EAP-SIM on freeradius-server-2.1.12

GNUbie gnubie at gmail.com
Mon Feb 13 17:26:07 CET 2012


Hello all,

I configured manually ($  ./configure --with-modules="rlm_sim"
--with-modules="rlm_sim_files" && make) and installed (# make install)
the freeradius-server-2.1.12 from the upstream on the CentOS 5.7
x86_64 machine. Then I configured the following configuration files:

- /usr/local/etc/raddb/radiusd.conf
- /usr/local/etc/raddb/clients.conf
- /usr/local/etc/raddb/eap.conf
- /usr/local/etc/raddb/sites-enabled/default

And lastly, I created the /usr/local/etc/raddb/simtriplets.dat with
six (6) triplets (just to make sure though AFAIK 3 is enough) for a
single IMSI.

Then, I executed the command "# /usr/local/sbin/radiusd -X -d
/usr/local/etc/raddb" and tried testing directly from my iPhone4, I
got the below snippet of the stdout logs:

- - - < s n i p > - - -
rad_recv: Access-Request packet from host 172.17.1.110 port 2048,
id=120, length=249
        User-Name = "3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org"
        NAS-IP-Address = 172.17.1.110
        NAS-Port = 0
        Called-Station-Id = "0E-19-BE-80-71-00:eap-sim"
        Calling-Station-Id = "5C-59-48-67-C7-A5"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message =
0x0200003901336265383535616537613836303763376640776c616e2e6d6e633030312e6d63633532352e336770706e6574776f726b2e6f7267
        Message-Authenticator = 0xdef1645477a2ba0f9a9371f0a9eea8b7
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
-> /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120213
[auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120213
[auth_log]      expand: %t -> Mon Feb 13 23:48:18 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "wlan.mnc001.mcc525.3gppnetwork.org" for
User-Name = "3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org"
[suffix] No such realm "wlan.mnc001.mcc525.3gppnetwork.org"
++[suffix] returns noop
rlm_sim_files: insufficient number of challenges for imsi
3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org: 0
++[sim_files] returns notfound
[eap] EAP packet type response id 0 length 57
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type sim
   can not initiate sim, no RAND1 attribute
[eap] Default EAP type sim failed in initiate
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect:
[3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org] (from client
eap-sim port 0 cli 5C-59-48-67-C7-A5)
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} ->
3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 120 to 172.17.1.110 port 2048
        EAP-Message = 0x04000004
        Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.9 seconds.
Cleaning up request 0 ID 120 with timestamp +13
Ready to process requests.
- - - < s n i p > - - -

Based on the above logs, below are the (3) lines that I'm not sure how
to address them:

[suffix] No such realm "wlan.mnc001.mcc525.3gppnetwork.org"

rlm_sim_files: insufficient number of challenges for imsi
3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org: 0
++[sim_files] returns notfound

[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.

[eap] processing type sim
   can not initiate sim, no RAND1 attribute
[eap] Default EAP type sim failed in initiate
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect:
[3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org] (from client
eap-sim port 0 cli 5C-59-48-67-C7-A5)

Please advice on how am I going to proceed from here. Thank you in advance.

Regards,

GNUbie



More information about the Freeradius-Users mailing list