Make hostapd-0.5.8 as Authentication server

[Jouni Malinen]

On Sun, Jun 10, 2007 at 10:50:53PM +0800, ?L Kinki wrote:

> The server can work now, but it still has two problems.

> Could not set passive scanning:Unknown error 4294967295
> Flushing old station entries
> Deauthenticate all stations
> test_driver_set_privacy(ifname= enable=0)
> test_driver_set_encryption(iface= algo=none idx=0 txkey=1)
> test_driver_set_encryption(iface= algo=none idx=1 txkey=1)
> test_driver_set_encryption(iface= algo=none idx=2 txkey=1)
> test_driver_set_encryption(iface= algo=none idx=3 txkey=1)
> Using interface with hwaddr 02:56:20:22:3d:2a and ssid' '

> The line "Could not..." sounds like an error, and the four lines 
> "test_driver" sound like we are using WEP encryption.
> But I am trying to treat it like a server, it should not show any WEP 
> information. 

That is expected behavior and can be ignored. hostapd still believes it
is controlling a wireless interface, but the driver_test.c interface
does not really use any device.

> I am trying to use EAP-SIM and EAP-AKA, and try EAP-SIM first.
> But EAP-SIM will never success.
> 
> It will show messages like "Failed to get GSM authenticsation triplets for 
> the peer".
> I am prettry sure I have store IMSI,Kc,SRES,and RAND in hostapd.sim_db, but 
> the error messages means the state machine couldn't find a match item in 
> its database. Isn't it odd?

Are you running hlr_auc_gw to provide the authentication triplers for
hostapd?

> I notice that AKA doesn't have the database file, then how could you test 
> EAP-AKA without the home encironment?

If you are planning on using real USIM cards, you cannot test EAP-AKA
without matching AuC/HLR implementation. hostapd (the hlr_auc_gw part of
it) implements AuC/HLR for generating AKA authentication data using
Milenage algorithm. That can be used with USIM cards that have been
configured to use Milenage with a known private key.

-- 
Jouni Malinen                                            PGP id EFC895FA