Hi guys, i'm still looking for a solution for the eapsim authentication. Now i use the Freeradius 3.0.0 and i made some changes in the 'eapsimlib.c' regarding AT_IDENTITY (commit cfd61d24b99022eb613054bbf7e0da4fa3af1bde). I still have the same problem, the client is able to send two Acces-Request but unable to send the third Access-Request to close the authentication. I use a Nokia E52 as supplicant, did anybody realize the test successfully with another mobile phone (except android phones)? Does anyone know how i can debug the mobile phone? any helpfull ideas? here my debug radiusd: FreeRADIUS Version 3.0.0 (git #d3c7336), for host i586-pc-linux-gnu, built on Nov 7 2012 at 14:54:31 . . Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Opening new proxy address * port 1814 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.10.212 port 48077, id=19, length=308 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "1901700000000653@wlan.mnc070.mcc901.3gppnetwork.org" NAS-Port-Id = "ap_hotspot" NAS-Port-Type = Wireless-802.11 Acct-Session-Id = "82500003" Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-50-00-00-00-00-00-03" Calling-Station-Id = "A8-7E-33-3E-9C-5B" Called-Station-Id = "00-0C-42-64-41-9D:YANN" EAP-Message = 0x02010038013139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f7267 Message-Authenticator = 0x429b263e5293fadbae0a13f28dad2775 NAS-Identifier = "MT_Yann" NAS-IP-Address = 192.168.10.212 (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (0) group authorize { (0) - entering group authorize {...} (0) [preprocess] = ok (0) [chap] = noop (0) auth_log : expand: %{Packet-Src-IP-Address} -> 192.168.10.212 (0) auth_log : expand: /var/log/radiusd/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/radiusd/radacct/192.168.10.212/auth-detail-20121108 (0) auth_log : /var/log/radiusd/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radiusd/radacct/192.168.10.212/auth-detail-20121108 (0) auth_log : expand: %t -> Thu Nov 8 14:20:05 2012 (0) [auth_log] = ok (0) [mschap] = noop (0) [digest] = noop (0) suffix : Looking up realm "wlan.mnc070.mcc901.3gppnetwork.org" for User-Name = "1901700000000653@wlan.mnc070.mcc901.3gppnetwork.org" (0) suffix : Found realm "~.*.3gppnetwork.org$" (0) suffix : Adding Stripped-User-Name = "1901700000000653" (0) suffix : Adding Realm = "wlan.mnc070.mcc901.3gppnetwork.org" (0) suffix : Authentication realm is LOCAL. (0) [suffix] = ok rlm_sim_files: authorized user/imsi 1901700000000653 rlm_sim_files: Adding EAP-Type: eap-sim (0) [sim_files] = ok (0) eap : EAP packet type response id 1 length 56 (0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) Found Auth-Type = EAP (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (0) group authenticate { (0) - entering group authenticate {...} (0) eap : EAP Identity (0) eap : processing type sim (0) eap : Underlying EAP-Type set EAP ID to 133 (0) [eap] = handled Sending Access-Challenge of id 19 to 192.168.10.212 port 48077 EAP-Message = 0x01850014120a00000f0200020001000011010100 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x077b668807fe746db0e5f555c7ca40d2 (0) Finished request 0. Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 192.168.10.212 port 41383, id=20, length=358 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "1901700000000653@wlan.mnc070.mcc901.3gppnetwork.org" State = 0x077b668807fe746db0e5f555c7ca40d2 NAS-Port-Id = "ap_hotspot" NAS-Port-Type = Wireless-802.11 Acct-Session-Id = "82500003" Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-50-00-00-00-00-00-03" Calling-Station-Id = "A8-7E-33-3E-9C-5B" Called-Station-Id = "00-0C-42-64-41-9D:YANN" EAP-Message = 0x02850058120a000007050000be65a474dc99300354fdd97e5176bbc5100100010e0e00333139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f726700 Message-Authenticator = 0x07c87b76cd6232ca08dc4529913d5cac NAS-Identifier = "MT_Yann" NAS-IP-Address = 192.168.10.212 (1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (1) group authorize { (1) - entering group authorize {...} (1) [preprocess] = ok (1) [chap] = noop (1) auth_log : expand: %{Packet-Src-IP-Address} -> 192.168.10.212 (1) auth_log : expand: /var/log/radiusd/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/radiusd/radacct/192.168.10.212/auth-detail-20121108 (1) auth_log : /var/log/radiusd/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radiusd/radacct/192.168.10.212/auth-detail-20121108 (1) auth_log : expand: %t -> Thu Nov 8 14:20:05 2012 (1) [auth_log] = ok (1) [mschap] = noop (1) [digest] = noop (1) suffix : Looking up realm "wlan.mnc070.mcc901.3gppnetwork.org" for User-Name = "1901700000000653@wlan.mnc070.mcc901.3gppnetwork.org" (1) suffix : Found realm "~.*.3gppnetwork.org$" (1) suffix : Adding Stripped-User-Name = "1901700000000653" (1) suffix : Adding Realm = "wlan.mnc070.mcc901.3gppnetwork.org" (1) suffix : Authentication realm is LOCAL. (1) [suffix] = ok rlm_sim_files: authorized user/imsi 1901700000000653 rlm_sim_files: Adding EAP-Type: eap-sim (1) [sim_files] = ok (1) eap : EAP packet type response id 133 length 88 (1) eap : No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) [files] = noop (1) [expiration] = noop (1) [logintime] = noop (1) pap : WARNING! No "known good" password found for the user. Authentication may fail because of this. (1) [pap] = noop (1) Found Auth-Type = EAP (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (1) group authenticate { (1) - entering group authenticate {...} (1) eap : Request found, released from the list (1) eap : EAP/sim (1) eap : processing type sim +++> EAP-sim decoded packet: Service-Type = Framed-User Framed-MTU = 1400 User-Name = "1901700000000653@wlan.mnc070.mcc901.3gppnetwork.org" State = 0x077b668807fe746db0e5f555c7ca40d2 NAS-Port-Id = "ap_hotspot" NAS-Port-Type = Wireless-802.11 Acct-Session-Id = "82500003" Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-50-00-00-00-00-00-03" Calling-Station-Id = "A8-7E-33-3E-9C-5B" Called-Station-Id = "00-0C-42-64-41-9D:YANN" EAP-Message = 0x02850058120a000007050000be65a474dc99300354fdd97e5176bbc5100100010e0e00333139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f726700 Message-Authenticator = 0x07c87b76cd6232ca08dc4529913d5cac NAS-Identifier = "MT_Yann" NAS-IP-Address = 192.168.10.212 Stripped-User-Name = "1901700000000653" Realm = "wlan.mnc070.mcc901.3gppnetwork.org" EAP-Type = SIM EAP-Sim-Subtype = Start EAP-Sim-NONCE_MT = 0x0000be65a474dc99300354fdd97e5176bbc5 EAP-Sim-SELECTED_VERSION = 0x0001 EAP-Sim-IDENTITY = 0x3139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f7267 (1) eap : Underlying EAP-Type set EAP ID to 134 (1) [eap] = handled Sending Access-Challenge of id 20 to 192.168.10.212 port 41383 EAP-Message = 0x01860050120b0000010d00000123456789abcdef0123456789abcdef658719018376aab4d2a5ccde7a21b6510123456789abcdef0123456789abcdff0b050000217a0ab3b008a413f570885bca13bbe8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x077b668806fd746db0e5f555c7ca40d2 (1) Finished request 1. Waking up in 0.3 seconds. Waking up in 4.6 seconds. (0) Cleaning up request packet ID 19 with timestamp +14 (1) Cleaning up request packet ID 20 with timestamp +14 Ready to process requests. Best regards Yann