<div dir="ltr"><div><div><div><div><div><div><div> <div class=""><div class=""><img id=":0_26-e" name=":0" src="https://ssl.gstatic.com/ui/v1/icons/mail/profile_mask2.png" class="" style="background-color: rgb(164, 194, 244);"></div>
</div><span name="Iliya Peregoudov" class="">Iliya Peregoudov wite :<br><br>1.<br></span></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">rlm_sim_files: insufficient number of challenges for imsi<br>
1510019760806391: 0<br>
++[sim_files] returns notfound<br>
</blockquote>
<br>
It's strange that rlm_sim_files was unable to find auth vectors.<br>
Ensure that simtriplets.dat has UNIX line endings (LF, not CRLF).<br><br></div>i'm sorry i dont understand about LF UNIX line ending, could you show me what should i do to simtriplets.dat format?<br></div>is there any mistake?<br>
<br>2.<br>Your users format is ok: 16-octet RAND, 4-octet SRES, 8-octet Kc.<br>
<br>
Auth vectors in users file differ from those in simtriplets.dat. You
cannot use arbitrary auth vectors. EAP-SIM is mutual authentication
protocol. UE checks that AAA knows correct auth vectors when
Request/SIM/Challenge received before sending Response/SIM/Challenge.<br><br></div>i got that format in /src/tests/eapsim-03/users-example.txt<br></div>what should i fill in Rand1 attribute?<br><br></div>thanx for your advice<br>
</div>best regard<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Jun 10, 2013 at 5:29 PM, Iliya Peregoudov <span dir="ltr"><<a href="mailto:iperegudov@cboss.ru" target="_blank">iperegudov@cboss.ru</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 09.06.2013 5:34, raptor raptor wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
simtriplets.dat format that i wite:<br>
<br>
1<imsi>,<RAND>,<SRES>,<Kc><br>
1510019760806391,<u></u>AAC0FAFDC47D4524AC9E2A3D51BDBA<u></u>39,2A71bac3,7868589a75fdc000<br>
1510019760806391,<u></u>BF9A9F6EEB36422895D010927D7697<u></u>2C,F49dd880,3Afbcf2fA9b0a000<br>
1510019760806391,<u></u>C63837CFECD348deB119C35CFECD48<u></u>98,49312999,FD488938B6f2a000<br>
</blockquote>
<br></div>
Your simtriplets.dat format is ok.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
i add in users file:<br>
<br></div>
DEFAULTAuth-Type := EAP, EAP-Type := SIM<div class="im"><br>
EAP-Sim-Rand1 = 0x101112131415161718191a1b1c1d<u></u>1e1f,<br>
EAP-Sim-SRES1 = 0xd1d2d3d4,<br>
EAP-Sim-Rand2 = 0x202122232425262728292a2b2c2d<u></u>2e2f,<br>
EAP-Sim-SRES2 = 0xe1e2e3e4,<br>
EAP-Sim-Rand3 = 0x303132333435363738393a3b3c3d<u></u>3e3f,<br>
EAP-Sim-SRES3 = 0xf1f2f3f4,<br>
EAP-Sim-KC1 = 0xa0a1a2a3a4a5a6a7,<br>
EAP-Sim-KC2 = 0xb0b1b2b3b4b5b6b7,<br>
EAP-Sim-KC3 = 0xc0c1c2c3c4c5c6c7,<br>
</div></blockquote>
<br>
Your users format is ok: 16-octet RAND, 4-octet SRES, 8-octet Kc.<br>
<br>
Auth vectors in users file differ from those in simtriplets.dat. You cannot use arbitrary auth vectors. EAP-SIM is mutual authentication protocol. UE checks that AAA knows correct auth vectors when Request/SIM/Challenge received before sending Response/SIM/Challenge.<div class="im">
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
rlm_sim_files: insufficient number of challenges for imsi<br>
1510019760806391: 0<br>
++[sim_files] returns notfound<br>
</blockquote>
<br></div>
It's strange that rlm_sim_files was unable to find auth vectors.<br>
Ensure that simtriplets.dat has UNIX line endings (LF, not CRLF).<div class="im"><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Sending Access-Challenge of id 0 to 192.168.1.1 port 2048<br>
EAP-Message = 0x011a0014120a00000f0200020001<u></u>000011010100<br>
Message-Authenticator = 0x0000000000000000000000000000<u></u>0000<br>
State = 0x019a1a23018008ce78acd4b07bc4<u></u>c4ac<br>
</blockquote>
<br></div>
Here radiusd generates EAP Request/SIM/Start. There is no cryptography yet so UE will respond with Response/SIM/Start.<div class="im"><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
+++> EAP-sim decoded packet:<br>
User-Name = "<a href="mailto:1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">1510019760806391@wlan.mnc001.<u></u>mcc510.3gppnetwork.org</a>"<br>
NAS-IP-Address = 192.168.1.1<br>
Called-Station-Id = "48f8b315461a"<br>
Calling-Station-Id = "1814563e5189"<br>
NAS-Identifier = "48f8b315461a"<br>
NAS-Port = 38<br>
Framed-MTU = 1400<br>
State = 0x019a1a23018008ce78acd4b07bc4<u></u>c4ac<br>
NAS-Port-Type = Wireless-802.11<br>
EAP-Message =<br>
0x021a0058120a0000070500004383<u></u>7c0b63fd6c4dc3fccbebc8439b0410<u></u>0100010e0e00333135313030313937<u></u>363038303633393140776c616e2e6d<u></u>6e633030312e6d63633531302e3367<u></u>70706e6574776f726b2e6f726700<br>
Message-Authenticator = 0x441da87c8c81ad6b22b7596fba8b<u></u>9098<br>
Stripped-User-Name = "1510019760806391"<br>
Realm = "<a href="http://wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">wlan.mnc001.mcc510.<u></u>3gppnetwork.org</a>"<br>
EAP-Type = SIM<br>
EAP-Sim-Subtype = Start<br>
EAP-Sim-NONCE_MT = 0x000043837c0b63fd6c4dc3fccbeb<u></u>c8439b04<br>
EAP-Sim-SELECTED_VERSION = 0x0001<br>
EAP-Sim-IDENTITY =<br>
0x0033313531303031393736303830<u></u>3633393140776c616e2e6d6e633030<u></u>312e6d63633531302e336770706e65<u></u>74776f726b2e6f726700<br>
</blockquote>
<br></div>
This is Response/SIM/Start from UE.<div class="im"><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Sending Access-Challenge of id 0 to 192.168.1.1 port 2048<br>
EAP-Message =<br>
0x011b0050120b0000010d00001011<u></u>12131415161718191a1b1c1d1e1f20<u></u>2122232425262728292a2b2c2d2e2f<u></u>303132333435363738393a3b3c3d3e<u></u>3f0b050000fb675502a33041883129<u></u>31054f33cd1f<br>
Message-Authenticator = 0x0000000000000000000000000000<u></u>0000<br>
State = 0x019a1a23008108ce78acd4b07bc4<u></u>c4ac<br>
</blockquote>
<br></div>
Here radiusd generates EAP Request/SIM/Challenge using auth vectors from users file and NONCE_MT from Response/EAP/Start. UE will reject this EAP request (because AAA does not know correct auth vectors) and will restart EAP authentication.<div class="HOEnZb">
<div class="h5"><br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/<u></u>list/users.html</a><br>
</div></div></blockquote></div><br></div>