Eap-Sim cannot initiate in Free Radius 3.0.6
Ankit Prajapati
prajapati.ankit85 at gmail.com
Mon Mar 9 18:54:29 CET 2015
I tried what you have said
Added files in between suffix and eap in authorize block :
authorize {
#
suffix
#
# Read the 'users' file
files
#or the many packets that go back and forth to set up TTLS
# or PEAP. The load on those servers will therefore be reduced.
#
eap {
ok = return
}
}
Still getting the same error :
(0) eap_sim: ERROR: EAP-SIM-RAND1 not found
Mon Mar 9 23:17:49 2015 : ERROR: (0) eap: ERROR: Failed starting EAP SIM
(18) session. EAP sub-module failed
Radius Output
Mon Mar 9 23:17:49 2015 : Debug: (0) Received Access-Request Id 248 from
127.0.0.1:60547 to 127.0.0.1:1812 length 161
Mon Mar 9 23:17:49 2015 : Debug: (0) User-Name = '
1310260580353262 at wlan.mnc260.mcc310.3gppnetwork.org'
Mon Mar 9 23:17:49 2015 : Debug: (0) NAS-IP-Address = 127.0.0.1
Mon Mar 9 23:17:49 2015 : Debug: (0) Message-Authenticator =
0x0eee7125450ce0b816b2c1116a9b5066
Mon Mar 9 23:17:49 2015 : Debug: (0) NAS-Port = 0
Mon Mar 9 23:17:49 2015 : Debug: (0) EAP-Message =
0x02f70038013133313032363035383033353332363240776c616e2e6d6e633236302e6d63633331302e336770706e6574776f726b2e6f7267
Mon Mar 9 23:17:49 2015 : Debug: (0) session-state: No State attribute
Mon Mar 9 23:17:49 2015 : Debug: (0) # Executing section authorize from
file /usr/local/etc/raddb/sites-enabled/default
Mon Mar 9 23:17:49 2015 : Debug: (0) authorize {
Mon Mar 9 23:17:49 2015 : Debug: (0) policy filter_username {
Mon Mar 9 23:17:49 2015 : Debug: (0) if (!&User-Name) {
Mon Mar 9 23:17:49 2015 : Debug: (0) if (!&User-Name) -> FALSE
Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ / /) {
Mon Mar 9 23:17:49 2015 : Debug: (0) No matches
Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ / /) -> FALSE
Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ /@.*@/ ) {
Mon Mar 9 23:17:49 2015 : Debug: (0) No matches
Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ /@.*@/ ) ->
FALSE
Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ /\.\./ ) {
Mon Mar 9 23:17:49 2015 : Debug: (0) No matches
Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ /\.\./ ) ->
FALSE
Mon Mar 9 23:17:49 2015 : Debug: (0) if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) {
Mon Mar 9 23:17:49 2015 : Debug: (0) No matches
Mon Mar 9 23:17:49 2015 : Debug: (0) Adding 1 matches
Mon Mar 9 23:17:49 2015 : Debug: (0) Clearing 1 matches
Mon Mar 9 23:17:49 2015 : Debug: (0) Adding 3 matches
Mon Mar 9 23:17:49 2015 : Debug: (0) if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ /\.$/) {
Mon Mar 9 23:17:49 2015 : Debug: (0) Clearing 3 matches
Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ /\.$/) ->
FALSE
Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ /@\./) {
Mon Mar 9 23:17:49 2015 : Debug: (0) No matches
Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ /@\./) ->
FALSE
Mon Mar 9 23:17:49 2015 : Debug: (0) } # policy filter_username =
notfound
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: returned
from preprocess (rlm_preprocess) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) [preprocess] = ok
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: calling
chap (rlm_chap) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: returned
from chap (rlm_chap) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) [chap] = noop
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: calling
mschap (rlm_mschap) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: returned
from mschap (rlm_mschap) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) [mschap] = noop
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: calling
digest (rlm_digest) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: returned
from digest (rlm_digest) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) [digest] = noop
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: calling
suffix (rlm_realm) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) suffix: Checking for suffix after "@"
Mon Mar 9 23:17:49 2015 : Debug: (0) suffix: Looking up realm "
wlan.mnc260.mcc310.3gppnetwork.org" for User-Name = "
1310260580353262 at wlan.mnc260.mcc310.3gppnetwork.org"
Mon Mar 9 23:17:49 2015 : Debug: (0) suffix: Found realm "
wlan.mnc260.mcc310.3gppnetwork.org"
Mon Mar 9 23:17:49 2015 : Debug: (0) suffix: Adding Stripped-User-Name =
"1310260580353262"
Mon Mar 9 23:17:49 2015 : Debug: (0) suffix: Adding Realm = "
wlan.mnc260.mcc310.3gppnetwork.org"
Mon Mar 9 23:17:49 2015 : Debug: (0) suffix: Authentication realm is LOCAL
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: returned
from suffix (rlm_realm) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) [suffix] = ok
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: calling
files (rlm_files) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: returned
from files (rlm_files) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) [files] = noop
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: calling eap
(rlm_eap) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) eap: Peer sent code Response (2) ID
247 length 56
Mon Mar 9 23:17:49 2015 : Debug: (0) eap: EAP-Identity reply, returning
'ok' so we can short-circuit the rest of authorize
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: returned
from eap (rlm_eap) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) [eap] = ok
Mon Mar 9 23:17:49 2015 : Debug: (0) } # authorize = ok
Mon Mar 9 23:17:49 2015 : Debug: (0) Found Auth-Type = EAP
Mon Mar 9 23:17:49 2015 : Debug: (0) # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Mon Mar 9 23:17:49 2015 : Debug: (0) authenticate {
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authenticate]: calling
eap (rlm_eap) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) eap: Peer sent method Identity (1)
Mon Mar 9 23:17:49 2015 : Debug: (0) eap: Calling eap_sim to process EAP
data
Mon Mar 9 23:17:49 2015 : ERROR: (0) eap_sim: ERROR: EAP-SIM-RAND1 not
found
Mon Mar 9 23:17:49 2015 : ERROR: (0) eap: ERROR: Failed starting EAP SIM
(18) session. EAP sub-module failed
Mon Mar 9 23:17:49 2015 : Debug: (0) eap: Failed in EAP select
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authenticate]: returned
from eap (rlm_eap) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) [eap] = invalid
Mon Mar 9 23:17:49 2015 : Debug: (0) } # authenticate = invalid
Mon Mar 9 23:17:49 2015 : Debug: (0) Failed to authenticate the user
Mon Mar 9 23:17:49 2015 : Debug: (0) Using Post-Auth-Type Reject
Mon Mar 9 23:17:49 2015 : Debug: (0) # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Mon Mar 9 23:17:49 2015 : Debug: (0) Post-Auth-Type REJECT {
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[post-auth]: calling
attr_filter.access_reject (rlm_attr_filter) for request 0
Mon Mar 9 23:17:49 2015 : Debug: %{User-Name}
Mon Mar 9 23:17:49 2015 : Debug: Parsed xlat tree:
Mon Mar 9 23:17:49 2015 : Debug: attribute --> User-Name
Mon Mar 9 23:17:49 2015 : Debug: (0) attr_filter.access_reject: EXPAND
%{User-Name}
Mon Mar 9 23:17:49 2015 : Debug: (0) attr_filter.access_reject: -->
1310260580353262 at wlan.mnc260.mcc310.3gppnetwork.org
Mon Mar 9 23:17:49 2015 : Debug: (0) attr_filter.access_reject: Matched
entry DEFAULT at line 11
Mon Mar 9 23:17:49 2015 : Debug: (0) attr_filter.access_reject:
EAP-Message = 0x04f70004 allowed by EAP-Message =* 0x
Mon Mar 9 23:17:49 2015 : Debug: (0) attr_filter.access_reject: Attribute
"EAP-Message" allowed by 1 rules, disallowed by 0 rules
Mon Mar 9 23:17:49 2015 : Debug: (0) attr_filter.access_reject:
Message-Authenticator = 0x00000000000000000000000000000000 allowed by
Message-Authenticator =* 0x
Mon Mar 9 23:17:49 2015 : Debug: (0) attr_filter.access_reject: Attribute
"Message-Authenticator" allowed by 1 rules, disallowed by 0 rules
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[post-auth]: returned
from attr_filter.access_reject (rlm_attr_filter) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) [attr_filter.access_reject] =
updated
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[post-auth]: calling eap
(rlm_eap) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) eap: Reply already contained an
EAP-Message, not inserting EAP-Failure
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[post-auth]: returned
from eap (rlm_eap) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) [eap] = noop
Mon Mar 9 23:17:49 2015 : Debug: (0) policy
remove_reply_message_if_eap {
Mon Mar 9 23:17:49 2015 : Debug: (0) if (&reply:EAP-Message &&
&reply:Reply-Message) {
Mon Mar 9 23:17:49 2015 : Debug: (0) if (&reply:EAP-Message &&
&reply:Reply-Message) -> FALSE
Mon Mar 9 23:17:49 2015 : Debug: (0) else {
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[post-auth]: calling
noop (rlm_always) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[post-auth]:
returned from noop (rlm_always) for request 0
Mon Mar 9 23:17:49 2015 : Debug: (0) [noop] = noop
Mon Mar 9 23:17:49 2015 : Debug: (0) } # else = noop
Mon Mar 9 23:17:49 2015 : Debug: (0) } # policy
remove_reply_message_if_eap = noop
Mon Mar 9 23:17:49 2015 : Debug: (0) } # Post-Auth-Type REJECT = updated
Mon Mar 9 23:17:49 2015 : Debug: (0) Delaying response for 1.000000 seconds
Mon Mar 9 23:17:49 2015 : Debug: Waking up in 0.3 seconds.
Mon Mar 9 23:17:49 2015 : Debug: Waking up in 0.6 seconds.
Mon Mar 9 23:17:50 2015 : Debug: (0) Sending delayed response
Mon Mar 9 23:17:50 2015 : Debug: (0) Sent Access-Reject Id 248 from
127.0.0.1:1812 to 127.0.0.1:60547 length 44
Mon Mar 9 23:17:50 2015 : Debug: (0) EAP-Message = 0x04f70004
Mon Mar 9 23:17:50 2015 : Debug: (0) Message-Authenticator =
0x00000000000000000000000000000000
Mon Mar 9 23:17:50 2015 : Debug: Waking up in 3.9 seconds.
Mon Mar 9 23:17:54 2015 : Debug: (0) Cleaning up request packet ID 248
with timestamp +3
Mon Mar 9 23:17:54 2015 : Info: Ready to process requests
In Log i found that [files] return noop , it is not able to find users
file...?
I am testing with radeapclient.
On Mon, Mar 9, 2015 at 11:20 PM, Ankit Prajapati <
prajapati.ankit85 at gmail.com> wrote:
> Hi ,
>
> I tried what you have said
> Added in authorize block :
> authorize {
> #
> suffix
> #
> # Read the 'users' file
> files
> #or the many packets that go back and forth to set up TTLS
> # or PEAP. The load on those servers will therefore be reduced.
> #
> eap {
> ok = return
> }
>
> }
>
>
> On Tue, Mar 3, 2015 at 1:18 PM, Iliya Peregoudov <iperegudov at cboss.ru>
> wrote:
>
>> On 03.03.2015 7:26, Ankit Prajapati wrote:
>>
>>> Tue Mar 3 09:49:19 2015 : Debug: (0) Found Auth-Type = EAP
>>> Tue Mar 3 09:49:19 2015 : Debug: (0) # Executing group from file
>>> /usr/local/etc/raddb/sites-enabled/default
>>> Tue Mar 3 09:49:19 2015 : Debug: (0) authenticate {
>>> Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authenticate]:
>>> calling eap (rlm_eap) for request 0
>>> Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Peer sent method Identity (1)
>>> Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Calling eap_sim to process
>>> EAP data
>>> Tue Mar 3 09:49:19 2015 : ERROR: (0) eap_sim: ERROR: EAP-SIM-RAND1 not
>>> found
>>>
>>
>> eap_sim was unable to find authentication vectors. You need to call
>> `users' after `suffix' but before `eap' in authorize section. This will
>> lookup authentication vectors from raddb/users file and place them into
>> reply (or control) list.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/
>> list/users.html
>>
>
>
>
> --
> -Thanks
> Ankit Prajapati
>
--
-Thanks
Ankit Prajapati
More information about the Freeradius-Users
mailing list