[RADIATOR] FW: Help with EAP-SIM simulator for evaluation
Effi Rand
effi at comability.com
Thu Jan 13 09:18:15 CST 2011
Hi Heikki ,
As per request , I'm attaching the outputs of config + logs.
Radius.cfg
LicenseMaxRequests 1000
LicenseExpires 2011-01-23
LicenseOwner comability.com
LicenseKey 17345414cac159c421d6ca1dcf1498a9
LogDir /var/log/radius
DbDir /etc/radiator
# User a lower trace level in production systems:
Trace 5
AuthPort 1645,1812
AcctPort 1646,1813
# Special VSAs for talking to the MAP gateway simulator are in dictionary.sim
#DictionaryFile %D/dictionary,/usr/local/projects/Radius-EAP-SIM/dictionary.sim
DictionaryFile /etc/radiator/dictionary,/tmp/Modules/Radius-EAP-SIM/dictionary.sim
<Client DEFAULT>
Secret mysecret
DupInterval 0
</Client>
<Client 10.22.11.200>
Secret cisco
DupInterval 0
</Client>
<Realm DEFAULT>
<AuthBy SIMOPERATOR>
Host localhost
AuthPort 1647
Secret mysecret
EAPType SIM
NumTriplets 3
# TestClient
# TestNoMAP
SGSN MYSGSN
# AddToReply Reply-Message="Congratulations your SIM auth succeeded"
DBSource dbi:mysql:eapsim;hostname=localhost
DBUsername root
DBAuth root1234
# SaveTripletsQuery delete from TRIPLET where IMSI=%0
#SaveTripletsQuery insert into TRIPLET (IMSI, KC, SRES, RAND, AUTH_TIMESTAMP) values (%0, %1, %2, %3, %t), (%0, %4, %5, %6, %t), (%0, %7, %8, %9, %t)
# SaveTripletsQuery insert into TRIPLET (IMSI, KC, SRES, RAND, AUTH_TIMESTAMP) values (%0, %1, %2, %3, %t), (%0, %4, %5, %6, %t)
# GetTripletsQuery select KC, SRES, RAND from TRIPLET where IMSI=%0 and AUTH_TIMESTAMP > %t-600 limit %1
GetTripletsQuery select KC, SRES, RAND from TRIPLET where IMSI=? and AUTH_TIMESTAMP > ?-600 limit ?
GetTripletsQueryParam %0
GetTripletsQueryParam %t
GetTripletsQueryParam %1
AutoMPPEKeys
#SupportVersions 1,0
#RequireVersion 0
#AuthorisedHook sub {print "here in AuthorisedHook @_\n";}
UseTMSI
SaveTMSIQuery replace SIMTMSI (IMSI, TMSI) values (%0, %1)
GetTMSIQuery select IMSI from SIMTMSI where TMSI = %0
UseReauthentication
UseResultInd
ReauthenticationRealm @xyz.com
SaveReauthQuery replace SIMUSER (IMSI, REAUTH_ID, COUNTER, MK, K_AUT, K_ENCR, VERSION) values (%1, %0, %2, %3, %4, %5, %6)
UpdateReauthQuery update SIMUSER set REAUTH_ID=%0, COUNTER=%2, NONCE_S=%3, NEXT_REAUTH_ID=%4 where IMSI=%1
# UpdateReauthQuery update SIMUSER set REAUTH_ID=?, COUNTER=?, NONCE_S=?, NEXT_REAUTH_ID=? where IMSI=?
# UpdateReauthQueryParam %0
# UpdateReauthQueryParam %2
# UpdateReauthQueryParam %3
# UpdateReauthQueryParam %4
# UpdateReauthQueryParam %1
GetReauthQuery select IMSI, REAUTH_ID, NONCE_S, COUNTER, MK, K_AUT, K_ENCR, NEXT_REAUTH_ID, VERSION from SIMUSER where REAUTH_ID = %0
DeleteReauthQuery update SIMUSER set REAUTH_ID=NULL, COUNTER=NULL, NONCE_S=NULL, NEXT_REAUTH_ID=NULL where REAUTH_ID=%0
</AuthBy>
____
Map.cfg:
Foreground
LogStdout
LogDir .
DbDir .
# User a lower trace level in production systems:
Trace 5
DictionaryFile /etc/radiator/dictionary,/tmp/Modules/Radius-EAP-SIM/dictionary.sim
AuthPort 1647
AcctPort 1648
<Client DEFAULT>
Secret mysecret
DupInterval 0
</Client>
<Realm DEFAULT>
<AuthBy MAP>
TripletsFile /tmp/Modules/Radius-EAP-SIM/goodies/triplets.dat
Pin 0000
</AuthBy>
</Realm>
___
Logs:
Radiator log:
Thu Jan 13 17:17:17 2011: DEBUG: Packet dump:
*** Received from 10.22.11.200 port 2048 ....
Packet length = 121
01 00 00 79 b2 0d 99 a1 f0 9e 9d ff 24 de 2b a8
fc b5 63 a6 01 06 66 72 65 64 04 06 0a 16 0b c8
1e 0e 30 32 31 64 37 65 34 62 30 37 35 62 1f 0e
30 30 31 63 62 33 31 36 36 39 65 38 20 0e 30 32
31 64 37 65 34 62 30 37 35 62 05 06 00 00 00 17
0c 06 00 00 05 78 3d 06 00 00 00 13 4f 0b 02 00
00 09 01 66 72 65 64 50 12 ae 25 98 d0 3d c3 28
c9 8b 5b 1d e4 66 2f 82 ea
Code: Access-Request
Identifier: 0
Authentic: <178><13><153><161><240><158><157><255>$<222>+<168><252><181>c<166>
Attributes:
User-Name = "fred"
NAS-IP-Address = 10.22.11.200
Called-Station-Id = "021d7e4b075b"
Calling-Station-Id = "001cb31669e8"
NAS-Identifier = "021d7e4b075b"
NAS-Port = 23
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = <2><0><0><9><1>fred
Message-Authenticator = <174>%<152><208>=<195>(<201><139>[<29><228>f/<130><234>
Thu Jan 13 17:17:17 2011: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Thu Jan 13 17:17:17 2011: DEBUG: Deleting session for fred, 10.22.11.200, 23
Thu Jan 13 17:17:17 2011: DEBUG: Handling with Radius::AuthSIMOPERATOR:
Thu Jan 13 17:17:17 2011: DEBUG: Handling with EAP: code 2, 0, 9, 1
Thu Jan 13 17:17:17 2011: DEBUG: Response type 1
Thu Jan 13 17:17:17 2011: DEBUG: EAP result: 3, EAP SIM/Start
Thu Jan 13 17:17:17 2011: DEBUG: AuthBy SIMOPERATOR result: CHALLENGE, EAP SIM/Start
Thu Jan 13 17:17:17 2011: DEBUG: Access challenged for fred: EAP SIM/Start
Thu Jan 13 17:17:17 2011: DEBUG: Packet dump:
*** Sending to 10.22.11.200 port 2048 ....
Packet length = 60
0b 00 00 3c 5a 25 8b be a4 58 51 ab 82 aa 76 32
55 81 13 17 4f 16 01 01 00 14 12 0a 00 00 0d 01
00 00 0f 02 00 04 00 00 00 01 50 12 aa 2d e3 bc
2f ef 07 2d 77 2b 79 89 22 3c 6a 3c
Code: Access-Challenge
Identifier: 0
Authentic: Z%<139><190><164>XQ<171><130><170>v2U<129><19><23>
Attributes:
EAP-Message = <1><1><0><20><18><10><0><0><13><1><0><0><15><2><0><4><0><0><0><1>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Jan 13 17:17:17 2011: DEBUG: Packet dump:
*** Received from 10.22.11.200 port 2048 ....
Packet length = 200
01 00 00 c8 c9 1b 7a 53 7a a3 d8 a7 4c da d8 79
18 f4 91 1d 01 06 66 72 65 64 04 06 0a 16 0b c8
1e 0e 30 32 31 64 37 65 34 62 30 37 35 62 1f 0e
30 30 31 63 62 33 31 36 36 39 65 38 20 0e 30 32
31 64 37 65 34 62 30 37 35 62 05 06 00 00 00 17
0c 06 00 00 05 78 3d 06 00 00 00 13 4f 5a 02 01
00 58 12 0a 00 00 0e 0e 00 33 31 33 31 30 34 31
30 33 31 38 31 39 37 32 38 34 40 77 6c 61 6e 2e
6d 6e 63 34 31 30 2e 6d 63 63 33 31 30 2e 33 67
70 70 6e 65 74 77 6f 72 6b 2e 6f 72 67 00 10 01
00 01 07 05 00 00 b2 33 8b c4 ac 39 3a 81 38 ac
8c 27 11 2b 9e df 50 12 81 34 38 55 ce fe 1a fa
bd 03 09 02 e1 c9 5b d0
Code: Access-Request
Identifier: 0
Authentic: <201><27>zSz<163><216><167>L<218><216>y<24><244><145><29>
Attributes:
User-Name = "fred"
NAS-IP-Address = 10.22.11.200
Called-Station-Id = "021d7e4b075b"
Calling-Station-Id = "001cb31669e8"
NAS-Identifier = "021d7e4b075b"
NAS-Port = 23
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = <2><1><0>X<18><10><0><0><14><14><0>31310410318197284 at wlan.mnc410.mcc310.3gppnetwork.org<0><16><1><0><1><7><5><0><0><178>3<139><196><172>9:<129>8<172><140>'<17>+<158><223>
Message-Authenticator = <129>48U<206><254><26><250><189><3><9><2><225><201>[<208>
Thu Jan 13 17:17:17 2011: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Thu Jan 13 17:17:17 2011: DEBUG: Deleting session for fred, 10.22.11.200, 23
Thu Jan 13 17:17:17 2011: DEBUG: Handling with Radius::AuthSIMOPERATOR:
Thu Jan 13 17:17:17 2011: DEBUG: Handling with EAP: code 2, 1, 88, 18
Thu Jan 13 17:17:17 2011: DEBUG: Response type 18
Thu Jan 13 17:17:17 2011: DEBUG: Query is: 'select KC, SRES, RAND from TRIPLET where IMSI=? and AUTH_TIMESTAMP > ?-600 limit ?': 310410318197284 1294931837 3
Thu Jan 13 17:17:17 2011: INFO: Insufficient triplets returned from GetTripletsQuery
Thu Jan 13 17:17:17 2011: DEBUG: Handling with Radius::AuthRADIUS
Thu Jan 13 17:17:17 2011: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1647 ....
Packet length = 69
01 05 00 45 77 14 a1 18 92 ad 93 10 38 af ae b4
cb 65 ac d3 1a 17 00 00 23 58 65 11 33 31 30 34
31 30 33 31 38 31 39 37 32 38 34 1a 0c 00 00 23
58 64 06 00 00 00 03 1a 0e 00 00 23 58 69 08 4d
59 53 47 53 4e
Code: Access-Request
Identifier: 5
Authentic: w<20><161><24><146><173><147><16>8<175><174><180><203>e<172><211>
Attributes:
GSM-IMSI = "310410318197284"
GSM-NumTriplets = 3
GSM-SGSN = "MYSGSN"
Thu Jan 13 17:17:17 2011: DEBUG: EAP result: 2, Waiting for SIM triplets
Thu Jan 13 17:17:17 2011: DEBUG: AuthBy SIMOPERATOR result: IGNORE, Waiting for SIM triplets
Thu Jan 13 17:17:17 2011: DEBUG: Received reply in AuthRADIUS for req 5 from 127.0.0.1:1647
Thu Jan 13 17:17:17 2011: DEBUG: do query is: 'replace SIMTMSI (IMSI, TMSI) values ('310410318197284', '3a5285035507a544b')':
Thu Jan 13 17:17:17 2011: DEBUG: do query is: 'replace SIMUSER (IMSI, REAUTH_ID, COUNTER, MK, K_AUT, K_ENCR, VERSION) values ('310410318197284', '21dae3c5035537533 at xyz.com', '1', 'bc06ae422a65283fff58c124cd33107470ef413c', 'ec1d48c648ce2ebf7a8e204919b7666b', '076594676c58f5b0ea61929baace5150', '1')':
Thu Jan 13 17:17:17 2011: DEBUG: Access challenged for fred: EAP SIM/Challenge
Thu Jan 13 17:17:17 2011: DEBUG: Packet dump:
*** Sending to 10.22.11.200 port 2048 ....
Packet length = 212
0b 00 00 d4 be 86 6a 4b 5f 2b 86 ae 61 4e 74 26
66 40 c4 c8 4f ae 01 02 00 ac 12 0b 00 00 01 0d
00 00 bf 01 51 38 1c a8 09 cf 15 a8 36 ec dc bf
aa 9d b7 42 9d d3 9a ff 91 9f 20 42 c7 5e ef 1f
28 9d ef b6 97 3e 83 5f d4 97 bd 82 fb 8a cd b0
7e ac 81 05 00 00 6f 02 67 0e a4 a5 e3 81 38 93
36 f3 ff ec 85 d7 82 11 00 00 0b 82 ca 07 c3 a6
62 94 a9 ca 5b 9b 81 5b 8d 56 8f c1 56 f6 36 da
8e e7 ca d1 69 5f f5 97 8d 14 cd c9 3e f3 51 7b
54 31 fa 0d 74 f5 21 36 06 2c 30 a9 0e 70 49 5e
6b 5d 7d 66 be 3b cd c1 2d ff 87 01 00 00 0b 05
00 00 de 8e dc f5 73 79 67 cd f3 cc 7c 0d f4 64
fa 61 50 12 4c 39 4a 60 00 a8 81 0b 35 48 79 3c
52 48 88 97
Code: Access-Challenge
Identifier: 0
Authentic: <190><134>jK_+<134><174>aNt&f@<196><200>
Attributes:
EAP-Message = <1><2><0><172><18><11><0><0><1><13><0><0><191><1>Q8<28><168><9><207><21><168>6<236><220><191><170><157><183>B<157><211><154><255><145><159> B<199>^<239><31>(<157><239><182><151>><131>_<212><151><189><130><251><138><205><176>~<172><129><5><0><0>o<2>g<14><164><165><227><129>8<147>6<243><255><236><133><215><130><17><0><0><11><130><202><7><195><166>b<148><169><202>[<155><129>[<141>V<143><193>V<246>6<218><142><231><202><209>i_<245><151><141><20><205><201>><243>Q{T1<250><13>t<245>!6<6>,0<169><14>pI^k]}f<190>;<205><193>-<255><135><1><0><0><11><5><0><0><222><142><220><245>syg<205><243><204>|<13><244>d<250>a
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
____
Map log:
Thu Jan 13 17:17:17 2011: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 51672 ....
Packet length = 69
01 05 00 45 77 14 a1 18 92 ad 93 10 38 af ae b4
cb 65 ac d3 1a 17 00 00 23 58 65 11 33 31 30 34
31 30 33 31 38 31 39 37 32 38 34 1a 0c 00 00 23
58 64 06 00 00 00 03 1a 0e 00 00 23 58 69 08 4d
59 53 47 53 4e
Code: Access-Request
Identifier: 5
Authentic: w<20><161><24><146><173><147><16>8<175><174><180><203>e<172><211>
Attributes:
GSM-IMSI = "310410318197284"
GSM-NumTriplets = 3
GSM-SGSN = "MYSGSN"
Thu Jan 13 17:17:17 2011: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Thu Jan 13 17:17:17 2011: DEBUG: Deleting session for , 127.0.0.1,
Thu Jan 13 17:17:17 2011: DEBUG: Triplet 9de8ec134e9d13fc 36913c32 bf0151381ca809cf15a836ecdcbfaa9d
Thu Jan 13 17:17:17 2011: DEBUG: Triplet 728293e560fa7ab1 ee7a802a b7429dd39aff919f2042c75eef1f289d
Thu Jan 13 17:17:17 2011: DEBUG: Triplet e265ecd0e18685c5 be906c4b efb6973e835fd497bd82fb8acdb07eac
Thu Jan 13 17:17:17 2011: DEBUG: AuthBy MAP result: ACCEPT,
Thu Jan 13 17:17:17 2011: DEBUG: Access accepted for
Thu Jan 13 17:17:17 2011: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 51672 ....
Packet length = 128
02 05 00 80 8e 28 91 e1 0e 25 43 21 38 f2 f1 4f
78 8a c6 7b 1a 24 00 00 23 58 66 1e 9d e8 ec 13
4e 9d 13 fc 36 91 3c 32 bf 01 51 38 1c a8 09 cf
15 a8 36 ec dc bf aa 9d 1a 24 00 00 23 58 66 1e
72 82 93 e5 60 fa 7a b1 ee 7a 80 2a b7 42 9d d3
9a ff 91 9f 20 42 c7 5e ef 1f 28 9d 1a 24 00 00
23 58 66 1e e2 65 ec d0 e1 86 85 c5 be 90 6c 4b
ef b6 97 3e 83 5f d4 97 bd 82 fb 8a cd b0 7e ac
Code: Access-Accept
Identifier: 5
Authentic: <142>(<145><225><14>%C!8<242><241>Ox<138><198>{
Attributes:
GSM-Triplet = <157><232><236><19>N<157><19><252>6<145><2<191><1>Q8<28><168><9><207><21><168>6<236><220><191><170><157>
GSM-Triplet = r<130><147><229>`<250>z<177><238>z<128>*<183>B<157><211><154><255><145><159> B<199>^<239><31>(<157>
GSM-Triplet = <226>e<236><208><225><134><133><197><190><144>lK<239><182><151>><131>_<212><151><189><130><251><138><205><176>~<172>
___
Thanks ,
Efi Rand
More information about the radiator
mailing list