[RADIATOR] EAP-SIM & EAP-AKA issues with radiator server

Heikki Vatiainen hvn at open.com.au
Mon May 28 03:27:41 CDT 2012


On 05/25/2012 03:58 PM, Zaman, Shaikh wrote:

> As mention in RAEDME the path for PCSC package is for Linux machine. 
> 
> Can you  point me to PCSC package for windows as I am using radiator server on windows machine?

If you happen to have 32bit Perl 5.8, try this:

ppm install http://www.open.com.au/radiator/free-downloads/Chipcard-PCSC.ppd

If not, please tell me what Perl version you are using and if you are
using 32bit or 64bit version. I'll see what is the best method to get
PCSC-perl for your platform.

Thanks!
Heikki

> Regards,
> Shaikh
> 
> -----Original Message-----
> From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On Behalf Of Heikki Vatiainen
> Sent: Tuesday, May 22, 2012 12:06 AM
> To: radiator at open.com.au
> Subject: Re: [RADIATOR] EAP-SIM & EAP-AKA issues with radiator server
> 
> On 05/21/2012 02:52 PM, Zaman, Shaikh wrote:
> 
>> 1)      With SIM I am not able to connect the AP with Radiator server.
>> In First setting I am *not seeing any logs going on in radius server.
>> Trying to run the map.cfg and getting error*
> 
>> Thu May 17 17:10:56 2012: ERR: Could not load AuthBy module Radius::AuthMAP:
>>
>> Can't locate Chipcard/PCSC.pm in @INC (@INC contains: .
>> ..\Radiator-EAP-SIM C:/Perl/site/lib C:/Perl/lib .) at 
>> Radius/SimCard.pm line 13, <CONFIG> line 32.
> 
> Please read the README file in EAP-SIM distribution. You are missing PCSC packages as described in the prerequisites section.
> 
>> 2)      With another setting with SIM I am seeing *Access rejected
>> happened. *Running eap_sim.cfg but don't know where to from this file 
>> is taking the SIM values(IMSI,KC,SRES,RAND)**
> 
> Extracting the triplets with "gettriplets" command is described in the README too. However, you need PCSC for this too, so first you need to get the PCSC packages installed.
> 
>> *_EAP-AKA_*
> 
>> With AKA  I am successfully able to connect the AP. When doing  
>> *reconnect it should go for re-auth* id that's not happening . I am 
>> *not finding the database where Server is storing the re-auth id and 
>> pseudonym is*.
> 
> The AKA support in the package you are using does not support fast reauthentication or pseudonyms (TMSI). That is why there is no database for them.
> 
>> *_Questions;-_*
>>
>> 1)      In eap_sim.cfg file its mentioned that "NumTriplets 2". Where
>> can I find the NumTriplets. Is it a file or database or any think else?
> 
> See section 3 in http://tools.ietf.org/html/rfc4186
> 
> This is how you can tell the server to get and return 2 or 3 triplets for the client. Use 3 for current clients.
> 
>> 2)      For EAP-SIM verification I have all the required
>> values*(IMSI,RAND,KC,SRES),* Please tell me where can I use this for 
>> SIM verification.
> 
> For testing the above information (IMSI + triplets) can be extract from the SIM with a smart card reader. These values can then be used with AuthBy MAP. See goodies/map.cfg and section "Testing with the Radius MAP gateway simulator" in the README.
> 
>> 3)      As in EAP-AKA verification I have aka_db which store all the
>> values. For SIM which One I should use to store the values.
>>
>> 4)      If you have any other information for this please share with me.
> 
> Please review the README. It has the information about setting up the test environment. Also, http://tools.ietf.org/html/rfc4186 (the EAP-SIM
> RFC) is a valuable source of information.
> 
> Thanks!
> Heikki
> 
> --
> Heikki Vatiainen <hvn at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list