Eap-Sim cannot initiate in Free Radius 3.0.6

Ankit Prajapati prajapati.ankit85 at gmail.com
Tue Mar 3 05:26:19 CET 2015


Hi ,

Find  logs captured from radius debug:

Tue Mar  3 09:49:19 2015 : Debug: (0) Received Access-Request Id 188 from
127.0.0.1:36625 to 127.0.0.1:1812 length 161
Tue Mar  3 09:49:19 2015 : Debug: (0)   User-Name = '
1310260xxxxxxxxx at wlan.mnc260.mcc310.3gppnetwork.org'
Tue Mar  3 09:49:19 2015 : Debug: (0)   NAS-IP-Address = 127.0.0.1
Tue Mar  3 09:49:19 2015 : Debug: (0)   Message-Authenticator =
0x00de7e3a6321fba27f27713901f8ec76
Tue Mar  3 09:49:19 2015 : Debug: (0)   NAS-Port = 0
Tue Mar  3 09:49:19 2015 : Debug: (0)   EAP-Message =
0x02bb0038013133313032363035383033353332363240776c616e2e6d6e633236302e6d63633331302e336770706e6574776f726b2e6f7267
Tue Mar  3 09:49:19 2015 : Debug: (0) session-state: No State attribute
Tue Mar  3 09:49:19 2015 : Debug: (0) # Executing section authorize from
file /usr/local/etc/raddb/sites-enabled/default
Tue Mar  3 09:49:19 2015 : Debug: (0)   authorize {
Tue Mar  3 09:49:19 2015 : Debug: (0)     policy filter_username {
Tue Mar  3 09:49:19 2015 : Debug: (0)       if (!&User-Name) {
Tue Mar  3 09:49:19 2015 : Debug: (0)       if (!&User-Name)  -> FALSE
Tue Mar  3 09:49:19 2015 : Debug: (0)       if (&User-Name =~ / /) {
Tue Mar  3 09:49:19 2015 : Debug: (0)       No matches
Tue Mar  3 09:49:19 2015 : Debug: (0)       if (&User-Name =~ / /)  -> FALSE
Tue Mar  3 09:49:19 2015 : Debug: (0)       if (&User-Name =~ /@.*@/ ) {
Tue Mar  3 09:49:19 2015 : Debug: (0)       No matches
Tue Mar  3 09:49:19 2015 : Debug: (0)       if (&User-Name =~ /@.*@/ )  ->
FALSE
Tue Mar  3 09:49:19 2015 : Debug: (0)       if (&User-Name =~ /\.\./ ) {
Tue Mar  3 09:49:19 2015 : Debug: (0)       No matches
Tue Mar  3 09:49:19 2015 : Debug: (0)       if (&User-Name =~ /\.\./ )  ->
FALSE
Tue Mar  3 09:49:19 2015 : Debug: (0)       if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/))  {
Tue Mar  3 09:49:19 2015 : Debug: (0)       No matches
Tue Mar  3 09:49:19 2015 : Debug: (0)       Adding 1 matches
Tue Mar  3 09:49:19 2015 : Debug: (0)       Clearing 1 matches
Tue Mar  3 09:49:19 2015 : Debug: (0)       Adding 3 matches
Tue Mar  3 09:49:19 2015 : Debug: (0)       if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
Tue Mar  3 09:49:19 2015 : Debug: (0)       if (&User-Name =~ /\.$/)  {
Tue Mar  3 09:49:19 2015 : Debug: (0)       Clearing 3 matches
Tue Mar  3 09:49:19 2015 : Debug: (0)       if (&User-Name =~ /\.$/)   ->
FALSE
Tue Mar  3 09:49:19 2015 : Debug: (0)       if (&User-Name =~ /@\./)  {
Tue Mar  3 09:49:19 2015 : Debug: (0)       No matches
Tue Mar  3 09:49:19 2015 : Debug: (0)       if (&User-Name =~ /@\./)   ->
FALSE
Tue Mar  3 09:49:19 2015 : Debug: (0)     } # policy filter_username =
notfound
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[authorize]: returned
from preprocess (rlm_preprocess) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0)     [preprocess] = ok
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[authorize]: calling
chap (rlm_chap) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[authorize]: returned
from chap (rlm_chap) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0)     [chap] = noop
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[authorize]: calling
mschap (rlm_mschap) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[authorize]: returned
from mschap (rlm_mschap) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0)     [mschap] = noop
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[authorize]: calling
digest (rlm_digest) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[authorize]: returned
from digest (rlm_digest) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0)     [digest] = noop
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[authorize]: calling
suffix (rlm_realm) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0) suffix: Checking for suffix after "@"
Tue Mar  3 09:49:19 2015 : Debug: (0) suffix: Looking up realm "
wlan.mnc260.mcc310.3gppnetwork.org" for User-Name = "
1310260580353262 at wlan.mnc260.mcc310.3gppnetwork.org"
Tue Mar  3 09:49:19 2015 : Debug: (0) suffix: Found realm "
wlan.mnc260.mcc310.3gppnetwork.org"
Tue Mar  3 09:49:19 2015 : Debug: (0) suffix: Adding Stripped-User-Name =
"1310260580353262"
Tue Mar  3 09:49:19 2015 : Debug: (0) suffix: Adding Realm = "
wlan.mnc260.mcc310.3gppnetwork.org"
Tue Mar  3 09:49:19 2015 : Debug: (0) suffix: Authentication realm is LOCAL
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[authorize]: returned
from suffix (rlm_realm) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0)     [suffix] = ok
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[authorize]: calling eap
(rlm_eap) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0) eap: Peer sent code Response (2) ID
187 length 56
Tue Mar  3 09:49:19 2015 : Debug: (0) eap: EAP-Identity reply, returning
'ok' so we can short-circuit the rest of authorize
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[authorize]: returned
from eap (rlm_eap) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0)     [eap] = ok
Tue Mar  3 09:49:19 2015 : Debug: (0)   } # authorize = ok
Tue Mar  3 09:49:19 2015 : Debug: (0) Found Auth-Type = EAP
Tue Mar  3 09:49:19 2015 : Debug: (0) # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Tue Mar  3 09:49:19 2015 : Debug: (0)   authenticate {
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[authenticate]: calling
eap (rlm_eap) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0) eap: Peer sent method Identity (1)
Tue Mar  3 09:49:19 2015 : Debug: (0) eap: Calling eap_sim to process EAP
data
Tue Mar  3 09:49:19 2015 : ERROR: (0) eap_sim: ERROR: EAP-SIM-RAND1 not
found
Tue Mar  3 09:49:19 2015 : ERROR: (0) eap: ERROR: Failed starting EAP SIM
(18) session. EAP sub-module failed
Tue Mar  3 09:49:19 2015 : Debug: (0) eap: Failed in EAP select
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[authenticate]: returned
from eap (rlm_eap) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0)     [eap] = invalid
Tue Mar  3 09:49:19 2015 : Debug: (0)   } # authenticate = invalid
Tue Mar  3 09:49:19 2015 : Debug: (0) Failed to authenticate the user
Tue Mar  3 09:49:19 2015 : Debug: (0) Using Post-Auth-Type Reject
Tue Mar  3 09:49:19 2015 : Debug: (0) # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Tue Mar  3 09:49:19 2015 : Debug: (0)   Post-Auth-Type REJECT {
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[post-auth]: calling
attr_filter.access_reject (rlm_attr_filter) for request 0
Tue Mar  3 09:49:19 2015 : Debug: %{User-Name}
Tue Mar  3 09:49:19 2015 : Debug: Parsed xlat tree:
Tue Mar  3 09:49:19 2015 : Debug: attribute --> User-Name
Tue Mar  3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: EXPAND
%{User-Name}
Tue Mar  3 09:49:19 2015 : Debug: (0) attr_filter.access_reject:    -->
1310260580353262 at wlan.mnc260.mcc310.3gppnetwork.org
Tue Mar  3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: Matched
entry DEFAULT at line 11
Tue Mar  3 09:49:19 2015 : Debug: (0) attr_filter.access_reject:
EAP-Message = 0x04bb0004 allowed by EAP-Message =* 0x
Tue Mar  3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: Attribute
"EAP-Message" allowed by 1 rules, disallowed by 0 rules
Tue Mar  3 09:49:19 2015 : Debug: (0) attr_filter.access_reject:
Message-Authenticator = 0x00000000000000000000000000000000 allowed by
Message-Authenticator =* 0x
Tue Mar  3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: Attribute
"Message-Authenticator" allowed by 1 rules, disallowed by 0 rules
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[post-auth]: returned
from attr_filter.access_reject (rlm_attr_filter) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0)     [attr_filter.access_reject] =
updated
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[post-auth]: calling eap
(rlm_eap) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0) eap: Reply already contained an
EAP-Message, not inserting EAP-Failure
Tue Mar  3 09:49:19 2015 : Debug: (0)     modsingle[post-auth]: returned
from eap (rlm_eap) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0)     [eap] = noop
Tue Mar  3 09:49:19 2015 : Debug: (0)     policy
remove_reply_message_if_eap {
Tue Mar  3 09:49:19 2015 : Debug: (0)       if (&reply:EAP-Message &&
&reply:Reply-Message) {
Tue Mar  3 09:49:19 2015 : Debug: (0)       if (&reply:EAP-Message &&
&reply:Reply-Message)  -> FALSE
Tue Mar  3 09:49:19 2015 : Debug: (0)       else {
Tue Mar  3 09:49:19 2015 : Debug: (0)         modsingle[post-auth]: calling
noop (rlm_always) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0)         modsingle[post-auth]:
returned from noop (rlm_always) for request 0
Tue Mar  3 09:49:19 2015 : Debug: (0)         [noop] = noop
Tue Mar  3 09:49:19 2015 : Debug: (0)       } # else = noop
Tue Mar  3 09:49:19 2015 : Debug: (0)     } # policy
remove_reply_message_if_eap = noop
Tue Mar  3 09:49:19 2015 : Debug: (0)   } # Post-Auth-Type REJECT = updated
Tue Mar  3 09:49:19 2015 : Debug: (0) Delaying response for 1.000000 seconds
Tue Mar  3 09:49:19 2015 : Debug: Waking up in 0.3 seconds.
Tue Mar  3 09:49:19 2015 : Debug: Waking up in 0.6 seconds.
Tue Mar  3 09:49:20 2015 : Debug: (0) Sending delayed response
Tue Mar  3 09:49:20 2015 : Debug: (0) Sent Access-Reject Id 188 from
127.0.0.1:1812 to 127.0.0.1:36625 length 44
Tue Mar  3 09:49:20 2015 : Debug: (0)   EAP-Message = 0x04bb0004
Tue Mar  3 09:49:20 2015 : Debug: (0)   Message-Authenticator =
0x00000000000000000000000000000000
Tue Mar  3 09:49:20 2015 : Debug: Waking up in 3.9 seconds.
Tue Mar  3 09:49:24 2015 : Debug: (0) Cleaning up request packet ID 188
with timestamp +52
Tue Mar  3 09:49:24 2015 : Info: Ready to process requests


On Mon, Mar 2, 2015 at 12:54 PM, Iliya Peregoudov <iperegudov at cboss.ru>
wrote:

> On 28.02.2015 12:14, Ankit Prajapati wrote:
>
>> Can some one help me ?
>>
>
> Post radius -X debug from server start till Access-Reject sent.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html




-- 
-Thanks
Ankit Prajapati


More information about the Freeradius-Users mailing list