[RADIATOR] EAP-SIM & EAP-AKA issues with radiator server

Heikki Vatiainen hvn at open.com.au
Mon May 21 13:35:47 CDT 2012


On 05/21/2012 02:52 PM, Zaman, Shaikh wrote:

> 1)      With SIM I am not able to connect the AP with Radiator server.
> In First setting I am *not seeing any logs going on in radius server.
> Trying to run the map.cfg and getting error*

> Thu May 17 17:10:56 2012: ERR: Could not load AuthBy module Radius::AuthMAP:
> 
> Can't locate Chipcard/PCSC.pm in @INC (@INC contains: .
> ..\Radiator-EAP-SIM C:/Perl/site/lib C:/Perl/lib .) at Radius/SimCard.pm
> line 13, <CONFIG> line 32.

Please read the README file in EAP-SIM distribution. You are missing
PCSC packages as described in the prerequisites section.

> 2)      With another setting with SIM I am seeing *Access rejected
> happened. *Running eap_sim.cfg but don’t know where to from this file is
> taking the SIM values(IMSI,KC,SRES,RAND)**

Extracting the triplets with "gettriplets" command is described in the
README too. However, you need PCSC for this too, so first you need to
get the PCSC packages installed.

> *_EAP-AKA_*

> With AKA  I am successfully able to connect the AP. When doing
>  *reconnect it should go for re-auth* id that’s not happening . I am
> *not finding the database where Server is storing the re-auth id and
> pseudonym is*.

The AKA support in the package you are using does not support fast
reauthentication or pseudonyms (TMSI). That is why there is no database
for them.

> *_Questions;-_*
> 
> 1)      In eap_sim.cfg file its mentioned that “NumTriplets 2”. Where
> can I find the NumTriplets. Is it a file or database or any think else?

See section 3 in http://tools.ietf.org/html/rfc4186

This is how you can tell the server to get and return 2 or 3 triplets
for the client. Use 3 for current clients.

> 2)      For EAP-SIM verification I have all the required
> values*(IMSI,RAND,KC,SRES),* Please tell me where can I use this for SIM
> verification.

For testing the above information (IMSI + triplets) can be extract from
the SIM with a smart card reader. These values can then be used with
AuthBy MAP. See goodies/map.cfg and section "Testing with the Radius MAP
gateway simulator" in the README.

> 3)      As in EAP-AKA verification I have aka_db which store all the
> values. For SIM which One I should use to store the values.
> 
> 4)      If you have any other information for this please share with me.

Please review the README. It has the information about setting up the
test environment. Also, http://tools.ietf.org/html/rfc4186 (the EAP-SIM
RFC) is a valuable source of information.

Thanks!
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list