EAP-SIM Error "Failed continuing EAP SIM (18) session. EAP sub-module failed"

Alan DeKok aland at deployingradius.com
Fri May 13 15:41:23 CEST 2016 

On May 13, 2016, at 3:43 AM, Li Zhaoxing <fxlizhaoxing at 163.com> wrote:
> 
> Hi, I am new here and here is my problem:
>    I am using FreeRADIUS version 3.0.4

  You should probably upgrade.

> and I am working on configure the FreeRADIUS as a local RADIUS server in hotspot2.0 network. I am now in trouble with EAP-SIM authentication.
>    I have configure the EAP-SIM in the file eap under /mods-enabled, and change the order of "eap" after "files" in authorize part in the file default  under /sites-enabled. I have tested the EAP-SIM using radeapclient successfully.

  OK, that's good.

>    I tested  EAP-TTLS with MSCHAPv2 authentication in my experimental network successfully which use an username and password. Everything seems going well until I tested the EAP-SIM in the hotspot2.0 network.

  That's unfortunate.

>    I tested the EAP-SIM authentication using a real smartphone with a SIM card in which I specified an Ki by myself. The AP(the NAI of RADIUS) is a hostspot2.0-supported wireless access point running hostapd on it. and when I try to access the network through AP I got ERROR "Failed continuing EAP SIM (18) session. EAP sub-module failed".
> Here is my configurations and debug output
> In users file my account is:
> 1208930000000001 at wlan.mnc093.mcc208.3gppnetwork.org EAP-Type := SIM, EAP-Sim-KI := 0x8baf473f2f8fd09487cccbd7097c6862, EAP-Sim-Algo-Version := 1
> Here is the radiusd -X debug output when I require to access the network:
...

> (8)   authenticate {
> (8) eap: Expiring EAP session with state 0x14c723b2157231b1
> (8) eap: Finished EAP session with state 0x14c723b2157231b1
> (8) eap: Previous EAP request found for state 0x14c723b2157231b1, released from the list
> (8) eap: Peer sent packet with method EAP SIM (18)
> (8) eap: Calling submodule eap_sim to process data
> (8) eap: ERROR: Failed continuing EAP SIM (18) session.  EAP sub-module failed
> (8) eap: Sending EAP Failure (code 4) ID 181 length 4

  That's not good.  It would be nice to get a message as to *why* it failed.

  I've pushed some additional debug messages.  Please try the v3.0.x branch from git:

https://github.com/FreeRADIUS/freeradius-server/archive/v3.0.x.zip

  Alan DeKok.

More information about the Freeradius-Users mailing list