eap-sim - ERROR: Failed retrieving SIM vectors ( FR version4)

Vorawut Kanokpanvanich aakmit at gmail.com
Fri Nov 19 08:29:28 CET 2021


 freeradius-users at lists.freeradius.org.



Hi Experts,



I am currently testing FR4 with EAP-SIM but I got an issue during the
testing.

I was using rlm_passwd to authenticate an EAP-SIM on Freeradius version
3.0.25 without any issue.



Below is the captured from FR3.0.25

  ##############################################

# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/poc

(4)   authorize {

(4)     policy filter_username {

(4)       if (&User-Name) {

(4)       if (&User-Name)  -> TRUE

(4)       if (&User-Name)  {

(4)         if (&User-Name =~ / /) {

(4)         if (&User-Name =~ / /)  -> FALSE

(4)         if (&User-Name =~ /@[^@]*@/ ) {

(4)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE

(4)         if (&User-Name =~ /\.\./ ) {

(4)         if (&User-Name =~ /\.\./ )  -> FALSE

(4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {

(4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE

(4)         if (&User-Name =~ /\.$/)  {

(4)         if (&User-Name =~ /\.$/)   -> FALSE

(4)         if (&User-Name =~ /@\./)  {

(4)         if (&User-Name =~ /@\./)   -> FALSE

(4)       } # if (&User-Name)  = notfound

(4)     } # policy filter_username = notfound

(4)     [preprocess] = ok

(4) passwd: Added EAP-Sim-Rand1: '0x8BE6041AB9AE4949AAB34C2E697D4330' to
config

(4) passwd: Added EAP-Sim-SRES1: '0xACad2feb' to config

(4) passwd: Added EAP-Sim-KC1: '0xC6af97f7648c353c' to config

(4) passwd: Added EAP-Sim-Rand2: '0x46B91FCA6A114040BA815D1B4B6404A5' to
config

(4) passwd: Added EAP-Sim-SRES2: '0x0644dc96' to config

(4) passwd: Added EAP-Sim-KC2: '0xD1bd98aa5Eef2ccb' to config

(4) passwd: Added EAP-Sim-Rand3: '0x41B39F18DD9D43c2A2BC0E1F40CA1B6D' to
config

(4) passwd: Added EAP-Sim-SRES3: '0x985ae7d5' to config

(4) passwd: Added EAP-Sim-KC3: '0x7768bbc0ED32df07' to config

(4)     [passwd] = ok

  ##############################################



But with Freeradius version 4, I got an error like this.* eap-sim - ERROR:
Failed retrieving SIM vectors and it doesn’t hit the passwd file like what
I did from version 3.0.25*


 ##############################################

(1)      policy filter_username {

(1)        if (&State) {

(1)          if (&User-Name) {

(1)            if (!&session-state.Session-State-User-Name) {

(1)              ...

(1)            }

(1)            if (&User-Name != &session-state.Session-State-User-Name) {

(1)              ...

(1)            }

(1)          } # if (&User-Name) (noop)

(1)        } # if (&State) (noop)

(1)      } # policy filter_username (noop)

(1*)      passwd (notfound)*

(1)      chap (noop)

(1)      mschap (noop)

(1)      digest (noop)

(1)      eap - Peer sent EAP Response (code 2) ID 2 length 7

(1)      eap - Continuing on-going EAP conversation

(1)      eap - Setting &control.Auth-Type = eap

(1)      eap (updated)

(1)      files - EXPAND %{%{Stripped-User-Name}:-%{User-Name}}

(1)      files -    --> 1525016105897825 at wlan.mnc001.mcc525.3gppnetwork.org

*(1)      files - WARNING: Failed evaluating check item, skipping entry: No
matching "Framed-Protocol" pairs found*

(1)      files - Found match "DEFAULT" on line 153 of
/usr/local/etc/raddb/mods-config/files/authorize

(1)      files (ok)

(1)      policy expiration {

(1)        if (&control.Expiration) {

(1)          ...

(1)        }

(1)      } # policy expiration (updated)

(1)      logintime (noop)

(1)      pap (noop)

(1)    } # recv Access-Request (updated)

(1)    radius - Running 'authenticate eap' from file
/usr/local/etc/raddb/sites-enabled/aruba

(1)    authenticate eap {

(1)      eap - Continuing EAP session

(1)      eap - Peer sent packet with EAP method NAK (3)

(1)      eap - Found mutually acceptable type SIM (18)

(1)      eap - Calling submodule eap_sim

(1)      subrequest {

(1.0)      eap-sim - Stripping 'hint' byte from Permanent-Identity

(1.0)      eap-sim -   &session-state.Permanent-Identity = "
525016105897825 at wlan.mnc001.mcc525.3gppnetwork.org"

(1.0)      recv Identity-Response {

(1.0)        ok (ok)

(1.0)      } # recv Identity-Response (ok)

(1.0)      eap-sim - New EAP-SIM session

(1.0)      eap-sim - Changed state INIT -> SIM-CHALLENGE

(1.0)      send Challenge-Request {

(1.0)        ok (ok)

(1.0)      } # send Challenge-Request (ok)

(1.0)      eap-sim - Acquiring GSM vector(s)

*(1.0)      eap-sim - WARNING: Could not find or derive data for GSM
vector[0]*

*(1.0)      eap-sim - ERROR: Failed retrieving SIM vectors*

(1.0)      eap-sim (fail)

(1.0)      eap.sim (fail)

(1)        subrequest - Resuming execution

(1)      } # subrequest (noop)

   ##############################################


anyone can guide me where to look for this issue?


-VK


More information about the Freeradius-Users mailing list