EAP-SIM transfer to proxy freeRADIUS to freeDiameter

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

EAP-SIM transfer to proxy freeRADIUS to freeDiameter

mankomal
I am looking to proxy EAP-SIM request from freeRADIUS to freeDiameter, the
process involves:

   1. Set proxy on freeRADIUS (my status is requested is not being proxied)
   2. Set NAS on freeDiameter (due to lack of documentation I am not able
   to understand where to define Radius as a NAS)
   3. Send message back to freeRADIUS (I think this will be done
   automatically by Diameter once the above tasks are completed)

my current status is freeRADIUS is:

[suffix] Looking up realm "wlan.mnc010.mcc404.3gppnetwork.org" for
ser-Name = "[hidden email]"
[suffix] Found realm "wlan.mnc010.mcc404.3gppnetwork.org"
[suffix] Adding Stripped-User-Name = "1404100508859867"
[suffix] Adding Realm = "wlan.mnc010.mcc404.3gppnetwork.org"
[suffix] Proxying request from user 1404100508859867 to realm
wlan.mnc010.mcc404.3gppnetwork.org
[suffix] Preparing to proxy authentication request to realm
"wlan.mnc010.mcc404.3gppnetwork.org"
++[suffix] = updated
[eap] Request is supposed to be proxied to Realm
wlan.mnc010.mcc404.3gppnetwork.org.  Not doing EAP.
++[eap] = noop

in the end, I get an error message which says:

+} # group authorize = updated
ERROR: Failed to find live home server for realm
wlan.mnc010.mcc404.3gppnetwork.org
There was no response configured: rejecting request 6
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/default
+group REJECT {
[attr_filter.access_reject]     expand: %{User-Name} ->
[hidden email]
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated

I am not able to understand what I might be doing wrong

Also, a point to note I don't get any debug in my Diameter:

freeDiameterd
libfdproto initialized.
libgnutls '2.12.23', libgcrypt '1.4.5', initialized.
Generating fresh Diffie-Hellman parameters of size 1024 (this takes
some time)...
All extensions loaded.
-- Configuration :
  Debug trace level ...... : +1
  Configuration file ..... : /usr/etc/freeDiameter/freeDiameter.conf
  Diameter Identity ...... : diameter.<identity hidden> (l:19)
  Diameter Realm ......... : <identity hidden> (l:10)
  Tc Timer ............... : 30
  Tw Timer ............... : 30
  Local port ............. : 3868
  Local secure port ...... : 3869
  Number of SCTP streams . : 30
  Number of server threads : 4
  Local endpoints ........ :
                             [103.206.180.2]:0 {C---}
  Local applications ..... : (none)
  Flags : - IP ........... : Enabled
          - IPv6 ......... : DISABLED
          - Relay app .... : DISABLED
          - TCP .......... : Enabled
          - SCTP ......... : DISABLED
          - Pref. proto .. : SCTP
          - TLS method ... : Separate port
  TLS :   - Certificate .. : /etc/ssl/certs/freeDiameter.pem
          - Private key .. : /etc/ssl/private/freeDiameter.key
          - CA (trust) ... : /etc/ssl/certs/freeDiameter.pem (1 certs)
          - CRL .......... : (none)
          - Priority ..... : (default: 'NORMAL')
          - DH bits ...... : 1024
  Origin-State-Id ........ : 1493381358
freeDiameterd daemon initialized.

All the help in this will be highly appreciable.
Thanks & regards
Mankomal Singh
Krauss International
P: +91-9910416231
E: [hidden email]
PS: Send all bulk emails to [hidden email] ONLY
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Reply | Threaded
Open this post in threaded view
|

Re: EAP-SIM transfer to proxy freeRADIUS to freeDiameter

Alan DeKok-2
On Apr 28, 2017, at 1:42 PM, Krauss International <[hidden email]> wrote:
>
> I am looking to proxy EAP-SIM request from freeRADIUS to freeDiameter, the
> process involves:
>
>   1. Set proxy on freeRADIUS (my status is requested is not being proxied)
>   2. Set NAS on freeDiameter (due to lack of documentation I am not able
>   to understand where to define Radius as a NAS)

  See the FreeDiameter project for documentation on how it works.

>   3. Send message back to freeRADIUS (I think this will be done
>   automatically by Diameter once the above tasks are completed)

  That would be the idea.

> I am not able to understand what I might be doing wrong

  Ask the freeDiameter people how their software works.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Reply | Threaded
Open this post in threaded view
|

Re: EAP-SIM transfer to proxy freeRADIUS to freeDiameter

arr2036
In reply to this post by mankomal

> On Apr 28, 2017, at 1:42 PM, Krauss International <[hidden email]> wrote:
>
> I am looking to proxy EAP-SIM request from freeRADIUS to freeDiameter, the
> process involves:

Please re-post to the users list, this is not a question about FreeRADIUS development.

-Arran

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html

signature.asc (859 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: EAP-SIM transfer to proxy freeRADIUS to freeDiameter

Alan DeKok-2
On Apr 28, 2017, at 1:56 PM, Arran Cudbard-Bell <[hidden email]> wrote:
> Please re-post to the users list, this is not a question about FreeRADIUS development.

  Please DO NOT post it to the users list.  It's a question about freeDiameter.

  I'll also note the original author posted to the IETF DIME list.  That's not appropriate, and unfriendly.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Reply | Threaded
Open this post in threaded view
|

Re: EAP-SIM transfer to proxy freeRADIUS to freeDiameter

arr2036

> On Apr 28, 2017, at 2:05 PM, Alan DeKok <[hidden email]> wrote:
>
> On Apr 28, 2017, at 1:56 PM, Arran Cudbard-Bell <[hidden email]> wrote:
>> Please re-post to the users list, this is not a question about FreeRADIUS development.
>
>  Please DO NOT post it to the users list.  It's a question about freeDiameter.
>
>  I'll also note the original author posted to the IETF DIME list.  That's not appropriate, and unfriendly.

It's vaguely FreeRADIUS related, in that it could be a home server configuration issue, but sure.

He also posted to stack overflow - http://stackoverflow.com/questions/43681097/freeradius-request-proxy-to-freediameter

-Arran

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html

signature.asc (859 bytes) Download Attachment