Eap-Sim cannot initiate in Free Radius 3.0.6
Hi , I am trying to run Eap-Sim in Free Radius v.3.0.6. I have configured RAND,KC's,SRES value in "raddb/mods-config/files/authorize" file , as per suggestion from some forum i have added eap sim trilpets values in straight line : IMSI EAP-Type :=SIM ,EAP-Sim-Rand1 :=<>,EAP-Sim-SRES1 :=<> ,Eap-Sim-KC1 :=<>, ........EAP-Sim-KC3 := <>. also configured eap-sim in eap configuration file. Now when i am trying to connect with the device get following errors: S *at Feb 28 14:27:38 2015 : Debug: (0) eap: Peer sent method Identity (1)Sat Feb 28 14:27:38 2015 : Debug: (0) eap: Calling eap_sim to process EAP dataSat Feb 28 14:27:38 2015 : ERROR: (0) eap_sim: ERROR: EAP-SIM-RAND1 not foundSat Feb 28 14:27:38 2015 : ERROR: (0) eap: ERROR: Failed starting EAP SIM (18) session. EAP sub-module failedSat Feb 28 14:27:38 2015 : Debug: (0) eap: Failed in EAP selectSat Feb 28 14:27:38 2015 : Debug: (0) modsingle[authenticate]: returned from eap (rlm_eap) for request 0* Also tried this solution also http://freeradius.1045715.n5.nabble.com/freeradius-3-cannot-initiate-eap-sim... but not to able to resolve the issue ... Can some one help me ? -- -Thanks Ankit Prajapati
Hi , Find logs captured from radius debug: Tue Mar 3 09:49:19 2015 : Debug: (0) Received Access-Request Id 188 from 127.0.0.1:36625 to 127.0.0.1:1812 length 161 Tue Mar 3 09:49:19 2015 : Debug: (0) User-Name = ' 1310260xxxxxxxxx@wlan.mnc260.mcc310.3gppnetwork.org' Tue Mar 3 09:49:19 2015 : Debug: (0) NAS-IP-Address = 127.0.0.1 Tue Mar 3 09:49:19 2015 : Debug: (0) Message-Authenticator = 0x00de7e3a6321fba27f27713901f8ec76 Tue Mar 3 09:49:19 2015 : Debug: (0) NAS-Port = 0 Tue Mar 3 09:49:19 2015 : Debug: (0) EAP-Message = 0x02bb0038013133313032363035383033353332363240776c616e2e6d6e633236302e6d63633331302e336770706e6574776f726b2e6f7267 Tue Mar 3 09:49:19 2015 : Debug: (0) session-state: No State attribute Tue Mar 3 09:49:19 2015 : Debug: (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Tue Mar 3 09:49:19 2015 : Debug: (0) authorize { Tue Mar 3 09:49:19 2015 : Debug: (0) policy filter_username { Tue Mar 3 09:49:19 2015 : Debug: (0) if (!&User-Name) { Tue Mar 3 09:49:19 2015 : Debug: (0) if (!&User-Name) -> FALSE Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ / /) { Tue Mar 3 09:49:19 2015 : Debug: (0) No matches Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ / /) -> FALSE Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /@.*@/ ) { Tue Mar 3 09:49:19 2015 : Debug: (0) No matches Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /@.*@/ ) -> FALSE Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /\.\./ ) { Tue Mar 3 09:49:19 2015 : Debug: (0) No matches Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /\.\./ ) -> FALSE Tue Mar 3 09:49:19 2015 : Debug: (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Tue Mar 3 09:49:19 2015 : Debug: (0) No matches Tue Mar 3 09:49:19 2015 : Debug: (0) Adding 1 matches Tue Mar 3 09:49:19 2015 : Debug: (0) Clearing 1 matches Tue Mar 3 09:49:19 2015 : Debug: (0) Adding 3 matches Tue Mar 3 09:49:19 2015 : Debug: (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /\.$/) { Tue Mar 3 09:49:19 2015 : Debug: (0) Clearing 3 matches Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /\.$/) -> FALSE Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /@\./) { Tue Mar 3 09:49:19 2015 : Debug: (0) No matches Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /@\./) -> FALSE Tue Mar 3 09:49:19 2015 : Debug: (0) } # policy filter_username = notfound Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [preprocess] = ok Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling chap (rlm_chap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned from chap (rlm_chap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [chap] = noop Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [mschap] = noop Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling digest (rlm_digest) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned from digest (rlm_digest) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [digest] = noop Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling suffix (rlm_realm) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Checking for suffix after "@" Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Looking up realm " wlan.mnc260.mcc310.3gppnetwork.org" for User-Name = " 1310260580353262@wlan.mnc260.mcc310.3gppnetwork.org" Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Found realm " wlan.mnc260.mcc310.3gppnetwork.org" Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Adding Stripped-User-Name = "1310260580353262" Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Adding Realm = " wlan.mnc260.mcc310.3gppnetwork.org" Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Authentication realm is LOCAL Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [suffix] = ok Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling eap (rlm_eap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Peer sent code Response (2) ID 187 length 56 Tue Mar 3 09:49:19 2015 : Debug: (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned from eap (rlm_eap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [eap] = ok Tue Mar 3 09:49:19 2015 : Debug: (0) } # authorize = ok Tue Mar 3 09:49:19 2015 : Debug: (0) Found Auth-Type = EAP Tue Mar 3 09:49:19 2015 : Debug: (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Tue Mar 3 09:49:19 2015 : Debug: (0) authenticate { Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authenticate]: calling eap (rlm_eap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Peer sent method Identity (1) Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Calling eap_sim to process EAP data Tue Mar 3 09:49:19 2015 : ERROR: (0) eap_sim: ERROR: EAP-SIM-RAND1 not found Tue Mar 3 09:49:19 2015 : ERROR: (0) eap: ERROR: Failed starting EAP SIM (18) session. EAP sub-module failed Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Failed in EAP select Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authenticate]: returned from eap (rlm_eap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [eap] = invalid Tue Mar 3 09:49:19 2015 : Debug: (0) } # authenticate = invalid Tue Mar 3 09:49:19 2015 : Debug: (0) Failed to authenticate the user Tue Mar 3 09:49:19 2015 : Debug: (0) Using Post-Auth-Type Reject Tue Mar 3 09:49:19 2015 : Debug: (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Tue Mar 3 09:49:19 2015 : Debug: (0) Post-Auth-Type REJECT { Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) for request 0 Tue Mar 3 09:49:19 2015 : Debug: %{User-Name} Tue Mar 3 09:49:19 2015 : Debug: Parsed xlat tree: Tue Mar 3 09:49:19 2015 : Debug: attribute --> User-Name Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: EXPAND %{User-Name} Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: --> 1310260580353262@wlan.mnc260.mcc310.3gppnetwork.org Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: Matched entry DEFAULT at line 11 Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: EAP-Message = 0x04bb0004 allowed by EAP-Message =* 0x Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: Attribute "EAP-Message" allowed by 1 rules, disallowed by 0 rules Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: Message-Authenticator = 0x00000000000000000000000000000000 allowed by Message-Authenticator =* 0x Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: Attribute "Message-Authenticator" allowed by 1 rules, disallowed by 0 rules Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [attr_filter.access_reject] = updated Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]: calling eap (rlm_eap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Reply already contained an EAP-Message, not inserting EAP-Failure Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]: returned from eap (rlm_eap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [eap] = noop Tue Mar 3 09:49:19 2015 : Debug: (0) policy remove_reply_message_if_eap { Tue Mar 3 09:49:19 2015 : Debug: (0) if (&reply:EAP-Message && &reply:Reply-Message) { Tue Mar 3 09:49:19 2015 : Debug: (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE Tue Mar 3 09:49:19 2015 : Debug: (0) else { Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]: calling noop (rlm_always) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]: returned from noop (rlm_always) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [noop] = noop Tue Mar 3 09:49:19 2015 : Debug: (0) } # else = noop Tue Mar 3 09:49:19 2015 : Debug: (0) } # policy remove_reply_message_if_eap = noop Tue Mar 3 09:49:19 2015 : Debug: (0) } # Post-Auth-Type REJECT = updated Tue Mar 3 09:49:19 2015 : Debug: (0) Delaying response for 1.000000 seconds Tue Mar 3 09:49:19 2015 : Debug: Waking up in 0.3 seconds. Tue Mar 3 09:49:19 2015 : Debug: Waking up in 0.6 seconds. Tue Mar 3 09:49:20 2015 : Debug: (0) Sending delayed response Tue Mar 3 09:49:20 2015 : Debug: (0) Sent Access-Reject Id 188 from 127.0.0.1:1812 to 127.0.0.1:36625 length 44 Tue Mar 3 09:49:20 2015 : Debug: (0) EAP-Message = 0x04bb0004 Tue Mar 3 09:49:20 2015 : Debug: (0) Message-Authenticator = 0x00000000000000000000000000000000 Tue Mar 3 09:49:20 2015 : Debug: Waking up in 3.9 seconds. Tue Mar 3 09:49:24 2015 : Debug: (0) Cleaning up request packet ID 188 with timestamp +52 Tue Mar 3 09:49:24 2015 : Info: Ready to process requests On Mon, Mar 2, 2015 at 12:54 PM, Iliya Peregoudov <iperegudov@cboss.ru> wrote:
On 28.02.2015 12:14, Ankit Prajapati wrote:
Can some one help me ?
Post radius -X debug from server start till Access-Reject sent.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
-- -Thanks Ankit Prajapati
On 03.03.2015 7:26, Ankit Prajapati wrote:
Tue Mar 3 09:49:19 2015 : Debug: (0) Found Auth-Type = EAP Tue Mar 3 09:49:19 2015 : Debug: (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Tue Mar 3 09:49:19 2015 : Debug: (0) authenticate { Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authenticate]: calling eap (rlm_eap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Peer sent method Identity (1) Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Calling eap_sim to process EAP data Tue Mar 3 09:49:19 2015 : ERROR: (0) eap_sim: ERROR: EAP-SIM-RAND1 not found
eap_sim was unable to find authentication vectors. You need to call `users' after `suffix' but before `eap' in authorize section. This will lookup authentication vectors from raddb/users file and place them into reply (or control) list.
Hi , I tried what you have said Added in authorize block : authorize { # suffix # # Read the 'users' file files #or the many packets that go back and forth to set up TTLS # or PEAP. The load on those servers will therefore be reduced. # eap { ok = return } } On Tue, Mar 3, 2015 at 1:18 PM, Iliya Peregoudov <iperegudov@cboss.ru> wrote:
On 03.03.2015 7:26, Ankit Prajapati wrote:
Tue Mar 3 09:49:19 2015 : Debug: (0) Found Auth-Type = EAP Tue Mar 3 09:49:19 2015 : Debug: (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Tue Mar 3 09:49:19 2015 : Debug: (0) authenticate { Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authenticate]: calling eap (rlm_eap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Peer sent method Identity (1) Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Calling eap_sim to process EAP data Tue Mar 3 09:49:19 2015 : ERROR: (0) eap_sim: ERROR: EAP-SIM-RAND1 not found
eap_sim was unable to find authentication vectors. You need to call `users' after `suffix' but before `eap' in authorize section. This will lookup authentication vectors from raddb/users file and place them into reply (or control) list.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
-- -Thanks Ankit Prajapati
I tried what you have said Added files in between suffix and eap in authorize block : authorize { # suffix # # Read the 'users' file files #or the many packets that go back and forth to set up TTLS # or PEAP. The load on those servers will therefore be reduced. # eap { ok = return } } Still getting the same error : (0) eap_sim: ERROR: EAP-SIM-RAND1 not found Mon Mar 9 23:17:49 2015 : ERROR: (0) eap: ERROR: Failed starting EAP SIM (18) session. EAP sub-module failed Radius Output Mon Mar 9 23:17:49 2015 : Debug: (0) Received Access-Request Id 248 from 127.0.0.1:60547 to 127.0.0.1:1812 length 161 Mon Mar 9 23:17:49 2015 : Debug: (0) User-Name = ' 1310260580353262@wlan.mnc260.mcc310.3gppnetwork.org' Mon Mar 9 23:17:49 2015 : Debug: (0) NAS-IP-Address = 127.0.0.1 Mon Mar 9 23:17:49 2015 : Debug: (0) Message-Authenticator = 0x0eee7125450ce0b816b2c1116a9b5066 Mon Mar 9 23:17:49 2015 : Debug: (0) NAS-Port = 0 Mon Mar 9 23:17:49 2015 : Debug: (0) EAP-Message = 0x02f70038013133313032363035383033353332363240776c616e2e6d6e633236302e6d63633331302e336770706e6574776f726b2e6f7267 Mon Mar 9 23:17:49 2015 : Debug: (0) session-state: No State attribute Mon Mar 9 23:17:49 2015 : Debug: (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Mon Mar 9 23:17:49 2015 : Debug: (0) authorize { Mon Mar 9 23:17:49 2015 : Debug: (0) policy filter_username { Mon Mar 9 23:17:49 2015 : Debug: (0) if (!&User-Name) { Mon Mar 9 23:17:49 2015 : Debug: (0) if (!&User-Name) -> FALSE Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ / /) { Mon Mar 9 23:17:49 2015 : Debug: (0) No matches Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ / /) -> FALSE Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ /@.*@/ ) { Mon Mar 9 23:17:49 2015 : Debug: (0) No matches Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ /@.*@/ ) -> FALSE Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ /\.\./ ) { Mon Mar 9 23:17:49 2015 : Debug: (0) No matches Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ /\.\./ ) -> FALSE Mon Mar 9 23:17:49 2015 : Debug: (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Mon Mar 9 23:17:49 2015 : Debug: (0) No matches Mon Mar 9 23:17:49 2015 : Debug: (0) Adding 1 matches Mon Mar 9 23:17:49 2015 : Debug: (0) Clearing 1 matches Mon Mar 9 23:17:49 2015 : Debug: (0) Adding 3 matches Mon Mar 9 23:17:49 2015 : Debug: (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ /\.$/) { Mon Mar 9 23:17:49 2015 : Debug: (0) Clearing 3 matches Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ /\.$/) -> FALSE Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ /@\./) { Mon Mar 9 23:17:49 2015 : Debug: (0) No matches Mon Mar 9 23:17:49 2015 : Debug: (0) if (&User-Name =~ /@\./) -> FALSE Mon Mar 9 23:17:49 2015 : Debug: (0) } # policy filter_username = notfound Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) [preprocess] = ok Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: calling chap (rlm_chap) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: returned from chap (rlm_chap) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) [chap] = noop Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) [mschap] = noop Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: calling digest (rlm_digest) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: returned from digest (rlm_digest) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) [digest] = noop Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: calling suffix (rlm_realm) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) suffix: Checking for suffix after "@" Mon Mar 9 23:17:49 2015 : Debug: (0) suffix: Looking up realm " wlan.mnc260.mcc310.3gppnetwork.org" for User-Name = " 1310260580353262@wlan.mnc260.mcc310.3gppnetwork.org" Mon Mar 9 23:17:49 2015 : Debug: (0) suffix: Found realm " wlan.mnc260.mcc310.3gppnetwork.org" Mon Mar 9 23:17:49 2015 : Debug: (0) suffix: Adding Stripped-User-Name = "1310260580353262" Mon Mar 9 23:17:49 2015 : Debug: (0) suffix: Adding Realm = " wlan.mnc260.mcc310.3gppnetwork.org" Mon Mar 9 23:17:49 2015 : Debug: (0) suffix: Authentication realm is LOCAL Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) [suffix] = ok Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: calling files (rlm_files) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: returned from files (rlm_files) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) [files] = noop Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: calling eap (rlm_eap) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) eap: Peer sent code Response (2) ID 247 length 56 Mon Mar 9 23:17:49 2015 : Debug: (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: returned from eap (rlm_eap) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) [eap] = ok Mon Mar 9 23:17:49 2015 : Debug: (0) } # authorize = ok Mon Mar 9 23:17:49 2015 : Debug: (0) Found Auth-Type = EAP Mon Mar 9 23:17:49 2015 : Debug: (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Mon Mar 9 23:17:49 2015 : Debug: (0) authenticate { Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authenticate]: calling eap (rlm_eap) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) eap: Peer sent method Identity (1) Mon Mar 9 23:17:49 2015 : Debug: (0) eap: Calling eap_sim to process EAP data Mon Mar 9 23:17:49 2015 : ERROR: (0) eap_sim: ERROR: EAP-SIM-RAND1 not found Mon Mar 9 23:17:49 2015 : ERROR: (0) eap: ERROR: Failed starting EAP SIM (18) session. EAP sub-module failed Mon Mar 9 23:17:49 2015 : Debug: (0) eap: Failed in EAP select Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authenticate]: returned from eap (rlm_eap) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) [eap] = invalid Mon Mar 9 23:17:49 2015 : Debug: (0) } # authenticate = invalid Mon Mar 9 23:17:49 2015 : Debug: (0) Failed to authenticate the user Mon Mar 9 23:17:49 2015 : Debug: (0) Using Post-Auth-Type Reject Mon Mar 9 23:17:49 2015 : Debug: (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Mon Mar 9 23:17:49 2015 : Debug: (0) Post-Auth-Type REJECT { Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) for request 0 Mon Mar 9 23:17:49 2015 : Debug: %{User-Name} Mon Mar 9 23:17:49 2015 : Debug: Parsed xlat tree: Mon Mar 9 23:17:49 2015 : Debug: attribute --> User-Name Mon Mar 9 23:17:49 2015 : Debug: (0) attr_filter.access_reject: EXPAND %{User-Name} Mon Mar 9 23:17:49 2015 : Debug: (0) attr_filter.access_reject: --> 1310260580353262@wlan.mnc260.mcc310.3gppnetwork.org Mon Mar 9 23:17:49 2015 : Debug: (0) attr_filter.access_reject: Matched entry DEFAULT at line 11 Mon Mar 9 23:17:49 2015 : Debug: (0) attr_filter.access_reject: EAP-Message = 0x04f70004 allowed by EAP-Message =* 0x Mon Mar 9 23:17:49 2015 : Debug: (0) attr_filter.access_reject: Attribute "EAP-Message" allowed by 1 rules, disallowed by 0 rules Mon Mar 9 23:17:49 2015 : Debug: (0) attr_filter.access_reject: Message-Authenticator = 0x00000000000000000000000000000000 allowed by Message-Authenticator =* 0x Mon Mar 9 23:17:49 2015 : Debug: (0) attr_filter.access_reject: Attribute "Message-Authenticator" allowed by 1 rules, disallowed by 0 rules Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) [attr_filter.access_reject] = updated Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[post-auth]: calling eap (rlm_eap) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) eap: Reply already contained an EAP-Message, not inserting EAP-Failure Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[post-auth]: returned from eap (rlm_eap) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) [eap] = noop Mon Mar 9 23:17:49 2015 : Debug: (0) policy remove_reply_message_if_eap { Mon Mar 9 23:17:49 2015 : Debug: (0) if (&reply:EAP-Message && &reply:Reply-Message) { Mon Mar 9 23:17:49 2015 : Debug: (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE Mon Mar 9 23:17:49 2015 : Debug: (0) else { Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[post-auth]: calling noop (rlm_always) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[post-auth]: returned from noop (rlm_always) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) [noop] = noop Mon Mar 9 23:17:49 2015 : Debug: (0) } # else = noop Mon Mar 9 23:17:49 2015 : Debug: (0) } # policy remove_reply_message_if_eap = noop Mon Mar 9 23:17:49 2015 : Debug: (0) } # Post-Auth-Type REJECT = updated Mon Mar 9 23:17:49 2015 : Debug: (0) Delaying response for 1.000000 seconds Mon Mar 9 23:17:49 2015 : Debug: Waking up in 0.3 seconds. Mon Mar 9 23:17:49 2015 : Debug: Waking up in 0.6 seconds. Mon Mar 9 23:17:50 2015 : Debug: (0) Sending delayed response Mon Mar 9 23:17:50 2015 : Debug: (0) Sent Access-Reject Id 248 from 127.0.0.1:1812 to 127.0.0.1:60547 length 44 Mon Mar 9 23:17:50 2015 : Debug: (0) EAP-Message = 0x04f70004 Mon Mar 9 23:17:50 2015 : Debug: (0) Message-Authenticator = 0x00000000000000000000000000000000 Mon Mar 9 23:17:50 2015 : Debug: Waking up in 3.9 seconds. Mon Mar 9 23:17:54 2015 : Debug: (0) Cleaning up request packet ID 248 with timestamp +3 Mon Mar 9 23:17:54 2015 : Info: Ready to process requests In Log i found that [files] return noop , it is not able to find users file...? I am testing with radeapclient. On Mon, Mar 9, 2015 at 11:20 PM, Ankit Prajapati < prajapati.ankit85@gmail.com> wrote:
Hi ,
I tried what you have said Added in authorize block : authorize { # suffix # # Read the 'users' file files #or the many packets that go back and forth to set up TTLS # or PEAP. The load on those servers will therefore be reduced. # eap { ok = return }
}
On Tue, Mar 3, 2015 at 1:18 PM, Iliya Peregoudov <iperegudov@cboss.ru> wrote:
On 03.03.2015 7:26, Ankit Prajapati wrote:
Tue Mar 3 09:49:19 2015 : Debug: (0) Found Auth-Type = EAP Tue Mar 3 09:49:19 2015 : Debug: (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Tue Mar 3 09:49:19 2015 : Debug: (0) authenticate { Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authenticate]: calling eap (rlm_eap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Peer sent method Identity (1) Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Calling eap_sim to process EAP data Tue Mar 3 09:49:19 2015 : ERROR: (0) eap_sim: ERROR: EAP-SIM-RAND1 not found
eap_sim was unable to find authentication vectors. You need to call `users' after `suffix' but before `eap' in authorize section. This will lookup authentication vectors from raddb/users file and place them into reply (or control) list.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
-- -Thanks Ankit Prajapati
-- -Thanks Ankit Prajapati
On 09.03.2015 20:54, Ankit Prajapati wrote:
Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: calling files (rlm_files) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) modsingle[authorize]: returned from files (rlm_files) for request 0 Mon Mar 9 23:17:49 2015 : Debug: (0) [files] = noop
rlm_files have not found entry in raddb/users file. Default configuration of rlm_files module uses Stripped-User-Name attribute value as key. Ensure that raddb/users file does contain entry for 1310260580353262 user.
participants (2)
-
Ankit Prajapati -
Iliya Peregoudov