rad_recv: Access-Request packet from host 192.168.2.1 port 2048, id=0, length=215
User-Name = "1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org"
NAS-IP-Address = 192.168.2.1
Called-Station-Id = "48f8b315461a"
Calling-Station-Id = "1814563e5189"
NAS-Identifier = "48f8b315461a"
NAS-Port = 38
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02000038013135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267
Message-Authenticator = 0x1e692ae9b93631a0f54bda0997d713f2
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for User-Name = "1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org"
[suffix] No such realm "wlan.mnc001.mcc510.3gppnetwork.org"
++[suffix] returns noop
rlm_sim_files: authorized user/imsi 1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
[eap] EAP packet type response id 0 length 56
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry 1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org at line 1
++[files] returns ok
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type sim
[eap] Underlying EAP-Type set EAP ID to 116
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.1 port 2048
EAP-Message = 0x01740014120a00000f0200020001000011010100
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2e42338f2e362191820b0799859172e9
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.1 port 2048, id=0, length=265
Cleaning up request 0 ID 0 with timestamp +10
User-Name = "1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org"
NAS-IP-Address = 192.168.2.1
Called-Station-Id = "48f8b315461a"
Calling-Station-Id = "1814563e5189"
NAS-Identifier = "48f8b315461a"
NAS-Port = 38
Framed-MTU = 1400
State = 0x2e42338f2e362191820b0799859172e9
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02740058120a000007050000c857b63e06e1bb7341a729ea36de8804100100010e0e00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700
Message-Authenticator = 0x4228372d93c4496516a4c62a6b0d1f84
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for User-Name = "1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org"
[suffix] No such realm "wlan.mnc001.mcc510.3gppnetwork.org"
++[suffix] returns noop
rlm_sim_files: authorized user/imsi 1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
[eap] EAP packet type response id 116 length 88
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry 1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org at line 1
++[files] returns ok
[sql] User 1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/sim
[eap] processing type sim
+++> EAP-sim decoded packet:
User-Name = "1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org"
NAS-IP-Address = 192.168.2.1
Called-Station-Id = "48f8b315461a"
Calling-Station-Id = "1814563e5189"
NAS-Identifier = "48f8b315461a"
NAS-Port = 38
Framed-MTU = 1400
State = 0x2e42338f2e362191820b0799859172e9
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02740058120a000007050000c857b63e06e1bb7341a729ea36de8804100100010e0e00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700
Message-Authenticator = 0x4228372d93c4496516a4c62a6b0d1f84
EAP-Type = SIM
EAP-Sim-Subtype = Start
EAP-Sim-NONCE_MT = 0x0000c857b63e06e1bb7341a729ea36de8804
EAP-Sim-SELECTED_VERSION = 0x0001
EAP-Sim-IDENTITY = 0x3135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267
[eap] Underlying EAP-Type set EAP ID to 117
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.1 port 2048
EAP-Message = 0x01750050120b0000010d000033c0caad1ca74b91b8c4c597a497c951ec28a5ea58bf4f7d9a15fb267c80bc6cf51e6dc5eeb149028f5cba3779f2b9160b050000128bccbc8968ba6d16040402b139d839
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2e42338f2f372191820b0799859172e9
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.1 port 2048, id=0, length=205
Cleaning up request 1 ID 0 with timestamp +10
User-Name = "1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org"
NAS-IP-Address = 192.168.2.1
Called-Station-Id = "48f8b315461a"
Calling-Station-Id = "1814563e5189"
NAS-Identifier = "48f8b315461a"
NAS-Port = 38
Framed-MTU = 1400
State = 0x2e42338f2f372191820b0799859172e9
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0275001c120b00000b050000fe0ad02adb05fa535c5e7beaa8810f69
Message-Authenticator = 0x17809a1e9fcb50736607e844ac964694
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for User-Name = "1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org"
[suffix] No such realm "wlan.mnc001.mcc510.3gppnetwork.org"
++[suffix] returns noop
rlm_sim_files: authorized user/imsi 1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
[eap] EAP packet type response id 117 length 28
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry 1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org at line 1
++[files] returns ok
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/sim
[eap] processing type sim
MAC check succeed
[eap] Underlying EAP-Type set EAP ID to 118
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 0 to 192.168.2.1 port 2048
MS-MPPE-Recv-Key = 0x9d0b6b0a9151822473399a9fed44e8f0d74df083532a7d437e436f60866252d8
MS-MPPE-Send-Key = 0xebf07da25ca3cd97267d1fc6a1ce18d68ad2737902f610284bdb45c6eed0cb7f
EAP-Message = 0x03760004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "1510019760806391@wlan.mnc001.mcc510.3gppnetwork.org"
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 2 ID 0 with timestamp +11
Ready to process requests.
On 20.06.2013 8:38, raptor raptor wrote:Post debug log if you want to diagnose authentication failure.
i just try one client and success but when i use another client and it fails
Yes, you should add auth vectors for all your SIM cards into users file, one stanza for every SIM card.
is it correct if i add other client in users and simtriplets.dat?
If you still get "insufficient number of challenges" message then your simtriplets.dat is not relevant. Just forget about it. Auth vectors from users file are sufficient.
Freeradius is very flexible. There is no one single way of correctly configure it. But there are indefinite number of ways to misconfigure it. If you prefer not to diagnose authentication failures but insert random stuff into randomly selected configuration files it's unlikely you accidentally configure it correctly.