<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><BR><BR>--- On <B>Wed, 2/22/12, Martin Willi <I><martin@strongswan.org></I></B> wrote:<BR>
<BLOCKQUOTE style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: rgb(16,16,255) 2px solid"><BR>From: Martin Willi <martin@strongswan.org><BR>Subject: Re: [strongSwan] eap-aka with hostapd<BR>To: "Manish Minz" <manishminz77@yahoo.com><BR>Cc: users@lists.strongswan.org<BR>Date: Wednesday, February 22, 2012, 8:17 AM<BR><BR>
<DIV class=plainMail>Hi,<BR><BR>> i am using strongswan with hostapd as a AAA server<BR><BR>How does your setup exactly look like? Are you using a strongSwan client<BR>with the eap-aka plugin against a strongSwan server with eap-radius and<BR>a hostapd backend?<BR><BR>> but stuck at the point "received mac does not match xmac"<BR><BR>Our eap-aka plugin handles the protocol part of AKA only, it requires<BR>quintuples from another backend. You could use our eap-aka-3gpp2 plugin<BR>that calculates quintuplets based on secret K according to 3GPP2 specs.<BR>I'm not sure what standard is implemented in hostapd, but probably it is<BR>3GPP, not 3GPP2.<BR><BR>We have another backend, eap-simaka-sql, that reads quintuplets directly<BR>from an SQL database. Of course you can write your own backend (or ask<BR>us to do it) by implementing the interface in libsimaka/simaka_card.h.<BR><BR>> also what will be the configuration of files to specify IMSI and
other<BR>> parameters.<BR><BR>The IMSI or NAI is usually exchanged in a preceding EAP-Identity<BR>exchange, you can configure it with eap_identity=... on the client. On<BR>the server, you'll have to request the EAP-Identity by specifying<BR>eap_identity=%identity. And make sure to have the eap-identity plugin<BR>built and loaded.<BR><BR>Regards<BR>Martin<BR><BR></DIV>
<DIV class=plainMail> </DIV>
<DIV class=plainMail> </DIV>
<DIV class=plainMail> </DIV>
<DIV class=plainMail> </DIV>
<DIV class=plainMail> </DIV>
<DIV class=plainMail>>we have two different machine moon and carol, moon has hostapd(AAA server) as well as strongswan installed ,carol only installed with strongswan. we are trying to do eap-aka-radius with hostapd as AAA server ,in moon we have set rightauth=eap-radius.</DIV>
<DIV class=plainMail> </DIV>
<DIV class=plainMail>>we does not want to use eap-simaka-plugin,so how to get rid of this "received mac does not match xmac."?</DIV>
<DIV class=plainMail> </DIV>
<DIV class=plainMail> </DIV>
<DIV class=plainMail>regards,</DIV>
<DIV class=plainMail>manish</DIV></BLOCKQUOTE></td></tr></table>