(RADIATOR) EAP-SIM authentication fails --- RADIATOR: "EAP SIM could not decode SIM attributes"

Mon Jul 11 14:23:35 CDT 2005

Hello,

I want to make tests with EAP-SIM in our testbed but I can't perform a 
successful authentication with EAP-SIM. The notebook has a card reader 
installed and should authenticate itself against the RADIUS server via a 
wireless access point.

Operating system, network card and card reader are fine but when I start 
the authentication RADIATOR tells me:
"EAP SIM could not decode SIM attributes". (You can find the full debug 
printout below)

The additional text " (at SIM Start)" I added myself to the 
"AuthSIM.pm"-file to find out where this error occurs.

RADIATOR answers the first time it receives an Access-Request but after 
sending the Access-Challenge it fails it decode the SIM attributes every 
time.

I attached the configuration files that I use.

My xsupplicant-config-file looks something like that:
~> cat xsupplicant.conf
### GLOBAL SECTION
network_list = all
default_netname = default
logfile = /var/log/xsupplicant.log

###  NETWORK SECTION
MIP_Network_2
{
     allow_types = eap-sim
     identity = "1234"
     eap-sim{
         username = "123456789012345"
         password = "0000"
         auto_realm = yes
     }
}
<EOF>

I tried many different configurations of xsupplicant but the problem 
persists.

- Testbed-setup -

Notebook: Dell Latitude C510
OS: Suse Linux 9.3
Kernel: 2.6.11.4-21.7
Supplicant: XSupplicant (newest version from cvs)
Cardreader: SCM SCR335
PCSC-lite 1.2.9-beta6
ccid-0.9.3 driver
Option Globetrotter Fusion PCMCIA WLAN UMTS GPRS card
Linuxant DriverLoader 2.28

RADIUS server: RADIATOR 3.12 with EAP-SIM plugin

Authenticator: Cisco Aironet 1200 Wireless Access Point

Do you have an idea what could cause this problem?

Regards,
Ronald Marx

- DEBUG printout -

Mon Jul 11 19:57:46 2005: DEBUG: Packet dump:
*** Received from 141.12.238.158 port 21647 ....
Code:       Access-Request
Identifier: 226
Authentic:  <248>{<213>}<221>xUS<201><18><203><12><164><149><186>)
Attributes:
         User-Name = "1234"
         Framed-MTU = 1400
         Called-Station-Id = "000e.38fc.1000"
         Calling-Station-Id = "000c.e311.c9ee"
         Message-Authenticator =
<193>a'`<159><164><24><132><143><247>WG<174><<187>P
         EAP-Message = <2><2><0><9><1>1234
         NAS-Port-Type = Wireless-IEEE-802-11
         NAS-Port = 275
         Service-Type = Framed-User
         NAS-IP-Address = 141.12.238.158
         NAS-Identifier = "AP2"

Mon Jul 11 19:57:46 2005: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Mon Jul 11 19:57:46 2005: DEBUG:  Deleting session for 1234, 
141.12.238.158, 275
Mon Jul 11 19:57:46 2005: DEBUG: Handling with Radius::AuthSIMOPERATOR:
Mon Jul 11 19:57:46 2005: DEBUG: Handling with EAP: code 2, 2, 9
Mon Jul 11 19:57:46 2005: DEBUG: Response type 1
Mon Jul 11 19:57:46 2005: DEBUG: EAP result: 3, EAP SIM/Start
Mon Jul 11 19:57:46 2005: DEBUG: AuthBy SIMOPERATOR result: CHALLENGE, EAP
SIM/Start
Mon Jul 11 19:57:46 2005: DEBUG: Access challenged for 1234: EAP SIM/Start
Mon Jul 11 19:57:46 2005: DEBUG: Packet dump:
*** Sending to 141.12.238.158 port 21647 ....
Code:       Access-Challenge
Identifier: 226
Authentic:  <248>{<213>}<221>xUS<201><18><203><12><164><149><186>)
Attributes:
         EAP-Message =
<1><3><0><20><18><10><0><0><13><1><0><0><15><2><0><4><0><0><0><1>
         Message-Authenticator = 
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Mon Jul 11 19:57:46 2005: DEBUG: Packet dump:
*** Received from 141.12.238.158 port 21647 ....
Code:       Access-Request
Identifier: 227
Authentic:  <242>j<254><171><178>~<243>Z<183><225><29>:<182><17><148><145>
Attributes:
         User-Name = "1234"
         Framed-MTU = 1400
         Called-Station-Id = "000e.38fc.1000"
         Calling-Station-Id = "000c.e311.c9ee"
         Message-Authenticator = 
KT<189>m8<135>{<199><136><0>H4<193>m<155><223>
         EAP-Message =
<2><3><0>4<18><10><0><0><7><5><0><0>oM<167><210>/<131>^<237><172><185><247><23>~<236><240><191><14><4><0><15>262015920055409<0><16><1><0><1>
         NAS-Port-Type = Wireless-IEEE-802-11
         NAS-Port = 275
         Service-Type = Framed-User
         NAS-IP-Address = 141.12.238.158
         NAS-Identifier = "AP2"

Mon Jul 11 19:57:46 2005: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Mon Jul 11 19:57:46 2005: DEBUG:  Deleting session for 1234, 
141.12.238.158, 275
Mon Jul 11 19:57:46 2005: DEBUG: Handling with Radius::AuthSIMOPERATOR:
Mon Jul 11 19:57:46 2005: DEBUG: Handling with EAP: code 2, 3, 52
Mon Jul 11 19:57:46 2005: DEBUG: Response type 18
Mon Jul 11 19:57:46 2005: WARNING: EAP SIM Notification: 16384, EAP SIM 
could
not decode SIM attributes (at SIM Start)
Mon Jul 11 19:57:46 2005: DEBUG: EAP result: 2, EAP SIM Notification 
Fail 16384
in version 0: EAP SIM could not decode SIM attributes (at SIM Start)
Mon Jul 11 19:57:46 2005: DEBUG: AuthBy SIMOPERATOR result: IGNORE, EAP SIM
Notification Fail 16384 in version 0: EAP SIM could not decode SIM 
attributes
(at SIM Start)
Mon Jul 11 19:57:51 2005: DEBUG: Packet dump:
*** Received from 141.12.238.158 port 21647 ....
Code:       Access-Request
Identifier: 227
Authentic:  <242>j<254><171><178>~<243>Z<183><225><29>:<182><17><148><145>
Attributes:
         User-Name = "1234"
         Framed-MTU = 1400
         Called-Station-Id = "000e.38fc.1000"
         Calling-Station-Id = "000c.e311.c9ee"
         Message-Authenticator = 
KT<189>m8<135>{<199><136><0>H4<193>m<155><223>
         EAP-Message =
<2><3><0>4<18><10><0><0><7><5><0><0>oM<167><210>/<131>^<237><172><185><247><23>~<236><240><191><14><4><0><15>262015920055409<0><16><1><0><1>
         NAS-Port-Type = Wireless-IEEE-802-11
         NAS-Port = 275
         Service-Type = Framed-User
         NAS-IP-Address = 141.12.238.158
         NAS-Identifier = "AP2"

Mon Jul 11 19:57:51 2005: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Mon Jul 11 19:57:51 2005: DEBUG:  Deleting session for 1234, 
141.12.238.158, 275
Mon Jul 11 19:57:51 2005: DEBUG: Handling with Radius::AuthSIMOPERATOR:
Mon Jul 11 19:57:51 2005: DEBUG: Handling with EAP: code 2, 3, 52
Mon Jul 11 19:57:51 2005: DEBUG: Response type 18
Mon Jul 11 19:57:51 2005: WARNING: EAP SIM Notification: 16384, EAP SIM 
could
not decode SIM attributes (at SIM Start)
Mon Jul 11 19:57:51 2005: DEBUG: EAP result: 2, EAP SIM Notification 
Fail 16384
in version 0: EAP SIM could not decode SIM attributes (at SIM Start)
Mon Jul 11 19:57:51 2005: DEBUG: AuthBy SIMOPERATOR result: IGNORE, EAP SIM
Notification Fail 16384 in version 0: EAP SIM could not decode SIM 
attributes
(at SIM Start)
[...]
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: eap_simoperator.cfg
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050711/26d45e08/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: map.cfg
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050711/26d45e08/attachment-0001.ksh>