<div dir="ltr"><div id="yiv5140317516"><div id="yui_3_7_2_1_1375153560628_7712"><div id="yui_3_7_2_1_1375153560628_7711" style="color:rgb(0,0,0);background-color:rgb(255,255,255);font-family:times new roman,new york,times,serif;font-size:12pt">
<div id="yui_3_7_2_1_1375153560628_7717">dear guest, i have problem in eap-sim authentication.</div><div id="yui_3_7_2_1_1375153560628_7710">I'm using freeradius 2.2.0, blackberry 9220</div><div id="yui_3_7_2_1_1375153560628_7746">
here my simtripletsdat. file</div><div id="yui_3_7_2_1_1375153560628_7713">1510012660372465,AF6876E748BD46bf853A99DC2032F0A7,95762655,449177635B92bc00<br>1510012660372465,A1A9AC744E8D49819D27A79B067BCA69,257b31c6,64ff9467DEa1e400<br>
1510012660372465,603906BFD8DC404197BAC35FF1274EB3,4F41eb06,F3ce89b4FCbc0000<br>1510080332618369,23A95DB79B644a4299463F0342069A11,7775d266,B10f3eba2Bc5ed2b<br>1510080332618369,FDCE8E4F2B0B4b3086BEF230076EAD58,D9e080d9,E2aad63f711e1324<br>
1510080332618369,238100571AD1495fBCE2AD5505634E41,A40e1656,66a098a750d9cd13<br></div><div id="yui_3_7_2_1_1375153560628_7754" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">
<br></div><div id="yui_3_7_2_1_1375153560628_7756" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">here content of users file</div><div id="yui_3_7_2_1_1375153560628_7714" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">
1510080332618369 Auth-Type := EAP, EAP-Type := SIM<br> EAP-Sim-Rand1 := 0x23A95DB79B644a4299463F0342069A11,<br> EAP-Sim-SRES1 := 0x7775d266,<br> EAP-Sim-KC1 := 0xB10f3eba2Bc5ed2b,<br> EAP-Sim-Rand2 := 0xFDCE8E4F2B0B4b3086BEF230076EAD58,<br>
EAP-Sim-SRES2 := 0xD9e080d9,<br> EAP-Sim-KC2 :=
0xE2aad63f711e1324,<br> EAP-Sim-Rand3 := 0x238100571AD1495fBCE2AD5505634E41,<br> EAP-Sim-SRES3 := 0xA40e1656,<br> EAP-Sim-KC3 := 0x66a098a750d9cd13,<br><br>1510012660372465 Auth-Type := EAP, EAP-Type := sim<br>
EAP-Sim-Rand1 := 0xAF6876E748BD46bf853A99DC2032F0A7,<br> EAP-Sim-SRES1 := 0x95762655,<br> EAP-Sim-KC1 := 0x449177635B92bc00,<br> EAP-Sim-Rand2 := 0xA1A9AC744E8D49819D27A79B067BCA69,<br> EAP-Sim-SRES2 := 0x257b31c6,<br>
EAP-Sim-KC2 :=
0x64ff9467DEa1e400,<br> EAP-Sim-Rand3 := 0x603906BFD8DC404197BAC35FF1274EB3,<br> EAP-Sim-SRES3 := 0x4F41eb06,<br> EAP-Sim-KC3 := 0xF3ce89b4FCbc0000,<br><br>1510080332618369 at <a href="http://wlan.mnc080.mcc510.3gppnetwork.org">wlan.mnc080.mcc510.3gppnetwork.org</a> Auth-Type := EAP, EAP-Type := SIM<br>
EAP-Sim-Rand1 := 0x23A95DB79B644a4299463F0342069A11,<br> EAP-Sim-SRES1 := 0x7775d266,<br> EAP-Sim-KC1 := 0xB10f3eba2Bc5ed2b,<br> EAP-Sim-Rand2 := 0xFDCE8E4F2B0B4b3086BEF230076EAD58,<br> EAP-Sim-SRES2 := 0xD9e080d9,<br>
EAP-Sim-KC2 :=
0xE2aad63f711e1324,<br> EAP-Sim-Rand3 := 0x238100571AD1495fBCE2AD5505634E41,<br> EAP-Sim-SRES3 := 0xA40e1656,<br> EAP-Sim-KC3 := 0x66a098a750d9cd13<br></div><div style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">
<br></div><div style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">Already included sim_files in modules<br></div><div style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">
and sim { } in eap.conf.</div><div style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">I analyze in debug ,
the firsth authorization success (sim_files return ok status) , the
first authenticating success , the second authorization success also,<br></div><div style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">
but the problem the second authenticating is failed.</div><div style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal"><br></div><div style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">
Already read in the past list archive, but no clue .</div><div style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal"><br></div><div style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">
<br></div><div style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">Here debug of radius</div><div id="yui_3_7_2_1_1375153560628_7715" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">
Ready to process requests.<br>rad_recv: Access-Request packet from host 192.168.111.72 port 34647, id=129, length=250<br> User-Name = "<a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a>"<br>
NAS-IP-Address = 192.168.88.52<br> Called-Station-Id = "FA-1A-67-9F-E4-68:NOLSPOT-Secure"<br> NAS-Port-Type =
Wireless-802.11<br> NAS-Port = 1<br> Calling-Station-Id = "70-AA-B2-EF-8E-9D"<br> Connect-Info = "CONNECT 54Mbps 802.11g"<br> Framed-MTU = 1400<br>
EAP-Message =
0x02100038013135313030383033333236313833363940776c616e2e6d6e633038302e6d63633531302e336770706e6574776f726b2e6f7267<br> Message-Authenticator = 0xf0b7f7c3d39dd64797e1ffa08c3c078e<br># Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default<br>
+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>++[digest] returns noop<br>[suffix] Looking up realm "<a href="http://wlan.mnc080.mcc510.3gppnetwork.org">wlan.mnc080.mcc510.3gppnetwork.org</a>" for User-Name =
"<a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a>"<br>[suffix] Found realm "<a href="http://wlan.mnc080.mcc510.3gppnetwork.org">wlan.mnc080.mcc510.3gppnetwork.org</a>"<br>
[suffix] Adding Stripped-User-Name = "1510080332618369"<br>[suffix] Adding Realm = "<a href="http://wlan.mnc080.mcc510.3gppnetwork.org">wlan.mnc080.mcc510.3gppnetwork.org</a>"<br>[suffix] Authentication realm is LOCAL.<br>
++[suffix] returns ok<br>[files] users: Matched entry 1510080332618369 at line 206<br>++[files] returns ok<br>rlm_sim_files: authorized user/imsi 1510080332618369<br>rlm_sim_files: Adding EAP-Type: eap-sim<br>++[sim_files] returns ok<br>
[eap] EAP packet type response id 16 length 56<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>[sql] expand: %{User-Name} -> <a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a><br>
[sql] sql_set_user escaped user --> '<a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a>'<br>rlm_sql (sql): Reserving sql socket id: 4<br>
[sql]
expand: SELECT id, username, attribute,
value, op FROM radcheck WHERE username =
'%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
attribute, value, op FROM radcheck WHERE username =
'<a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a>' ORDER BY
id<br>[sql] expand: SELECT groupname FROM
radusergroup WHERE username = '%{SQL-User-Name}'
ORDER BY priority -> SELECT groupname FROM
radusergroup WHERE username =
'<a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a>' ORDER BY
priority<br>rlm_sql (sql): Released sql socket id: 4<br>[sql] User <a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a> not found<br>++[sql] returns notfound<br>
++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>++[pap] returns noop<br>rlm_sqlcounter: Entering module authorize code<br>
rlm_sqlcounter: Could not find Check item value pair<br>++[noresetcounter] returns noop<br>Found Auth-Type = EAP<br>Found Auth-Type = EAP<br>Warning: Found 2 auth-types on request for user '1510080332618369'<br># Executing group from file /usr/local/etc/raddb/sites-enabled/default<br>
+- entering group authenticate {...}<br>[eap] EAP
Identity<br>[eap] processing type sim<br>[eap] Underlying EAP-Type set EAP ID to 182<br>++[eap] returns handled<br>Sending Access-Challenge of id 129 to 192.168.111.72 port 34647<br> EAP-Message = 0x01b60014120a00000f0200020001000011010100<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x876b64d687dd7613c1482e3b4d19abaa<br>Finished request 0.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 192.168.111.72 port 34647, id=130, length=300<br>
User-Name = "<a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a>"<br> NAS-IP-Address = 192.168.88.52<br> Called-Station-Id =
"FA-1A-67-9F-E4-68:NOLSPOT-Secure"<br> NAS-Port-Type = Wireless-802.11<br> NAS-Port = 1<br> Calling-Station-Id = "70-AA-B2-EF-8E-9D"<br> Connect-Info = "CONNECT 54Mbps 802.11g"<br>
Framed-MTU = 1400<br>
EAP-Message =
0x02b60058120a000007050000c6fb9b6adcacba2f73e0dec777302196100100010e0e00333135313030383033333236313833363940776c616e2e6d6e633038302e6d63633531302e336770706e6574776f726b2e6f726700<br> State = 0x876b64d687dd7613c1482e3b4d19abaa<br>
Message-Authenticator = 0xf06c219eca5af618cf61099f2f79f3a4<br># Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default<br>+- entering group authorize
{...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>++[digest] returns noop<br>[suffix]
Looking up realm "<a href="http://wlan.mnc080.mcc510.3gppnetwork.org">wlan.mnc080.mcc510.3gppnetwork.org</a>" for User-Name =
"<a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a>"<br>[suffix] Found realm "<a href="http://wlan.mnc080.mcc510.3gppnetwork.org">wlan.mnc080.mcc510.3gppnetwork.org</a>"<br>
[suffix] Adding Stripped-User-Name = "1510080332618369"<br>[suffix] Adding Realm = "<a href="http://wlan.mnc080.mcc510.3gppnetwork.org">wlan.mnc080.mcc510.3gppnetwork.org</a>"<br>[suffix] Authentication realm is LOCAL.<br>
++[suffix] returns ok<br>[files] users: Matched entry 1510080332618369 at line 206<br>++[files] returns ok<br>rlm_sim_files: authorized user/imsi 1510080332618369<br>rlm_sim_files: Adding EAP-Type: eap-sim<br>++[sim_files] returns ok<br>
[eap] EAP packet type response id 182 length 88<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>[sql] expand: %{User-Name} -> <a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a><br>
[sql]
sql_set_user escaped user --> '<a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a>'<br>rlm_sql (sql): Reserving sql socket id: 3<br>[sql]
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username =
'<a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a>' ORDER BY
id<br>[sql] expand: SELECT groupname FROM
radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'<a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a>' ORDER BY
priority<br>rlm_sql (sql): Released sql socket id: 3<br>[sql] User <a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a> not found<br>++[sql] returns notfound<br>
++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>++[pap] returns noop<br>rlm_sqlcounter: Entering module authorize code<br>
rlm_sqlcounter: Could not find Check item value pair<br>++[noresetcounter] returns noop<br>Found Auth-Type = EAP<br>Found Auth-Type =
EAP<br>Warning: Found 2 auth-types on request for user '1510080332618369'<br># Executing group from file /usr/local/etc/raddb/sites-enabled/default<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>
[eap] EAP/sim<br>[eap] processing type sim<br>+++> EAP-sim decoded packet:<br> User-Name = "<a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a>"<br>
NAS-IP-Address = 192.168.88.52<br> Called-Station-Id = "FA-1A-67-9F-E4-68:NOLSPOT-Secure"<br> NAS-Port-Type = Wireless-802.11<br> NAS-Port = 1<br> Calling-Station-Id = "70-AA-B2-EF-8E-9D"<br>
Connect-Info = "CONNECT 54Mbps 802.11g"<br>
Framed-MTU = 1400<br> EAP-Message =
0x02b60058120a000007050000c6fb9b6adcacba2f73e0dec777302196100100010e0e00333135313030383033333236313833363940776c616e2e6d6e633038302e6d63633531302e336770706e6574776f726b2e6f726700<br> State = 0x876b64d687dd7613c1482e3b4d19abaa<br>
Message-Authenticator = 0xf06c219eca5af618cf61099f2f79f3a4<br> Stripped-User-Name = "1510080332618369"<br> Realm = "<a href="http://wlan.mnc080.mcc510.3gppnetwork.org">wlan.mnc080.mcc510.3gppnetwork.org</a>"<br>
EAP-Type = SIM<br> EAP-Sim-Subtype = Start<br> EAP-Sim-NONCE_MT = 0x0000c6fb9b6adcacba2f73e0dec777302196<br> EAP-Sim-SELECTED_VERSION =
0x0001<br> EAP-Sim-IDENTITY =
0x00333135313030383033333236313833363940776c616e2e6d6e633038302e6d63633531302e336770706e6574776f726b2e6f726700<br>[eap] Underlying EAP-Type set EAP ID to 183<br>++[eap] returns handled<br>Sending Access-Challenge of id 130 to 192.168.111.72 port 34647<br>
EAP-Message =
0x01b70050120b0000010d000023a95db79b644a4299463f0342069a11fdce8e4f2b0b4b3086bef230076ead58238100571ad1495fbce2ad5505634e410b0500002fe3b8c33af56aa2dc9e873f71c4b691<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
State = 0x876b64d686dc7613c1482e3b4d19abaa<br>Finished request 1.<br>Going to the next request<br>Waking up in 4.9 seconds.</div><div id="yui_3_7_2_1_1375153560628_7716" style="color:rgb(0,0,0);font-size:16px;font-family:times new roman,new york,times,serif;background-color:transparent;font-style:normal">
rad_recv: Access-Request packet from host 192.168.111.72 port 34647, id=131, length=224<br> User-Name = "<a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a>"<br>
NAS-IP-Address = 192.168.88.52<br> Called-Station-Id = "FA-1A-67-9F-E4-68:NOLSPOT-Secure"<br> NAS-Port-Type = Wireless-802.11<br> NAS-Port = 1<br> Calling-Station-Id = "70-AA-B2-EF-8E-9D"<br>
Connect-Info = "CONNECT 54Mbps 802.11g"<br> Framed-MTU = 1400<br> EAP-Message = 0x02b7000c120e000016010000<br> State =
0x876b64d686dc7613c1482e3b4d19abaa<br> Message-Authenticator = 0xeb64a094fea2ddbf458b0cac3e47686d<br># Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default<br>+- entering group authorize {...}<br>
++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>++[digest] returns noop<br>[suffix]
Looking up realm "<a href="http://wlan.mnc080.mcc510.3gppnetwork.org">wlan.mnc080.mcc510.3gppnetwork.org</a>" for User-Name =
"<a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a>"<br>[suffix] Found realm "<a href="http://wlan.mnc080.mcc510.3gppnetwork.org">wlan.mnc080.mcc510.3gppnetwork.org</a>"<br>
[suffix] Adding Stripped-User-Name = "1510080332618369"<br>[suffix] Adding Realm = "<a href="http://wlan.mnc080.mcc510.3gppnetwork.org">wlan.mnc080.mcc510.3gppnetwork.org</a>"<br>[suffix] Authentication realm is LOCAL.<br>
++[suffix] returns ok<br>[files] users: Matched entry 1510080332618369 at line 206<br>++[files] returns ok<br>rlm_sim_files: authorized user/imsi 1510080332618369<br>rlm_sim_files: Adding EAP-Type: eap-sim<br>++[sim_files] returns
ok<br>[eap] EAP packet type response id 183 length 12<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>[sql] expand: %{User-Name} -> <a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a><br>
[sql] sql_set_user escaped user --> '<a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a>'<br>rlm_sql (sql): Reserving sql socket id: 2<br>
[sql]
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username =
'<a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a>' ORDER
BY id<br>[sql] expand: SELECT groupname FROM
radusergroup WHERE username = '%{SQL-User-Name}'
ORDER BY priority -> SELECT groupname FROM
radusergroup WHERE username =
'<a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a>' ORDER BY
priority<br>rlm_sql (sql): Released sql socket id: 2<br>[sql] User <a href="mailto:1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org">1510080332618369@wlan.mnc080.mcc510.3gppnetwork.org</a> not found<br>++[sql] returns notfound<br>
++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] WARNING! No
"known good" password found for the user. Authentication may fail because of this.<br>++[pap] returns noop<br>rlm_sqlcounter: Entering module authorize code<br>rlm_sqlcounter: Could not find Check item value pair<br>
++[noresetcounter] returns noop<br>Found Auth-Type = EAP<br>Found Auth-Type = EAP<br>Warning: Found 2 auth-types on request for user '1510080332618369'<br># Executing group from file /usr/local/etc/raddb/sites-enabled/default<br>
+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/sim<br>[eap] processing type sim<br>[eap] Handler failed in EAP/sim<br>[eap] Failed in EAP select<br>++[eap] returns invalid<br>
Failed to authenticate the user.<br>Using Post-Auth-Type REJECT<br><br></div></div></div></div> <div id="slot_N"> </div> <div id="slot_RS"><div id="RS"> </div></div><div id="slot_RS2"><div id="RS2"> </div></div>
<div style> </div></div>