. MAC mismatch detected by supplicant and it refuses to
continue EAP-SIM authentication.
Please try to apply patch I've att
Iliya Peregoudov wrote:
> Hello Francois
>
> I have looked into rlm_eap_sim source and found that is incorrectly
> decode AT_IDENTITY attribute. This leads to incorrect AT_MAC attribute
> calculation. MAC mismatch detected by supplicant and it refuses to
> continue EAP-
Hello Francois
I have looked into rlm_eap_sim source and found that is incorrectly
decode AT_IDENTITY attribute. This leads to incorrect AT_MAC attribute
calculation. MAC mismatch detected by supplicant and it refuses to
continue EAP-SIM authentication.
Please try to apply patch I
Type = 18 (EAP-SIM)
0a Subtype = 10 (SIM-Start)
00 00 Reserved
0e Attr Type = 14
(AT_IDENTITY
Well you are probably right, but when providers will start pushing 3G/4G
offload for real (if they ever do), there are not many ways of doing
it... I think :P The reason of those tests on our side is to support
WISPr and/or NewGen hotspots with our product.
That's a big "if"
product.
That's a big "if", IMO.
EAP-SIM would in theory be quite nice for a number of reasons right now,
even without offload. It's a built-in, secure credential.
Unfortunately, as our off-list emails suggests, you can't get easy
access to SIM secrets in the
I just got back an answer from them. The reason of the patch was
because when the supplicant was doing EAP negotiation between AKA-PRIME,
AKA, and SIM, for some reason the server was using the wrong Identity.
I asked them if they tested a "forced EAP-SIM" situation with their
supp
RFC understanding kind of thing.
Probably.
> I tested with an iPhone 3GS device running 5.0.1. I still need some
> bytes to make it work and test with our Android (get the SRES/Kc from
> the Micro-SIM).
>
> I don't know if others on the list made it work with that patch o
Hi,
Ok so I did bisect, and this commit appears to be the problematic one:
177dbabdcef84353768551c0a39d29c566538c06 is the first bad commit
commit 177dbabdcef84353768551c0a39d29c566538c06
Author: Alan T. DeKok
Date: Tue Feb 21 08:57:49 2012 +0100
Try to use identity from SIM protocol,
On 13/09/12 11:51, Alan DeKok wrote:
Francois Gaudreault wrote:
Ok so I did bisect, and this commit appears to be the problematic one:
177dbabdcef84353768551c0a39d29c566538c06 is the first bad commit
commit 177dbabdcef84353768551c0a39d29c566538c06
Author: Alan T. DeKok
Date: Tue Feb 21 08:57
Francois Gaudreault wrote:
> Ok so I did bisect, and this commit appears to be the problematic one:
>
> 177dbabdcef84353768551c0a39d29c566538c06 is the first bad commit
> commit 177dbabdcef84353768551c0a39d29c566538c06
> Author: Alan T. DeKok
> Date: Tue Feb 21 08:57:49 2012 +0100
>
> Try
Hi,
There's only one change to the EAP-SIM code between 2.1.12 and 2.2.0.
I'm a bit surprised that it would do anything.
At this point, a "git bisect" would seem to be the best option.
Ok so I did bisect, and this commit appears to be
Hi,
Don't know then. The client is sending the reject - it doesn't like
something the server is sending it. Clock sync - is the 2.2.0 machine a
different server?
Nope. Simple yum remove / install.
Beyond that I'm only passing familiar with EAP-SIM, so would be guessing
I
1 - 100 of 236 matches
Mail list logo