[RADIATOR] FW: Help with EAP-SIM simulator for evaluation

Wed Jan 12 11:40:44 CST 2011

On 01/12/2011 06:01 PM, Effi Rand wrote:

Hello Effi,

> I have tried it with your remarks (though I had to use the eap_simoperator.cfg as the /etc/radius.cfg , with the map.cfg as a second instance) and it worked.

Good to hear.

> I still can't get the iPhone EAPSIM authentication to work even though the MAP output says it's accepted. The log from the main instance says not enough credentials.

Please check the value of NumTriplets in your configuration file. Based
on the log below, the value seems to be 2. Try with 3. The EAP SIM RFC
says valid values are 2 or 3 and the correct settings depends on the
peer policy.

Note that if you are using triplets file, you need to extract more
triplets in it in case you have only extracted two so far.

> Code:       Access-Request
> Identifier: 8
> Authentic:  9"<236><26>SC<225><171><209><9><18><251><155><225><135><211>
> Attributes:
>         GSM-IMSI = "310410318197284"
>         GSM-NumTriplets = 2

Two triplets are being requests from MAP.

> Tue Jan 11 17:46:56 2011: WARNING: EAP SIM Client Error code 2: Insufficient Challenges

Two is not enough for the client.

> Log from the map:

The MAP log also shows two triplets being used.

> Any idea on the cause ? ofcourse I used the iphone utility to set the EAPSIM authentication.

Please let us know if this gets iPhone working.

Thanks!
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.