[RADIATOR] EAP-SIM & EAP-AKA issues with radiator server

Zaman, Shaikh szaman at qualcomm.com
Fri May 25 07:58:58 CDT 2012


Hi Heikki,

As mention in RAEDME the path for PCSC package is for Linux machine. 

Can you  point me to PCSC package for windows as I am using radiator server on windows machine?

Regards,
Shaikh

-----Original Message-----
From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On Behalf Of Heikki Vatiainen
Sent: Tuesday, May 22, 2012 12:06 AM
To: radiator at open.com.au
Subject: Re: [RADIATOR] EAP-SIM & EAP-AKA issues with radiator server

On 05/21/2012 02:52 PM, Zaman, Shaikh wrote:

> 1)      With SIM I am not able to connect the AP with Radiator server.
> In First setting I am *not seeing any logs going on in radius server.
> Trying to run the map.cfg and getting error*

> Thu May 17 17:10:56 2012: ERR: Could not load AuthBy module Radius::AuthMAP:
> 
> Can't locate Chipcard/PCSC.pm in @INC (@INC contains: .
> ..\Radiator-EAP-SIM C:/Perl/site/lib C:/Perl/lib .) at 
> Radius/SimCard.pm line 13, <CONFIG> line 32.

Please read the README file in EAP-SIM distribution. You are missing PCSC packages as described in the prerequisites section.

> 2)      With another setting with SIM I am seeing *Access rejected
> happened. *Running eap_sim.cfg but don't know where to from this file 
> is taking the SIM values(IMSI,KC,SRES,RAND)**

Extracting the triplets with "gettriplets" command is described in the README too. However, you need PCSC for this too, so first you need to get the PCSC packages installed.

> *_EAP-AKA_*

> With AKA  I am successfully able to connect the AP. When doing  
> *reconnect it should go for re-auth* id that's not happening . I am 
> *not finding the database where Server is storing the re-auth id and 
> pseudonym is*.

The AKA support in the package you are using does not support fast reauthentication or pseudonyms (TMSI). That is why there is no database for them.

> *_Questions;-_*
> 
> 1)      In eap_sim.cfg file its mentioned that "NumTriplets 2". Where
> can I find the NumTriplets. Is it a file or database or any think else?

See section 3 in http://tools.ietf.org/html/rfc4186

This is how you can tell the server to get and return 2 or 3 triplets for the client. Use 3 for current clients.

> 2)      For EAP-SIM verification I have all the required
> values*(IMSI,RAND,KC,SRES),* Please tell me where can I use this for 
> SIM verification.

For testing the above information (IMSI + triplets) can be extract from the SIM with a smart card reader. These values can then be used with AuthBy MAP. See goodies/map.cfg and section "Testing with the Radius MAP gateway simulator" in the README.

> 3)      As in EAP-AKA verification I have aka_db which store all the
> values. For SIM which One I should use to store the values.
> 
> 4)      If you have any other information for this please share with me.

Please review the README. It has the information about setting up the test environment. Also, http://tools.ietf.org/html/rfc4186 (the EAP-SIM
RFC) is a valuable source of information.

Thanks!
Heikki

--
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator


More information about the radiator mailing list