On 01/10/2011 05:34 PM, Effi Rand wrote: > I need some help with the configuration of the radiator as a MAP-GATEWAY with > radius interface. I'm not that experienced in this product and it's important > for me to evaluate this feature since the expire date is due in 2 weeks. > > I was able to test the EAP-SIM with the SSGN simulator using the "odyssey" > wireless client (after we cached some triplets to a local file) > However , when I try to test it with the MAP-GATEWAY simulator (same client), > I fail to get the access-accept message.
There are a couple of things you should try. I will go through them below: > # radius.cfg > # $Id: linux-radius.cfg,v 1.3 2002/03/24 23:07:49 mikem Exp $ Looks like most of the content is from goodies/eap_simoperator.cfg > AuthPort 1645,1812,1647 > AcctPort 1646,1813,1648 Please remove ports 1647 and 1648 since they will be used by map.cfg > <Realm DEFAULT> > <AuthBy SIMOPERATOR> > # The name or address of the example MAP gateway(s) that will > server this instance > # Radius requests are sent to this gateway requesting > triplets etc. > Host localhost > AuthPort 1647 > Secret cisco Please check README section "Testing with the Radius MAP gateway simulator". What you should have listening on localhost port 1647 is another Radiator running configuration from goodies/map.cfg The example mpa.cfg uses port 1647 with secret mysecret What happens now is that this Radiator instanc gets the request that is intented for the MAP simulator. Like README says, you should two Radiator instances running at the same time: 4. Run the MAP gateway simulator: radiusd -config goodies/map.cfg 5. Run Radiator EAP-SIM server radiusd -config goodies/eap_simoperator.cfg > <AuthBy MAP> > TripletsFile /tmp/Modules/Radius-EAP-SIM/goodies/triplets.dat > Pin 0000 > </AuthBy> Remove the <AuthBy MAP> block. This AuthBy will be handled by the second Radiator that uses map.cfg > </Realm> > Another thing , in the README file , you mention that there is also a > cisco-ipt simulator under Radius-EAP-SIM/goodies/ciscomap.cfg > > There is no file like that. You are correct. If will check what has happened to it. > Another question , so far I've failed to test the iPhone EAP-SIM client > against the EAP-SIM simulator. Any idea what can be done ? I have not tried iPhone myself, but unless you have already downloaded iPhone configuration utility from Apple you may want to do that. The utility gives you control over many things, including WLAN settings where you can disable all the other WPA-Enterprise methods. Thanks! -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
