<div dir="ltr"><div><div><div><div><div>Hi IIiya,<br></div>thanx for your quick response<br><br></div>here is my log debug<br><br>
<p class=""><span lang="IN">rad_recv: Access-Request packet from host
192.168.2.1 port 2048, id=0, length=215</span></p>
<p class=""><span lang="IN"><span style> </span>User-Name
= "<a href="mailto:1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org">1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org</a>"</span></p>
<p class=""><span lang="IN"><span style> </span>NAS-IP-Address
= 192.168.2.1</span></p>
<p class=""><span lang="IN"><span style> </span>Called-Station-Id
= "48f8b315461a"</span></p>
<p class=""><span lang="IN"><span style> </span>Calling-Station-Id
= "1814563e5189"</span></p>
<p class=""><span lang="IN"><span style> </span>NAS-Identifier
= "48f8b315461a"</span></p>
<p class=""><span lang="IN"><span style> </span>NAS-Port
= 38</span></p>
<p class=""><span lang="IN"><span style> </span>Framed-MTU
= 1400</span></p>
<p class=""><span lang="IN"><span style> </span>NAS-Port-Type
= Wireless-802.11</span></p>
<p class=""><span lang="IN"><span style> </span>EAP-Message
=
0x02000038013135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267</span></p>
<p class=""><span lang="IN"><span style> </span>Message-Authenticator
= 0x1e692ae9b93631a0f54bda0997d713f2</span></p>
<p class=""><span lang="IN"># Executing section authorize from file /etc/freeradius/sites-enabled/default</span></p>
<p class=""><span lang="IN">+- entering group authorize {...}</span></p>
<p class=""><span lang="IN">++[preprocess] returns ok</span></p>
<p class=""><span lang="IN">++[chap] returns noop</span></p>
<p class=""><span lang="IN">++[mschap] returns noop</span></p>
<p class=""><span lang="IN">++[digest] returns noop</span></p>
<p class=""><span lang="IN">[suffix] Looking up realm
"<a href="http://wlan.mnc001.mcc510.3gppnetwork.org">wlan.mnc001.mcc510.3gppnetwork.org</a>" for User-Name = "<a href="mailto:1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org">1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org</a>"</span></p>
<p class=""><span lang="IN">[suffix] No such realm
"<a href="http://wlan.mnc001.mcc510.3gppnetwork.org">wlan.mnc001.mcc510.3gppnetwork.org</a>"</span></p>
<p class=""><span lang="IN">++[suffix] returns noop</span></p>
<p class=""><span lang="IN">rlm_sim_files: authorized user/imsi
<a href="mailto:1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org">1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org</a></span></p>
<p class=""><span lang="IN">rlm_sim_files: Adding EAP-Type: eap-sim</span></p>
<p class=""><span lang="IN">++[sim_files] returns ok</span></p>
<p class=""><span lang="IN">[eap] EAP packet type response id 0 length 56</span></p>
<p class=""><span lang="IN">[eap] No EAP Start, assuming it's an on-going
EAP conversation</span></p>
<p class=""><span lang="IN">++[eap] returns updated</span></p>
<p class=""><span lang="IN">[files] users: Matched entry
<a href="mailto:1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org">1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org</a> at line 1</span></p>
<p class=""><span lang="IN">++[files] returns ok</span></p>
<p class=""><span lang="IN">++[sql] returns notfound</span></p>
<p class=""><span lang="IN">++[expiration] returns noop</span></p>
<p class=""><span lang="IN">++[logintime] returns noop</span></p>
<p class=""><span lang="IN">[pap] WARNING! No "known good"
password found for the user.<span style>
</span>Authentication may fail because of this.</span></p>
<p class=""><span lang="IN">++[pap] returns noop</span></p>
<p class=""><span lang="IN">Found Auth-Type = EAP</span></p>
<p class=""><span lang="IN"># Executing group from file
/etc/freeradius/sites-enabled/default</span></p>
<p class=""><span lang="IN">+- entering group authenticate {...}</span></p>
<p class=""><span lang="IN">[eap] EAP Identity</span></p>
<p class=""><span lang="IN">[eap] processing type sim</span></p>
<p class=""><span lang="IN">[eap] Underlying EAP-Type set EAP ID to 116</span></p>
<p class=""><span lang="IN">++[eap] returns handled</span></p>
<p class=""><span lang="IN">Sending Access-Challenge of id 0 to 192.168.2.1
port 2048</span></p>
<p class=""><span lang="IN"><span style> </span>EAP-Message
= 0x01740014120a00000f0200020001000011010100</span></p>
<p class=""><span lang="IN"><span style> </span>Message-Authenticator
= 0x00000000000000000000000000000000</span></p>
<p class=""><span lang="IN"><span style> </span>State
= 0x2e42338f2e362191820b0799859172e9</span></p>
<p class=""><span lang="IN">Finished request 0.</span></p>
<p class=""><span lang="IN">Going to the next request</span></p>
<p class=""><span lang="IN">Waking up in 4.9 seconds.</span></p>
<p class=""><span lang="IN">rad_recv: Access-Request packet from host
192.168.2.1 port 2048, id=0, length=265</span></p>
<p class=""><span lang="IN">Cleaning up request 0 ID 0 with timestamp +10</span></p>
<p class=""><span lang="IN"><span style> </span>User-Name
= "<a href="mailto:1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org">1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org</a>"</span></p>
<p class=""><span lang="IN"><span style> </span>NAS-IP-Address
= 192.168.2.1</span></p>
<p class=""><span lang="IN"><span style> </span>Called-Station-Id
= "48f8b315461a"</span></p>
<p class=""><span lang="IN"><span style> </span>Calling-Station-Id
= "1814563e5189"</span></p>
<p class=""><span lang="IN"><span style> </span>NAS-Identifier
= "48f8b315461a"</span></p>
<p class=""><span lang="IN"><span style> </span>NAS-Port
= 38</span></p>
<p class=""><span lang="IN"><span style> </span>Framed-MTU
= 1400</span></p>
<p class=""><span lang="IN"><span style> </span>State
= 0x2e42338f2e362191820b0799859172e9</span></p>
<p class=""><span lang="IN"><span style> </span>NAS-Port-Type
= Wireless-802.11</span></p>
<p class=""><span lang="IN"><span style> </span>EAP-Message
=
0x02740058120a000007050000c857b63e06e1bb7341a729ea36de8804100100010e0e00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700</span></p>
<p class=""><span lang="IN"><span style> </span>Message-Authenticator
= 0x4228372d93c4496516a4c62a6b0d1f84</span></p>
<p class=""><span lang="IN"># Executing section authorize from file
/etc/freeradius/sites-enabled/default</span></p>
<p class=""><span lang="IN">+- entering group authorize {...}</span></p>
<p class=""><span lang="IN">++[preprocess] returns ok</span></p>
<p class=""><span lang="IN">++[chap] returns noop</span></p>
<p class=""><span lang="IN">++[mschap] returns noop</span></p>
<p class=""><span lang="IN">++[digest] returns noop</span></p>
<p class=""><span lang="IN">[suffix] Looking up realm
"<a href="http://wlan.mnc001.mcc510.3gppnetwork.org">wlan.mnc001.mcc510.3gppnetwork.org</a>" for User-Name =
"<a href="mailto:1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org">1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org</a>"</span></p>
<p class=""><span lang="IN">[suffix] No such realm
"<a href="http://wlan.mnc001.mcc510.3gppnetwork.org">wlan.mnc001.mcc510.3gppnetwork.org</a>"</span></p>
<p class=""><span lang="IN">++[suffix] returns noop</span></p>
<p class=""><span lang="IN">rlm_sim_files: authorized user/imsi
<a href="mailto:1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org">1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org</a></span></p>
<p class=""><span lang="IN">rlm_sim_files: Adding EAP-Type: eap-sim</span></p>
<p class=""><span lang="IN">++[sim_files] returns ok</span></p>
<p class=""><span lang="IN">[eap] EAP packet type response id 116 length 88</span></p>
<p class=""><span lang="IN">[eap] No EAP Start, assuming it's an on-going
EAP conversation</span></p>
<p class=""><span lang="IN">++[eap] returns updated</span></p>
<p class=""><span lang="IN">[files] users: Matched entry
<a href="mailto:1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org">1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org</a> at line 1</span></p>
<p class=""><span lang="IN">++[files] returns ok</span></p>
<p class=""><span lang="IN"><span style> </span>[sql]
User <a href="mailto:1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org">1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org</a> not found</span></p>
<p class=""><span lang="IN">++[sql] returns notfound</span></p>
<p class=""><span lang="IN">++[expiration] returns noop</span></p>
<p class=""><span lang="IN">++[logintime] returns noop</span></p>
<p class=""><span lang="IN">[pap] WARNING! No "known good"
password found for the user.<span style>
</span>Authentication may fail because of this.</span></p>
<p class=""><span lang="IN">++[pap] returns noop</span></p>
<p class=""><span lang="IN">Found Auth-Type = EAP</span></p>
<p class=""><span lang="IN"># Executing group from file
/etc/freeradius/sites-enabled/default</span></p>
<p class=""><span lang="IN">+- entering group authenticate {...}</span></p>
<p class=""><span lang="IN">[eap] Request found, released from the list</span></p>
<p class=""><span lang="IN">[eap] EAP/sim</span></p>
<p class=""><span lang="IN">[eap] processing type sim</span></p>
<p class=""><span lang="IN">+++> EAP-sim decoded packet:</span></p>
<p class=""><span lang="IN"><span style> </span>User-Name
= "<a href="mailto:1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org">1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org</a>"</span></p>
<p class=""><span lang="IN"><span style> </span>NAS-IP-Address
= 192.168.2.1</span></p>
<p class=""><span lang="IN"><span style> </span>Called-Station-Id
= "48f8b315461a"</span></p>
<p class=""><span lang="IN"><span style> </span>Calling-Station-Id
= "1814563e5189"</span></p>
<p class=""><span lang="IN"><span style> </span>NAS-Identifier
= "48f8b315461a"</span></p>
<p class=""><span lang="IN"><span style> </span>NAS-Port
= 38</span></p>
<p class=""><span lang="IN"><span style> </span>Framed-MTU
= 1400</span></p>
<p class=""><span lang="IN"><span style> </span>State
= 0x2e42338f2e362191820b0799859172e9</span></p>
<p class=""><span lang="IN"><span style> </span>NAS-Port-Type
= Wireless-802.11</span></p>
<p class=""><span lang="IN"><span style> </span>EAP-Message
=
0x02740058120a000007050000c857b63e06e1bb7341a729ea36de8804100100010e0e00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700</span></p>
<p class=""><span lang="IN"><span style> </span>Message-Authenticator
= 0x4228372d93c4496516a4c62a6b0d1f84</span></p>
<p class=""><span lang="IN"><span style> </span>EAP-Type
= SIM</span></p>
<p class=""><span lang="IN"><span style> </span>EAP-Sim-Subtype
= Start</span></p>
<p class=""><span lang="IN"><span style> </span>EAP-Sim-NONCE_MT
= 0x0000c857b63e06e1bb7341a729ea36de8804</span></p>
<p class=""><span lang="IN"><span style> </span>EAP-Sim-SELECTED_VERSION
= 0x0001</span></p>
<p class=""><span lang="IN"><span style> </span>EAP-Sim-IDENTITY
=
0x3135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267</span></p>
<p class=""><span lang="IN">[eap] Underlying EAP-Type set EAP ID to 117</span></p>
<p class=""><span lang="IN">++[eap] returns handled</span></p>
<p class=""><span lang="IN">Sending Access-Challenge of id 0 to 192.168.2.1
port 2048</span></p>
<p class=""><span lang="IN"><span style> </span>EAP-Message
= 0x01750050120b0000010d000033c0caad1ca74b91b8c4c597a497c951ec28a5ea58bf4f7d9a15fb267c80bc6cf51e6dc5eeb149028f5cba3779f2b9160b050000128bccbc8968ba6d16040402b139d839</span></p>
<p class=""><span lang="IN"><span style> </span>Message-Authenticator
= 0x00000000000000000000000000000000</span></p>
<p class=""><span lang="IN"><span style> </span>State
= 0x2e42338f2f372191820b0799859172e9</span></p>
<p class=""><span lang="IN">Finished request 1.</span></p>
<p class=""><span lang="IN">Going to the next request</span></p>
<p class=""><span lang="IN">Waking up in 4.9 seconds.</span></p>
<p class=""><span lang="IN">rad_recv: Access-Request packet from host
192.168.2.1 port 2048, id=0, length=205</span></p>
<p class=""><span lang="IN">Cleaning up request 1 ID 0 with timestamp +10</span></p>
<p class=""><span lang="IN"><span style> </span>User-Name
= "<a href="mailto:1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org">1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org</a>"</span></p>
<p class=""><span lang="IN"><span style> </span>NAS-IP-Address
= 192.168.2.1</span></p>
<p class=""><span lang="IN"><span style> </span>Called-Station-Id
= "48f8b315461a"</span></p>
<p class=""><span lang="IN"><span style> </span>Calling-Station-Id
= "1814563e5189"</span></p>
<p class=""><span lang="IN"><span style> </span>NAS-Identifier
= "48f8b315461a"</span></p>
<p class=""><span lang="IN"><span style> </span>NAS-Port
= 38</span></p>
<p class=""><span lang="IN"><span style> </span>Framed-MTU
= 1400</span></p>
<p class=""><span lang="IN"><span style> </span>State
= 0x2e42338f2f372191820b0799859172e9</span></p>
<p class=""><span lang="IN"><span style> </span>NAS-Port-Type
= Wireless-802.11</span></p>
<p class=""><span lang="IN"><span style> </span>EAP-Message
= 0x0275001c120b00000b050000fe0ad02adb05fa535c5e7beaa8810f69</span></p>
<p class=""><span lang="IN"><span style> </span>Message-Authenticator
= 0x17809a1e9fcb50736607e844ac964694</span></p>
<p class=""><span lang="IN"># Executing section authorize from file
/etc/freeradius/sites-enabled/default</span></p>
<p class=""><span lang="IN">+- entering group authorize {...}</span></p>
<p class=""><span lang="IN">++[preprocess] returns ok</span></p>
<p class=""><span lang="IN">++[chap] returns noop</span></p>
<p class=""><span lang="IN">++[mschap] returns noop</span></p>
<p class=""><span lang="IN">++[digest] returns noop</span></p>
<p class=""><span lang="IN">[suffix] Looking up realm
"<a href="http://wlan.mnc001.mcc510.3gppnetwork.org">wlan.mnc001.mcc510.3gppnetwork.org</a>" for User-Name =
"<a href="mailto:1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org">1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org</a>"</span></p>
<p class=""><span lang="IN">[suffix] No such realm
"<a href="http://wlan.mnc001.mcc510.3gppnetwork.org">wlan.mnc001.mcc510.3gppnetwork.org</a>"</span></p>
<p class=""><span lang="IN">++[suffix] returns noop</span></p>
<p class=""><span lang="IN">rlm_sim_files: authorized user/imsi
<a href="mailto:1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org">1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org</a></span></p>
<p class=""><span lang="IN">rlm_sim_files: Adding EAP-Type: eap-sim</span></p>
<p class=""><span lang="IN">++[sim_files] returns ok</span></p>
<p class=""><span lang="IN">[eap] EAP packet type response id 117 length 28</span></p>
<p class=""><span lang="IN">[eap] No EAP Start, assuming it's an on-going
EAP conversation</span></p>
<p class=""><span lang="IN">++[eap] returns updated</span></p>
<p class=""><span lang="IN">[files] users: Matched entry
<a href="mailto:1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org">1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org</a> at line 1</span></p>
<p class=""><span lang="IN">++[files] returns ok</span></p>
<p class=""><span lang="IN">++[sql] returns notfound</span></p>
<p class=""><span lang="IN">++[expiration] returns noop</span></p>
<p class=""><span lang="IN">++[logintime] returns noop</span></p>
<p class=""><span lang="IN">[pap] WARNING! No "known good"
password found for the user.<span style>
</span>Authentication may fail because of this.</span></p>
<p class=""><span lang="IN">++[pap] returns noop</span></p>
<p class=""><span lang="IN">Found Auth-Type = EAP</span></p>
<p class=""><span lang="IN"># Executing group from file
/etc/freeradius/sites-enabled/default</span></p>
<p class=""><span lang="IN">+- entering group authenticate {...}</span></p>
<p class=""><span lang="IN">[eap] Request found, released from the list</span></p>
<p class=""><span lang="IN">[eap] EAP/sim</span></p>
<p class=""><span lang="IN">[eap] processing type sim</span></p>
<p class=""><span lang="IN">MAC check succeed</span></p>
<p class=""><span lang="IN">[eap] Underlying EAP-Type set EAP ID to 118</span></p>
<p class=""><span lang="IN">[eap] Freeing handler</span></p>
<p class=""><span lang="IN">++[eap] returns ok</span></p>
<p class=""><span lang="IN"># Executing section post-auth from file
/etc/freeradius/sites-enabled/default</span></p>
<p class=""><span lang="IN">+- entering group post-auth {...}</span></p>
<p class=""><span lang="IN">++[sql] returns ok</span></p>
<p class=""><span lang="IN">++[exec] returns noop</span></p>
<p class=""><span lang="IN">Sending Access-Accept of id 0 to 192.168.2.1
port 2048</span></p>
<p class=""><span lang="IN"><span style> </span>MS-MPPE-Recv-Key
= 0x9d0b6b0a9151822473399a9fed44e8f0d74df083532a7d437e436f60866252d8</span></p>
<p class=""><span lang="IN"><span style> </span>MS-MPPE-Send-Key
= 0xebf07da25ca3cd97267d1fc6a1ce18d68ad2737902f610284bdb45c6eed0cb7f</span></p>
<p class=""><span lang="IN"><span style> </span>EAP-Message
= 0x03760004</span></p>
<p class=""><span lang="IN"><span style> </span>Message-Authenticator
= 0x00000000000000000000000000000000</span></p>
<p class=""><span lang="IN"><span style> </span>User-Name
= "<a href="mailto:1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org">1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org</a>"</span></p>
<p class=""><span lang="IN">Finished request 2.</span></p>
<p class=""><span lang="IN">Going to the next request</span></p>
<p class=""><span lang="IN">Waking up in 4.9 seconds.</span></p>
<p class=""><span lang="IN">Cleaning up request 2 ID 0 with timestamp +11</span></p>
<p class=""><span lang="IN">Ready to process requests.</span></p>
<br></div>this is my log with 1 client<br><br><br></div>thanx very much for your help<br></div>best regards<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jun 20, 2013 at 2:53 PM, Iliya Peregoudov <span dir="ltr"><<a href="mailto:iperegudov@cboss.ru" target="_blank">iperegudov@cboss.ru</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 20.06.2013 8:38, raptor raptor wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
i just try one client and success but when i use another client and it fails<br>
</blockquote>
<br></div>
Post debug log if you want to diagnose authentication failure.<div class="im"><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
is it correct if i add other client in users and simtriplets.dat?<br>
</blockquote>
<br></div>
Yes, you should add auth vectors for all your SIM cards into users file, one stanza for every SIM card.<br>
<br>
If you still get "insufficient number of challenges" message then your simtriplets.dat is not relevant. Just forget about it. Auth vectors from users file are sufficient.<br>
<br>
Freeradius is very flexible. There is no one single way of correctly configure it. But there are indefinite number of ways to misconfigure it. If you prefer not to diagnose authentication failures but insert random stuff into randomly selected configuration files it's unlikely you accidentally configure it correctly.<div class="HOEnZb">
<div class="h5"><br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/<u></u>list/users.html</a><br>
</div></div></blockquote></div><br></div>