<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type"/>
<style type="text/css">.mceResizeHandle {position: absolute;border: 1px solid black;background: #FFF;width: 5px;height: 5px;z-index: 10000}.mceResizeHandle:hover {background: #000}img[data-mce-selected] {outline: 1px solid black}img.mceClonedResizable, table.mceClonedResizable {position: absolute;outline: 1px dashed black;opacity: .5;z-index: 10000}
</style></head><body style="">
<div>
Hi All,
</div>
<div>
I really do try to read the forums in full before I post, but I have seen much out there on this, but just cant find out why this is happening.
</div>
<div>
Please see below.
</div>
<div>
</div>
<div>
The only think I dont have is "sim_files" entry in the sites-enabled/default, as I assume this is now covered in the radiusd.conf file.
</div>
<div>
</div>
<div>
Also, in the simtriplets files at the bottom, I have tried the entries with a 1 at the beiging of the IMSI, and without and with the word SIM there also.
</div>
<div>
</div>
<div>
On packet captures over the air, I get
</div>
<div>
P1 - eap identity request
</div>
<div>
P2 - eap identity response
</div>
<div>
P3 - eap-failure
</div>
<div>
</div>
<div>
So I beleive the radius server is not sending an eap-start <module> and is my configuration issue.
</div>
<div>
</div>
<div>
Could anyone be so kind to help me please?
</div>
<div>
<p>Listening on authentication address * port 1812<br/>Listening on accounting address * port 1813<br/>Listening on command file /usr/local/var/run/radiusd/radiusd.sock<br/>Listening on proxy address * port 1814<br/>Ready to process requests.<br/>rad_recv: Access-Request packet from host 10.53.1.200 port 45261, id=5, length=257<br/> User-Name = "1234159143465084@wlan.mnc015.mcc234.3gppnetwork.org"<br/> NAS-IP-Address = 192.168.21.1<br/> Called-Station-Id = "5C-D9-98-BF-C0-9E:tt"<br/> NAS-Port-Type = Wireless-802.11<br/> NAS-Port = 1<br/> Calling-Station-Id = "5C-F8-A1-8B-35-BA"<br/> Connect-Info = "CONNECT 54Mbps 802.11g"<br/> Acct-Session-Id = "524016AE-00000005"<br/> Framed-MTU = 1400<br/> EAP-Message = 0x02ba0038013132333431353931343334363530383440776c616e2e6d6e633031352e6d63633233342e336770706e6574776f726b2e6f7267<br/> Message-Authenticator = 0x25cd862fe8110e13ab54321c37032d00<br/># Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default<br/>+- entering group authorize {...}<br/>++[preprocess] returns ok<br/>++[chap] returns noop<br/>++[mschap] returns noop<br/>[suffix] Looking up realm "wlan.mnc015.mcc234.3gppnetwork.org" for User-Name = "1234159143465084@wlan.mnc015.mcc234.3gppnetwork.org"<br/>[suffix] No such realm "wlan.mnc015.mcc234.3gppnetwork.org"<br/>++[suffix] returns noop<br/>[eap] EAP packet type response id 186 length 56<br/>[eap] No EAP Start, assuming it's an on-going EAP conversation<br/>++[eap] returns updated<br/>++[unix] returns notfound<br/>++[files] returns noop<br/>++[expiration] returns noop<br/>++[logintime] returns noop<br/>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br/>++[pap] returns noop<br/>Found Auth-Type = EAP<br/># Executing group from file /usr/local/etc/raddb/sites-enabled/default<br/>+- entering group authenticate {...}<br/>[eap] EAP Identity</p>
<p> </p>
<p>================================================================<br/>[eap] processing type sim<br/> can not initiate sim, no RAND1 attribute<br/>[eap] Default EAP type sim failed in initiate<br/>[eap] Failed in EAP select<br/>++[eap] returns invalid</p>
<p>================================================================</p>
<p> </p>
<p>Failed to authenticate the user.<br/>Using Post-Auth-Type Reject<br/># Executing group from file /usr/local/etc/raddb/sites-enabled/default<br/>+- entering group REJECT {...}<br/>[attr_filter.access_reject] expand: %{User-Name} -> 1234159143465084@wlan.mnc015.mcc234.3gppnetwork.org<br/> attr_filter: Matched entry DEFAULT at line 11<br/>++[attr_filter.access_reject] returns updated<br/>Delaying reject of request 0 for 1 seconds<br/>Going to the next request<br/>Waking up in 0.9 seconds.<br/>Sending delayed reject for request 0<br/>Sending Access-Reject of id 5 to 10.53.1.200 port 45261<br/> EAP-Message = 0x04ba0004<br/> Message-Authenticator = 0x00000000000000000000000000000000<br/>Waking up in 4.9 seconds.<br/>Cleaning up request 0 ID 5 with timestamp +8<br/>Ready to process requests.<br/>rad_recv: Access-Request packet from host 10.53.1.200 port 45261, id=6, length=257<br/> User-Name = "1234159143465084@wlan.mnc015.mcc234.3gppnetwork.org"<br/> NAS-IP-Address = 192.168.21.1<br/> Called-Station-Id = "5C-D9-98-BF-C0-9E:tt"<br/> NAS-Port-Type = Wireless-802.11<br/> NAS-Port = 1<br/> Calling-Station-Id = "5C-F8-A1-8B-35-BA"<br/> Connect-Info = "CONNECT 54Mbps 802.11g"<br/> Acct-Session-Id = "524016AE-00000006"<br/> Framed-MTU = 1400<br/> EAP-Message = 0x02f20038013132333431353931343334363530383440776c616e2e6d6e633031352e6d63633233342e336770706e6574776f726b2e6f7267<br/> Message-Authenticator = 0xac6eea11e5915f4e4e5bbc06a7ed3e72<br/># Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default<br/>+- entering group authorize {...}<br/>++[preprocess] returns ok<br/>++[chap] returns noop<br/>++[mschap] returns noop<br/>[suffix] Looking up realm "wlan.mnc015.mcc234.3gppnetwork.org" for User-Name = "1234159143465084@wlan.mnc015.mcc234.3gppnetwork.org"<br/>[suffix] No such realm "wlan.mnc015.mcc234.3gppnetwork.org"<br/>++[suffix] returns noop<br/>[eap] EAP packet type response id 242 length 56<br/>[eap] No EAP Start, assuming it's an on-going EAP conversation<br/>++[eap] returns updated<br/>++[unix] returns notfound<br/>++[files] returns noop<br/>++[expiration] returns noop<br/>++[logintime] returns noop<br/>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br/>++[pap] returns noop<br/>Found Auth-Type = EAP<br/># Executing group from file /usr/local/etc/raddb/sites-enabled/default<br/>+- entering group authenticate {...}<br/>[eap] EAP Identity<br/>[eap] processing type sim<br/> can not initiate sim, no RAND1 attribute<br/>[eap] Default EAP type sim failed in initiate<br/>[eap] Failed in EAP select<br/>++[eap] returns invalid<br/>Failed to authenticate the user.<br/>Using Post-Auth-Type Reject<br/># Executing group from file /usr/local/etc/raddb/sites-enabled/default<br/>+- entering group REJECT {...}<br/>[attr_filter.access_reject] expand: %{User-Name} -> 1234159143465084@wlan.mnc015.mcc234.3gppnetwork.org<br/> attr_filter: Matched entry DEFAULT at line 11<br/>++[attr_filter.access_reject] returns updated<br/>Delaying reject of request 1 for 1 seconds<br/>Going to the next request<br/>Waking up in 0.9 seconds.<br/>Sending delayed reject for request 1<br/>Sending Access-Reject of id 6 to 10.53.1.200 port 45261<br/> EAP-Message = 0x04f20004<br/> Message-Authenticator = 0x00000000000000000000000000000000<br/>Waking up in 4.9 seconds.<br/>Cleaning up request 1 ID 6 with timestamp +20<br/>Ready to process requests.</p>
<p>^C</p>
<p> </p>
<p> </p>
<p><br/>root@bt:/usr/local/etc/raddb# more simtriplets.dat<br/>#IMSI RAND SRES Kc<br/>SIM,1234159143465084,A0C88079662D465cA02777F9A9CEAEC7,6C395da1,F0dacca9391dcf1b<br/>SIM,1234159143465084,4BB4C256A0774a408FD55659713827BA,68623684,20fa6eaa8F1cefa1<br/>SIM,1234159143465084,36FD7F72064B4edaB48CDF26CB7DC630,90af525c,3B7a3d5b7Bac2ed2<br/>SIM,1234159143465084,DD9B118ACF17444f82DA268FA39687AC,D110c907,7Cd8c9ca1Af0dc27<br/>SIM,1234159143465084,80F0D38CD406486f9F725CBC36FABBB1,EC775db7,A756b22b0B143f0f<br/>root@bt:/usr/local/etc/raddb#</p>
<p> </p>
</div>
</body></html>