[RADIATOR] EAP-SIM & EAP-AKA issues with radiator server
Zaman, Shaikh
szaman at qualcomm.com
Fri May 25 07:58:58 CDT 2012
Hi Heikki,
As mention in RAEDME the path for PCSC package is for Linux machine.
Can you point me to PCSC package for windows as I am using radiator server on windows machine?
Regards,
Shaikh
-----Original Message-----
From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On Behalf Of Heikki Vatiainen
Sent: Tuesday, May 22, 2012 12:06 AM
To: radiator at open.com.au
Subject: Re: [RADIATOR] EAP-SIM & EAP-AKA issues with radiator server
On 05/21/2012 02:52 PM, Zaman, Shaikh wrote:
> 1) With SIM I am not able to connect the AP with Radiator server.
> In First setting I am *not seeing any logs going on in radius server.
> Trying to run the map.cfg and getting error*
> Thu May 17 17:10:56 2012: ERR: Could not load AuthBy module Radius::AuthMAP:
>
> Can't locate Chipcard/PCSC.pm in @INC (@INC contains: .
> ..\Radiator-EAP-SIM C:/Perl/site/lib C:/Perl/lib .) at
> Radius/SimCard.pm line 13, <CONFIG> line 32.
Please read the README file in EAP-SIM distribution. You are missing PCSC packages as described in the prerequisites section.
> 2) With another setting with SIM I am seeing *Access rejected
> happened. *Running eap_sim.cfg but don't know where to from this file
> is taking the SIM values(IMSI,KC,SRES,RAND)**
Extracting the triplets with "gettriplets" command is described in the README too. However, you need PCSC for this too, so first you need to get the PCSC packages installed.
> *_EAP-AKA_*
> With AKA I am successfully able to connect the AP. When doing
> *reconnect it should go for re-auth* id that's not happening . I am
> *not finding the database where Server is storing the re-auth id and
> pseudonym is*.
The AKA support in the package you are using does not support fast reauthentication or pseudonyms (TMSI). That is why there is no database for them.
> *_Questions;-_*
>
> 1) In eap_sim.cfg file its mentioned that "NumTriplets 2". Where
> can I find the NumTriplets. Is it a file or database or any think else?
See section 3 in http://tools.ietf.org/html/rfc4186
This is how you can tell the server to get and return 2 or 3 triplets for the client. Use 3 for current clients.
> 2) For EAP-SIM verification I have all the required
> values*(IMSI,RAND,KC,SRES),* Please tell me where can I use this for
> SIM verification.
For testing the above information (IMSI + triplets) can be extract from the SIM with a smart card reader. These values can then be used with AuthBy MAP. See goodies/map.cfg and section "Testing with the Radius MAP gateway simulator" in the README.
> 3) As in EAP-AKA verification I have aka_db which store all the
> values. For SIM which One I should use to store the values.
>
> 4) If you have any other information for this please share with me.
Please review the README. It has the information about setting up the test environment. Also, http://tools.ietf.org/html/rfc4186 (the EAP-SIM
RFC) is a valuable source of information.
Thanks!
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator
More information about the radiator
mailing list