[RADIATOR] Help with EAP-SIM simulator for evaluation

Heikki Vatiainen hvn at open.com.au
Mon Jan 10 13:02:13 CST 2011


On 01/10/2011 05:34 PM, Effi Rand wrote:

> I need some help with the configuration of the radiator as a MAP-GATEWAY with radius interface. I'm not that experienced in this product and it's important for me to evaluate this feature since the expire date is due in 2 weeks.
> 
> I was able to test the EAP-SIM with the SSGN simulator using the "odyssey" wireless client (after we cached some triplets to a local file)
> However , when I try to test it with the MAP-GATEWAY simulator (same client), I fail to get the access-accept message.

There are a couple of things you should try. I will go through them below:

> # radius.cfg

> # $Id: linux-radius.cfg,v 1.3 2002/03/24 23:07:49 mikem Exp $

Looks like most of the content is from goodies/eap_simoperator.cfg

> AuthPort 1645,1812,1647
> AcctPort 1646,1813,1648

Please remove ports 1647 and 1648 since they will be used by map.cfg

> <Realm DEFAULT>
>         <AuthBy SIMOPERATOR>
>                 # The name or address of the example MAP gateway(s) that will server this instance
>                 # Radius requests are sent to this gateway requesting triplets etc.
>                 Host localhost
>                 AuthPort 1647
>                 Secret cisco

Please check README section "Testing with the Radius MAP gateway
simulator". What you should have listening on localhost port 1647 is
another Radiator running configuration from goodies/map.cfg

The example mpa.cfg uses port 1647 with secret mysecret

What happens now is that this Radiator instanc gets the request that is
intented for the MAP simulator. Like README says, you should two
Radiator instances running at the same time:

4. Run the MAP gateway simulator:
radiusd -config goodies/map.cfg

5. Run Radiator EAP-SIM server
radiusd -config goodies/eap_simoperator.cfg


>         <AuthBy MAP>
>                 TripletsFile /tmp/Modules/Radius-EAP-SIM/goodies/triplets.dat
>                 Pin 0000
>         </AuthBy>

Remove the <AuthBy MAP> block. This AuthBy will be handled by the second
Radiator that uses map.cfg

> </Realm>

> Another thing , in the README file , you mention that there is also a cisco-ipt simulator under Radius-EAP-SIM/goodies/ciscomap.cfg
> 
> There is no file like that.

You are correct. If will check what has happened to it.

> Another question , so far I've failed to test the iPhone EAP-SIM client against the EAP-SIM simulator. Any idea what can be done ?

I have not tried iPhone myself, but unless you have already downloaded
iPhone configuration utility from Apple you may want to do that. The
utility gives you control over many things, including WLAN settings
where you can disable all the other WPA-Enterprise methods.

Thanks!

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list