Access-Reject - User not found during EAP-AKA

Premraj Sundaram premraj.sundaram
Thu Jun 18 11:37:11 PDT 2015


Thanks Jouni for the pointer.
The hosteap.eap_users file did not have those entries.
After adding them, I am able to see hostapd requesting for AT_ANY_ID_REQ

Thanks,
Premraj

On Wed, Jun 17, 2015 at 6:09 PM, Premraj Sundaram <
premraj.sundaram at gmail.com> wrote:

> Hi Experts,
>
> I am trying to perform EAP-AKA for the IMSI mentioned as an example along
> with hostapd install.
>
> File: hlr_auc_gw.milenage.db
>
> # IMSI Ki OPc AMF SQN
> 232010000000000 90dca4eda45b53cf0f12d7c9c3bc6a89
> cb9cccc4b9258e6dca4760379fb82581 61df 000000000000
>
> # These values are from Test Set 19 which has the AMF separation bit set
> to 1
> # and as such, is suitable for EAP-AKA' test.
> 555444333222111 5122250214c33e723a5dd523fc145fc0
> 981d464c7c52eb6e5036234984ad0bcf c3ab 16f3b3f70fc1
>
> Run ./hostapd hostapd.conf
> Run ./hlr_auc_gw -m hlr_auc_gw.milenage_db
>
> From Radius client, I try to sent the IMSI 232010000000000 for
> Access-Request.
> However, the response is always ACCESS-REJECT as hostapd is not able to
> find the user in its database.
>
> Logs:
> ------
>
> RADIUS SRV: Received 112 bytes from 127.0.0.1:43469
> RADIUS SRV: Received data - hexdump(len=112): 01 dd 00 70 61 5c a6 27 f0
> 99 f6 2e 8a f6 cb 05 38 75 35 62 01 11 32 33 32 30 31 30 30 30 30 30 30 30
> 30 30 30 4f 17 02 00 00 15 01 30 32 33 32 30 31 30 30 30 30 30 30 30 30 30
> 30 1f 11 32 33 32 30 31 30 30 30 30 30 30 30 30 30 30 20 0b 6c 6f 63 61 6c
> 68 6f 73 74 05 06 00 00 00 dd 50 12 92 67 27 a1 22 5b bc 2b ab 2a f9 94 a5
> 71 eb 3a
> RADIUS message: code=1 (Access-Request) identifier=221 length=112
>    Attribute 1 (User-Name) length=17
>       Value: '232010000000000'
>    Attribute 79 (EAP-Message) length=23
>       Value: 020000150130323332303130303030303030303030
>    Attribute 31 (Calling-Station-Id) length=17
>       Value: '232010000000000'
>    Attribute 32 (NAS-Identifier) length=11
>       Value: 'localhost'
>    Attribute 5 (NAS-Port) length=6
>       Value: 221
>    Attribute 80 (Message-Authenticator) length=18
>       Value: 926727a1225bbc2bab2af994a571eb3a
> RADIUS SRV: Creating a new session
> RADIUS SRV: User-Name - hexdump_ascii(len=15):
>      32 33 32 30 31 30 30 30 30 30 30 30 30 30 30      232010000000000
> RADIUS SRV: Matching user entry found
> RADIUS SRV: [0x2 127.0.0.1] New session created
> EAP: Server state machine created
> RADIUS SRV: New session 0x2 initialized
> RADIUS SRV: Received EAP data - hexdump(len=21): 02 00 00 15 01 30 32 33
> 32 30 31 30 30 30 30 30 30 30 30 30 30
> EAP: EAP entering state INITIALIZE
> EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=0 respMethod=1
> respVendor=0 respVendorMethod=0
> eth0: CTRL-EVENT-EAP-STARTED 00:00:00:00:00:00
> EAP: EAP entering state PICK_UP_METHOD
> eth0: CTRL-EVENT-EAP-PROPOSED-METHOD method=1
> EAP: EAP entering state METHOD_RESPONSE
> EAP-Identity: Peer identity - hexdump_ascii(len=16):
>      30 32 33 32 30 31 30 30 30 30 30 30 30 30 30 30   0232010000000000
> RADIUS SRV: [0x2 127.0.0.1] EAP: EAP-Response/Identity '0232010000000000'
> EAP: EAP entering state SELECT_ACTION
> EAP: getDecision: user not found from database -> FAILURE
> EAP: EAP entering state FAILURE
> EAP: Building EAP-Failure (id=0)
> eth0: CTRL-EVENT-EAP-FAILURE 00:00:00:00:00:00
> RADIUS SRV: EAP data from the state machine - hexdump(len=4): 04 00 00 04
> RADIUS SRV: [0x2 127.0.0.1] EAP authentication failed
> RADIUS SRV: Reply to 127.0.0.1:43469
> RADIUS message: code=3 (Access-Reject) identifier=221 length=44
>    Attribute 79 (EAP-Message) length=6
>       Value: 04000004
>    Attribute 80 (Message-Authenticator) length=18
>       Value: 159e546370c38713669d2827a32de85a
> RADIUS SRV: [0x2 127.0.0.1] Sending Access-Reject
> RADIUS SRV: Removing completed session 0x2 after timeout
> RADIUS SRV: Removing completed session 0x2
> EAP: Server state machine removed
>
> Am I missing any configurations - due to which hostapd is not able to find
> the user in its database.
>
> Help is much appreciated.
>
> Thanks,
> Premraj
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20150618/8f8575fd/attachment-0001.htm>



More information about the Hostap mailing list