Fwd: Failed Authentication user on EAP-SIM,

Iman Rahmat iman.rahmat.hidayat at gmail.com
Mon Sep 8 17:05:50 CEST 2014 

sorry TYPO AGAIN..

final change of USERS

1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org     EAP-Type := SIM
        EAP-Sim-Rand1 = 0x634B1828FE9F4cd987EE44A54D25DD80,
        EAP-Sim-SRES1 = 0x0638e55f,
        EAP-Sim-KC1 = 0x15c22dc20A8ae000,
        EAP-Sim-Rand2 = 0xDD00F2D8D6FB4095B2BD8A2AE11FB600,
        EAP-Sim-SRES2 = 0x02ed2e94,
        EAP-Sim-KC2 = 0x536655a061778400,
        EAP-Sim-Rand3 = 0xA852B0E55BC741f5A8C5B6ABF1E81504,
        EAP-Sim-SRES3 = 0xF77daa16,
        EAP-Sim-KC3 = 0x71e9bd629Cee3000

2014-09-08 21:49 GMT+07:00 Iman Rahmat <iman.rahmat.hidayat at gmail.com>:

> (SOLVE)
>
> i put configuration like this
>
> 1510011642151135 at wlan.mnc001.mcc510.3gppnetwork.org     EAP-Type := SIM
>         EAP-Sim-Rand1 = 0x634B1828FE9F4cd987EE44A54D25DD80,
>         EAP-Sim-SRES1 = 0x0638e55f,
>         EAP-Sim-KC1 = 0x15c22dc20A8ae000,
>         EAP-Sim-Rand2 = 0xDD00F2D8D6FB4095B2BD8A2AE11FB600,
>         EAP-Sim-SRES2 = 0x02ed2e94,
>         EAP-Sim-KC2 = 0x536655a061778400,
>         EAP-Sim-Rand2 = 0xA852B0E55BC741f5A8C5B6ABF1E81504,
>         EAP-Sim-SRES2 = 0xF77daa16,
>         EAP-Sim-KC2 = 0x71e9bd629Cee3000
>
> The Log show this
> rlm_sim_files: insufficient number of challenges for imsi
> 1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org: 0
>
> And you see this log too
>
> [eap] processing type sim
> can not initiate sim, no RAND1 attribute
> From the RAND1 can't read from rlm_sim_files , because i write on
> users file mnc001 change with mnc000
>
> so you must change that with :
>
> 1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org     EAP-Type := SIM
>         EAP-Sim-Rand1 = 0x634B1828FE9F4cd987EE44A54D25DD80,
>         EAP-Sim-SRES1 = 0x0638e55f,
>         EAP-Sim-KC1 = 0x15c22dc20A8ae000,
>         EAP-Sim-Rand2 = 0xDD00F2D8D6FB4095B2BD8A2AE11FB600,
>         EAP-Sim-SRES2 = 0x02ed2e94,
>         EAP-Sim-KC2 = 0x536655a061778400,
>         EAP-Sim-Rand2 = 0xA852B0E55BC741f5A8C5B6ABF1E81504,
>         EAP-Sim-SRES2 = 0xF77daa16,
>         EAP-Sim-KC2 = 0x71e9bd629Cee3000
>
> WOW,,,, FAILED TOO, BUT THE MESSAGE DIFFERENT
>
> LOG APPEAR
> rlm_sim_files: insufficient number of challenges for imsi
> 1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org: 0 <---> this is
> same.. but no problem because the different message of LOG its :
> [eap] processing type sim
>    eap-sim can not find sim-challenge3 <----> different
>    can not initiate sim, missing attributes
>  from this message , we know the sim-challange3 cant be read. Because
> RAND3,SRES3, AND KC3 Dont write on Users files.. HAHHAHAHA TYPO...
>
> SO FINAL CHANGE ITS
>
> 1510011642151135 at wlan.mnc001.mcc510.3gppnetwork.org     EAP-Type := SIM
>         EAP-Sim-Rand1 = 0x634B1828FE9F4cd987EE44A54D25DD80,
>         EAP-Sim-SRES1 = 0x0638e55f,
>         EAP-Sim-KC1 = 0x15c22dc20A8ae000,
>         EAP-Sim-Rand2 = 0xDD00F2D8D6FB4095B2BD8A2AE11FB600,
>         EAP-Sim-SRES2 = 0x02ed2e94,
>         EAP-Sim-KC2 = 0x536655a061778400,
>         EAP-Sim-Rand3 = 0xA852B0E55BC741f5A8C5B6ABF1E81504,
>         EAP-Sim-SRES3 = 0xF77daa16,
>         EAP-Sim-KC3 = 0x71e9bd629Cee3000
>
>
> AND CONNECTED, THANKS FOR EVERYONE WHO GIVE ME THE ADVICE AND HELP.
>
> indeed  sometimes we need someone else to correct  our mistakes. The
> man will never be perfect. thank you very much my friend, I can only
> pray I hope you are in good health and is always  given in abundance.
>
> THIS IS LOG OF SUCCESSFULL
>
> rad_recv: Access-Request packet from host 111.111.111.195 port 55800,
> id=56, length=254
> User-Name = "1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org"
> NAS-IP-Address = 111.111.111.195
> NAS-Identifier = "24a43c7c6ae2"
> NAS-Port = 0
> Called-Station-Id = "26-A4-3C-7D-6A-E2:SuperWiFi-SIM_A"
> Calling-Station-Id = "D4-97-0B-47-3F-10"
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> Connect-Info = "CONNECT 0Mbps 802.11b"
> EAP-Message = 0x02ec001c120b00000b0500008a3fb55d96159c743672996d4b57837a
> State = 0xaa2b3666abc72410f629694487c8517c
> Message-Authenticator = 0x470076d7d8eb5e312d290b18dff1d70f
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] Looking up realm "wlan.mnc000.mcc510.3gppnetwork.org" for
> User-Name = "1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org"
> [suffix] No such realm "wlan.mnc000.mcc510.3gppnetwork.org"
> ++[suffix] = noop
> rlm_sim_files: insufficient number of challenges for imsi
> 1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org: 0
> ++[sim_files] = notfound
> [eap] EAP packet type response id 236 length 28
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] = updated
> [files] users: Matched entry
> 1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org at line 205
> ++[files] = ok
> ++[expiration] = noop
> ++[logintime] = noop
> [pap] WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
> ++[pap] = noop
> +} # group authorize = updated
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/sim
> [eap] processing type sim
> MAC check succeed
> [eap] Underlying EAP-Type set EAP ID to 237
> [eap] Freeing handler
> ++[eap] = ok
> +} # group authenticate = ok
> # Executing section post-auth from file /etc/freeradius/sites-enabled/
> default
> +group post-auth {
> ++[exec] = noop
> +} # group post-auth = noop
> Sending Access-Accept of id 56 to 111.111.111.195 port 55800
> MS-MPPE-Recv-Key =
> 0x69ee128ecad5e1edba8e336bc1c6a9f8843f83d7d8c052e34f7033a60bfbb91e
> MS-MPPE-Send-Key =
> 0xe7abe44f40dbce7cce6b2e093db05f23f39d01e5fb0458fd97f9312e86f33a3f
> EAP-Message = 0x03ed0004
> Message-Authenticator = 0x00000000000000000000000000000000
> User-Name = "1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org"
> Finished request 2.
> Going to the next request
> Waking up in 4.4 seconds.
> rad_recv: Accounting-Request packet from host 111.111.111.195 port
> 51808, id=57, length=213
> Acct-Session-Id = "540D4EDB-00000005"
> Acct-Status-Type = Start
> Acct-Authentic = RADIUS
> User-Name = "1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org"
> NAS-IP-Address = 111.111.111.195
> NAS-Identifier = "24a43c7c6ae2"
> NAS-Port = 0
> Called-Station-Id = "26-A4-3C-7D-6A-E2:SuperWiFi-SIM_A"
> Calling-Station-Id = "D4-97-0B-47-3F-10"
> NAS-Port-Type = Wireless-802.11
> Connect-Info = "CONNECT 0Mbps 802.11b"
> # Executing section preacct from file /etc/freeradius/sites-enabled/
> default
> +group preacct {
> ++[preprocess] = ok
> [acct_unique] Hashing 'NAS-Port = 0,NAS-Identifier =
> "24a43c7c6ae2",NAS-IP-Address = 111.111.111.195,Acct-Session-Id =
> "540D4EDB-00000005",User-Name =
> "1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org"'
> [acct_unique] Acct-Unique-Session-ID = "d6d4b84652de2068".
> ++[acct_unique] = ok
> [suffix] Looking up realm "wlan.mnc000.mcc510.3gppnetwork.org" for
> User-Name = "1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org"
> [suffix] No such realm "wlan.mnc000.mcc510.3gppnetwork.org"
> ++[suffix] = noop
> ++[files] = noop
> +} # group preacct = ok
> # Executing section accounting from file /etc/freeradius/sites-enabled/
> default
> +group accounting {
> [detail] expand: %{Packet-Src-IP-Address} -> 111.111.111.195
> [detail] expand:
>
> /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
> -> /var/log/freeradius/radacct/111.111.111.195/detail-20140908
> [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{
> Packet-Src-IPv6-Address}}/detail-%Y%m%d
> expands to /var/log/freeradius/radacct/111.111.111.195/detail-20140908
> [detail] expand: %t -> Mon Sep  8 21:45:00 2014
> ++[detail] = ok
> ++[exec] = noop
> [attr_filter.accounting_response] expand: %{User-Name} ->
> 1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org
> attr_filter: Matched entry DEFAULT at line 12
> ++[attr_filter.accounting_response] = updated
> +} # group accounting = updated
> Sending Accounting-Response of id 57 to 111.111.111.195 port 51808
> Finished request 3.
> Cleaning up request 3 ID 57 with timestamp +3
> Going to the next request
> Waking up in 4.3 seconds.
> Cleaning up request 0 ID 54 with timestamp +2
> Cleaning up request 1 ID 55 with timestamp +2
> Waking up in 0.5 seconds.
> Cleaning up request 2 ID 56 with timestamp +3
> Ready to process requests.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140908/481ad46a/attachment-0001.html>

More information about the Freeradius-Users mailing list