wpa_supplicant: problems with EAP-SIM

Wed Jan 25 07:57:30 PST 2006

Hi,

I'm try to use wpa_supplicant to get EAP-SIM authentication from a
radius server. Client is running on Fedora Core 3 , connecting via
ethernet to a Cisco 2950 which is acting as the authenticator.
Sim is a GSM sim, using a USB Omnikey Cardman dongle. pcsclite
is used to talk to the sim.

When I use xsupplicant as a client, this system will authenticate
quite happily with the radius server. With wpa_supplicant, the
client does not respond to the EAP requests from the authenticator
and no request is made to the radius server.

I can use wpa_supplicant with MD5 and that works just fine.

I suspect I've got something trivial wrong in the configuration, but
I can't see it. I'd be grateful if anyone can give me any pointers
to what is wrong.

The wpa_supplicant.conf eapsim file looks like this:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
eapol_version=1
ap_scan=0
network={
         ssid="eap-sim-test"
         key_mgmt=WPA-EAP
         eap=SIM
         pin="1234"
         pcsc=""
         eapol_flags=0
}

wpa_supplicant was built with the following .config

CONFIG_IEEE8021X_EAPOL=y
CONFIG_EAP_MD5=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_SIM=y

CONFIG_PCSC=y

CONFIG_DRIVER_WIRED=y

CONFIG_BACKEND=file

CONFIG_CTRL_IFACE=y

CONFIG_CTRL_IFACE_UDP=y

And the output from running wpa_supplicant in debug mode (-dd) is:

[root at client1 wpa_supplicant-0.4.7]# wpa_supplicant -dd -ieth0 
-cwpa_supplicant.conf.eapsim
Initializing interface 'eth0' conf 'wpa_supplicant.conf.eapsim' driver 
'default' ctrl_interface 'N/A'
Configuration file 'wpa_supplicant.conf.eapsim' -> 
'/home/siteadm/wpa_supplicant-0.4.7/wpa_supplicant.conf.eapsim'
Reading configuration file 
'/home/siteadm/wpa_supplicant-0.4.7/wpa_supplicant.conf.eapsim'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=10 (from group name 'wheel')
eapol_version=1
ap_scan=0
Line: 19 - start of a new network block
ssid - hexdump_ascii(len=12):
      65 61 70 2d 73 69 6d 2d 74 65 73 74               eap-sim-test
key_mgmt: 0x8
eap methods - hexdump(len=2): 12 00
identity - hexdump_ascii(len=15):
      32 33 35 37 37 32 37 30 31 32 30 30 35 30 36      235772701200506
pin - hexdump_ascii(len=4): [REMOVED]
eapol_flags=0 (0x0)
Priority group 0
    id=0 ssid='eap-sim-test'
Initializing interface (2) 'eth0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_wired_init: Added multicast membership with packet socket
Own MAC address: 00:30:1b:35:35:03
Setting scan request: 0 sec 100000 usec
Added interface eth0
RX EAPOL from 00:13:1a:c0:5c:01
RX EAPOL - hexdump(len=46): 01 00 00 05 01 12 00 05 01 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
00 00
EAPOL: Received EAP-Packet frame

Kind regards,

Pete

-- 
   ____________________________________________________________________
   Pete Young          pete.young at bt.com          Phone +44 1473 642740
       "Just another crouton, floating on the bouillabaisse of life"