<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="FR" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">From what I remember :<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The “correct” format is to put all the check items on the first line of a given entry in the users file.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">But, in FreeRADIUS 2.x, if you do, EAP-SIM (and probably all EAP types, though I did not test) will not work.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">So you have to put them in the “reply” list (ie on multiple lines in the users file).<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">And ignore the warnings…<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">In FreeRADIUS 3.x, this has been fixed, so you can comply with the warning, and put all check items on first line of entry.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">De :</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> freeradius-users-bounces+nicolas.chaigneau=capgemini.com@lists.freeradius.org [mailto:freeradius-users-bounces+nicolas.chaigneau=capgemini.com@lists.freeradius.org]
<b>De la part de</b> rafa alfurqan<br>
<b>Envoyé :</b> mardi 5 août 2014 04:02<br>
<b>À :</b> freeradius-users@lists.freeradius.org<br>
<b>Objet :</b> Fwd: warnings on users file<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hi all,<o:p></o:p></p>
</div>
<p class="MsoNormal">again i've tried users configuration for a few times.<o:p></o:p></p>
</div>
<p class="MsoNormal">i always failed when i'm trying these formats<o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" target="_blank"><br>
</a><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a> EAP-Type := SIM<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> EAP-Sim-Rand1 = 0xBDA21CB60EF945da9A8BA56667B49027,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> EAP-Sim-SRES1 = 0x04d995bc,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> EAP-Sim-KC1 = 0xBBe0a7c68Aea1c00,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> EAP-Sim-Rand2 = 0x621F1DAC915B4dbf8A0842E88B97BBBE,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> EAP-Sim-SRES2 = 0xD9b5f235,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> EAP-Sim-KC2 = 0x33d1ae11914c4800,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> EAP-Sim-Rand3 = 0x6AD4284810DD42ca8A60A410F7746820,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> EAP-Sim-SRES3 = 0xB29eb39b,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> EAP-Sim-KC3 = 0x1E62ae2aA0a66400<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><o:p> </o:p></p>
</div>
<p class="MsoNormal">but if i tried based on log, <span style="font-family:"Courier New"">
[/etc/freeradius/users]:204 WARNING! Check item "EAP-Sim-Rand1" found in reply item list for user "<a href="mailto:1510101425520064@wlan.mnc101.mcc510.3gppnetwork.org" target="_blank">1510101425520064@wlan.mnc101.mcc510.3gppnetwork.org</a>". This attribute
MUST go on the first line with the other check items</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">so i do in one line, <br>
<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a> EAP-Sim-Rand1 = 0xBDA21CB60EF945da9A8BA56667B49027, EAP-Sim-SRES1 = 0x04d995bc, EAP-Sim-KC1 = 0xBBe0a7c68Aea1c00, EAP-Sim-Rand2
= 0x621F1DAC915B4dbf8A0842E88B97BBBE, EAP-Sim-SRES2 = 0xD9b5f235, EAP-Sim-KC2 = 0x33d1ae11914c4800, EAP-Sim-Rand3 = 0x6AD4284810DD42ca8A60A410F7746820, EAP-Sim-SRES3 = 0xB29eb39b, EAP-Sim-KC3 = 0x1E62ae2aA0a66400<o:p></o:p></p>
</div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">i do the same when i follow this instruction<br>
<a href="http://lists.freeradius.org/pipermail/freeradius-users/2014-March/071123.html" target="_blank">http://lists.freeradius.org/pipermail/freeradius-users/2014-March/071123.html</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">and the result is the warning is gone!<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">so, it's okay to use that format? honestly i really new with freeradius, i'll appreciate for any helps.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">it's my log realm LOCAL {<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"> }<br>
radiusd: #### Loading Clients ####<br>
client localhost {<br>
ipaddr = 127.0.0.1<br>
require_message_authenticator = no<br>
secret = "testing123"<br>
nastype = "other"<br>
}<br>
client <a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a> {<br>
require_message_authenticator = no<br>
secret = "eap-sim"<br>
shortname = "eap-sim"<br>
}<br>
radiusd: #### Instantiating modules ####<br>
instantiate {<br>
Module: Linked to module rlm_exec<br>
Module: Instantiating module "exec" from file /etc/freeradius/modules/exec<br>
exec {<br>
wait = no<br>
input_pairs = "request"<br>
shell_escape = yes<br>
timeout = 10<br>
}<br>
Module: Linked to module rlm_expr<br>
Module: Instantiating module "expr" from file /etc/freeradius/modules/expr<br>
Module: Linked to module rlm_expiration<br>
Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration<br>
expiration {<br>
reply-message = "Password Has Expired "<br>
}<br>
Module: Linked to module rlm_logintime<br>
Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime<br>
logintime {<br>
reply-message = "You are calling outside your allowed timespan "<br>
minimum-timeout = 60<br>
}<br>
}<br>
radiusd: #### Loading Virtual Servers ####<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal">server { # from file <span style="font-family:"Tahoma","sans-serif"">
�</span><span style="font-family:"Courier New"">?x</span><span style="font-family:"Tahoma","sans-serif"">�</span><span style="font-family:"Courier New"">???<o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
modules {<br>
Module: Creating Auth-Type = digest<br>
Module: Creating Post-Auth-Type = REJECT<br>
Module: Checking authenticate {...} for more modules to load<br>
Module: Linked to module rlm_pap<br>
Module: Instantiating module "pap" from file /etc/freeradius/modules/pap<br>
pap {<br>
encryption_scheme = "auto"<br>
auto_header = no<br>
}<br>
Module: Linked to module rlm_chap<br>
Module: Instantiating module "chap" from file /etc/freeradius/modules/chap<br>
Module: Linked to module rlm_mschap<br>
Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap<br>
mschap {<br>
use_mppe = yes<br>
require_encryption = no<br>
require_strong = no<br>
with_ntdomain_hack = no<br>
allow_retry = yes<br>
}<br>
Module: Linked to module rlm_digest<br>
Module: Instantiating module "digest" from file /etc/freeradius/modules/digest<br>
Module: Linked to module rlm_unix<br>
Module: Instantiating module "unix" from file /etc/freeradius/modules/unix<br>
unix {<br>
radwtmp = "/var/log/freeradius/radwtmp"<br>
}<br>
Module: Linked to module rlm_eap<br>
Module: Instantiating module "eap" from file /etc/freeradius/eap.conf<br>
eap {<br>
default_eap_type = "md5"<br>
timer_expire = 60<br>
ignore_unknown_eap_types = no<br>
cisco_accounting_username_bug = no<br>
max_sessions = 1024<br>
}<br>
Module: Linked to sub-module rlm_eap_md5<br>
Module: Instantiating eap-md5<br>
Module: Linked to sub-module rlm_eap_leap<br>
Module: Instantiating eap-leap<br>
Module: Linked to sub-module rlm_eap_gtc<br>
Module: Instantiating eap-gtc<br>
gtc {<br>
challenge = "Password: "<br>
auth_type = "PAP"<br>
}<br>
Module: Linked to sub-module rlm_eap_tls<br>
Module: Instantiating eap-tls<br>
tls {<br>
rsa_key_exchange = no<br>
dh_key_exchange = yes<br>
rsa_key_length = 512<br>
dh_key_length = 512<br>
verify_depth = 0<br>
CA_path = "/etc/freeradius/certs"<br>
pem_file_type = yes<br>
private_key_file = "/etc/freeradius/certs/server.key"<br>
certificate_file = "/etc/freeradius/certs/server.pem"<br>
CA_file = "/etc/freeradius/certs/ca.pem"<br>
private_key_password = "whatever"<br>
dh_file = "/etc/freeradius/certs/dh"<br>
fragment_size = 1024<br>
include_length = yes<br>
check_crl = no<br>
cipher_list = "DEFAULT"<br>
make_cert_command = "/etc/freeradius/certs/bootstrap"<br>
ecdh_curve = "prime256v1"<br>
cache {<br>
enable = no<br>
lifetime = 24<br>
max_entries = 255<br>
}<br>
verify {<br>
}<br>
ocsp {<br>
enable = no<br>
override_cert_url = yes<br>
url = "<a href="http://127.0.0.1/ocsp/" target="_blank">http://127.0.0.1/ocsp/</a>"<br>
use_nonce = yes<br>
timeout = 0<br>
softfail = no<br>
}<br>
}<br>
Module: Linked to sub-module rlm_eap_ttls<br>
Module: Instantiating eap-ttls<br>
ttls {<br>
default_eap_type = "md5"<br>
copy_request_to_tunnel = no<br>
use_tunneled_reply = no<br>
virtual_server = "inner-tunnel"<br>
include_length = yes<br>
}<br>
Module: Linked to sub-module rlm_eap_peap<br>
Module: Instantiating eap-peap<br>
peap {<br>
default_eap_type = "mschapv2"<br>
copy_request_to_tunnel = no<br>
use_tunneled_reply = no<br>
proxy_tunneled_request_as_eap = yes<br>
virtual_server = "inner-tunnel"<br>
soh = no<br>
}<br>
Module: Linked to sub-module rlm_eap_mschapv2<br>
Module: Instantiating eap-mschapv2<br>
mschapv2 {<br>
with_ntdomain_hack = no<br>
send_error = no<br>
}<br>
Module: Linked to sub-module rlm_eap_sim<br>
Module: Instantiating eap-sim<br>
Module: Checking authorize {...} for more modules to load<br>
Module: Linked to module rlm_preprocess<br>
Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess<br>
preprocess {<br>
huntgroups = "/etc/freeradius/huntgroups"<br>
hints = "/etc/freeradius/hints"<br>
with_ascend_hack = no<br>
ascend_channels_per_line = 23<br>
with_ntdomain_hack = no<br>
with_specialix_jetstream_hack = no<br>
with_cisco_vsa_hack = no<br>
with_alvarion_vsa_hack = no<br>
}<br>
reading pairlist file /etc/freeradius/huntgroups<br>
reading pairlist file /etc/freeradius/hints<br>
Module: Linked to module rlm_realm<br>
Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm<br>
realm suffix {<br>
format = "suffix"<br>
delimiter = "@"<br>
ignore_default = no<br>
ignore_null = no<br>
}<br>
Module: Linked to module rlm_sim_files<br>
Module: Instantiating module "sim_files" from file /etc/freeradius/modules/sim_files<br>
sim_files {<br>
simtriplets = "/etc/freeradius/simtriplets.dat"<br>
}<br>
Module: Linked to module rlm_files<br>
Module: Instantiating module "files" from file /etc/freeradius/modules/files<br>
files {<br>
usersfile = "/etc/freeradius/users"<br>
acctusersfile = "/etc/freeradius/acct_users"<br>
preproxy_usersfile = "/etc/freeradius/preproxy_users"<br>
compat = "no"<br>
}<br>
reading pairlist file /etc/freeradius/users<o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">reading pairlist file /etc/freeradius/acct_users<br>
reading pairlist file /etc/freeradius/preproxy_users<br>
Module: Checking preacct {...} for more modules to load<br>
Module: Linked to module rlm_acct_unique<br>
Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique<br>
acct_unique {<br>
key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"<br>
}<br>
Module: Checking accounting {...} for more modules to load<br>
Module: Linked to module rlm_detail<br>
Module: Instantiating module "detail" from file /etc/freeradius/modules/detail<br>
detail {<br>
detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"<br>
header = "%t"<br>
detailperm = 384<br>
dirperm = 493<br>
locking = no<br>
log_packet_header = no<br>
}<br>
Module: Linked to module rlm_attr_filter<br>
Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter<br>
attr_filter attr_filter.accounting_response {<br>
attrsfile = "/etc/freeradius/attrs.accounting_response"<br>
key = "%{User-Name}"<br>
relaxed = no<br>
}<br>
reading pairlist file /etc/freeradius/attrs.accounting_response<br>
Module: Checking session {...} for more modules to load<br>
Module: Linked to module rlm_radutmp<br>
Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp<br>
radutmp {<br>
filename = "/var/log/freeradius/radutmp"<br>
username = "%{User-Name}"<br>
case_sensitive = yes<br>
check_with_nas = yes<br>
perm = 384<br>
callerid = yes<br>
}<br>
Module: Checking post-proxy {...} for more modules to load<br>
Module: Checking post-auth {...} for more modules to load<br>
Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter<br>
attr_filter attr_filter.access_reject {<br>
attrsfile = "/etc/freeradius/attrs.access_reject"<br>
key = "%{User-Name}"<br>
relaxed = no<br>
}<br>
reading pairlist file /etc/freeradius/attrs.access_reject<br>
} # modules<br>
} # server<br>
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel<br>
modules {<br>
Module: Checking authenticate {...} for more modules to load<br>
Module: Checking authorize {...} for more modules to load<br>
Module: Checking session {...} for more modules to load<br>
Module: Checking post-proxy {...} for more modules to load<br>
Module: Checking post-auth {...} for more modules to load<br>
} # modules<br>
} # server<br>
radiusd: #### Opening IP addresses and Ports ####<br>
listen {<br>
type = "auth"<br>
ipaddr = *<br>
port = 0<br>
}<br>
listen {<br>
type = "acct"<br>
ipaddr = *<br>
port = 0<br>
}<br>
listen {<br>
type = "auth"<br>
ipaddr = 127.0.0.1<br>
port = 18120<br>
}<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New""> ... adding new socket proxy address * port 44186<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
Listening on authentication address * port 1812<br>
Listening on accounting address * port 1813<br>
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel<br>
Listening on proxy address * port 1814<br>
Ready to process requests.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New"">rad_recv: Access-Request packet from host 192.168.1.1 port 2049, id=151, length=259<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
User-Name = "<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
NAS-IP-Address = 192.168.1.1<br>
NAS-Port = 0<br>
Called-Station-Id = "004f62248f98"<br>
Calling-Station-Id = "70aab2eb15af"<br>
NAS-Identifier = "Realtek Access Point. 8186"<br>
Framed-MTU = 1400<br>
NAS-Port-Type = Wireless-802.11<br>
Service-Type = Framed-User<br>
Connect-Info = "CONNECT 11Mbps 802.11b"<br>
EAP-Message = 0x02000038013135313030313934363332383631363840776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New""> Message-Authenticator = 0xf77502a9d1ebb44e40a997fb52f4ad2a<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
# Executing section authorize from file /etc/freeradius/sites-enabled/default<br>
+group authorize {<br>
++[preprocess] = ok<br>
++[chap] = noop<br>
++[mschap] = noop<br>
++[digest] = noop<br>
[suffix] Looking up realm "<a href="http://wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">wlan.mnc001.mcc510.3gppnetwork.org</a>" for User-Name = "<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
[suffix] No such realm "<a href="http://wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
++[suffix] = noop<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New"">rlm_sim_files: authorized user/imsi
<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">
1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a> <br>
rlm_sim_files: Adding EAP-Type: eap-sim<br>
++[sim_files] = ok<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
[eap] EAP packet type response id 0 length 56<br>
[eap] No EAP Start, assuming it's an on-going EAP conversation<br>
++[eap] = updated<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New"">++[files] = noop<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
++[expiration] = noop<br>
++[logintime] = noop<br>
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>
++[pap] = noop<br>
+} # group authorize = updated<br>
Found Auth-Type = EAP<br>
# Executing group from file /etc/freeradius/sites-enabled/default<br>
+group authenticate {<br>
[eap] EAP Identity<br>
[eap] processing type sim<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New"">[eap] Underlying EAP-Type set EAP ID to 127<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
++[eap] = handled<br>
+} # group authenticate = handled<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New"">Sending Access-Challenge of id 151 to 192.168.1.1 port 2049<br>
EAP-Message = 0x017f0014120a00000f0200020001000011010100<br>
Message-Authenticator = 0x00000000000000000000000000000000<br>
State = 0x7659c0b27626d231a8579b0cb8f3e694<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
Finished request 0.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New"">rad_recv: Access-Request packet from host 192.168.1.1 port 2049, id=152, length=303<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
User-Name = "<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
NAS-IP-Address = 192.168.1.1<br>
NAS-Port = 0<br>
Called-Station-Id = "004f62248f98"<br>
Calling-Station-Id = "70aab2eb15af"<br>
NAS-Identifier = "Realtek Access Point. 8186"<br>
NAS-Port-Type = Wireless-802.11<br>
Service-Type = Framed-User<br>
Connect-Info = "CONNECT 11Mbps 802.11b"<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New""> EAP-Message = 0x027f0058120a000007050000b7a1d8dbcbb4ebc3626016889cbfc212100100010e0e00333135313030313934363332383631363840776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700<br>
State = 0x7659c0b27626d231a8579b0cb8f3e694<br>
Message-Authenticator = 0x946a59632d3b96d1ba18ad68545b1eb6<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
# Executing section authorize from file /etc/freeradius/sites-enabled/default<br>
+group authorize {<br>
++[preprocess] = ok<br>
++[chap] = noop<br>
++[mschap] = noop<br>
++[digest] = noop<br>
[suffix] Looking up realm "<a href="http://wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">wlan.mnc001.mcc510.3gppnetwork.org</a>" for User-Name = "<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
[suffix] No such realm "<a href="http://wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
++[suffix] = noop<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New"">rlm_sim_files: authorized user/imsi
<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">
1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a> <br>
rlm_sim_files: Adding EAP-Type: eap-sim<br>
++[sim_files] = ok<br>
[eap] EAP packet type response id 127 length 88<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
[eap] No EAP Start, assuming it's an on-going EAP conversation<br>
++[eap] = updated<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New"">++[files] = noop<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
++[expiration] = noop<br>
++[logintime] = noop<br>
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>
++[pap] = noop<br>
+} # group authorize = updated<br>
Found Auth-Type = EAP<br>
# Executing group from file /etc/freeradius/sites-enabled/default<br>
+group authenticate {<br>
[eap] Request found, released from the list<br>
[eap] EAP/sim<br>
[eap] processing type sim<br>
+++> EAP-sim decoded packet:<br>
User-Name = "<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
NAS-IP-Address = 192.168.1.1<br>
NAS-Port = 0<br>
Called-Station-Id = "004f62248f98"<br>
Calling-Station-Id = "70aab2eb15af"<br>
NAS-Identifier = "Realtek Access Point. 8186"<br>
NAS-Port-Type = Wireless-802.11<br>
Service-Type = Framed-User<br>
Connect-Info = "CONNECT 11Mbps 802.11b"<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New""> EAP-Message = 0x027f0058120a000007050000b7a1d8dbcbb4ebc3626016889cbfc212100100010e0e00333135313030313934363332383631363840776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700<br>
State = 0x7659c0b27626d231a8579b0cb8f3e694<br>
Message-Authenticator = 0x946a59632d3b96d1ba18ad68545b1eb6<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
EAP-Type = SIM<br>
EAP-Sim-Subtype = Start<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New""> EAP-Sim-NONCE_MT = 0x0000b7a1d8dbcbb4ebc3626016889cbfc212<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
EAP-Sim-SELECTED_VERSION = 0x0001<br>
EAP-Sim-IDENTITY = 0x3135313030313934363332383631363840776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New"">[eap] Underlying EAP-Type set EAP ID to 128<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
++[eap] = handled<br>
+} # group authenticate = handled<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New"">Sending Access-Challenge of id 152 to 192.168.1.1 port 2049<br>
EAP-Message = 0x01800050120b0000010d0000bda21cb60ef945da9a8ba56667b49027621f1dac915b4dbf8a0842e88b97bbbe6ad4284810dd42ca8a60a410f77468200b05000066269155d778ece4a44df2898acaa745<br>
Message-Authenticator = 0x00000000000000000000000000000000<br>
State = 0x7659c0b277d9d231a8579b0cb8f3e694<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
Finished request 1.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New"">rad_recv: Access-Request packet from host 192.168.1.1 port 2049, id=153, length=243<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
User-Name = "<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
NAS-IP-Address = 192.168.1.1<br>
NAS-Port = 0<br>
Called-Station-Id = "004f62248f98"<br>
Calling-Station-Id = "70aab2eb15af"<br>
NAS-Identifier = "Realtek Access Point. 8186"<br>
NAS-Port-Type = Wireless-802.11<br>
Service-Type = Framed-User<br>
Connect-Info = "CONNECT 11Mbps 802.11b"<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New""> EAP-Message = 0x0280001c120b00000b0500004e314600d7dd8c432d922fe2e2f85e45<br>
State = 0x7659c0b277d9d231a8579b0cb8f3e694<br>
Message-Authenticator = 0xe28cce59df602509a3c3cfe9a99c5693<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
# Executing section authorize from file /etc/freeradius/sites-enabled/default<br>
+group authorize {<br>
++[preprocess] = ok<br>
++[chap] = noop<br>
++[mschap] = noop<br>
++[digest] = noop<br>
[suffix] Looking up realm "<a href="http://wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">wlan.mnc001.mcc510.3gppnetwork.org</a>" for User-Name = "<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
[suffix] No such realm "<a href="http://wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
++[suffix] = noop<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New"">rlm_sim_files: authorized user/imsi
<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">
1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a> <br>
rlm_sim_files: Adding EAP-Type: eap-sim<br>
++[sim_files] = ok<br>
[eap] EAP packet type response id 128 length 28<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
[eap] No EAP Start, assuming it's an on-going EAP conversation<br>
++[eap] = updated<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New"">++[files] = noop<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
++[expiration] = noop<br>
++[logintime] = noop<br>
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>
++[pap] = noop<br>
+} # group authorize = updated<br>
Found Auth-Type = EAP<br>
# Executing group from file /etc/freeradius/sites-enabled/default<br>
+group authenticate {<br>
[eap] Request found, released from the list<br>
[eap] EAP/sim<br>
[eap] processing type sim<br>
MAC check succeed <o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New"">[eap] Underlying EAP-Type set EAP ID to 129<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
[eap] Freeing handler<br>
++[eap] = ok<br>
+} # group authenticate = ok<br>
# Executing section post-auth from file /etc/freeradius/sites-enabled/default<br>
+group post-auth {<br>
++[exec] = noop<br>
+} # group post-auth = noop<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New"">Sending Access-Accept of id 153 to 192.168.1.1 port 2049<br>
MS-MPPE-Recv-Key = 0x6e3afcc0cada4349d9e50c5b059f09a8561950974fc7a91ab4b085927b88ec4c<br>
MS-MPPE-Send-Key = 0xa1642e8992cf8c5937455aef07338c3b112ebbfcde037305d185b5367de606b0<br>
EAP-Message = 0x03810004<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
Message-Authenticator = 0x00000000000000000000000000000000<br>
User-Name = "<a href="mailto:1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" target="_blank">1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org</a>"<br>
Finished request 2.<br>
Going to the next request<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New"">Waking up in 3.9 seconds.<br>
Cleaning up request 0 ID 151 with timestamp +10<br>
Cleaning up request 1 ID 152 with timestamp +11<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New""><br>
Waking up in 1.0 seconds.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Courier New"">Cleaning up request 2 ID 153 with timestamp +12<br>
Ready to process requests.<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal">thank you<o:p></o:p></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<span style="font-size: 9px; line-height: 10px;">This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.</span></body>
</html>