2

i am trying to test EAP-SIM with hostapd as AP and wpa_supplicant. I have built the hlr_auc_gw in hostapd for doing this. hlr_auc_gw and hostapd start fine but when i start wpa_supplicant, nothing happens. EDIT: hostapd.conf is:

interface=wlan0
driver=nl80211
ieee8021x=1
eap_server=1
ssid=Test-EAP-SIM
eap_user_file=/tmp/hostapd.eap_user
eap_sim_db=unix:/tmp/hlr_auc_gw.sock
radius_server_auth_port=1812
radius_server_clients=/tmp/radius_clients
wpa=3
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP TKIP

wpa_supplicant.conf is:

network={
ssid="Test-EAP-SIM"
key_mgmt=WPA-EAP
eap=SIM
identity="1232010000000000"
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581" 
}

hostapd still gives me the error: wlan1: STA d6:f0:e3:1b:0f:f2 IEEE 802.1X: unauthorizing port wlan1: STA d6:f0:e3:1b:0f:f2 IEEE 802.1X: authentication failed - EAP type: 0 (unknown) wlan1: STA d6:f0:e3:1b:0f:f2 IEEE 802.1X: Supplicant used different EAP type: 18 (SIM)

What could i be missing?

user3543097
  • 23
  • 1
  • 6

2 Answers2

1

There are a couple of changes that you need to do to wpa_supplicant conf file and also hostapd. Changes that need to be done wpa_supplicant .config file are,

CONFIG_EAP_SIM=y
CONFIG_USIM_SIMULATOR=y
CONFIG_SIM_SIMULATOR=y

The configuration in wpa_supplicant.conf will look like below.

network={
ssid="hostapd"
key_mgmt=WPA-EAP
eap=SIM
identity="1232010000000000"
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581" 
}

Note the first bit in identity is added as 1 for SIM.

On hostapd, the following changes are to be done.

CONFIG_EAP_SIM=y

hostapd.conf should have a line indicating milenage db like below.

eap_sim_db=unix:/tmp/hlr_auc_gw.sock

eap_user_file should be pointing to the correct user file.

The eapsuser file should have an entry for SIM as required.

hlr_gw_auc app should be started as follows:

sudo ./hlr_auc_gw -u -m ./hlr_auc_gw.milenage_db

Sample entry is mentioned below.

IMSI Ki OPc AMF SQN
232010000000000 90dca4eda45b53cf0f12d7c9c3bc6a89 cb9cccc4b9258e6dca4760379fb82581 61df 000000000063
Anand
  • 278
  • 3
  • 10
  • Thanks Anand. I am now seeing the following error during authentication. hostpad log: > wlan0: STA d6:42:02:9a:3e:6e IEEE 802.1X: authentication failed - EAP type: 0 (unknown) > wlan0: STA d6:42:02:9a:3e:6e IEEE 802.1X: Supplicant used different EAP type: 18 (SIM) Any idea what this error is referring to? – user3543097 Feb 07 '17 at 18:35
  • Mainly because the EAP-SIM method is not identified by the hostapd. Below I have mentioned some more changes. – Anand Feb 08 '17 at 08:08
0

can you check the WPA/IEEE 802.11i configuration inside your hostapd configuration? List of parameters I have used is

  1. wpa=3
  2. wpa_passphrase=123456
  3. wpa_key_mgmt=WPA-PSK WPA-EAP
  4. wpa_pairwise=TKIP CCMP
  5. rsn_pairwise=CCMP

Before starting hostapd.conf, it should be built and then milenage db should be started. Try this method.

Anand
  • 278
  • 3
  • 10
  • Thanks Anand. I have all those settings (i have updated my original post with my hostapd and wpa_supplicant config files). I still see the same error (Supplicant uses different type). Anything else you can think of? – user3543097 Feb 08 '17 at 17:56
  • Can you tell me which version of wpa_supplicant you are using? Ideally 2.5 version with these changes should work. – Anand Feb 09 '17 at 06:13
  • I am using v2.6. I enabled debug in wpa_supplicant log and see this: EAP-SIM: GSM authentication algorithm EAP-SIM: No GSM authentication algorithm enabled EAP-SIM: GSM authentication failed it should pick it up from the milenage db file right? Also, can you share your eap_user_file and radius_server_clients file? – user3543097 Feb 09 '17 at 15:16