Hi all, again i've tried users configuration for a few times. i always failed when i'm trying these formats <1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org> 1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org EAP-Type := SIM EAP-Sim-Rand1 = 0xBDA21CB60EF945da9A8BA56667B49027, EAP-Sim-SRES1 = 0x04d995bc, EAP-Sim-KC1 = 0xBBe0a7c68Aea1c00, EAP-Sim-Rand2 = 0x621F1DAC915B4dbf8A0842E88B97BBBE, EAP-Sim-SRES2 = 0xD9b5f235, EAP-Sim-KC2 = 0x33d1ae11914c4800, EAP-Sim-Rand3 = 0x6AD4284810DD42ca8A60A410F7746820, EAP-Sim-SRES3 = 0xB29eb39b, EAP-Sim-KC3 = 0x1E62ae2aA0a66400 but if i tried based on log, [/etc/freeradius/users]:204 WARNING! Check item "EAP-Sim-Rand1" found in reply item list for user " 1510101425520064@wlan.mnc101.mcc510.3gppnetwork.org". This attribute MUST go on the first line with the other check items so i do in one line, 1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org EAP-Sim-Rand1 = 0xBDA21CB60EF945da9A8BA56667B49027, EAP-Sim-SRES1 = 0x04d995bc, EAP-Sim-KC1 = 0xBBe0a7c68Aea1c00, EAP-Sim-Rand2 = 0x621F1DAC915B4dbf8A0842E88B97BBBE, EAP-Sim-SRES2 = 0xD9b5f235, EAP-Sim-KC2 = 0x33d1ae11914c4800, EAP-Sim-Rand3 = 0x6AD4284810DD42ca8A60A410F7746820, EAP-Sim-SRES3 = 0xB29eb39b, EAP-Sim-KC3 = 0x1E62ae2aA0a66400 i do the same when i follow this instruction http://lists.freeradius.org/pipermail/freeradius-users/2014-March/071123.htm... and the result is the warning is gone! so, it's okay to use that format? honestly i really new with freeradius, i'll appreciate for any helps. it's my log realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } client 192.168.1.0/24 { require_message_authenticator = no secret = "eap-sim" shortname = "eap-sim" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/freeradius/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/freeradius/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file �?x�??? modules { Module: Creating Auth-Type = digest Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/freeradius/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/freeradius/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/freeradius/modules/digest Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/freeradius/modules/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/freeradius/eap.conf eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 1024 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.key" certificate_file = "/etc/freeradius/certs/server.pem" CA_file = "/etc/freeradius/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/freeradius/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/freeradius/certs/bootstrap" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Linked to sub-module rlm_eap_sim Module: Instantiating eap-sim Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/freeradius/huntgroups reading pairlist file /etc/freeradius/hints Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_sim_files Module: Instantiating module "sim_files" from file /etc/freeradius/modules/sim_files sim_files { simtriplets = "/etc/freeradius/simtriplets.dat" } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/freeradius/modules/files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } reading pairlist file /etc/freeradius/users reading pairlist file /etc/freeradius/acct_users reading pairlist file /etc/freeradius/preproxy_users Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /etc/freeradius/modules/detail detail { detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/attrs.accounting_response Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/attrs.access_reject } # modules } # server server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } ... adding new socket proxy address * port 44186 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.1 port 2049, id=151, length=259 User-Name = "1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" NAS-IP-Address = 192.168.1.1 NAS-Port = 0 Called-Station-Id = "004f62248f98" Calling-Station-Id = "70aab2eb15af" NAS-Identifier = "Realtek Access Point. 8186" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02000038013135313030313934363332383631363840776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267 Message-Authenticator = 0xf77502a9d1ebb44e40a997fb52f4ad2a # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for User-Name = "1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" [suffix] No such realm "wlan.mnc001.mcc510.3gppnetwork.org" ++[suffix] = noop rlm_sim_files: authorized user/imsi 1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org rlm_sim_files: Adding EAP-Type: eap-sim ++[sim_files] = ok [eap] EAP packet type response id 0 length 56 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type sim [eap] Underlying EAP-Type set EAP ID to 127 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 151 to 192.168.1.1 port 2049 EAP-Message = 0x017f0014120a00000f0200020001000011010100 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7659c0b27626d231a8579b0cb8f3e694 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 2049, id=152, length=303 User-Name = "1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" NAS-IP-Address = 192.168.1.1 NAS-Port = 0 Called-Station-Id = "004f62248f98" Calling-Station-Id = "70aab2eb15af" NAS-Identifier = "Realtek Access Point. 8186" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x027f0058120a000007050000b7a1d8dbcbb4ebc3626016889cbfc212100100010e0e00333135313030313934363332383631363840776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700 State = 0x7659c0b27626d231a8579b0cb8f3e694 Message-Authenticator = 0x946a59632d3b96d1ba18ad68545b1eb6 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for User-Name = "1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" [suffix] No such realm "wlan.mnc001.mcc510.3gppnetwork.org" ++[suffix] = noop rlm_sim_files: authorized user/imsi 1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org rlm_sim_files: Adding EAP-Type: eap-sim ++[sim_files] = ok [eap] EAP packet type response id 127 length 88 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/sim [eap] processing type sim +++> EAP-sim decoded packet: User-Name = "1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" NAS-IP-Address = 192.168.1.1 NAS-Port = 0 Called-Station-Id = "004f62248f98" Calling-Station-Id = "70aab2eb15af" NAS-Identifier = "Realtek Access Point. 8186" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x027f0058120a000007050000b7a1d8dbcbb4ebc3626016889cbfc212100100010e0e00333135313030313934363332383631363840776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700 State = 0x7659c0b27626d231a8579b0cb8f3e694 Message-Authenticator = 0x946a59632d3b96d1ba18ad68545b1eb6 EAP-Type = SIM EAP-Sim-Subtype = Start EAP-Sim-NONCE_MT = 0x0000b7a1d8dbcbb4ebc3626016889cbfc212 EAP-Sim-SELECTED_VERSION = 0x0001 EAP-Sim-IDENTITY = 0x3135313030313934363332383631363840776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267 [eap] Underlying EAP-Type set EAP ID to 128 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 152 to 192.168.1.1 port 2049 EAP-Message = 0x01800050120b0000010d0000bda21cb60ef945da9a8ba56667b49027621f1dac915b4dbf8a0842e88b97bbbe6ad4284810dd42ca8a60a410f77468200b05000066269155d778ece4a44df2898acaa745 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7659c0b277d9d231a8579b0cb8f3e694 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 2049, id=153, length=243 User-Name = "1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" NAS-IP-Address = 192.168.1.1 NAS-Port = 0 Called-Station-Id = "004f62248f98" Calling-Station-Id = "70aab2eb15af" NAS-Identifier = "Realtek Access Point. 8186" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0280001c120b00000b0500004e314600d7dd8c432d922fe2e2f85e45 State = 0x7659c0b277d9d231a8579b0cb8f3e694 Message-Authenticator = 0xe28cce59df602509a3c3cfe9a99c5693 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for User-Name = "1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" [suffix] No such realm "wlan.mnc001.mcc510.3gppnetwork.org" ++[suffix] = noop rlm_sim_files: authorized user/imsi 1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org rlm_sim_files: Adding EAP-Type: eap-sim ++[sim_files] = ok [eap] EAP packet type response id 128 length 28 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/sim [eap] processing type sim MAC check succeed [eap] Underlying EAP-Type set EAP ID to 129 [eap] Freeing handler ++[eap] = ok +} # group authenticate = ok # Executing section post-auth from file /etc/freeradius/sites-enabled/default +group post-auth { ++[exec] = noop +} # group post-auth = noop Sending Access-Accept of id 153 to 192.168.1.1 port 2049 MS-MPPE-Recv-Key = 0x6e3afcc0cada4349d9e50c5b059f09a8561950974fc7a91ab4b085927b88ec4c MS-MPPE-Send-Key = 0xa1642e8992cf8c5937455aef07338c3b112ebbfcde037305d185b5367de606b0 EAP-Message = 0x03810004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "1510019463286168@wlan.mnc001.mcc510.3gppnetwork.org" Finished request 2. Going to the next request Waking up in 3.9 seconds. Cleaning up request 0 ID 151 with timestamp +10 Cleaning up request 1 ID 152 with timestamp +11 Waking up in 1.0 seconds. Cleaning up request 2 ID 153 with timestamp +12 Ready to process requests. thank you