EAP-SIM on freeradius-server-2.1.12
GNUbie
gnubie at gmail.com
Tue Feb 14 07:21:29 CET 2012
Hello all,
I have tried inserting the value of the User-Name attribute I am
getting from my Access-Request into the
/usr/local/etc/raddb/simtriplets.dat file:
# sed -i 's/^/3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org,/g'
/usr/local/etc/raddb/simtriplets.dat
and I ended up the below contents of my
/usr/local/etc/raddb/simtriplets.dat file:
3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,C97024E532E340a1A1C4DE24DA001CA6,CBe30a81,988c8753D4197800
3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,38E1F9E16B6E4ee6A785072241E8FF43,9Bcd3f54,F56fb487C1359c00
3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,8254442AD6CB47a29ABC530391DDE402,7054a123,806894125A715800
3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,7CA9CE3C148D43e09EBCC40D0AF8048B,A290d514,A2983885440dc400
3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,391DDF50B644482fAE46F091B1D6AA1C,7968b608,875d2af9E883d800
3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,E244EC5344CF4df1A83E54AB7E399670,F9122829,FB2763c02Cbfac00
Then when I executed the command "# /usr/local/sbin/radiusd -X -d
/usr/local/etc/raddb" and tested on my iPhone4, I got a different
results in my stdout logs:
- - - < s n i p > - - -
rad_recv: Access-Request packet from host 172.17.1.110 port 2048,
id=16, length=249
User-Name = "3a370f920c4275853 at wlan.mnc005.mcc525.3gppnetwork.org"
NAS-IP-Address = 172.17.1.110
NAS-Port = 0
Called-Station-Id = "0E-19-BE-80-71-00:eap-sim"
Calling-Station-Id = "60-FA-CD-75-96-46"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0200003901336133373066393230633432373538353340776c616e2e6d6e633030352e6d63633532352e336770706e6574776f726b2e6f7267
Message-Authenticator = 0x7bccc626cc4f91df718b039a143b7c64
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
-> /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214
[auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214
[auth_log] expand: %t -> Tue Feb 14 14:12:42 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "wlan.mnc005.mcc525.3gppnetwork.org" for
User-Name = "3a370f920c4275853 at wlan.mnc005.mcc525.3gppnetwork.org"
[suffix] No such realm "wlan.mnc005.mcc525.3gppnetwork.org"
++[suffix] returns noop
rlm_sim_files: insufficient number of challenges for imsi
3a370f920c4275853 at wlan.mnc005.mcc525.3gppnetwork.org: 0
++[sim_files] returns notfound
[eap] EAP packet type response id 0 length 57
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type sim
can not initiate sim, no RAND1 attribute
[eap] Default EAP type sim failed in initiate
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect:
[3a370f920c4275853 at wlan.mnc005.mcc525.3gppnetwork.org] (from client
eap-sim port 0 cli 60-FA-CD-75-96-46)
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} ->
3a370f920c4275853 at wlan.mnc005.mcc525.3gppnetwork.org
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 172.17.1.110 port 2048,
id=17, length=249
User-Name = "3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org"
NAS-IP-Address = 172.17.1.110
NAS-Port = 0
Called-Station-Id = "0E-19-BE-80-71-00:eap-sim"
Calling-Station-Id = "5C-59-48-67-C7-A5"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0200003901336265383535616537613836303763376640776c616e2e6d6e633030312e6d63633532352e336770706e6574776f726b2e6f7267
Message-Authenticator = 0xb65adf77dff68958fe2559c807599ea8
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
-> /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214
[auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214
[auth_log] expand: %t -> Tue Feb 14 14:12:43 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "wlan.mnc001.mcc525.3gppnetwork.org" for
User-Name = "3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org"
[suffix] No such realm "wlan.mnc001.mcc525.3gppnetwork.org"
++[suffix] returns noop
rlm_sim_files: authorized user/imsi
3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
[eap] EAP packet type response id 0 length 57
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type sim
eap-sim chal1 is not 8-bytes: 8
eap-sim chal2 is not 8-bytes: 8
eap-sim chal3 is not 8-bytes: 8
can not initiate sim, missing attributes
[eap] Default EAP type sim failed in initiate
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect:
[3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org] (from client
eap-sim port 0 cli 5C-59-48-67-C7-A5)
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} ->
3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Sending delayed reject for request 0
Sending Access-Reject of id 16 to 172.17.1.110 port 2048
EAP-Message = 0x04000004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 17 to 172.17.1.110 port 2048
EAP-Message = 0x04000004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.0 seconds.
Cleaning up request 0 ID 16 with timestamp +36
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 172.17.1.110 port 2048,
id=18, length=249
User-Name = "3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org"
NAS-IP-Address = 172.17.1.110
NAS-Port = 0
Called-Station-Id = "0E-19-BE-80-71-00:eap-sim"
Calling-Station-Id = "5C-59-48-67-C7-A5"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0200003901336265383535616537613836303763376640776c616e2e6d6e633030312e6d63633532352e336770706e6574776f726b2e6f7267
Message-Authenticator = 0xcc735ddce45c3ef048dae4dca03cbba0
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
-> /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214
[auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214
[auth_log] expand: %t -> Tue Feb 14 14:12:49 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "wlan.mnc001.mcc525.3gppnetwork.org" for
User-Name = "3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org"
[suffix] No such realm "wlan.mnc001.mcc525.3gppnetwork.org"
++[suffix] returns noop
rlm_sim_files: authorized user/imsi
3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
[eap] EAP packet type response id 0 length 57
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type sim
eap-sim chal1 is not 8-bytes: 8
eap-sim chal2 is not 8-bytes: 8
eap-sim chal3 is not 8-bytes: 8
can not initiate sim, missing attributes
[eap] Default EAP type sim failed in initiate
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect:
[3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org] (from client
eap-sim port 0 cli 5C-59-48-67-C7-A5)
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} ->
3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.2 seconds.
Cleaning up request 1 ID 17 with timestamp +37
Waking up in 0.7 seconds.
rad_recv: Access-Request packet from host 172.17.1.110 port 2048,
id=19, length=249
User-Name = "3a370f920c4275853 at wlan.mnc005.mcc525.3gppnetwork.org"
NAS-IP-Address = 172.17.1.110
NAS-Port = 0
Called-Station-Id = "0E-19-BE-80-71-00:eap-sim"
Calling-Station-Id = "60-FA-CD-75-96-46"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0200003901336133373066393230633432373538353340776c616e2e6d6e633030352e6d63633532352e336770706e6574776f726b2e6f7267
Message-Authenticator = 0x418901de84635c7925a56cfac38efb27
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
-> /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214
[auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214
[auth_log] expand: %t -> Tue Feb 14 14:12:50 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "wlan.mnc005.mcc525.3gppnetwork.org" for
User-Name = "3a370f920c4275853 at wlan.mnc005.mcc525.3gppnetwork.org"
[suffix] No such realm "wlan.mnc005.mcc525.3gppnetwork.org"
++[suffix] returns noop
rlm_sim_files: insufficient number of challenges for imsi
3a370f920c4275853 at wlan.mnc005.mcc525.3gppnetwork.org: 0
++[sim_files] returns notfound
[eap] EAP packet type response id 0 length 57
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type sim
can not initiate sim, no RAND1 attribute
[eap] Default EAP type sim failed in initiate
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect:
[3a370f920c4275853 at wlan.mnc005.mcc525.3gppnetwork.org] (from client
eap-sim port 0 cli 60-FA-CD-75-96-46)
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} ->
3a370f920c4275853 at wlan.mnc005.mcc525.3gppnetwork.org
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 3 for 1 seconds
Going to the next request
Waking up in 0.2 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 18 to 172.17.1.110 port 2048
EAP-Message = 0x04000004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 0.7 seconds.
Sending delayed reject for request 3
Sending Access-Reject of id 19 to 172.17.1.110 port 2048
EAP-Message = 0x04000004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.2 seconds.
Cleaning up request 2 ID 18 with timestamp +43
Waking up in 0.7 seconds.
Cleaning up request 3 ID 19 with timestamp +44
Ready to process requests.
- - - < s n i p > - - -
Lastly, do I need to have a MAP and/or HLR simulator on my system to
test EAP-SIM authentication?
Please advice on how am I going to move forward. Thank you in advance.
Regards,
GNUbie
On Tue, Feb 14, 2012 at 8:49 AM, GNUbie <gnubie at gmail.com> wrote:
> Hello all,
>
> What am I missing in my current setup that I am getting such errors?
> Why is it that it can't find the triplets when in fact it's there?
>
> Basically, the major changes I made on the configuration files are as follows:
>
> [ /usr/local/etc/raddb/radiusd.conf ]
>
> user = radiusd
> group = radiusd
>
> modules {
> sim_files {
> simtriplets = "/usr/local/etc/raddb/simtriplets.dat"
> }
> ...
> ...
> ...
> }
>
> [ /usr/local/etc/raddb/clients.conf ]
>
> client 172.17.1.0 {
> ipaddr = 172.17.1.0
> netmask = 24
> secret = qwerty
> shortname = eap-sim
> }
>
> [ /usr/local/etc/raddb/eap.conf ]
>
> eap {
> sim {
> }
> default_eap_type = sim
> ...
> ...
> ...
> }
>
> [ /usr/local/etc/raddb/sites-enabled/default ]
>
> authorize {
> ...
> ...
> ...
> sim_files
> eap {
> ok = return
> }
> ...
> ...
> ...
> }
>
> The contents of the /usr/local/etc/raddb/simtriplets.dat file has the
> format of "IMSI,RAND,SRES,KC" without the quotes:
>
> 354162120787078,C97024E532E340a1A1C4DE24DA001CA6,CBe30a81,988c8753D4197800
> 354162120787078,38E1F9E16B6E4ee6A785072241E8FF43,9Bcd3f54,F56fb487C1359c00
> 354162120787078,8254442AD6CB47a29ABC530391DDE402,7054a123,806894125A715800
> 354162120787078,7CA9CE3C148D43e09EBCC40D0AF8048B,A290d514,A2983885440dc400
> 354162120787078,391DDF50B644482fAE46F091B1D6AA1C,7968b608,875d2af9E883d800
> 354162120787078,E244EC5344CF4df1A83E54AB7E399670,F9122829,FB2763c02Cbfac00
>
> I also tried in my testing to add 1 on every IMSI but with no luck.
>
> # sed -i 's/^/1/g' /usr/local/etc/raddb/simtriplets.dat
>
> And lastly, the rlm_eap_sim and rlm_sim_files modules are in place.
>
> # ls -l /usr/local/lib/*sim*
> lrwxrwxrwx 1 root root 14 Feb 13 21:19
> /usr/local/lib/rlm_eap_sim-2.1.12.la -> rlm_eap_sim.la
> -rwxr-xr-x 1 root root 35972 Feb 13 21:19 /usr/local/lib/rlm_eap_sim-2.1.12.so
> -rw-r--r-- 1 root root 48340 Feb 13 21:19 /usr/local/lib/rlm_eap_sim.a
> -rwxr-xr-x 1 root root 932 Feb 13 21:19 /usr/local/lib/rlm_eap_sim.la
> lrwxrwxrwx 1 root root 21 Feb 13 21:19
> /usr/local/lib/rlm_eap_sim.so -> rlm_eap_sim-2.1.12.so
> lrwxrwxrwx 1 root root 16 Feb 13 21:19
> /usr/local/lib/rlm_sim_files-2.1.12.la -> rlm_sim_files.la
> -rwxr-xr-x 1 root root 35331 Feb 13 21:19 /usr/local/lib/rlm_sim_files-2.1.12.so
> -rw-r--r-- 1 root root 46534 Feb 13 21:19 /usr/local/lib/rlm_sim_files.a
> -rwxr-xr-x 1 root root 910 Feb 13 21:19 /usr/local/lib/rlm_sim_files.la
> lrwxrwxrwx 1 root root 23 Feb 13 21:19
> /usr/local/lib/rlm_sim_files.so -> rlm_sim_files-2.1.12.so
>
> Can anyone from this community help me how to solve my problem?
>
> Thank you in advance.
>
> Regards,
>
> GNUbie
>
>
> On Tue, Feb 14, 2012 at 12:26 AM, GNUbie <gnubie at gmail.com> wrote:
>> Hello all,
>>
>> I configured manually ($ ./configure --with-modules="rlm_sim"
>> --with-modules="rlm_sim_files" && make) and installed (# make install)
>> the freeradius-server-2.1.12 from the upstream on the CentOS 5.7
>> x86_64 machine. Then I configured the following configuration files:
>>
>> - /usr/local/etc/raddb/radiusd.conf
>> - /usr/local/etc/raddb/clients.conf
>> - /usr/local/etc/raddb/eap.conf
>> - /usr/local/etc/raddb/sites-enabled/default
>>
>> And lastly, I created the /usr/local/etc/raddb/simtriplets.dat with
>> six (6) triplets (just to make sure though AFAIK 3 is enough) for a
>> single IMSI.
>>
>> Then, I executed the command "# /usr/local/sbin/radiusd -X -d
>> /usr/local/etc/raddb" and tried testing directly from my iPhone4, I
>> got the below snippet of the stdout logs:
>>
>> - - - < s n i p > - - -
>> rad_recv: Access-Request packet from host 172.17.1.110 port 2048,
>> id=120, length=249
>> User-Name = "3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org"
>> NAS-IP-Address = 172.17.1.110
>> NAS-Port = 0
>> Called-Station-Id = "0E-19-BE-80-71-00:eap-sim"
>> Calling-Station-Id = "5C-59-48-67-C7-A5"
>> Framed-MTU = 1400
>> NAS-Port-Type = Wireless-802.11
>> Connect-Info = "CONNECT 11Mbps 802.11b"
>> EAP-Message =
>> 0x0200003901336265383535616537613836303763376640776c616e2e6d6e633030312e6d63633532352e336770706e6574776f726b2e6f7267
>> Message-Authenticator = 0xdef1645477a2ba0f9a9371f0a9eea8b7
>> # Executing section authorize from file
>> /usr/local/etc/raddb/sites-enabled/default
>> +- entering group authorize {...}
>> ++[preprocess] returns ok
>> [auth_log] expand:
>> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
>> -> /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120213
>> [auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
>> expands to /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120213
>> [auth_log] expand: %t -> Mon Feb 13 23:48:18 2012
>> ++[auth_log] returns ok
>> ++[chap] returns noop
>> ++[mschap] returns noop
>> ++[digest] returns noop
>> [suffix] Looking up realm "wlan.mnc001.mcc525.3gppnetwork.org" for
>> User-Name = "3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org"
>> [suffix] No such realm "wlan.mnc001.mcc525.3gppnetwork.org"
>> ++[suffix] returns noop
>> rlm_sim_files: insufficient number of challenges for imsi
>> 3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org: 0
>> ++[sim_files] returns notfound
>> [eap] EAP packet type response id 0 length 57
>> [eap] No EAP Start, assuming it's an on-going EAP conversation
>> ++[eap] returns updated
>> ++[files] returns noop
>> ++[expiration] returns noop
>> ++[logintime] returns noop
>> [pap] WARNING! No "known good" password found for the user.
>> Authentication may fail because of this.
>> ++[pap] returns noop
>> Found Auth-Type = EAP
>> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
>> +- entering group authenticate {...}
>> [eap] EAP Identity
>> [eap] processing type sim
>> can not initiate sim, no RAND1 attribute
>> [eap] Default EAP type sim failed in initiate
>> [eap] Failed in EAP select
>> ++[eap] returns invalid
>> Failed to authenticate the user.
>> Login incorrect:
>> [3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org] (from client
>> eap-sim port 0 cli 5C-59-48-67-C7-A5)
>> Using Post-Auth-Type Reject
>> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
>> +- entering group REJECT {...}
>> [attr_filter.access_reject] expand: %{User-Name} ->
>> 3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org
>> attr_filter: Matched entry DEFAULT at line 11
>> ++[attr_filter.access_reject] returns updated
>> Delaying reject of request 0 for 1 seconds
>> Going to the next request
>> Waking up in 0.9 seconds.
>> Sending delayed reject for request 0
>> Sending Access-Reject of id 120 to 172.17.1.110 port 2048
>> EAP-Message = 0x04000004
>> Message-Authenticator = 0x00000000000000000000000000000000
>> Waking up in 4.9 seconds.
>> Cleaning up request 0 ID 120 with timestamp +13
>> Ready to process requests.
>> - - - < s n i p > - - -
>>
>> Based on the above logs, below are the (3) lines that I'm not sure how
>> to address them:
>>
>> [suffix] No such realm "wlan.mnc001.mcc525.3gppnetwork.org"
>>
>> rlm_sim_files: insufficient number of challenges for imsi
>> 3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org: 0
>> ++[sim_files] returns notfound
>>
>> [pap] WARNING! No "known good" password found for the user.
>> Authentication may fail because of this.
>>
>> [eap] processing type sim
>> can not initiate sim, no RAND1 attribute
>> [eap] Default EAP type sim failed in initiate
>> [eap] Failed in EAP select
>> ++[eap] returns invalid
>> Failed to authenticate the user.
>> Login incorrect:
>> [3be855ae7a8607c7f at wlan.mnc001.mcc525.3gppnetwork.org] (from client
>> eap-sim port 0 cli 5C-59-48-67-C7-A5)
>>
>> Please advice on how am I going to proceed from here. Thank you in advance.
>>
>> Regards,
>>
>> GNUbie
More information about the Freeradius-Users
mailing list