Hi Alan, After looking up the dictionary file for EAP-SIM attributes, I used the following settings: *passwd file in mods-enabled:* passwd passwd { filename = /usr/local/etc/raddb/simtriplets.dat format = "*EAP-Sim-IMSI:EAP-Sim-RAND1:EAP-Sim-SRES1:EAP-Sim-KC1:EAP-Sim-RAND2:EAP-Sim-SRES2:EAP-Sim-KC2:EAP-Sim-RAND2:EAP-Sim-SRES2:EAP-Sim-KC2" hash_size = 100 ignore_nislike = no allow_multiple_keys = no } *simtriplets.dat file (IMSI followed by 3 sets of triplets):* 1001010123456789@wlan.mnc001.mcc001.3gppnetwork.org:2 ADE1426F93045258CCD7B9CF739CD51:CA1a6a73:44163dcd3063ee06:A7DB577E986F41e999981FE01E8E9351:9E0ec181:2B3182377B3d2e05:92F13B6BB93641b0914DD3D6DAAFB78C:9Ca5541a:767e395d867fa4b0 I get this error when I run the test. I'm using a phone with a test SIM in it (IMSI: 1001010123456789): eap: Expiring EAP session with state 0x4e4609474d431cf0 (37) eap: Finished EAP session with state 0x50b3a7b250b1a3eb (37) eap: Previous EAP request found for state 0x50b3a7b250b1a3eb, released from the list (37) eap: Peer sent packet with method EAP NAK (3) (37) eap: Found mutually acceptable type SIM (18) (37) eap: Calling submodule eap_sim to process data (37)* eap_sim: ERROR: EAP-SIM-RAND1 not found* (37) eap: ERROR: Failed starting EAP SIM (18) session. EAP sub-module failed (37) eap: Sending EAP Failure (code 4) ID 2 length 4 (37) eap: Failed in EAP select (37) [eap] = invalid (37) } # authenticate = invalid (37) Failed to authenticate the user (37) Using Post-Auth-Type Reject (37) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (37) Post-Auth-Type REJECT { (37) attr_filter.access_reject: EXPAND %{User-Name} (37) attr_filter.access_reject: --> 1001010123456789@wlan.mnc001.mcc001.3gppnetwork.org (37) attr_filter.access_reject: Matched entry DEFAULT at line 18 (37) [attr_filter.access_reject] = updated (37) eap: Reply already contained an EAP-Message, not inserting EAP-Failure (37) [eap] = noop (37) policy remove_reply_message_if_eap { (37) if (&reply:EAP-Message && &reply:Reply-Message) { (37) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (37) else { (37) [noop] = noop (37) } # else = noop (37) } # policy remove_reply_message_if_eap = noop (37) } # Post-Auth-Type REJECT = updated (37) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (37) <delay>: Sending delayed response (37) <delay>: Sent Access-Reject Id 91 from 192.168.1.98:1812 to 192.168.1.14:32768 length 44 I don't think the passwd file is being processed properly. Am I missing something? Thanks Sid On Fri, Aug 14, 2015 at 10:11 AM, Siddharth Katragadda < siddharthk@google.com> wrote:
Alan, After looking up the dictionary file for EAP-SIM attributes, I used the following settings:
On Fri, Aug 14, 2015 at 2:08 AM, Alan DeKok <aland@deployingradius.com> wrote:
On Aug 12, 2015, at 9:25 PM, Siddharth Katragadda <siddharthk@google.com> wrote:
format = "*IMSI:RAND:SRES:KC"
Those aren't RADIUS attribute names. Go read dictionary.freeradius.internal, and look for "EAP-SIM". There are a bunch of SIM related attributes.
Alan DeKok.