Make hostapd-0.5.8 as Authentication server

林 Kinki kinki37 at hotmail.com
Thu Jun 14 07:16:36 EDT 2007



>From: 林 Kinki <kinki37 at hotmail.com>
>To: j at w1.fi, hostap at shmoo.com
>Subject: Re: Make hostapd-0.5.8 as Authentication server
>Date: Wed, 13 Jun 2007 12:14:11 +0800
>
>
>
>
> >From: Jouni Malinen <j at w1.fi>
> >To: ?L Kinki <kinki37 at hotmail.com>
> >CC: hostap at shmoo.com
> >Subject: Re: Make hostapd-0.5.8 as Authentication server
> >Date: Mon, 11 Jun 2007 15:29:25 -0700
> >
> >On Sun, Jun 10, 2007 at 10:50:53PM +0800, ?L Kinki wrote:
> >
> > > The server can work now, but it still has two problems.
> >
> > > Could not set passive scanning:Unknown error 4294967295
> > > Flushing old station entries
> > > Deauthenticate all stations
> > > test_driver_set_privacy(ifname= enable=0)
> > > test_driver_set_encryption(iface= algo=none idx=0 txkey=1)
> > > test_driver_set_encryption(iface= algo=none idx=1 txkey=1)
> > > test_driver_set_encryption(iface= algo=none idx=2 txkey=1)
> > > test_driver_set_encryption(iface= algo=none idx=3 txkey=1)
> > > Using interface with hwaddr 02:56:20:22:3d:2a and ssid' '
> >
> > > The line "Could not..." sounds like an error, and the four lines
> > > "test_driver" sound like we are using WEP encryption.
> > > But I am trying to treat it like a server, it should not show any WEP
> > > information.
> >
> >That is expected behavior and can be ignored. hostapd still believes it
> >is controlling a wireless interface, but the driver_test.c interface
> >does not really use any device.
> >
> > > I am trying to use EAP-SIM and EAP-AKA, and try EAP-SIM first.
> > > But EAP-SIM will never success.
> > >
> > > It will show messages like "Failed to get GSM authenticsation 
triplets
>for
> > > the peer".
> > > I am prettry sure I have store IMSI,Kc,SRES,and RAND in 
hostapd.sim_db,
>but
> > > the error messages means the state machine couldn't find a match item
>in
> > > its database. Isn't it odd?
> >
> >Are you running hlr_auc_gw to provide the authentication triplers for
> >hostapd?
> >
>
>My original hostapd.conf is using "eap_sim_db=hostapd.sim_db".
>I add the hlr_auc_gw.sock in hostapd.conf by changing it into
>"eap_sim_db=unix:/temp/hlr_auc_gw.sock".
>Then hlr_auc_gw should be enable, isn't it?
>
>But after I enable hostapd, I get the following error messages:
>
>connect(eap_sim_db):No such file or directory
>HLR/AuC GW socket - hexdump_ascii(len=20):
>     2f 74 6d 70 2f 68 6c 72 5f 61 75 63 5f 67 77 2e  /tmp/hlr_auc_gw.
>     73 6f 63 6b
>sock
>Failed to initialize EAP-SIM database interface
>

Dear Jouni,
I still get the same error message even if I write 
"eap_sim_db=hostapd.sim_db", "eap_sim_db=unix:/hlr_auc_gw.sock" or 
"eap_sim_db=unix:/hostapd.sim_db".

How could I enable EAP-SIM/EAP-AKA correctly?
What value should be assigned to eap_sim_db?

>Do I use a wrong way to run the hlr_auc_gw?
>If I enable hostapd in this hostapd.conf,
>can the IMSI, KC, SRES, and RAND which I store in the hostapd.sim_db be
>found ?
>Or I must write them into hlr_auc_gw.milenage_db?
>

If I enable hlr_auc_gw to authenticate the clients, IMSI,KC,SRES,and RAND 
should be written in hlr_auc_gw.milenage_db , or hostapd.sim_db?

Does the OPc value in hlr_auc_gw.milenage_db mean the random number? 
And about the AMF, how could I get it ? 
Can I get them from any messages?

I am trying to test EAP-SIM and EAP-AKA using my code, so I don't use a 
real USIM to authenticate.
Can I fake a AMF and a OPc ? or I must get them from a real USIM?

Thanks for your great great help!!

Thanks,
Kinki

> > > I notice that AKA doesn't have the database file, then how could you
>test
> > > EAP-AKA without the home encironment?
> >
> >If you are planning on using real USIM cards, you cannot test EAP-AKA
> >without matching AuC/HLR implementation. hostapd (the hlr_auc_gw part of
> >it) implements AuC/HLR for generating AKA authentication data using
> >Milenage algorithm. That can be used with USIM cards that have been
> >configured to use Milenage with a known private key.
> >
> >--
>
>I notice there are OPc , AMF, and SQN in hlr_auc_gw.milenage_db.
>What's the meaning of OPc? And how do I get them?
>Can I just write a fake value to make EAP-AKA work?
>
>Thank you very much.
>I get lots of information from your letters.
>
>Thanks,
>Kinki
>
> >Jouni Malinen                                            PGP id EFC895FA
>
>_________________________________________________________________
>Windows Live Messenger 正式版熱烈下載中:共用資料夾,傳檔案再大也不怕
>http://get.live.com/messenger/overview
>
>_______________________________________________
>HostAP mailing list
>HostAP at shmoo.com
>http://lists.shmoo.com/mailman/listinfo/hostap

_________________________________________________________________
Windows Live Messenger 正式版熱烈下載中:共用資料夾,傳檔案再大也不怕 
http://get.live.com/messenger/overview 




More information about the HostAP mailing list