Hi IIiya,
thanx for your quick response

here is my log debug

rad_recv: Access-Request packet from host 192.168.2.1 port 2048, id=0, length=215

            User-Name = "1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org"

            NAS-IP-Address = 192.168.2.1

            Called-Station-Id = "48f8b315461a"

            Calling-Station-Id = "1814563e5189"

            NAS-Identifier = "48f8b315461a"

            NAS-Port = 38

            Framed-MTU = 1400

            NAS-Port-Type = Wireless-802.11

            EAP-Message = 0x02000038013135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267

            Message-Authenticator = 0x1e692ae9b93631a0f54bda0997d713f2

# Executing section authorize from file /etc/freeradius/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for User-Name = "1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org"

[suffix] No such realm "wlan.mnc001.mcc510.3gppnetwork.org"

++[suffix] returns noop

rlm_sim_files: authorized user/imsi 1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org

rlm_sim_files: Adding EAP-Type: eap-sim

++[sim_files] returns ok

[eap] EAP packet type response id 0 length 56

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

[files] users: Matched entry 1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org at line 1

++[files] returns ok

++[sql] returns notfound

++[expiration] returns noop

++[logintime] returns noop

[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.

++[pap] returns noop

Found Auth-Type = EAP

# Executing group from file /etc/freeradius/sites-enabled/default

+- entering group authenticate {...}

[eap] EAP Identity

[eap] processing type sim

[eap] Underlying EAP-Type set EAP ID to 116

++[eap] returns handled

Sending Access-Challenge of id 0 to 192.168.2.1 port 2048

            EAP-Message = 0x01740014120a00000f0200020001000011010100

            Message-Authenticator = 0x00000000000000000000000000000000

            State = 0x2e42338f2e362191820b0799859172e9

Finished request 0.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 192.168.2.1 port 2048, id=0, length=265

Cleaning up request 0 ID 0 with timestamp +10

            User-Name = "1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org"

            NAS-IP-Address = 192.168.2.1

            Called-Station-Id = "48f8b315461a"

            Calling-Station-Id = "1814563e5189"

            NAS-Identifier = "48f8b315461a"

            NAS-Port = 38

            Framed-MTU = 1400

            State = 0x2e42338f2e362191820b0799859172e9

            NAS-Port-Type = Wireless-802.11

            EAP-Message = 0x02740058120a000007050000c857b63e06e1bb7341a729ea36de8804100100010e0e00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700

            Message-Authenticator = 0x4228372d93c4496516a4c62a6b0d1f84

# Executing section authorize from file /etc/freeradius/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for User-Name = "1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org"

[suffix] No such realm "wlan.mnc001.mcc510.3gppnetwork.org"

++[suffix] returns noop

rlm_sim_files: authorized user/imsi 1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org

rlm_sim_files: Adding EAP-Type: eap-sim

++[sim_files] returns ok

[eap] EAP packet type response id 116 length 88

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

[files] users: Matched entry 1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org at line 1

++[files] returns ok

 [sql] User 1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org not found

++[sql] returns notfound

++[expiration] returns noop

++[logintime] returns noop

[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.

++[pap] returns noop

Found Auth-Type = EAP

# Executing group from file /etc/freeradius/sites-enabled/default

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/sim

[eap] processing type sim

+++> EAP-sim decoded packet:

            User-Name = "1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org"

            NAS-IP-Address = 192.168.2.1

            Called-Station-Id = "48f8b315461a"

            Calling-Station-Id = "1814563e5189"

            NAS-Identifier = "48f8b315461a"

            NAS-Port = 38

            Framed-MTU = 1400

            State = 0x2e42338f2e362191820b0799859172e9

            NAS-Port-Type = Wireless-802.11

            EAP-Message = 0x02740058120a000007050000c857b63e06e1bb7341a729ea36de8804100100010e0e00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700

            Message-Authenticator = 0x4228372d93c4496516a4c62a6b0d1f84

            EAP-Type = SIM

            EAP-Sim-Subtype = Start

            EAP-Sim-NONCE_MT = 0x0000c857b63e06e1bb7341a729ea36de8804

            EAP-Sim-SELECTED_VERSION = 0x0001

            EAP-Sim-IDENTITY = 0x3135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267

[eap] Underlying EAP-Type set EAP ID to 117

++[eap] returns handled

Sending Access-Challenge of id 0 to 192.168.2.1 port 2048

            EAP-Message = 0x01750050120b0000010d000033c0caad1ca74b91b8c4c597a497c951ec28a5ea58bf4f7d9a15fb267c80bc6cf51e6dc5eeb149028f5cba3779f2b9160b050000128bccbc8968ba6d16040402b139d839

            Message-Authenticator = 0x00000000000000000000000000000000

            State = 0x2e42338f2f372191820b0799859172e9

Finished request 1.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 192.168.2.1 port 2048, id=0, length=205

Cleaning up request 1 ID 0 with timestamp +10

            User-Name = "1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org"

            NAS-IP-Address = 192.168.2.1

            Called-Station-Id = "48f8b315461a"

            Calling-Station-Id = "1814563e5189"

            NAS-Identifier = "48f8b315461a"

            NAS-Port = 38

            Framed-MTU = 1400

            State = 0x2e42338f2f372191820b0799859172e9

            NAS-Port-Type = Wireless-802.11

            EAP-Message = 0x0275001c120b00000b050000fe0ad02adb05fa535c5e7beaa8810f69

            Message-Authenticator = 0x17809a1e9fcb50736607e844ac964694

# Executing section authorize from file /etc/freeradius/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for User-Name = "1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org"

[suffix] No such realm "wlan.mnc001.mcc510.3gppnetwork.org"

++[suffix] returns noop

rlm_sim_files: authorized user/imsi 1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org

rlm_sim_files: Adding EAP-Type: eap-sim

++[sim_files] returns ok

[eap] EAP packet type response id 117 length 28

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

[files] users: Matched entry 1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org at line 1

++[files] returns ok

++[sql] returns notfound

++[expiration] returns noop

++[logintime] returns noop

[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.

++[pap] returns noop

Found Auth-Type = EAP

# Executing group from file /etc/freeradius/sites-enabled/default

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/sim

[eap] processing type sim

MAC check succeed

[eap] Underlying EAP-Type set EAP ID to 118

[eap] Freeing handler

++[eap] returns ok

# Executing section post-auth from file /etc/freeradius/sites-enabled/default

+- entering group post-auth {...}

++[sql] returns ok

++[exec] returns noop

Sending Access-Accept of id 0 to 192.168.2.1 port 2048

            MS-MPPE-Recv-Key = 0x9d0b6b0a9151822473399a9fed44e8f0d74df083532a7d437e436f60866252d8

            MS-MPPE-Send-Key = 0xebf07da25ca3cd97267d1fc6a1ce18d68ad2737902f610284bdb45c6eed0cb7f

            EAP-Message = 0x03760004

            Message-Authenticator = 0x00000000000000000000000000000000

            User-Name = "1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org"

Finished request 2.

Going to the next request

Waking up in 4.9 seconds.

Cleaning up request 2 ID 0 with timestamp +11

Ready to process requests.


this is my log with 1 client


thanx very much for your help
best regards


On Thu, Jun 20, 2013 at 2:53 PM, Iliya Peregoudov <iperegudov@cboss.ru> wrote:
On 20.06.2013 8:38, raptor raptor wrote:
i just try one client and success but when i use another client and it fails

Post debug log if you want to diagnose authentication failure.


is it correct if i add other client in users and simtriplets.dat?

Yes, you should add auth vectors for all your SIM cards into users file, one stanza for every SIM card.

If you still get "insufficient number of challenges" message then your simtriplets.dat is not relevant. Just forget about it. Auth vectors from users file are sufficient.

Freeradius is very flexible. There is no one single way of correctly configure it. But there are indefinite number of ways to misconfigure it. If you prefer not to diagnose authentication failures but insert random stuff into randomly selected configuration files it's unlikely you accidentally configure it correctly.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html