[RADIATOR] Help with EAP-SIM for evaluation.

Felix Sanchez Felix.Sanchez at digicelgroup.com
Thu May 31 10:56:21 CDT 2012


Hellow,

                We are in phase of testing radiator and EAP-SIM module. I'm having hard time to configure the test scenario. So far I'have the following configuration.
I have 2 instances running each configuration file.

1.            Could you help to find what would be the problem according this settings?
2              If its possible to have the sample of ciscomap.cfg ? Because at the end we will probably use the EAP-SIM with our CISCO-ITP. I red before that you need a verification of
The ITP License, please tell how can I help you to validate our license.

                The hardware used for testing is:


1.       HP Server 64 Bits running Redhat 5.6

2.       Radiator 1.49 (locked version)

3.       EAP-SIM module (1.32)

4.       DLINK DIR-615

If you need more info, please let me know

[sim-operator.cfg]
LogDir          /var/log/radius
LogFile         /var/log/radius/radiusd-sim.log
DbDir           /etc/radiator
Trace           5
DictionaryFile /etc/radiator/dictionary,/etc/radiator/dictionary.sim
<Client DEFAULT>
        Secret  1q2w3e4r
        DupInterval 0
</Client>
<Realm DEFAULT>
        <AuthBy SIMOPERATOR>
                Host localhost
                AuthPort 1647
                Secret 1q2w3e4r
                EAPType SIM
                NumTriplets 2
                SGSN 172.27.66.48
                DBSource        dbi:mysql:wifi_offload_1;hostname=localhost
                DBUsername      root
                DBAuth          root
                GetTripletsQueryParam %0
                GetTripletsQueryParam %t
                GetTripletsQueryParam %1
                AutoMPPEKeys
                UseTMSI
                SaveTMSIQuery replace SIMTMSI (IMSI, TMSI) values (%0, %1)
                GetTMSIQuery select IMSI from SIMTMSI where TMSI = %0
                UseReauthentication
                UseResultInd
                SaveReauthQuery replace SIMUSER (IMSI, REAUTH_ID, COUNTER, MK, K_AUT, K_ENCR, VERSION) values (%1, %0, %2, %3, %4, %5, %6)
                UpdateReauthQuery update SIMUSER set  REAUTH_ID=%0, COUNTER=%2, NONCE_S=%3, NEXT_REAUTH_ID=%4 where IMSI=%1
                GetReauthQuery select IMSI, REAUTH_ID, NONCE_S, COUNTER, MK, K_AUT, K_ENCR, NEXT_REAUTH_ID, VERSION from SIMUSER where REAUTH_ID = %0
                DeleteReauthQuery update SIMUSER set  REAUTH_ID=NULL, COUNTER=NULL, NONCE_S=NULL, NEXT_REAUTH_ID=NULL where REAUTH_ID=%0
        </AuthBy>
</Realm>

[map.cfg]
LogDir          /var/log/radius
LogFile         /var/log/radius/radiusd-map.log
DbDir           /etc/radiator
Trace           5
DictionaryFile /etc/radiator/dictionary,/etc/radiator/dictionary.sim
AuthPort 1647
AcctPort 1648
<Client DEFAULT>
        Secret  1q2w3e4r
        DupInterval 0
</Client>
<Realm DEFAULT>
        <AuthBy MAP>
                TripletsFile /etc/radiator/db/triplets.dat
        </AuthBy>
</Realm>



DEBUG  map.cfg LOG
Thu May 31 10:45:27 2012: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 33159 ....

Packet length = 75
01 02 00 4b 5b 92 a5 3d eb ef 9e 48 b1 80 46 c8
87 f8 c3 de 1a 17 00 00 23 58 65 11 37 31 34 30
34 31 30 30 30 30 30 37 33 30 39 1a 0c 00 00 23
58 64 06 00 00 00 02 1a 14 00 00 23 58 69 0e 31
37 32 2e 32 37 2e 36 36 2e 34 38
Code:       Access-Request
Identifier: 2
Authentic:  [<146><165>=<235><239><158>H<177><128>F<200><135><248><195><222>
Attributes:
        GSM-IMSI = "714041000007309"
        GSM-NumTriplets = 2
        GSM-SGSN = "172.27.66.48"

Thu May 31 10:45:27 2012: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Thu May 31 10:45:27 2012: DEBUG:  Deleting session for , 127.0.0.1,
Thu May 31 10:45:27 2012: DEBUG: Triplet 8da782c062711400 c68d5545 4d0714ad695642279043d264732c141e
Thu May 31 10:45:27 2012: DEBUG: Triplet 8da782c062711400 c68d5545 4d0714ad695642279043d264732c141e
Thu May 31 10:45:27 2012: DEBUG: AuthBy MAP result: ACCEPT,
Thu May 31 10:45:27 2012: DEBUG: Access accepted for
Thu May 31 10:45:27 2012: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 33159 ....

Packet length = 92
02 02 00 5c ac e2 94 88 b8 7d 98 b9 01 b5 cd 18
fc 58 35 d4 1a 24 00 00 23 58 66 1e 8d a7 82 c0
62 71 14 00 c6 8d 55 45 4d 07 14 ad 69 56 42 27
90 43 d2 64 73 2c 14 1e 1a 24 00 00 23 58 66 1e
8d a7 82 c0 62 71 14 00 c6 8d 55 45 4d 07 14 ad
69 56 42 27 90 43 d2 64 73 2c 14 1e
Code:       Access-Accept
Identifier: 2
Authentic:  <172><226><148><136><184>}<152><185><1><181><205><24><252>X5<212>
Attributes:
        GSM-Triplet = <141><167><130><192>bq<20><0><198><141>UEM<7><20><173>iVB'<144>C<210>ds,<20><30>
        GSM-Triplet = <141><167><130><192>bq<20><0><198><141>UEM<7><20><173>iVB'<144>C<210>ds,<20><30>

DEBUG simoperator.log  LOG
[root at pa01gen01-64b radius]# cat radiusd-sim.log
Thu May 31 10:45:27 2012: DEBUG: Packet dump:
*** Received from 172.27.66.48 port 2048 ....

Packet length = 237
01 1e 00 ed 80 42 d7 46 45 c8 48 fb b8 e8 8b fb
6e 45 c8 c4 01 35 31 37 31 34 30 34 31 30 30 30
30 30 37 33 30 39 40 77 6c 61 6e 2e 6d 6e 63 30
30 34 2e 6d 63 63 37 31 34 2e 33 67 70 70 6e 65
74 77 6f 72 6b 2e 6f 72 67 05 06 00 00 00 00 1e
1d 38 34 2d 43 39 2d 42 32 2d 34 41 2d 30 30 2d
32 39 3a 44 4c 49 4e 4b 2d 45 41 50 1f 13 32 43
2d 41 38 2d 33 35 2d 36 38 2d 45 36 2d 42 46 0c
06 00 00 05 78 3d 06 00 00 00 13 4d 16 43 4f 4e
4e 45 43 54 20 30 4d 62 70 73 20 38 30 32 2e 31
31 4f 3a 02 00 00 38 01 31 37 31 34 30 34 31 30
30 30 30 30 37 33 30 39 40 77 6c 61 6e 2e 6d 6e
63 30 30 34 2e 6d 63 63 37 31 34 2e 33 67 70 70
6e 65 74 77 6f 72 6b 2e 6f 72 67 50 12 3a c9 60
ca 43 b8 ca 3e a0 0b 18 20 a6 eb 26 81
Code:       Access-Request
Identifier: 30
Authentic:  <128>B<215>FE<200>H<251><184><232><139><251>nE<200><196>
Attributes:
        User-Name = "1714041000007309 at wlan.mnc004.mcc714.3gppnetwork.org"
        NAS-Port = 0
        Called-Station-Id = "84-C9-B2-4A-00-29:DLINK-EAP"
        Calling-Station-Id = "2C-A8-35-68-E6-BF"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-IEEE-802-11
        Connect-Info = "CONNECT 0Mbps 802.11"
        EAP-Message = <2><0><0>8<1>1714041000007309 at wlan.mnc004.mcc714.3gppnetwork.org
        Message-Authenticator = :<201>`<202>C<184><202>><160><11><24> <166><235>&<129>

Thu May 31 10:45:27 2012: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Thu May 31 10:45:27 2012: DEBUG:  Deleting session for 1714041000007309 at wlan.mnc004.mcc714.3gppnetwork.org, 172.27.66.48, 0
Thu May 31 10:45:27 2012: DEBUG: Handling with Radius::AuthSIMOPERATOR:
Thu May 31 10:45:27 2012: DEBUG: Handling with EAP: code 2, 0, 56, 1
Thu May 31 10:45:27 2012: DEBUG: Response type 1
Thu May 31 10:45:27 2012: DEBUG: EAP result: 3, EAP SIM/Start
Thu May 31 10:45:27 2012: DEBUG: AuthBy SIMOPERATOR result: CHALLENGE, EAP SIM/Start
Thu May 31 10:45:27 2012: DEBUG: Access challenged for 1714041000007309 at wlan.mnc004.mcc714.3gppnetwork.org: EAP SIM/Start
Thu May 31 10:45:27 2012: DEBUG: Packet dump:
*** Sending to 172.27.66.48 port 2048 ....

Packet length = 56
0b 1e 00 38 90 7b 1f 9b 61 8f da e1 6a ed 0b 53
54 ac 11 bc 4f 12 01 01 00 10 12 0a 00 00 0f 02
00 04 00 00 00 01 50 12 85 b1 b1 07 c8 31 a2 72
0b 65 72 ee 13 e9 c2 06
Code:       Access-Challenge
Identifier: 30
Authentic:  <144>{<31><155>a<143><218><225>j<237><11>ST<172><17><188>
Attributes:
        EAP-Message = <1><1><0><16><18><10><0><0><15><2><0><4><0><0><0><1>
        Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Thu May 31 10:45:27 2012: DEBUG: Packet dump:
*** Received from 172.27.66.48 port 2048 ....

Packet length = 213
01 1f 00 d5 d3 1a 13 80 ba cf e8 78 60 ed f1 56
a1 6e 4f d2 01 35 31 37 31 34 30 34 31 30 30 30
30 30 37 33 30 39 40 77 6c 61 6e 2e 6d 6e 63 30
30 34 2e 6d 63 63 37 31 34 2e 33 67 70 70 6e 65
74 77 6f 72 6b 2e 6f 72 67 05 06 00 00 00 00 1e
1d 38 34 2d 43 39 2d 42 32 2d 34 41 2d 30 30 2d
32 39 3a 44 4c 49 4e 4b 2d 45 41 50 1f 13 32 43
2d 41 38 2d 33 35 2d 36 38 2d 45 36 2d 42 46 0c
06 00 00 05 78 3d 06 00 00 00 13 4d 16 43 4f 4e
4e 45 43 54 20 30 4d 62 70 73 20 38 30 32 2e 31
31 4f 22 02 01 00 20 12 0a 00 00 07 05 00 00 a3
38 10 ed 17 ad be 77 c0 b9 6c d8 b8 82 3c cc 10
01 00 01 50 12 20 8b 90 31 42 21 2a 1f 05 81 36
e2 eb 42 1b ce
Code:       Access-Request
Identifier: 31
Authentic:  <211><26><19><128><186><207><232>x`<237><241>V<161>nO<210>
Attributes:
        User-Name = "1714041000007309 at wlan.mnc004.mcc714.3gppnetwork.org"
        NAS-Port = 0
        Called-Station-Id = "84-C9-B2-4A-00-29:DLINK-EAP"
        Calling-Station-Id = "2C-A8-35-68-E6-BF"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-IEEE-802-11
        Connect-Info = "CONNECT 0Mbps 802.11"
        EAP-Message = <2><1><0> <18><10><0><0><7><5><0><0><163>8<16><237><23><173><190>w<192><185>l<216><184><130><<204><16><1><0><1>
        Message-Authenticator =  <139><144>1B!*<31><5><129>6<226><235>B<27><206>

Thu May 31 10:45:27 2012: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Thu May 31 10:45:27 2012: DEBUG:  Deleting session for 1714041000007309 at wlan.mnc004.mcc714.3gppnetwork.org, 172.27.66.48, 0
Thu May 31 10:45:27 2012: DEBUG: Handling with Radius::AuthSIMOPERATOR:
Thu May 31 10:45:27 2012: DEBUG: Handling with EAP: code 2, 1, 32, 18
Thu May 31 10:45:27 2012: DEBUG: Response type 18
Thu May 31 10:45:27 2012: DEBUG: Handling with Radius::AuthRADIUS
Thu May 31 10:45:27 2012: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1647 ....

Packet length = 75
01 02 00 4b 5b 92 a5 3d eb ef 9e 48 b1 80 46 c8
87 f8 c3 de 1a 17 00 00 23 58 65 11 37 31 34 30
34 31 30 30 30 30 30 37 33 30 39 1a 0c 00 00 23
58 64 06 00 00 00 02 1a 14 00 00 23 58 69 0e 31
37 32 2e 32 37 2e 36 36 2e 34 38
Code:       Access-Request
Identifier: 2
Authentic:  [<146><165>=<235><239><158>H<177><128>F<200><135><248><195><222>
Attributes:
        GSM-IMSI = "714041000007309"
        GSM-NumTriplets = 2
        GSM-SGSN = "172.27.66.48"

Thu May 31 10:45:27 2012: DEBUG: EAP result: 2, Waiting for SIM triplets
Thu May 31 10:45:27 2012: DEBUG: AuthBy SIMOPERATOR result: IGNORE, Waiting for SIM triplets
Thu May 31 10:45:27 2012: DEBUG: Received reply in AuthRADIUS for req 2 from 127.0.0.1:1647
Thu May 31 10:45:27 2012: DEBUG: do query is: 'replace SIMTMSI (IMSI, TMSI) values ('714041000007309', '3ec307bca39517ff1')':
Thu May 31 10:45:27 2012: DEBUG: do query is: 'replace SIMUSER (IMSI, REAUTH_ID, COUNTER, MK, K_AUT, K_ENCR, VERSION) values ('714041000007309', '28c446bca276dc6af', '1', '1798b1c6561b91fcbe88b90d77c11ef7510de5e8', '4250cb86a93f30053b289fe7587be1cb', '4587fce99bf6dda457547567dd6e90a6', '1')':
Thu May 31 10:45:27 2012: DEBUG: Access challenged for 1714041000007309 at wlan.mnc004.mcc714.3gppnetwork.org: EAP SIM/Challenge
Thu May 31 10:45:27 2012: DEBUG: Packet dump:
*** Sending to 172.27.66.48 port 2048 ....

Packet length = 180
0b 1f 00 b4 ad 5b 6b 05 df 57 2f 04 87 6b 0f 65
a6 61 ac ef 4f 8e 01 02 00 8c 12 0b 00 00 01 09
00 00 4d 07 14 ad 69 56 42 27 90 43 d2 64 73 2c
14 1e 4d 07 14 ad 69 56 42 27 90 43 d2 64 73 2c
14 1e 81 05 00 00 f7 e1 b0 95 2a 6b c1 08 57 bd
ee 27 63 a7 d2 a1 82 0d 00 00 e5 6b a8 f8 6b a8
56 a5 74 96 83 a2 9d 89 58 e4 e4 17 51 89 7a d1
d0 0f dc c2 3e ee b2 2c c9 38 83 49 46 39 b7 f2
d6 75 c8 77 0c de fb 1c 74 92 87 01 00 00 0b 05
00 00 71 1d c3 f4 ce 57 06 50 ec 39 3b 97 bd ec
ce db 50 12 f0 61 d6 9d 95 58 5a 3e 5d 65 23 33
f6 17 87 e8
Code:       Access-Challenge
Identifier: 31
Authentic:  <173>[k<5><223>W/<4><135>k<15>e<166>a<172><239>
Attributes:
        EAP-Message = <1><2><0><140><18><11><0><0><1><9><0><0>M<7><20><173>iVB'<144>C<210>ds,<20><30>M<7><20><173>iVB'<144>C<210>ds,<20><30><129><5><0><0><247><225><176><149>*k<193><8>W<189><238>'c<167><210><161><130><13><0><0><229>k<168><248>k<168>V<165>t<150><131><162><157><137>X<228><228><23>Q<137>z<209><208><15><220><194>><238><178>,<201>8<131>IF9<183><242><214>u<200>w<12><222><251><28>t<146><135><1><0><0><11><5><0><0>q<29><195><244><206>W<6>P<236>9;<151><189><236><206><219>
        Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Thu May 31 10:45:27 2012: DEBUG: Packet dump:
*** Received from 172.27.66.48 port 2048 ....

Packet length = 193
01 20 00 c1 c2 70 c9 d4 51 ec 48 db c7 f9 ac 67
ba df 92 d0 01 35 31 37 31 34 30 34 31 30 30 30
30 30 37 33 30 39 40 77 6c 61 6e 2e 6d 6e 63 30
30 34 2e 6d 63 63 37 31 34 2e 33 67 70 70 6e 65
74 77 6f 72 6b 2e 6f 72 67 05 06 00 00 00 00 1e
1d 38 34 2d 43 39 2d 42 32 2d 34 41 2d 30 30 2d
32 39 3a 44 4c 49 4e 4b 2d 45 41 50 1f 13 32 43
2d 41 38 2d 33 35 2d 36 38 2d 45 36 2d 42 46 0c
06 00 00 05 78 3d 06 00 00 00 13 4d 16 43 4f 4e
4e 45 43 54 20 30 4d 62 70 73 20 38 30 32 2e 31
31 4f 0e 02 02 00 0c 12 0e 00 00 16 01 00 03 50
12 54 13 b6 4e 69 c8 f8 41 2e a4 ae b1 28 a4 66
a9
Code:       Access-Request
Identifier: 32
Authentic:  <194>p<201><212>Q<236>H<219><199><249><172>g<186><223><146><208>
Attributes:
        User-Name = "1714041000007309 at wlan.mnc004.mcc714.3gppnetwork.org"
        NAS-Port = 0
        Called-Station-Id = "84-C9-B2-4A-00-29:DLINK-EAP"
        Calling-Station-Id = "2C-A8-35-68-E6-BF"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-IEEE-802-11
        Connect-Info = "CONNECT 0Mbps 802.11"
        EAP-Message = <2><2><0><12><18><14><0><0><22><1><0><3>
        Message-Authenticator = T<19><182>Ni<200><248>A.<164><174><177>(<164>f<169>

Thu May 31 10:45:27 2012: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Thu May 31 10:45:27 2012: DEBUG:  Deleting session for 1714041000007309 at wlan.mnc004.mcc714.3gppnetwork.org, 172.27.66.48, 0
Thu May 31 10:45:27 2012: DEBUG: Handling with Radius::AuthSIMOPERATOR:
Thu May 31 10:45:27 2012: DEBUG: Handling with EAP: code 2, 2, 12, 18
Thu May 31 10:45:27 2012: DEBUG: Response type 18
Thu May 31 10:45:27 2012: WARNING: EAP SIM Client Error code 3: RAND not fresh
Thu May 31 10:45:27 2012: DEBUG: EAP result: 1, EAP SIM Client Error
Thu May 31 10:45:27 2012: DEBUG: AuthBy SIMOPERATOR result: REJECT, EAP SIM Client Error
Thu May 31 10:45:27 2012: INFO: Access rejected for 1714041000007309 at wlan.mnc004.mcc714.3gppnetwork.org: EAP SIM Client Error
Thu May 31 10:45:27 2012: DEBUG: Packet dump:
*** Sending to 172.27.66.48 port 2048 ....

Packet length = 60
03 20 00 3c a3 96 5f f9 61 26 eb 55 9a cd b7 52
31 8c a6 eb 4f 06 04 02 00 04 50 12 38 66 b1 e8
7b 79 cc 32 9d 80 81 8a e2 97 0b 43 12 10 52 65
71 75 65 73 74 20 44 65 6e 69 65 64
Code:       Access-Reject
Identifier: 32
Authentic:  <163><150>_<249>a&<235>U<154><205><183>R1<140><166><235>
Attributes:
        EAP-Message = <4><2><0><4>
        Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
        Reply-Message = "Request Denied"


Triplets.dat
714041000007309:8Da782c062711400:C68d5545:4D0714AD695642279043D264732C141E

Regards,


Felix Sanchez
Tecnologia | Red IP y GPRS | Panama
Digicel Panama
Movil: +507 6030-6424
Email: felix.sanchez at digicelgroup.com<mailto:felix.sanchez at digicelgroup.com>


[cid:prepago_android_firmadeemails-03520c.jpg]
S?guenos en:    [cid:icon_facebook742d.jpg] <http://www.facebook.com/pages/Digicel-Panama/79614858980?ref=ts#!/pages/Digicel-Panama/79614858980?v=app_11007063052&ref=ts>          [cid:icon_twitter7f6b.jpg] <http://twitter.com/digicelpanama>
Quieres enviar recarga Digicel a tus amigos y familiares? Hazlo en l?nea: https://onlinetopup.digicelgroup.com/Panama/es-ES/Default.aspx


________________________________

Notice of Confidentiality:

The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20120531/351ab3a7/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: prepago_android_firmadeemails-03520c.jpg
Type: image/jpeg
Size: 77732 bytes
Desc: prepago_android_firmadeemails-03520c.jpg
Url : http://www.open.com.au/pipermail/radiator/attachments/20120531/351ab3a7/attachment-0003.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: icon_facebook742d.jpg
Type: image/jpeg
Size: 1241 bytes
Desc: icon_facebook742d.jpg
Url : http://www.open.com.au/pipermail/radiator/attachments/20120531/351ab3a7/attachment-0004.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: icon_twitter7f6b.jpg
Type: image/jpeg
Size: 1176 bytes
Desc: icon_twitter7f6b.jpg
Url : http://www.open.com.au/pipermail/radiator/attachments/20120531/351ab3a7/attachment-0005.jpg 


More information about the radiator mailing list