<div dir="ltr"><div><div><div>Dear all,<br><br></div>I'm trying to configure freeradius for eap-sim authenticatio. in my case my supplicant was success to connect the ap with eap-sim authentication, but in the freeradius log there's warnings on the users file.<br>
<p class=""><span style="font-family:"Courier New"">reading pairlist
file /etc/freeradius/users<br>
[/etc/freeradius/users]:204 WARNING! Check item "EAP-Sim-Rand1" <span style> </span>found in reply item list for user
"<a href="mailto:1510101425520064@wlan.mnc101.mcc510.3gppnetwork.org">1510101425520064@wlan.mnc101.mcc510.3gppnetwork.org</a>". <span style> </span>This attribute MUST go on the first line with
the other check items<br>
[/etc/freeradius/users]:204 WARNING! Check item "EAP-Sim-SRES1" <span style> </span>found in reply item list for user
"<a href="mailto:1510101425520064@wlan.mnc101.mcc510.3gppnetwork.org">1510101425520064@wlan.mnc101.mcc510.3gppnetwork.org</a>". <span style> </span>This attribute MUST go on the first line with
the other check items<br>
[/etc/freeradius/users]:204 WARNING! Check item "EAP-Sim-KC1" <span style> </span>found in reply item list for user
"<a href="mailto:1510101425520064@wlan.mnc101.mcc510.3gppnetwork.org">1510101425520064@wlan.mnc101.mcc510.3gppnetwork.org</a>". <span style> </span>This attribute MUST go on the first line with
the other check items<br>
</span></p>
i have read anything about this but still i can't get fix this problem.<br></div><div>what makes me confuse is why the supplicant could connect to the ap however i still got warnings on the log?<br><br></div><div>this is my users configuration<br>
<p class="MsoNormal"><a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org"><br></a></p><p class="MsoNormal"><a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a><span style> </span><span style></span>EAP-Type
:= SIM</p>
<p class="MsoNormal"><span style> </span>EAP-Sim-Rand1
= 0xBDA21CB60EF945da9A8BA56667B49027,</p>
<p class="MsoNormal"><span style> </span>EAP-Sim-SRES1
= 0x04d995bc,</p>
<p class="MsoNormal"><span style> </span>EAP-Sim-KC1
= 0xBBe0a7c68Aea1c00,</p>
<p class="MsoNormal"><span style> </span>EAP-Sim-Rand2
= 0x621F1DAC915B4dbf8A0842E88B97BBBE,</p>
<p class="MsoNormal"><span style> </span>EAP-Sim-SRES2
= 0xD9b5f235,</p>
<p class="MsoNormal"><span style> </span>EAP-Sim-KC2
= 0x33d1ae11914c4800,</p>
<p class="MsoNormal"><span style> </span>EAP-Sim-Rand3
= 0x6AD4284810DD42ca8A60A410F7746820,</p>
<p class="MsoNormal"><span style> </span>EAP-Sim-SRES3
= 0xB29eb39b,</p>
<p class="MsoNormal"><span style> </span>EAP-Sim-KC3
= 0x1E62ae2aA0a66400</p><span style="font-family:"Courier New""></span><span style="font-family:"Courier New""> </span>
<br></div><div>if i have to follow the freeradius log, then i should do:<br><pre><a href="http://lists.freeradius.org/mailman/listinfo/freeradius-users"><span style="font-family:"Courier New"">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</span></a> EAP-Type := SIM EAP-Sim-Rand1 := <value>, EAP-Sim-SRES1 := <value>, EAP-Sim-KC1 := <value>, EAP-Sim-Rand2 := <value>, EAP-Sim-SRES2 := <value>, EAP-Sim-KC2 := <value>, EAP-Sim-Rand3 := <value>, EAP-Sim-SRES3 := <value>, EAP-Sim-KC3 := <value></pre>
<br></div><div>but if i read the right format for the users file is like i did before,<br>user check<br>
reply,<br>
reply,<br>
reply<br><br></div><div>so, what i have to do for fix the warnings in users file?<br></div><div> <br></div>I'm using Ubuntu 10.04 desktop LTE, freeradius 2.2.5 for server, air-live for ap and blackberry 9320 for the supplicant.<br>
<br></div><div>here's the log<br>
<p class=""><span style="font-family:"Courier New"">realm LOCAL {<br>
<span style> </span>}<br>
radiusd: #### Loading Clients ####<br>
<span style> </span>client localhost {<br>
<span style> </span><span style> </span>ipaddr
= 127.0.0.1<br>
<span style> </span><span style> </span>require_message_authenticator
= no<br>
<span style> </span><span style> </span>secret
= "testing123"<br>
<span style> </span><span style> </span>nastype
= "other"<br>
<span style> </span>}<br>
<span style> </span>client <a href="http://192.168.1.0/24">192.168.1.0/24</a> {<br>
<span style> </span><span style> </span>require_message_authenticator
= no<br>
<span style> </span><span style> </span>secret
= "eap-sim"<br>
<span style> </span><span style> </span>shortname
= "eap-sim"<br>
<span style> </span>}<br>
radiusd: #### Instantiating modules ####<br>
<span style> </span>instantiate {<br>
<span style> </span>Module: Linked to module rlm_exec<br>
<span style> </span>Module: Instantiating module
"exec" from file /etc/freeradius/modules/exec<br>
<span style> </span>exec {<br>
<span style> </span><span style> </span>wait
= no<br>
<span style> </span><span style> </span>input_pairs
= "request"<br>
<span style> </span><span style> </span>shell_escape
= yes<br>
<span style> </span><span style> </span>timeout
= 10<br>
<span style> </span>}<br>
<span style> </span>Module: Linked to module rlm_expr<br>
<span style> </span>Module: Instantiating module
"expr" from file /etc/freeradius/modules/expr<br>
<span style> </span>Module: Linked to module
rlm_expiration<br>
<span style> </span>Module: Instantiating module
"expiration" from file /etc/freeradius/modules/expiration<br>
<span style> </span>expiration {<br>
<span style> </span><span style> </span>reply-message
= "Password Has Expired<span style>
</span>"<br>
<span style> </span>}<br>
<span style> </span>Module: Linked to module
rlm_logintime<br>
<span style> </span>Module: Instantiating module
"logintime" from file /etc/freeradius/modules/logintime<br>
<span style> </span>logintime {<br>
<span style> </span><span style> </span>reply-message
= "You are calling outside your allowed timespan<span style> </span>"<br>
<span style> </span><span style> </span>minimum-timeout
= 60<br>
<span style> </span>}<br>
<span style> </span>}<br>
radiusd: #### Loading Virtual Servers ####<br>
server { # from file </span><span style="font-family:"Tahoma","sans-serif"">�</span><span style="font-family:"Courier New"">Bw</span><span style="font-family:"Tahoma","sans-serif"">�</span><span style="font-family:"Courier New"">?B<br>
<span style> </span>modules {<br>
<span style> </span>Module: Creating Auth-Type =
digest<br>
<span style> </span>Module: Creating Post-Auth-Type =
REJECT<br>
<span style> </span>Module: Checking authenticate {...} for
more modules to load<br>
<span style> </span>Module: Linked to module rlm_pap<br>
<span style> </span>Module: Instantiating module
"pap" from file /etc/freeradius/modules/pap<br>
<span style> </span>pap {<br>
<span style> </span><span style> </span>encryption_scheme
= "auto"<br>
<span style> </span><span style> </span>auto_header
= no<br>
<span style> </span>}<br>
<span style> </span>Module: Linked to module rlm_chap<br>
<span style> </span>Module: Instantiating module
"chap" from file /etc/freeradius/modules/chap<br>
<span style> </span>Module: Linked to module
rlm_mschap<br>
<span style> </span>Module: Instantiating module
"mschap" from file /etc/freeradius/modules/mschap<br>
<span style> </span>mschap {<br>
<span style> </span><span style> </span>use_mppe
= yes<br>
<span style> </span><span style> </span>require_encryption
= no<br>
<span style> </span><span style> </span>require_strong
= no<br>
<span style> </span><span style> </span>with_ntdomain_hack
= no<br>
<span style> </span><span style> </span>allow_retry
= yes<br>
<span style> </span>}<br>
<span style> </span>Module: Linked to module
rlm_digest<br>
<span style> </span>Module: Instantiating module
"digest" from file /etc/freeradius/modules/digest<br>
<span style> </span>Module: Linked to module rlm_unix<br>
<span style> </span>Module: Instantiating module
"unix" from file /etc/freeradius/modules/unix<br>
<span style> </span>unix {<br>
<span style> </span><span style> </span>radwtmp
= "/var/log/freeradius/radwtmp"<br>
<span style> </span>}<br>
<span style> </span>Module: Linked to module rlm_eap<br>
<span style> </span>Module: Instantiating module
"eap" from file /etc/freeradius/eap.conf<br>
<span style> </span>eap {<br>
<span style> </span><span style> </span>default_eap_type
= "md5"<br>
<span style> </span><span style> </span>timer_expire
= 60<br>
<span style> </span><span style> </span>ignore_unknown_eap_types
= no<br>
<span style> </span><span style> </span>cisco_accounting_username_bug
= no<br>
<span style> </span><span style> </span>max_sessions
= 1024<br>
<span style> </span>}<br>
<span style> </span>Module: Linked to sub-module
rlm_eap_md5<br>
<span style> </span>Module: Instantiating eap-md5<br>
<span style> </span>Module: Linked to sub-module
rlm_eap_leap<br>
<span style> </span>Module: Instantiating eap-leap<br>
<span style> </span>Module: Linked to sub-module
rlm_eap_gtc<br>
<span style> </span>Module: Instantiating eap-gtc<br>
<span style> </span>gtc {<br>
<span style> </span><span style> </span>challenge
= "Password: "<br>
<span style> </span><span style> </span>auth_type
= "PAP"<br>
<span style> </span>}<br>
<span style> </span>Module: Linked to sub-module
rlm_eap_tls<br>
<span style> </span>Module: Instantiating eap-tls<br>
<span style> </span>tls {<br>
<span style> </span><span style> </span>rsa_key_exchange
= no<br>
<span style> </span><span style> </span>dh_key_exchange
= yes<br>
<span style> </span><span style> </span>rsa_key_length
= 512<br>
<span style> </span><span style> </span>dh_key_length
= 512<br>
<span style> </span><span style> </span>verify_depth
= 0<br>
<span style> </span><span style> </span>CA_path
= "/etc/freeradius/certs"<br>
<span style> </span><span style> </span>pem_file_type
= yes<br>
<span style> </span><span style> </span>private_key_file
= "/etc/freeradius/certs/server.key"<br>
<span style> </span><span style> </span>certificate_file
= "/etc/freeradius/certs/server.pem"<br>
<span style> </span><span style> </span>CA_file
= "/etc/freeradius/certs/ca.pem"<br>
<span style> </span><span style> </span>private_key_password
= "whatever"<br>
<span style> </span><span style> </span>dh_file
= "/etc/freeradius/certs/dh"<br>
<span style> </span><span style> </span>fragment_size
= 1024<br>
<span style> </span><span style> </span>include_length
= yes<br>
<span style> </span><span style> </span>check_crl
= no<br>
<span style> </span><span style> </span>cipher_list
= "DEFAULT"<br>
<span style> </span><span style> </span>make_cert_command
= "/etc/freeradius/certs/bootstrap"<br>
<span style> </span><span style> </span>ecdh_curve
= "prime256v1"<br>
<span style> </span>cache {<br>
<span style> </span><span style> </span>enable
= no<br>
<span style> </span><span style> </span>lifetime
= 24<br>
<span style> </span><span style> </span>max_entries
= 255<br>
<span style> </span>}<br>
<span style> </span>verify {<br>
<span style> </span>}<br>
<span style> </span>ocsp {<br>
<span style> </span><span style> </span>enable
= no<br>
<span style> </span><span style> </span>override_cert_url
= yes<br>
<span style> </span><span style> </span>url
= "<a href="http://127.0.0.1/ocsp/">http://127.0.0.1/ocsp/</a>"<br>
<span style> </span><span style> </span>use_nonce
= yes<br>
<span style> </span><span style> </span>timeout
= 0<br>
<span style> </span><span style> </span>softfail
= no<br>
<span style> </span>}<br>
<span style> </span>}<br>
<span style> </span>Module: Linked to sub-module
rlm_eap_ttls<br>
<span style> </span>Module: Instantiating eap-ttls<br>
<span style> </span>ttls {<br>
<span style> </span><span style> </span>default_eap_type
= "md5"<br>
<span style> </span><span style> </span>copy_request_to_tunnel
= no<br>
<span style> </span><span style> </span>use_tunneled_reply
= no<br>
<span style> </span><span style> </span>virtual_server
= "inner-tunnel"<br>
<span style> </span><span style> </span>include_length
= yes<br>
<span style> </span>}<br>
<span style> </span>Module: Linked to sub-module
rlm_eap_peap<br>
<span style> </span>Module: Instantiating eap-peap<br>
<span style> </span>peap {<br>
<span style> </span><span style> </span>default_eap_type
= "mschapv2"<br>
<span style> </span><span style> </span>copy_request_to_tunnel
= no<br>
<span style> </span><span style> </span>use_tunneled_reply
= no<br>
<span style> </span><span style> </span>proxy_tunneled_request_as_eap
= yes<br>
<span style> </span><span style> </span>virtual_server
= "inner-tunnel"<br>
<span style> </span><span style> </span>soh
= no<br>
<span style> </span>}<br>
<span style> </span>Module: Linked to sub-module
rlm_eap_mschapv2<br>
<span style> </span>Module: Instantiating eap-mschapv2<br>
<span style> </span>mschapv2 {<br>
<span style> </span><span style> </span>with_ntdomain_hack
= no<br>
<span style> </span><span style> </span>send_error
= no<br>
<span style> </span>}<br>
<span style> </span>Module: Linked to sub-module
rlm_eap_sim<br>
<span style> </span>Module: Instantiating eap-sim<br>
<span style> </span>Module: Checking authorize {...} for
more modules to load<br>
<span style> </span>Module: Linked to module
rlm_preprocess<br>
<span style> </span>Module: Instantiating module
"preprocess" from file /etc/freeradius/modules/preprocess<br>
<span style> </span>preprocess {<br>
<span style> </span><span style> </span>huntgroups
= "/etc/freeradius/huntgroups"<br>
<span style> </span><span style> </span>hints
= "/etc/freeradius/hints"<br>
<span style> </span><span style> </span>with_ascend_hack
= no<br>
<span style> </span><span style> </span>ascend_channels_per_line
= 23<br>
<span style> </span><span style> </span>with_ntdomain_hack
= no<br>
<span style> </span><span style> </span>with_specialix_jetstream_hack
= no<br>
<span style> </span><span style> </span>with_cisco_vsa_hack
= no<br>
<span style> </span><span style> </span>with_alvarion_vsa_hack
= no<br>
<span style> </span>}<br>
reading pairlist file /etc/freeradius/huntgroups<br>
reading pairlist file /etc/freeradius/hints<br>
<span style> </span>Module: Linked to module rlm_realm<br>
<span style> </span>Module: Instantiating module
"suffix" from file /etc/freeradius/modules/realm<br>
<span style> </span>realm suffix {<br>
<span style> </span><span style> </span>format
= "suffix"<br>
<span style> </span><span style> </span>delimiter
= "@"<br>
<span style> </span><span style> </span>ignore_default
= no<br>
<span style> </span><span style> </span>ignore_null
= no<br>
<span style> </span>}<br>
<span style> </span>Module: Linked to module
rlm_sim_files<br>
<span style> </span>Module: Instantiating module
"sim_files" from file /etc/freeradius/modules/sim_files<br>
<span style> </span>sim_files {<br>
<span style> </span><span style> </span>simtriplets
= "/etc/freeradius/simtriplets.dat"<br>
<span style> </span>}<br>
<span style> </span>Module: Linked to module rlm_files<br>
<span style> </span>Module: Instantiating module
"files" from file /etc/freeradius/modules/files<br>
<span style> </span>files {<br>
<span style> </span><span style> </span>usersfile
= "/etc/freeradius/users"<br>
<span style> </span><span style> </span>acctusersfile
= "/etc/freeradius/acct_users"<br>
<span style> </span><span style> </span>preproxy_usersfile
= "/etc/freeradius/preproxy_users"<br>
<span style> </span><span style> </span>compat
= "no"<br>
<span style> </span>}<br>
reading pairlist file /etc/freeradius/users<br>
[/etc/freeradius/users]:204 WARNING! Check item "EAP-Sim-Rand1" <span style> </span>found in reply item list for user
"<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>". <span style> </span>This attribute MUST go on the first line with
the other check items<br>
[/etc/freeradius/users]:204 WARNING! Check item "EAP-Sim-SRES1" <span style> </span>found in reply item list for user
"<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>". <span style> </span>This attribute MUST go on the first line with
the other check items<br>
[/etc/freeradius/users]:204 WARNING! Check item "EAP-Sim-KC1" <span style> </span>found in reply item list for user
"<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>". <span style> </span>This attribute MUST go on the first line with
the other check items<br>
[/etc/freeradius/users]:204 WARNING! Check item "EAP-Sim-Rand2" <span style> </span>found in reply item list for user
"<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>". <span style> </span>This attribute MUST go on the first line with
the other check items<br>
[/etc/freeradius/users]:204 WARNING! Check item "EAP-Sim-SRES2" <span style> </span>found in reply item list for user "<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>".
<span style> </span>This attribute MUST go on the first line
with the other check items<br>
[/etc/freeradius/users]:204 WARNING! Check item "EAP-Sim-KC2" <span style> </span>found in reply item list for user
"<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>". <span style> </span>This attribute MUST go on the first line with
the other check items<br>
[/etc/freeradius/users]:204 WARNING! Check item "EAP-Sim-Rand3" <span style> </span>found in reply item list for user
"<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>". <span style> </span>This attribute MUST go on the first line with
the other check items<br>
[/etc/freeradius/users]:204 WARNING! Check item "EAP-Sim-SRES3" <span style> </span>found in reply item list for user
"<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>". <span style> </span>This attribute MUST go on the first line with
the other check items<br>
[/etc/freeradius/users]:204 WARNING! Check item "EAP-Sim-KC3" <span style> </span>found in reply item list for user
"<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>". <span style> </span>This attribute MUST go on the first line with
the other check items<br>
reading pairlist file /etc/freeradius/acct_users<br>
reading pairlist file /etc/freeradius/preproxy_users<br>
<span style> </span>Module: Checking preacct {...} for more
modules to load<br>
<span style> </span>Module: Linked to module
rlm_acct_unique<br>
<span style> </span>Module: Instantiating module
"acct_unique" from file /etc/freeradius/modules/acct_unique<br>
<span style> </span>acct_unique {<br>
<span style> </span><span style> </span>key
= "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier,
NAS-Port"<br>
<span style> </span>}<br>
<span style> </span>Module: Checking accounting {...} for
more modules to load<br>
<span style> </span>Module: Linked to module
rlm_detail<br>
<span style> </span>Module: Instantiating module
"detail" from file /etc/freeradius/modules/detail<br>
<span style> </span>detail {<br>
<span style> </span><span style> </span>detailfile
=
"/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"<br>
<span style> </span><span style> </span>header
= "%t"<br>
<span style> </span><span style> </span>detailperm
= 384<br>
<span style> </span><span style> </span>dirperm
= 493<br>
<span style> </span><span style> </span>locking
= no<br>
<span style> </span><span style> </span>log_packet_header
= no<br>
<span style> </span>}<br>
<span style> </span>Module: Linked to module
rlm_attr_filter<br>
<span style> </span>Module: Instantiating module
"attr_filter.accounting_response" from file
/etc/freeradius/modules/attr_filter<br>
<span style> </span>attr_filter
attr_filter.accounting_response {<br>
<span style> </span><span style> </span>attrsfile
= "/etc/freeradius/attrs.accounting_response"<br>
<span style> </span><span style> </span>key
= "%{User-Name}"<br>
<span style> </span><span style> </span>relaxed
= no<br>
<span style> </span>}<br>
reading pairlist file /etc/freeradius/attrs.accounting_response<br>
<span style> </span>Module: Checking session {...} for more
modules to load<br>
<span style> </span>Module: Linked to module
rlm_radutmp<br>
<span style> </span>Module: Instantiating module
"radutmp" from file /etc/freeradius/modules/radutmp<br>
<span style> </span>radutmp {<br>
<span style> </span><span style> </span>filename
= "/var/log/freeradius/radutmp"<br>
<span style> </span><span style> </span>username
= "%{User-Name}"<br>
<span style> </span><span style> </span>case_sensitive
= yes<br>
<span style> </span><span style> </span>check_with_nas
= yes<br>
<span style> </span><span style> </span>perm
= 384<br>
<span style> </span><span style> </span>callerid
= yes<br>
<span style> </span>}<br>
<span style> </span>Module: Checking post-proxy {...} for
more modules to load<br>
<span style> </span>Module: Checking post-auth {...} for
more modules to load<br>
<span style> </span>Module: Instantiating module
"attr_filter.access_reject" from file
/etc/freeradius/modules/attr_filter<br>
<span style> </span>attr_filter attr_filter.access_reject
{<br>
<span style> </span><span style> </span>attrsfile
= "/etc/freeradius/attrs.access_reject"<br>
<span style> </span><span style> </span>key
= "%{User-Name}"<br>
<span style> </span><span style> </span>relaxed
= no<br>
<span style> </span>}<br>
reading pairlist file /etc/freeradius/attrs.access_reject<br>
<span style> </span>} # modules<br>
} # server<br>
server inner-tunnel { # from file
/etc/freeradius/sites-enabled/inner-tunnel<br>
<span style> </span>modules {<br>
<span style> </span>Module: Checking authenticate {...} for
more modules to load<br>
<span style> </span>Module: Checking authorize {...} for
more modules to load<br>
<span style> </span>Module: Checking session {...} for more
modules to load<br>
<span style> </span>Module: Checking post-proxy {...} for
more modules to load<br>
<span style> </span>Module: Checking post-auth {...} for more
modules to load<br>
<span style> </span>} # modules<br>
} # server<br>
radiusd: #### Opening IP addresses and Ports ####<br>
listen {<br>
<span style> </span><span style> </span>type
= "auth"<br>
<span style> </span><span style> </span>ipaddr
= *<br>
<span style> </span><span style> </span>port
= 0<br>
}<br>
listen {<br>
<span style> </span><span style> </span>type
= "acct"<br>
<span style> </span><span style> </span>ipaddr
= *<br>
<span style> </span><span style> </span>port
= 0<br>
}<br>
listen {<br>
<span style> </span><span style> </span>type
= "auth"<br>
<span style> </span><span style> </span>ipaddr
= 127.0.0.1<br>
<span style> </span><span style> </span>port
= 18120<br>
}<br>
<span style> </span>... adding new socket proxy address *
port 47457<br>
Listening on authentication address * port 1812<br>
Listening on accounting address * port 1813<br>
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel<br>
Listening on proxy address * port 1814<br>
Ready to process requests.<br>
rad_recv: Access-Request packet from host 192.168.1.1 port 2049, id=146,
length=259<br>
<span style> </span>User-Name =
"<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
<span style> </span>NAS-IP-Address = 192.168.1.1<br>
<span style> </span>NAS-Port = 0<br>
<span style> </span>Called-Station-Id = "004f62248f98"<br>
<span style> </span>Calling-Station-Id =
"70aab2eb15af"<br>
<span style> </span>NAS-Identifier = "Realtek
Access Point. 8186"<br>
<span style> </span>Framed-MTU = 1400<br>
<span style> </span>NAS-Port-Type =
Wireless-802.11<br>
<span style> </span>Service-Type = Framed-User<br>
<span style> </span>Connect-Info = "CONNECT 11Mbps
802.11b"<br>
<span style> </span>EAP-Message =
0x02000038013135313030313934363332383631363840776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267<br>
<span style> </span>Message-Authenticator =
0x3b7cec016f9e7d837e6c6fd3b4eb20ef<br>
# Executing section authorize from file
/etc/freeradius/sites-enabled/default<br>
+group authorize {<br>
++[preprocess] = ok<br>
++[chap] = noop<br>
++[mschap] = noop<br>
++[digest] = noop<br>
[suffix] Looking up realm "<a href="http://wlan.mnc001.mcc510.3gppnetwork.org">wlan.mnc001.mcc510.3gppnetwork.org</a>" for
User-Name =
"<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
[suffix] No such realm "<a href="http://wlan.mnc001.mcc510.3gppnetwork.org">wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
++[suffix] = noop<br>
rlm_sim_files: insufficient number of challenges for imsi
<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>: 0 <br>
++[sim_files] = notfound<br>
[eap] EAP packet type response id 0 length 56<br>
[eap] No EAP Start, assuming it's an on-going EAP conversation<br>
++[eap] = updated<br>
[files] users: Matched entry
<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a> at line 204<br>
++[files] = ok<br>
++[expiration] = noop<br>
++[logintime] = noop<br>
[pap] WARNING! No "known good" password found for the user.<span style> </span>Authentication may fail because of
this.<br>
++[pap] = noop<br>
+} # group authorize = updated<br>
Found Auth-Type = EAP<br>
# Executing group from file /etc/freeradius/sites-enabled/default<br>
+group authenticate {<br>
[eap] EAP Identity<br>
[eap] processing type sim<br>
[eap] Underlying EAP-Type set EAP ID to 226<br>
++[eap] = handled<br>
+} # group authenticate = handled<br>
Sending Access-Challenge of id 146 to 192.168.1.1 port 2049<br>
<span style> </span>EAP-Message =
0x01e20014120a00000f0200020001000011010100<br>
<span style> </span>Message-Authenticator =
0x00000000000000000000000000000000<br>
<span style> </span>State = 0xa2868fcaa2649d86228f5cbe0864a028<br>
Finished request 0.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 192.168.1.1 port 2049, id=147,
length=303<br>
<span style> </span>User-Name =
"<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
<span style> </span>NAS-IP-Address = 192.168.1.1<br>
<span style> </span>NAS-Port = 0<br>
<span style> </span>Called-Station-Id =
"004f62248f98"<br>
<span style> </span>Calling-Station-Id =
"70aab2eb15af"<br>
<span style> </span>NAS-Identifier = "Realtek
Access Point. 8186"<br>
<span style> </span>NAS-Port-Type =
Wireless-802.11<br>
<span style> </span>Service-Type = Framed-User<br>
<span style> </span>Connect-Info = "CONNECT 11Mbps
802.11b"<br>
<span style> </span>EAP-Message =
0x02e20058120a000007050000e4e69b2af151f7b962b59341f135ec28100100010e0e00333135313030313934363332383631363840776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700<br>
<span style> </span>State =
0xa2868fcaa2649d86228f5cbe0864a028<br>
<span style> </span>Message-Authenticator =
0xdb930ab0a6fe572dc35ab89c7d62a32d<br>
# Executing section authorize from file
/etc/freeradius/sites-enabled/default<br>
+group authorize {<br>
++[preprocess] = ok<br>
++[chap] = noop<br>
++[mschap] = noop<br>
++[digest] = noop<br>
[suffix] Looking up realm "<a href="http://wlan.mnc001.mcc510.3gppnetwork.org">wlan.mnc001.mcc510.3gppnetwork.org</a>" for
User-Name =
"<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
[suffix] No such realm "<a href="http://wlan.mnc001.mcc510.3gppnetwork.org">wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
++[suffix] = noop<br>
rlm_sim_files: insufficient number of challenges for imsi
<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>: 0 <br>
++[sim_files] = notfound<br>
[eap] EAP packet type response id 226 length 88<br>
[eap] No EAP Start, assuming it's an on-going EAP conversation<br>
++[eap] = updated<br>
[files] users: Matched entry <a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>
at line 204<br>
++[files] = ok<br>
++[expiration] = noop<br>
++[logintime] = noop<br>
[pap] WARNING! No "known good" password found for the user.<span style> </span>Authentication may fail because of
this.<br>
++[pap] = noop<br>
+} # group authorize = updated<br>
Found Auth-Type = EAP<br>
# Executing group from file /etc/freeradius/sites-enabled/default<br>
+group authenticate {<br>
[eap] Request found, released from the list<br>
[eap] EAP/sim<br>
[eap] processing type sim<br>
+++> EAP-sim decoded packet:<br>
<span style> </span>User-Name =
"<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
<span style> </span>NAS-IP-Address = 192.168.1.1<br>
<span style> </span>NAS-Port = 0<br>
<span style> </span>Called-Station-Id =
"004f62248f98"<br>
<span style> </span>Calling-Station-Id =
"70aab2eb15af"<br>
<span style> </span>NAS-Identifier = "Realtek
Access Point. 8186"<br>
<span style> </span>NAS-Port-Type =
Wireless-802.11<br>
<span style> </span>Service-Type = Framed-User<br>
<span style> </span>Connect-Info = "CONNECT 11Mbps
802.11b"<br>
<span style> </span>EAP-Message =
0x02e20058120a000007050000e4e69b2af151f7b962b59341f135ec28100100010e0e00333135313030313934363332383631363840776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700<br>
<span style> </span>State =
0xa2868fcaa2649d86228f5cbe0864a028<br>
<span style> </span>Message-Authenticator =
0xdb930ab0a6fe572dc35ab89c7d62a32d<br>
<span style> </span>EAP-Type = SIM<br>
<span style> </span>EAP-Sim-Subtype = Start<br>
<span style> </span>EAP-Sim-NONCE_MT =
0x0000e4e69b2af151f7b962b59341f135ec28<br>
<span style> </span>EAP-Sim-SELECTED_VERSION =
0x0001<br>
<span style> </span>EAP-Sim-IDENTITY =
0x3135313030313934363332383631363840776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267<br>
[eap] Underlying EAP-Type set EAP ID to 227<br>
++[eap] = handled<br>
+} # group authenticate = handled<br>
Sending Access-Challenge of id 147 to 192.168.1.1 port 2049<br>
<span style> </span>EAP-Message = 0x01e30050120b0000010d0000bda21cb60ef945da9a8ba56667b49027621f1dac915b4dbf8a0842e88b97bbbe6ad4284810dd42ca8a60a410f77468200b05000054a12566dba5ea107876abb8ce63c51b<br>
<span style> </span>Message-Authenticator =
0x00000000000000000000000000000000<br>
<span style> </span>State =
0xa2868fcaa3659d86228f5cbe0864a028<br>
Finished request 1.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 192.168.1.1 port 2049, id=148,
length=243<br>
<span style> </span>User-Name =
"<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
<span style> </span>NAS-IP-Address = 192.168.1.1<br>
<span style> </span>NAS-Port = 0<br>
<span style> </span>Called-Station-Id =
"004f62248f98"<br>
<span style> </span>Calling-Station-Id =
"70aab2eb15af"<br>
<span style> </span>NAS-Identifier = "Realtek
Access Point. 8186"<br>
<span style> </span>NAS-Port-Type =
Wireless-802.11<br>
<span style> </span>Service-Type = Framed-User<br>
<span style> </span>Connect-Info = "CONNECT 11Mbps
802.11b"<br>
<span style> </span>EAP-Message = 0x02e3001c120b00000b050000972372a41c5202143e5d4624453ee9a4<br>
<span style> </span>State =
0xa2868fcaa3659d86228f5cbe0864a028<br>
<span style> </span>Message-Authenticator =
0x84e6bf6274f86ccbbcf74dd0fd0ccdbc<br>
# Executing section authorize from file
/etc/freeradius/sites-enabled/default<br>
+group authorize {<br>
++[preprocess] = ok<br>
++[chap] = noop<br>
++[mschap] = noop<br>
++[digest] = noop<br>
[suffix] Looking up realm "<a href="http://wlan.mnc001.mcc510.3gppnetwork.org">wlan.mnc001.mcc510.3gppnetwork.org</a>" for
User-Name =
"<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
[suffix] No such realm "<a href="http://wlan.mnc001.mcc510.3gppnetwork.org">wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
++[suffix] = noop<br>
rlm_sim_files: insufficient number of challenges for imsi
<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>: 0 <br>
++[sim_files] = notfound<br>
[eap] EAP packet type response id 227 length 28<br>
[eap] No EAP Start, assuming it's an on-going EAP conversation<br>
++[eap] = updated<br>
[files] users: Matched entry
<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a> at line 204<br>
++[files] = ok<br>
++[expiration] = noop<br>
++[logintime] = noop<br>
[pap] WARNING! No "known good" password found for the user.<span style> </span>Authentication may fail because of
this.<br>
++[pap] = noop<br>
+} # group authorize = updated<br>
Found Auth-Type = EAP<br>
# Executing group from file /etc/freeradius/sites-enabled/default<br>
+group authenticate {<br>
[eap] Request found, released from the list<br>
[eap] EAP/sim<br>
[eap] processing type sim<br>
MAC check succeed <br>
[eap] Underlying EAP-Type set EAP ID to 228<br>
[eap] Freeing handler<br>
++[eap] = ok<br>
+} # group authenticate = ok<br>
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default<br>
+group post-auth {<br>
++[exec] = noop<br>
+} # group post-auth = noop<br>
Sending Access-Accept of id 148 to 192.168.1.1 port 2049<br>
<span style> </span>MS-MPPE-Recv-Key =
0x4cf85cf91585ad5b0150cfcf0891da3c700186a1f529c33a77b858b7c2792425<br>
<span style> </span>MS-MPPE-Send-Key =
0x73cddffcb9182dcbdb08f9a1a75e96cfb11145d41b6a6734ddd8b2befa96c5c8<br>
<span style> </span>EAP-Message = 0x03e40004<br>
<span style> </span>Message-Authenticator =
0x00000000000000000000000000000000<br>
<span style> </span>User-Name =
"<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
Finished request 2.<br>
Going to the next request<br>
Waking up in 3.8 seconds.<br>
Cleaning up request 0 ID 146 with timestamp +22<br>
Cleaning up request 1 ID 147 with timestamp +22<br>
Waking up in 1.0 seconds.<br>
Cleaning up request 2 ID 148 with timestamp +23<br>
Ready to process requests.</span></p><p class=""><br></p></div><div><br></div></div>