<div dir="ltr"><div><div><div><div>Thanks Jouni for the pointer. <br></div>The hosteap.eap_users file did not have those entries. <br></div>After adding them, I am able to see hostapd requesting for AT_ANY_ID_REQ<br><br></div>Thanks,<br></div>Premraj <br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 17, 2015 at 6:09 PM, Premraj Sundaram <span dir="ltr"><<a href="mailto:premraj.sundaram@gmail.com" target="_blank">premraj.sundaram@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div><div><div><div>Hi Experts,<br><br></div>I am trying to perform EAP-AKA for the IMSI mentioned as an example along with hostapd install. <br><br></div><div>File: hlr_auc_gw.milenage.db<br></div><div><br></div># IMSI Ki OPc AMF SQN<br>232010000000000 90dca4eda45b53cf0f12d7c9c3bc6a89 cb9cccc4b9258e6dca4760379fb82581 61df 000000000000<br><br># These values are from Test Set 19 which has the AMF separation bit set to 1<br># and as such, is suitable for EAP-AKA' test.<br>555444333222111 5122250214c33e723a5dd523fc145fc0 981d464c7c52eb6e5036234984ad0bcf c3ab 16f3b3f70fc1<br><br></div><div>Run ./hostapd hostapd.conf<br></div><div>Run ./hlr_auc_gw -m hlr_auc_gw.milenage_db<br></div><div><br></div>From Radius client, I try to sent the IMSI 232010000000000 for Access-Request.<br></div><div>However, the response is always ACCESS-REJECT as hostapd is not able to find the user in its database. <br></div><div><br></div>Logs:<br>------<br><br>RADIUS SRV: Received 112 bytes from <a href="http://127.0.0.1:43469" target="_blank">127.0.0.1:43469</a><br>RADIUS SRV: Received data - hexdump(len=112): 01 dd 00 70 61 5c a6 27 f0 99 f6 2e 8a f6 cb 05 38 75 35 62 01 11 32 33 32 30 31 30 30 30 30 30 30 30 30 30 30 4f 17 02 00 00 15 01 30 32 33 32 30 31 30 30 30 30 30 30 30 30 30 30 1f 11 32 33 32 30 31 30 30 30 30 30 30 30 30 30 30 20 0b 6c 6f 63 61 6c 68 6f 73 74 05 06 00 00 00 dd 50 12 92 67 27 a1 22 5b bc 2b ab 2a f9 94 a5 71 eb 3a<br>RADIUS message: code=1 (Access-Request) identifier=221 length=112<br> Attribute 1 (User-Name) length=17<br> Value: '232010000000000'<br> Attribute 79 (EAP-Message) length=23<br> Value: 020000150130323332303130303030303030303030<br> Attribute 31 (Calling-Station-Id) length=17<br> Value: '232010000000000'<br> Attribute 32 (NAS-Identifier) length=11<br> Value: 'localhost'<br> Attribute 5 (NAS-Port) length=6<br> Value: 221<br> Attribute 80 (Message-Authenticator) length=18<br> Value: 926727a1225bbc2bab2af994a571eb3a<br>RADIUS SRV: Creating a new session<br>RADIUS SRV: User-Name - hexdump_ascii(len=15):<br> 32 33 32 30 31 30 30 30 30 30 30 30 30 30 30 232010000000000<br>RADIUS SRV: Matching user entry found<br>RADIUS SRV: [0x2 127.0.0.1] New session created<br>EAP: Server state machine created<br>RADIUS SRV: New session 0x2 initialized<br>RADIUS SRV: Received EAP data - hexdump(len=21): 02 00 00 15 01 30 32 33 32 30 31 30 30 30 30 30 30 30 30 30 30<br>EAP: EAP entering state INITIALIZE<br>EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=0 respMethod=1 respVendor=0 respVendorMethod=0<br>eth0: CTRL-EVENT-EAP-STARTED 00:00:00:00:00:00<br>EAP: EAP entering state PICK_UP_METHOD<br>eth0: CTRL-EVENT-EAP-PROPOSED-METHOD method=1<br>EAP: EAP entering state METHOD_RESPONSE<br>EAP-Identity: Peer identity - hexdump_ascii(len=16):<br> 30 32 33 32 30 31 30 30 30 30 30 30 30 30 30 30 0232010000000000<br>RADIUS SRV: [0x2 127.0.0.1] EAP: EAP-Response/Identity '0232010000000000'<br>EAP: EAP entering state SELECT_ACTION<br><span style="color:rgb(0,0,0)">EAP: getDecision: user not found from database -> FAILURE</span><br>EAP: EAP entering state FAILURE<br>EAP: Building EAP-Failure (id=0)<br>eth0: CTRL-EVENT-EAP-FAILURE 00:00:00:00:00:00<br>RADIUS SRV: EAP data from the state machine - hexdump(len=4): 04 00 00 04<br>RADIUS SRV: [0x2 127.0.0.1] EAP authentication failed<br>RADIUS SRV: Reply to <a href="http://127.0.0.1:43469" target="_blank">127.0.0.1:43469</a><br>RADIUS message: code=3 (Access-Reject) identifier=221 length=44<br> Attribute 79 (EAP-Message) length=6<br> Value: 04000004<br> Attribute 80 (Message-Authenticator) length=18<br> Value: 159e546370c38713669d2827a32de85a<br>RADIUS SRV: [0x2 127.0.0.1] Sending Access-Reject<br>RADIUS SRV: Removing completed session 0x2 after timeout<br>RADIUS SRV: Removing completed session 0x2<br>EAP: Server state machine removed<br><br></div>Am I missing any configurations - due to which hostapd is not able to find the user in its database.<br><br></div>Help is much appreciated.<br><br></div>Thanks,<br></div>Premraj<br><div><div><div><div><div><div><br><br><br><br><div><br><br><div><br></div></div></div></div></div></div></div></div></div>
</blockquote></div><br></div>