Surendranath.C. | 1 Dec 08:59 2008

Capturing Logs in Freeradius

Kindly advise me how to view the logs in freeradius.

Thanks & Regards,

Surendranath Chandranath 
Fernando | 1 Dec 09:50 2008
Picon

Re: about SIM SIMULATOR

Jouni Malinen wrote:
> On Thu, Nov 27, 2008 at 01:51:00PM +0100, Fernando wrote:
>
>   
>> EAP-SIM: Challenge message used invalid AT_MAC
>>
>> Any ideas?
>>     
>
> Sounds like there is a mismatch in server and peer side credential
> configuration (authentication triplets do not match with the peer
> credentials).
>
>   
I'm using a triplets configured by me in freeradius (randomly).  When 
the simulator  is used... must a specific triplets be configured? what 
are the triplets that you are using?

Thanks,
Fernando.
Mark Ryden | 1 Dec 15:13 2008
Picon

Re: Question about sending beacons

Jouni,
Thanks for your reply.

I tried this today:
Use hostapd from git and
added printf in i802_set_beacon() in  driver_nl80211.c.

Run the first example of mac80211_hwsim  from under
mac80211_hwsim/tests (the hostapd git tree).

namely, I ran:

modprobe mac80211_hwsim
hostapd hostapd.conf
wpa_supplicant -Dwext -iwlan1 -c wpa_supplicant.conf
with hostapd.conf and wpa_supplicant.conf from the test.
This was first trial and it seems ok.

Then after running hostapd hostapd.conf, I started a sniffer (on the
same machine) thus:
 tshark -R wlan -i mon.wlan0

then I ran wpa_supplicant -Dwext -iwlan1 -c wpa_supplicant.conf

This is what I saw in the console:
ioctl[SIOCSIWAUTH]: Operation not supported
WEXT auth param 4 value 0x0 - ioctl[SIOCGIWSCAN]: Resource temporarily
unavailable
ioctl[SIOCGIWSCAN]: Resource temporarily unavailable
Trying to associate with 02:00:00:00:00:00 (SSID='mac80211 test' freq=2412 MHz)
(Continue reading)

Surendranath.C. | 2 Dec 11:11 2008

Eapol-Test fails

I am herewith attaching you the debug logs as well as eapol-test output
logs. The test failed. Kindly help me in troubleshooting the same.

Thanks & Regards,

Surendranath Chandranath
Attachment (logs.zip): application/octet-stream, 21 KiB
_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
Surendranath.C. | 2 Dec 14:11 2008

Eapol Testing Fails

Here are the excerpts from the log file which I sent earlier. Need your help
in troubleshooting.

rad_recv: Access-Request packet from host 127.0.0.1 port 42040, id=5,
length=273
	User-Name = "mihir <at> test.wifi.vsnl.net"
	NAS-IP-Address = 127.0.0.1
	Calling-Station-Id = "02-00-00-00-00-01"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 

0x02050080150017030100204da9d15698172d52f9e62422d9a7d51a3d1eda357d807052b921
3bdafaecae1d1703010050596444b156ae90aa346438f4b0d

fc7c4c772f0773810e2ee437f922aae22ad18f88342fdec3988e7455d230d16a0ef96a8db6a9
f14f6f111bd5b5078a2767a477e8b674939f23f92b22dc463

b8eab55c
	State = 0x9978d34b9d7dc66d9342e10c42427792
	Message-Authenticator = 0x07d46508d4fcac3199678f7999f8f923
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "test.wifi.vsnl.net" for User-Name =
"mihir <at> test.wifi.vsnl.net"
[suffix] No such realm "test.wifi.vsnl.net"
++[suffix] returns noop
(Continue reading)

Alan DeKok | 2 Dec 14:49 2008

Re: Eapol Testing Fails

Surendranath.C. wrote:
> Here are the excerpts from the log file which I sent earlier. Need your help
> in troubleshooting.

  Please post FreeRADIUS questions to the freeradius-users list.

  In short, you've edited the default configuration files, and broken
it.  Don't do that.

  Alan DeKok.
Jouni Malinen | 2 Dec 18:51 2008
Picon

Re: about SIM SIMULATOR

On Mon, Dec 01, 2008 at 09:50:03AM +0100, Fernando wrote:

> I'm using a triplets configured by me in freeradius (randomly).  When 
> the simulator  is used... must a specific triplets be configured? what 
> are the triplets that you are using?

Obviously, the credentials have to match between the server and the
client for authentication to make any sense. I've run a quick test with
following GSM-Milenage sample:

wpa_supplicant:

eap=SIM
identity="1232010000000000"
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581"

FreeRADIUS simtriplets.dat:

# IMSI,RAND,SRES,Kc
232010000000000,30000000000000000000000000000000,91cad282,1e3d126daec995c4
232010000000000,30000000000000000000000000000001,6a6851fa,0b68c2592177e231
232010000000000,30000000000000000000000000000002,6359d3f9,45b453420e9517b0
1232010000000000,30000000000000000000000000000000,91cad282,1e3d126daec995c4
1232010000000000,30000000000000000000000000000001,6a6851fa,0b68c2592177e231
1232010000000000,30000000000000000000000000000002,6359d3f9,45b453420e9517b0

(it looks like the current FreeRADIUS EAP-SIM code did not handle the
extra '1' prefix in the identity so I had to include IMSI both with and
without this to get through EAP method selection and actual SIM
authentication)
(Continue reading)

Fernando | 3 Dec 11:18 2008
Picon

Re: about SIM SIMULATOR

Jouni Malinen wrote:
> On Mon, Dec 01, 2008 at 09:50:03AM +0100, Fernando wrote:
>
>   
>> I'm using a triplets configured by me in freeradius (randomly).  When 
>> the simulator  is used... must a specific triplets be configured? what 
>> are the triplets that you are using?
>>     
>
> Obviously, the credentials have to match between the server and the
> client for authentication to make any sense. I've run a quick test with
> following GSM-Milenage sample:
>
> wpa_supplicant:
>
> eap=SIM
> identity="1232010000000000"
> password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581"
>
>
> FreeRADIUS simtriplets.dat:
>
> # IMSI,RAND,SRES,Kc
> 232010000000000,30000000000000000000000000000000,91cad282,1e3d126daec995c4
> 232010000000000,30000000000000000000000000000001,6a6851fa,0b68c2592177e231
> 232010000000000,30000000000000000000000000000002,6359d3f9,45b453420e9517b0
> 1232010000000000,30000000000000000000000000000000,91cad282,1e3d126daec995c4
> 1232010000000000,30000000000000000000000000000001,6a6851fa,0b68c2592177e231
> 1232010000000000,30000000000000000000000000000002,6359d3f9,45b453420e9517b0
>
(Continue reading)

Jouni Malinen | 3 Dec 12:12 2008
Picon

Re: about SIM SIMULATOR

On Wed, Dec 03, 2008 at 11:18:44AM +0100, Fernando wrote:

> Thank you very much for your reply, now EAP-SIM is working properly. On 
> the other hand, to use EAP-AKA... we must use USIM_SIMULATOR, mustn't 
> you? and the the triplets configuration... could it be the same?

EAP-AKA is more complex from testing view point since it includes replay
protection at the USIM. I have not looked at the patch to FreeRADIUS on
how it implements this, but just using a triplet (or well, quintet in
case of AKA) is not a suitable test for proper EAP-AKA implementation.
I've tested this with hostapd as the authentication server with the
included hlr_auc_gw to act as the HLR/AuC to generate the needed
challenges. This can be used with CONFIG_USIM_SIMULATOR in
wpa_supplicant.

--

-- 
Jouni Malinen                                            PGP id EFC895FA

Wpasupplicant DBus API

Hello everyone,
I’m searching for an discription of the Dbus API of wpasupplicant.
Does something like this exsist?
I started trying to wrap one out of the C Code, but my C is very rusty and I’m stucked.

Specially I’m trying to find out the correct format of the Argument(s) which should be submitted to the set() Method of an fi.epitest.hostap.WPASupplicant.Network Interface.
I e.g. tried  passing an Dbus Dict with {‘psk’:’my-secret-psk’}, but always recieve  “fi.epitest.hostap.WPASupplicant.InvalidOptions: Did not receive correct message arguments.”

If anyone has an Idea of what I’m doing wrong, or where I can find an API discription, please give me short hint.


Thanks a lot, Regards,

Paul
_______________________________________________
HostAP mailing list
HostAP <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap

Gmane