<div>Dear All,</div><div>I am trying to configure freeradius for EAP-SIM authentication, for that i compiled FreeRadius with "./configure --with-modules="rlm_sim" --with-modules="rlm_sim_files"". Freeradius is installed successfully as i have tested it using radtest, as suggested on Freeradius wikis.</div>
<div>i have installed freeradius version 2.2.0</div><div>Now in order to test EAP-SIM, i have added the below block in eap.conf file after mschapv2 block,</div><div> sim {</div><div> }</div><div><br></div><div>
I am trying to successfully run /src/tests/eapsim-03 example, i have copied the the below in users file,</div><div><br></div><div>1244070100000001@eapsim.foo Auth-Type := EAP, EAP-Type := SIM</div><div> EAP-Sim-Rand1 = 0x101112131415161718191a1b1c1d1e1f,</div>
<div> EAP-Sim-SRES1 = 0xd1d2d3d4,</div><div> EAP-Sim-Rand2 = 0x202122232425262728292a2b2c2d2e2f,</div><div> EAP-Sim-SRES2 = 0xe1e2e3e4,</div><div> EAP-Sim-Rand3 = 0x303132333435363738393a3b3c3d3e3f,</div>
<div> EAP-Sim-SRES3 = 0xf1f2f3f4,</div><div> EAP-Sim-KC1 = 0xa0a1a2a3a4a5a6a7,</div><div> EAP-Sim-KC2 = 0xb0b1b2b3b4b5b6b7,</div><div> EAP-Sim-KC3 = 0xc0c1c2c3c4c5c6c7,</div><div><br></div><div>
1232420100000015 Auth-Type := EAP, EAP-Type := SIM</div><div> EAP-Sim-Rand1 = 0x30000000000000000000000000000000,</div><div> EAP-Sim-SRES1 = 0x30112233,</div><div> EAP-Sim-KC1 = 0x445566778899AABB,</div>
<div> EAP-Sim-Rand2 = 0x31000000000000000000000000000000,</div><div> EAP-Sim-SRES2 = 0x31112233,</div><div> EAP-Sim-KC2 = 0x445566778899AABB,</div><div> EAP-Sim-Rand3 = 0x32000000000000000000000000000000,</div>
<div> EAP-Sim-SRES3 = 0x32112233,</div><div> EAP-Sim-KC3 = 0x445566778899AABB,</div><div><br></div><div>eapsim Auth-Type := EAP, EAP-Type := SIM</div><div> EAP-Sim-Rand1 = 0xabcd1234abcd1234abcd1234abcd1234,</div>
<div> EAP-Sim-SRES1 = 0x1234abcd,</div><div> EAP-Sim-KC1 = 0x0011223344556677,</div><div> EAP-Sim-Rand2 = 0xbcd1234abcd1234abcd1234abcd1234a,</div><div> EAP-Sim-SRES2 = 0x234abcd1,</div><div> EAP-Sim-KC2 = 0x1021324354657687,</div>
<div> EAP-Sim-Rand3 = 0xcd1234abcd1234abcd1234abcd1234ab,</div><div> EAP-Sim-SRES3 = 0x34abcd12,</div><div> EAP-Sim-KC3 = 0x30415263748596a7</div><div><br></div><div>but when i try to run client.sh, it gets the following logs,</div>
<div><br></div><div>Sending Access-Request packet to host 127.0.0.1 port 1812, id=64, length=0</div><div> User-Name = "eapsim"</div><div> NAS-IP-Address = 209.87.252.247</div><div> EAP-Code = Response</div>
<div> EAP-Type-Identity = 0x65617073696d</div><div> Message-Authenticator = 0x30</div><div> NAS-Port = 0</div><div> EAP-Sim-Rand1 = 0xabcd1234abcd1234abcd1234abcd1234</div><div> EAP-Sim-Rand2 = 0xbcd1234abcd1234abcd1234abcd1234a</div>
<div> EAP-Sim-Rand3 = 0xcd1234abcd1234abcd1234abcd1234ab</div><div> EAP-Sim-SRES1 = 0x1234abcd</div><div> EAP-Sim-SRES2 = 0x234abcd1</div><div> EAP-Sim-SRES3 = 0x34abcd12</div><div> EAP-Sim-KC1 = 0x0011223344556677</div>
<div> EAP-Sim-KC2 = 0x1021324354657687</div><div> EAP-Sim-KC3 = 0x30415263748596a7</div><div> EAP-Message = 0x023f000b0165617073696d</div><div>Received Access-Challenge packet from host 127.0.0.1 port 1812, id=64, length=78</div>
<div> EAP-Message = 0x01f30014120a00000f0200020001000011010100</div><div> Message-Authenticator = 0x81ffe249ace5353152e1476e8f7f890b</div><div> State = 0x9a9ec8169a6dda46839134a50c8e1d5d</div><div> EAP-Id = 243</div>
<div> EAP-Code = Request</div><div> EAP-Type-SIM = 0x0a00000f0200020001000011010100</div><div>Sending Access-Request packet to host 127.0.0.1 port 1812, id=65, length=71</div><div> User-Name = "eapsim"</div>
<div> NAS-IP-Address = 209.87.252.247</div><div> EAP-Code = Response</div><div> Message-Authenticator = 0x00000000000000000000000000000000</div><div> NAS-Port = 0</div><div> EAP-Sim-Rand1 = 0xabcd1234abcd1234abcd1234abcd1234</div>
<div> EAP-Sim-Rand2 = 0xbcd1234abcd1234abcd1234abcd1234a</div><div> EAP-Sim-Rand3 = 0xcd1234abcd1234abcd1234abcd1234ab</div><div> EAP-Sim-SRES1 = 0x1234abcd</div><div> EAP-Sim-SRES2 = 0x234abcd1</div>
<div> EAP-Sim-SRES3 = 0x34abcd12</div><div> EAP-Sim-KC1 = 0x0011223344556677</div><div> EAP-Sim-KC2 = 0x1021324354657687</div><div> EAP-Sim-KC3 = 0x30415263748596a7</div><div> EAP-Sim-State = 1</div>
<div> EAP-Sim-Subtype = Start</div><div> EAP-Sim-SELECTED_VERSION = 0x0001</div><div> EAP-Sim-NONCE_MT = 0x0000c9615ec963ada36f11bd4e81093a7271</div><div> EAP-Sim-IDENTITY = 0x000665617073696d</div>
<div> EAP-Id = 243</div><div> EAP-Message = 0x02f3002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000</div><div> State = 0x9a9ec8169a6dda46839134a50c8e1d5d</div><div>
Received Access-Challenge packet from host 127.0.0.1 port 1812, id=65, length=138</div>
<div> EAP-Message = 0x01f40050120b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b050000cd1494bcf2173b38d26c31c3872b60f9</div><div> Message-Authenticator = 0x11986571b4665594edefbf3d811efbae</div>
<div> State = 0x9a9ec8169b6ada46839134a50c8e1d5d</div><div> EAP-Id = 244</div><div> EAP-Code = Request</div><div> EAP-Type-SIM = 0x0b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b050000cd1494bcf2173b38d26c31c3872b60f9</div>
<div>Input was: </div><div> identity: (len=6)65617073696d</div><div> nonce_mt: c9615ec963ada36f11bd4e81093a7271</div><div> rand0: 00000000000000000000000000000000</div><div> rand1: 00000000000000000000000000000000</div>
<div> rand2: 00000000000000000000000000000000</div><div> sres0: 1234abcd</div><div> sres1: 234abcd1</div><div> sres2: 34abcd12</div><div> Kc0: 0011223344556677</div><div> Kc1: 1021324354657687</div><div> Kc2: 30415263748596a7</div>
<div> versionlist[2]: 0001</div><div> select 00 01</div><div><br></div><div><br></div><div>Output</div><div>mk: 8502e062_35537770_2c0a7c2c_9cfc9fc4_dc4d21d6</div><div>K_aut: b89dafa5_99422bee_db010d3a_6dcded9c</div>
<div>K_encr: d8a6df78_25d9ad9d_2535083c_33a5c1c6</div><div>msk: f5feb9c1_9dbea4dd_cd94b140_17892e4b_f96327cc</div><div> 84b16260_f0e6447b_b201018f_102b2217_bb6717c8</div><div> 351115b9_a8248f46_aa33c120_f6e5979f_b27f1c98</div>
<div> 69da98ed</div><div>emsk: 8c1c04ef_4b345a29_50980817_563fc216_844d8e0d</div><div> c2e4bc15_886523be_2e149835_ef850c3e_076722dc</div><div> e27926e8_d01d1929_3da147a1_62833433_391b8a9a</div>
<div> 20711dd2</div><div>calculated MAC (c412722f_ab82c18d_f5404f45_da872e93_cd950d07 did not match</div><div>Sending Access-Request packet to host 127.0.0.1 port 1812, id=66, length=122</div><div> User-Name = "eapsim"</div>
<div> NAS-IP-Address = 209.87.252.247</div><div> EAP-Code = Response</div><div> Message-Authenticator = 0x00000000000000000000000000000000</div><div> NAS-Port = 0</div><div> EAP-Sim-Rand1 = 0xabcd1234abcd1234abcd1234abcd1234</div>
<div> EAP-Sim-Rand2 = 0xbcd1234abcd1234abcd1234abcd1234a</div><div> EAP-Sim-Rand3 = 0xcd1234abcd1234abcd1234abcd1234ab</div><div> EAP-Sim-SRES1 = 0x1234abcd</div><div> EAP-Sim-SRES2 = 0x234abcd1</div>
<div> EAP-Sim-SRES3 = 0x34abcd12</div><div> EAP-Sim-KC1 = 0x0011223344556677</div><div> EAP-Sim-KC2 = 0x1021324354657687</div><div> EAP-Sim-KC3 = 0x30415263748596a7</div><div> EAP-Sim-State = 0</div>
<div> EAP-Sim-Subtype = Start</div><div> EAP-Sim-SELECTED_VERSION = 0x0001</div><div> EAP-Sim-NONCE_MT = 0x0000c9615ec963ada36f11bd4e81093a7271</div><div> EAP-Sim-IDENTITY = 0x000665617073696d</div>
<div> EAP-Id = 244</div><div> State = 0x9a9ec8169b6ada46839134a50c8e1d5d</div><div> EAP-Message = 0x02f4002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000</div><div>
Received Access-Challenge packet from host 127.0.0.1 port 1812, id=66, length=138</div>
<div> EAP-Message = 0x01f50050120b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b0500006a93d1ff0e02e0b507f2940ce8e59251</div><div> Message-Authenticator = 0x6c9b33feb4d0851ed9d2c72e94640cc2</div>
<div> State = 0x9a9ec816986bda46839134a50c8e1d5d</div><div> EAP-Id = 245</div><div> EAP-Code = Request</div><div> EAP-Type-SIM = 0x0b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b0500006a93d1ff0e02e0b507f2940ce8e59251</div>
<div>radeapclient: sim in state init message challenge is illegal. Reply dropped.</div><div><br></div><div>---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</div>
<div>This is the eapsim-in.txt file used in client.sh script</div><div><br></div><div><br></div><div>User-Name = "eapsim"</div><div>NAS-IP-Address = <a href="http://marajade.sandelman.ottawa.on.ca" target="_blank">marajade.sandelman.ottawa.on.ca</a></div>
<div>EAP-Code = Response</div><div>EAP-Type-Identity = "eapsim"</div><div>Message-Authenticator = 0</div><div>NAS-Port = 0</div><div>EAP-Sim-Rand1 = 0xabcd1234abcd1234abcd1234abcd1234</div><div>EAP-Sim-Rand2 = 0xbcd1234abcd1234abcd1234abcd1234a</div>
<div>EAP-Sim-Rand3 = 0xcd1234abcd1234abcd1234abcd1234ab</div><div>EAP-Sim-Sres1 = 0x1234abcd</div><div>EAP-Sim-Sres2 = 0x234abcd1</div><div>EAP-Sim-Sres3 = 0x34abcd12</div><div>EAP-Sim-KC1 = 0x0011223344556677</div><div>
EAP-Sim-KC2 = 0x1021324354657687</div>
<div>EAP-Sim-KC3 = 0x30415263748596a7</div><div><br></div><div>--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</div>
<div><br></div><div><br></div><div>while on radius debugging console, it says</div><div><br></div><div><br></div><div>rad_recv: Access-Request packet from host 127.0.0.1 port 29859, id=64, length=71</div><div> User-Name = "eapsim"</div>
<div> NAS-IP-Address = 209.87.252.247</div><div> Message-Authenticator = 0xcdbcb987fbfe7846c70edb63de2af9bb</div><div> NAS-Port = 0</div><div> EAP-Message = 0x023f000b0165617073696d</div><div>
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default</div>
<div>+- entering group authorize {...}</div><div>++[preprocess] returns ok</div><div>++[chap] returns noop</div><div>++[mschap] returns noop</div><div>++[digest] returns noop</div><div>[suffix] No '@' in User-Name = "eapsim", looking up realm NULL</div>
<div>[suffix] No such realm "NULL"</div><div>++[suffix] returns noop</div><div>can not open /usr/local/etc/raddb/simtriplets.dat: No such file or directory</div><div>++[sim_files] returns notfound</div><div>[eap] EAP packet type response id 63 length 11</div>
<div>[eap] No EAP Start, assuming it's an on-going EAP conversation</div><div>++[eap] returns updated</div><div>[files] users: Matched entry eapsim at line 24</div><div>++[files] returns ok</div><div>++[expiration] returns noop</div>
<div>++[logintime] returns noop</div><div>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.</div><div>++[pap] returns noop</div><div>Found Auth-Type = EAP</div>
<div># Executing group from file /usr/local/etc/raddb/sites-enabled/default</div><div>+- entering group authenticate {...}</div><div>[eap] EAP Identity</div><div>[eap] processing type sim</div><div>[eap] Underlying EAP-Type set EAP ID to 243</div>
<div>++[eap] returns handled</div><div>Sending Access-Challenge of id 64 to 127.0.0.1 port 29859</div><div> EAP-Message = 0x01f30014120a00000f0200020001000011010100</div><div> Message-Authenticator = 0x00000000000000000000000000000000</div>
<div> State = 0x9a9ec8169a6dda46839134a50c8e1d5d</div><div>Finished request 0.</div><div>Going to the next request</div><div>Waking up in 4.9 seconds.</div><div>rad_recv: Access-Request packet from host 127.0.0.1 port 29859, id=65, length=122</div>
<div> User-Name = "eapsim"</div><div> NAS-IP-Address = 209.87.252.247</div><div> Message-Authenticator = 0xa62ac94a97d1f99105aef11ea7f7f802</div><div> NAS-Port = 0</div><div> EAP-Message = 0x02f3002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000</div>
<div> State = 0x9a9ec8169a6dda46839134a50c8e1d5d</div><div># Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default</div><div>+- entering group authorize {...}</div><div>++[preprocess] returns ok</div>
<div>++[chap] returns noop</div><div>++[mschap] returns noop</div><div>++[digest] returns noop</div><div>[suffix] No '@' in User-Name = "eapsim", looking up realm NULL</div><div>[suffix] No such realm "NULL"</div>
<div>++[suffix] returns noop</div><div>can not open /usr/local/etc/raddb/simtriplets.dat: No such file or directory</div><div>++[sim_files] returns notfound</div><div>[eap] EAP packet type response id 243 length 44</div>
<div>
[eap] No EAP Start, assuming it's an on-going EAP conversation</div><div>++[eap] returns updated</div><div>[files] users: Matched entry eapsim at line 24</div><div>++[files] returns ok</div><div>++[expiration] returns noop</div>
<div>++[logintime] returns noop</div><div>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.</div><div>++[pap] returns noop</div><div>Found Auth-Type = EAP</div>
<div># Executing group from file /usr/local/etc/raddb/sites-enabled/default</div><div>+- entering group authenticate {...}</div><div>[eap] Request found, released from the list</div><div>[eap] EAP/sim</div><div>[eap] processing type sim</div>
<div>+++> EAP-sim decoded packet:</div><div> User-Name = "eapsim"</div><div> NAS-IP-Address = 209.87.252.247</div><div> Message-Authenticator = 0xa62ac94a97d1f99105aef11ea7f7f802</div><div>
NAS-Port = 0</div><div> EAP-Message = 0x02f3002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000</div><div> State = 0x9a9ec8169a6dda46839134a50c8e1d5d</div><div> EAP-Type = SIM</div>
<div> EAP-Sim-Subtype = Start</div><div> EAP-Sim-SELECTED_VERSION = 0x0001</div><div> EAP-Sim-NONCE_MT = 0x0000c9615ec963ada36f11bd4e81093a7271</div><div> EAP-Sim-IDENTITY = 0x000665617073696d0000</div>
<div>[eap] Underlying EAP-Type set EAP ID to 244</div><div>++[eap] returns handled</div><div>Sending Access-Challenge of id 65 to 127.0.0.1 port 29859</div><div> EAP-Message = 0x01f40050120b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b050000cd1494bcf2173b38d26c31c3872b60f9</div>
<div> Message-Authenticator = 0x00000000000000000000000000000000</div><div> State = 0x9a9ec8169b6ada46839134a50c8e1d5d</div><div>Finished request 1.</div><div>Going to the next request</div><div>Waking up in 4.9 seconds.</div>
<div>rad_recv: Access-Request packet from host 127.0.0.1 port 29859, id=66, length=122</div><div> User-Name = "eapsim"</div><div> NAS-IP-Address = 209.87.252.247</div><div> Message-Authenticator = 0x0066414e52eb81de434cb323e73182dc</div>
<div> NAS-Port = 0</div><div> State = 0x9a9ec8169b6ada46839134a50c8e1d5d</div><div> EAP-Message = 0x02f4002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000</div><div>
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default</div>
<div>+- entering group authorize {...}</div><div>++[preprocess] returns ok</div><div>++[chap] returns noop</div><div>++[mschap] returns noop</div><div>++[digest] returns noop</div><div>[suffix] No '@' in User-Name = "eapsim", looking up realm NULL</div>
<div>[suffix] No such realm "NULL"</div><div>++[suffix] returns noop</div><div>can not open /usr/local/etc/raddb/simtriplets.dat: No such file or directory</div><div>++[sim_files] returns notfound</div><div>[eap] EAP packet type response id 244 length 44</div>
<div>[eap] No EAP Start, assuming it's an on-going EAP conversation</div><div>++[eap] returns updated</div><div>[files] users: Matched entry eapsim at line 24</div><div>++[files] returns ok</div><div>++[expiration] returns noop</div>
<div>++[logintime] returns noop</div><div>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.</div><div>++[pap] returns noop</div><div>Found Auth-Type = EAP</div>
<div># Executing group from file /usr/local/etc/raddb/sites-enabled/default</div><div>+- entering group authenticate {...}</div><div>[eap] Request found, released from the list</div><div>[eap] EAP/sim</div><div>[eap] processing type sim</div>
<div>+++> EAP-sim decoded packet:</div><div> User-Name = "eapsim"</div><div> NAS-IP-Address = 209.87.252.247</div><div> Message-Authenticator = 0x0066414e52eb81de434cb323e73182dc</div><div>
NAS-Port = 0</div><div> State = 0x9a9ec8169b6ada46839134a50c8e1d5d</div><div> EAP-Message = 0x02f4002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000</div><div> EAP-Type = SIM</div>
<div> EAP-Sim-Subtype = Start</div><div> EAP-Sim-SELECTED_VERSION = 0x0001</div><div> EAP-Sim-NONCE_MT = 0x0000c9615ec963ada36f11bd4e81093a7271</div><div> EAP-Sim-IDENTITY = 0x000665617073696d0000</div>
<div>[eap] Underlying EAP-Type set EAP ID to 245</div><div>++[eap] returns handled</div><div>Sending Access-Challenge of id 66 to 127.0.0.1 port 29859</div><div> EAP-Message = 0x01f50050120b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b0500006a93d1ff0e02e0b507f2940ce8e59251</div>
<div> Message-Authenticator = 0x00000000000000000000000000000000</div><div> State = 0x9a9ec816986bda46839134a50c8e1d5d</div><div>Finished request 2.</div><div>Going to the next request</div><div>Waking up in 4.9 seconds.</div>
<div>Cleaning up request 0 ID 64 with timestamp +9</div><div>Cleaning up request 1 ID 65 with timestamp +9</div><div>Cleaning up request 2 ID 66 with timestamp +9</div><div>Ready to process requests.</div><div><br></div>
<div>
<br></div><div><br></div><div><br></div><div><br></div><div>Can anybody help me to identify where i am going wrong, and what are the missing steps here.</div><div><br></div><div>Thanks in Advance.</div>