Make hostapd-0.5.8 as Authentication server

Wed Jun 13 00:14:11 EDT 2007

>From: Jouni Malinen <j at w1.fi>
>To: ?L Kinki <kinki37 at hotmail.com>
>CC: hostap at shmoo.com
>Subject: Re: Make hostapd-0.5.8 as Authentication server
>Date: Mon, 11 Jun 2007 15:29:25 -0700
>
>On Sun, Jun 10, 2007 at 10:50:53PM +0800, ?L Kinki wrote:
>
> > The server can work now, but it still has two problems.
>
> > Could not set passive scanning:Unknown error 4294967295
> > Flushing old station entries
> > Deauthenticate all stations
> > test_driver_set_privacy(ifname= enable=0)
> > test_driver_set_encryption(iface= algo=none idx=0 txkey=1)
> > test_driver_set_encryption(iface= algo=none idx=1 txkey=1)
> > test_driver_set_encryption(iface= algo=none idx=2 txkey=1)
> > test_driver_set_encryption(iface= algo=none idx=3 txkey=1)
> > Using interface with hwaddr 02:56:20:22:3d:2a and ssid' '
>
> > The line "Could not..." sounds like an error, and the four lines
> > "test_driver" sound like we are using WEP encryption.
> > But I am trying to treat it like a server, it should not show any WEP
> > information.
>
>That is expected behavior and can be ignored. hostapd still believes it
>is controlling a wireless interface, but the driver_test.c interface
>does not really use any device.
>
> > I am trying to use EAP-SIM and EAP-AKA, and try EAP-SIM first.
> > But EAP-SIM will never success.
> >
> > It will show messages like "Failed to get GSM authenticsation triplets 
for
> > the peer".
> > I am prettry sure I have store IMSI,Kc,SRES,and RAND in hostapd.sim_db, 
but
> > the error messages means the state machine couldn't find a match item 
in
> > its database. Isn't it odd?
>
>Are you running hlr_auc_gw to provide the authentication triplers for
>hostapd?
>

My original hostapd.conf is using "eap_sim_db=hostapd.sim_db".
I add the hlr_auc_gw.sock in hostapd.conf by changing it into 
"eap_sim_db=unix:/temp/hlr_auc_gw.sock".
Then hlr_auc_gw should be enable, isn't it?

But after I enable hostapd, I get the following error messages:

connect(eap_sim_db):No such file or directory
HLR/AuC GW socket - hexdump_ascii(len=20):
    2f 74 6d 70 2f 68 6c 72 5f 61 75 63 5f 67 77 2e  /tmp/hlr_auc_gw.
    73 6f 63 6b                                                           
sock
Failed to initialize EAP-SIM database interface 

Do I use a wrong way to run the hlr_auc_gw?
If I enable hostapd in this hostapd.conf, 
can the IMSI, KC, SRES, and RAND which I store in the hostapd.sim_db be 
found ?
Or I must write them into hlr_auc_gw.milenage_db?

> > I notice that AKA doesn't have the database file, then how could you 
test
> > EAP-AKA without the home encironment?
>
>If you are planning on using real USIM cards, you cannot test EAP-AKA
>without matching AuC/HLR implementation. hostapd (the hlr_auc_gw part of
>it) implements AuC/HLR for generating AKA authentication data using
>Milenage algorithm. That can be used with USIM cards that have been
>configured to use Milenage with a known private key.
>
>--

I notice there are OPc , AMF, and SQN in hlr_auc_gw.milenage_db.
What's the meaning of OPc? And how do I get them?
Can I just write a fake value to make EAP-AKA work?

Thank you very much.
I get lots of information from your letters.

Thanks,
Kinki

>Jouni Malinen                                            PGP id EFC895FA

_________________________________________________________________
Windows Live Messenger 正式版熱烈下載中：共用資料夾，傳檔案再大也不怕 
http://get.live.com/messenger/overview 