Hi,
I am trying to test EAP-SIM validation acting as a AAA proxy.
My set up is as follows
FreeRadius-Client ----> My AAA Proxy ----> FreeRadiusServer
I am getting a non matching message-authenticator for ACCESS_ACCEPT message.
So the last message ACCESS_ACCEPT is dropped in my proxy. But all the other messages like ACCESS_CHALLENGE/ ACCESS_REQUEST are validated successfully
But code to check validity of the message-authenticator is same for all messages in my proxy code.
I am using freeradius-server-2.1.12 as both client and server
And in the FreeRadius code, in radius.c file in function rad_sign(), I could find any case for ACCESS_ACCEPT
The existing cases are
case PW_AUTHENTICATION_ACK:
case PW_AUTHENTICATION_REJECT:
case PW_ACCESS_CHALLENGE:
So is the ACCESS_ACCEPT message-authenticator is calculated different method than other messages ?
If so can any one share how it is done.
Thanks,
Paul