<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
Hi guys,<br><br>Thanks for your help.<br><br>After reading your suggestions, i installed a new version of FreeRADIUS (FreeRADIUS 2.2.1).<br><br>I haven't worked with the the patch yet (i'm going to do that later) but, just to show what i got with the new version 2.2.1 and changing the content of the simtriplets.dat<br><br>1. case : simtriplets.dat looks like following (imsi,rand,sres,kc) (3 different rand...)<br><br>1901700000000653,0123456789abcdef0123456789abcdef,0227bc86,44168f1de9259000<br>1901700000000653,0123456789abcdef0123456789abcde0,725bb218,25903c082654b400<br>1901700000000653,0123456789abcdef0123456789abcd18,ed404256,bc871da6ae8edc00<br>1901700000000653,0123456789abcdef0123456789abcd88,6695bd6e,58788a55e9052000<br><br>i got the same failure than before: after sending the 2nd access challenge, the server is waiting for the 3rd access request and doesn't get anything --> authentication failed<br><br> .<br> .<br> .<br>Listening on authentication address * port 1812<br>Listening on accounting address * port 1813<br>Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel<br>Ready to process requests.<br>rad_recv: Access-Request packet from host 192.168.10.212 port 38803, id=29, length=238<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "1901700000000653"<br> NAS-Port-Id = "ap_hotspot"<br> NAS-Port-Type = Wireless-802.11<br> Acct-Session-Id = "8220000e"<br> Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-20-00-00-00-00-00-0E"<br> Calling-Station-Id = "A8-7E-33-3E-9C-5B"<br> Called-Station-Id = "00-0C-42-64-41-9D:YANN"<br> EAP-Message = 0x020100150131393031373030303030303030363533<br> Message-Authenticator = 0xcf4e5f6429686cc260b16bd23d82489f<br> NAS-Identifier = "MT_Yann"<br> NAS-IP-Address = 192.168.10.212<br># Executing section authorize from file /etc/freeradius/sites-enabled/default<br>+- entering group authorize {...}<br>rlm_sim_files: authorized user/imsi 1901700000000653 <br>rlm_sim_files: Adding EAP-Type: eap-sim<br>++[sim_files] returns ok<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>++[digest] returns noop<br>[suffix] No '@' in User-Name = "1901700000000653", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 1 length 21<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[files] returns noop<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>++[pap] returns noop<br>Found Auth-Type = EAP<br># Executing group from file /etc/freeradius/sites-enabled/default<br>+- entering group authenticate {...}<br>[eap] EAP Identity<br>[eap] processing type sim<br>[eap] Underlying EAP-Type set EAP ID to 108<br>++[eap] returns handled<br>Sending Access-Challenge of id 29 to 192.168.10.212 port 38803<br> EAP-Message = 0x016c0014120a00000f0200020001000011010100<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x870e2a6987623891aa6e49c2b1bcc9b6<br>Finished request 0.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 192.168.10.212 port 50478, id=30, length=287<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "1901700000000653"<br> State = 0x870e2a6987623891aa6e49c2b1bcc9b6<br> NAS-Port-Id = "ap_hotspot"<br> NAS-Port-Type = Wireless-802.11<br> Acct-Session-Id = "8220000e"<br> Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-20-00-00-00-00-00-0E"<br> Calling-Station-Id = "A8-7E-33-3E-9C-5B"<br> Called-Station-Id = "00-0C-42-64-41-9D:YANN"<br> EAP-Message = 0x026c0034120a000007050000c27cfb1cfa7a257c9c89796e49bca230100100010e05001031393031373030303030303030363533<br> Message-Authenticator = 0xc691af8b618d9da88f9e289557530f6f<br> NAS-Identifier = "MT_Yann"<br> NAS-IP-Address = 192.168.10.212<br># Executing section authorize from file /etc/freeradius/sites-enabled/default<br>+- entering group authorize {...}<br>rlm_sim_files: authorized user/imsi 1901700000000653 <br>rlm_sim_files: Adding EAP-Type: eap-sim<br>++[sim_files] returns ok<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>++[digest] returns noop<br>[suffix] No '@' in User-Name = "1901700000000653", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 108 length 52<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[files] returns noop<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>++[pap] returns noop<br>Found Auth-Type = EAP<br># Executing group from file /etc/freeradius/sites-enabled/default<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/sim<br>[eap] processing type sim<br>+++> EAP-sim decoded packet:<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "1901700000000653"<br> State = 0x870e2a6987623891aa6e49c2b1bcc9b6<br> NAS-Port-Id = "ap_hotspot"<br> NAS-Port-Type = Wireless-802.11<br> Acct-Session-Id = "8220000e"<br> Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-20-00-00-00-00-00-0E"<br> Calling-Station-Id = "A8-7E-33-3E-9C-5B"<br> Called-Station-Id = "00-0C-42-64-41-9D:YANN"<br> EAP-Message = 0x026c0034120a000007050000c27cfb1cfa7a257c9c89796e49bca230100100010e05001031393031373030303030303030363533<br> Message-Authenticator = 0xc691af8b618d9da88f9e289557530f6f<br> NAS-Identifier = "MT_Yann"<br> NAS-IP-Address = 192.168.10.212<br> EAP-Type = SIM<br> EAP-Sim-Subtype = Start<br> EAP-Sim-NONCE_MT = 0x0000c27cfb1cfa7a257c9c89796e49bca230<br> EAP-Sim-SELECTED_VERSION = 0x0001<br> EAP-Sim-IDENTITY = 0x31393031373030303030303030363533<br>[eap] Underlying EAP-Type set EAP ID to 109<br>++[eap] returns handled<br>Sending Access-Challenge of id 30 to 192.168.10.212 port 50478<br> EAP-Message = 0x016d0050120b0000010d00000123456789abcdef0123456789abcdef0123456789abcdef0123456789abcde00123456789abcdef0123456789abcd180b0500000bffb0f7777b066616d98519e625a531<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x870e2a6986633891aa6e49c2b1bcc9b6<br>Finished request 1.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>Cleaning up request 0 ID 29 with timestamp +17<br>Cleaning up request 1 ID 30 with timestamp +17<br>Ready to process requests.<br><br>- - - - - - - - - - - - - - - - -- - - - - - - - - - - -<br><br><br><br>2. case : simtriplets.dat looks like following (imsi,rand,sres,kc) (3 times the same rand...)<br><br>1901700000000653,0123456789abcdef0123456789abcdef,0227bc86,44168f1de9259000<br>1901700000000653,0123456789abcdef0123456789abcdef,0227bc86,44168f1de9259000<br>1901700000000653,0123456789abcdef0123456789abcdef,0227bc86,44168f1de9259000<br><br>i got a failure (it's normal i think) but in this case, the client sent the third request, saying to stop the authentication process. <br>So, in this case the client reacts of the second access challenge and in the first case (with diffrent data in the simtriplets.dat) it does't.<br><br>.<br>.<br>.<br>Listening on authentication address * port 1812<br>Listening on accounting address * port 1813<br>Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel<br>Listening on proxy address * port 1814<br>Ready to process requests.<br>rad_recv: Access-Request packet from host 192.168.10.212 port 49529, id=6, length=308<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "1901700000000653@wlan.mnc070.mcc901.3gppnetwork.org"<br> NAS-Port-Id = "ap_hotspot"<br> NAS-Port-Type = Wireless-802.11<br> Acct-Session-Id = "82400001"<br> Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-40-00-00-00-00-00-01"<br> Calling-Station-Id = "A8-7E-33-3E-9C-5B"<br> Called-Station-Id = "00-0C-42-64-41-9D:YANN"<br> EAP-Message = 0x02010038013139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f7267<br> Message-Authenticator = 0xb66e4f2652fec781e4c71b6dbd20b389<br> NAS-Identifier = "MT_Yann"<br> NAS-IP-Address = 192.168.10.212<br># Executing section authorize from file /etc/freeradius/sites-enabled/default<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>++[digest] returns noop<br>[suffix] Looking up realm "wlan.mnc070.mcc901.3gppnetwork.org" for User-Name = "1901700000000653@wlan.mnc070.mcc901.3gppnetwork.org"<br>[suffix] Found realm "~.*.3gppnetwork.org$"<br>[suffix] Adding Stripped-User-Name = "1901700000000653"<br>[suffix] Adding Realm = "wlan.mnc070.mcc901.3gppnetwork.org"<br>[suffix] Authentication realm is LOCAL.<br>++[suffix] returns ok<br>rlm_sim_files: authorized user/imsi 1901700000000653 <br>rlm_sim_files: Adding EAP-Type: eap-sim<br>++[sim_files] returns ok<br>[eap] EAP packet type response id 1 length 56<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[files] returns noop<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>++[pap] returns noop<br>Found Auth-Type = EAP<br># Executing group from file /etc/freeradius/sites-enabled/default<br>+- entering group authenticate {...}<br>[eap] EAP Identity<br>[eap] processing type sim<br>[eap] Underlying EAP-Type set EAP ID to 4<br>++[eap] returns handled<br>Sending Access-Challenge of id 6 to 192.168.10.212 port 49529<br> EAP-Message = 0x01040014120a00000f0200020001000011010100<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xf69e9f4cf69a8d1d0990f37eaa6db462<br>Finished request 0.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 192.168.10.212 port 34603, id=7, length=358<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "1901700000000653@wlan.mnc070.mcc901.3gppnetwork.org"<br> State = 0xf69e9f4cf69a8d1d0990f37eaa6db462<br> NAS-Port-Id = "ap_hotspot"<br> NAS-Port-Type = Wireless-802.11<br> Acct-Session-Id = "82400001"<br> Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-40-00-00-00-00-00-01"<br> Calling-Station-Id = "A8-7E-33-3E-9C-5B"<br> Called-Station-Id = "00-0C-42-64-41-9D:YANN"<br> EAP-Message = 0x02040058120a00000705000097d3fd9e1c4410fa64112b4b80057c3d100100010e0e00333139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f726700<br> Message-Authenticator = 0x741ccd1cadf88aea68338a49b9e65500<br> NAS-Identifier = "MT_Yann"<br> NAS-IP-Address = 192.168.10.212<br># Executing section authorize from file /etc/freeradius/sites-enabled/default<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>++[digest] returns noop<br>[suffix] Looking up realm "wlan.mnc070.mcc901.3gppnetwork.org" for User-Name = "1901700000000653@wlan.mnc070.mcc901.3gppnetwork.org"<br>[suffix] Found realm "~.*.3gppnetwork.org$"<br>[suffix] Adding Stripped-User-Name = "1901700000000653"<br>[suffix] Adding Realm = "wlan.mnc070.mcc901.3gppnetwork.org"<br>[suffix] Authentication realm is LOCAL.<br>++[suffix] returns ok<br>rlm_sim_files: authorized user/imsi 1901700000000653 <br>rlm_sim_files: Adding EAP-Type: eap-sim<br>++[sim_files] returns ok<br>[eap] EAP packet type response id 4 length 88<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[files] returns noop<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>++[pap] returns noop<br>Found Auth-Type = EAP<br># Executing group from file /etc/freeradius/sites-enabled/default<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/sim<br>[eap] processing type sim<br>+++> EAP-sim decoded packet:<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "1901700000000653@wlan.mnc070.mcc901.3gppnetwork.org"<br> State = 0xf69e9f4cf69a8d1d0990f37eaa6db462<br> NAS-Port-Id = "ap_hotspot"<br> NAS-Port-Type = Wireless-802.11<br> Acct-Session-Id = "82400001"<br> Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-40-00-00-00-00-00-01"<br> Calling-Station-Id = "A8-7E-33-3E-9C-5B"<br> Called-Station-Id = "00-0C-42-64-41-9D:YANN"<br> EAP-Message = 0x02040058120a00000705000097d3fd9e1c4410fa64112b4b80057c3d100100010e0e00333139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f726700<br> Message-Authenticator = 0x741ccd1cadf88aea68338a49b9e65500<br> NAS-Identifier = "MT_Yann"<br> NAS-IP-Address = 192.168.10.212<br> Stripped-User-Name = "1901700000000653"<br> Realm = "wlan.mnc070.mcc901.3gppnetwork.org"<br> EAP-Type = SIM<br> EAP-Sim-Subtype = Start<br> EAP-Sim-NONCE_MT = 0x000097d3fd9e1c4410fa64112b4b80057c3d<br> EAP-Sim-SELECTED_VERSION = 0x0001<br> EAP-Sim-IDENTITY = 0x3139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f7267<br>[eap] Underlying EAP-Type set EAP ID to 5<br>++[eap] returns handled<br>Sending Access-Challenge of id 7 to 192.168.10.212 port 34603<br> EAP-Message = 0x01050050120b0000010d00000123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0b050000095b748dc49685f14ee126dd201a6787<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xf69e9f4cf79b8d1d0990f37eaa6db462<br>Finished request 1.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 192.168.10.212 port 47748, id=8, length=282<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "1901700000000653@wlan.mnc070.mcc901.3gppnetwork.org"<br> State = 0xf69e9f4cf79b8d1d0990f37eaa6db462<br> NAS-Port-Id = "ap_hotspot"<br> NAS-Port-Type = Wireless-802.11<br> Acct-Session-Id = "82400001"<br> Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-40-00-00-00-00-00-01"<br> Calling-Station-Id = "A8-7E-33-3E-9C-5B"<br> Called-Station-Id = "00-0C-42-64-41-9D:YANN"<br> EAP-Message = 0x0205000c120e000016010000<br> Message-Authenticator = 0x67afd2e2a3861afd4c460375757d1fdd<br> NAS-Identifier = "MT_Yann"<br> NAS-IP-Address = 192.168.10.212<br># Executing section authorize from file /etc/freeradius/sites-enabled/default<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>++[digest] returns noop<br>[suffix] Looking up realm "wlan.mnc070.mcc901.3gppnetwork.org" for User-Name = "1901700000000653@wlan.mnc070.mcc901.3gppnetwork.org"<br>[suffix] Found realm "~.*.3gppnetwork.org$"<br>[suffix] Adding Stripped-User-Name = "1901700000000653"<br>[suffix] Adding Realm = "wlan.mnc070.mcc901.3gppnetwork.org"<br>[suffix] Authentication realm is LOCAL.<br>++[suffix] returns ok<br>rlm_sim_files: authorized user/imsi 1901700000000653 <br>rlm_sim_files: Adding EAP-Type: eap-sim<br>++[sim_files] returns ok<br>[eap] EAP packet type response id 5 length 12<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[files] returns noop<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>++[pap] returns noop<br>Found Auth-Type = EAP<br># Executing group from file /etc/freeradius/sites-enabled/default<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/sim<br>[eap] processing type sim<br>Client says error. Stopping!<br>[eap] Handler failed in EAP/sim<br>[eap] Failed in EAP select<br>++[eap] returns invalid<br>Failed to authenticate the user.<br>Using Post-Auth-Type REJECT<br># Executing group from file /etc/freeradius/sites-enabled/default<br>+- entering group REJECT {...}<br>[attr_filter.access_reject] expand: %{User-Name} -> 1901700000000653@wlan.mnc070.mcc901.3gppnetwork.org<br>attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>Delaying reject of request 2 for 1 seconds<br>Going to the next request<br>Waking up in 0.9 seconds.<br>rad_recv: Access-Request packet from host 192.168.10.212 port 47748, id=8, length=282<br>Waiting to send Access-Reject to client bips_bk port 47748 - ID: 8<br>Waking up in 0.6 seconds.<br>rad_recv: Access-Request packet from host 192.168.10.212 port 47748, id=8, length=282<br>Waiting to send Access-Reject to client bips_bk port 47748 - ID: 8<br>Waking up in 0.3 seconds.<br>Cleaning up request 0 ID 6 with timestamp +20<br>Cleaning up request 1 ID 7 with timestamp +20<br>Sending delayed reject for request 2<br>Sending Access-Reject of id 8 to 192.168.10.212 port 47748<br> EAP-Message = 0x04050004<br> Message-Authenticator = 0x00000000000000000000000000000000<br>Waking up in 4.9 seconds.<br>Cleaning up request 2 ID 8 with timestamp +24<br>Ready to process requests.<br><br>- - - - - - - - - -- - - - - - - - - <br><br>are there any extra requirements on the RAND number except that they must be 128 byte long ?<br><br>I'm trying to make another fix with the patch now.<br><br>Yann<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br> </div></body>
</html>