EAP-SIM authentication failed
Yann R. Moupinda
yannm1 at hotmail.com
Thu Nov 8 14:56:41 CET 2012
Hi guys,
i'm still looking for a solution for the eapsim authentication. Now i use the Freeradius 3.0.0 and i made some changes in the 'eapsimlib.c' regarding AT_IDENTITY (commit cfd61d24b99022eb613054bbf7e0da4fa3af1bde). I still have the same problem, the client is able to send two Acces-Request but unable to send the third Access-Request to close the authentication.
I use a Nokia E52 as supplicant, did anybody realize the test successfully with another mobile phone (except android phones)?
Does anyone know how i can debug the mobile phone?
any helpfull ideas?
here my debug
radiusd: FreeRADIUS Version 3.0.0 (git #d3c7336), for host i586-pc-linux-gnu, built on Nov 7 2012 at 14:54:31
.
.
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Opening new proxy address * port 1814
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.10.212 port 48077, id=19, length=308
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "1901700000000653 at wlan.mnc070.mcc901.3gppnetwork.org"
NAS-Port-Id = "ap_hotspot"
NAS-Port-Type = Wireless-802.11
Acct-Session-Id = "82500003"
Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-50-00-00-00-00-00-03"
Calling-Station-Id = "A8-7E-33-3E-9C-5B"
Called-Station-Id = "00-0C-42-64-41-9D:YANN"
EAP-Message = 0x02010038013139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f7267
Message-Authenticator = 0x429b263e5293fadbae0a13f28dad2775
NAS-Identifier = "MT_Yann"
NAS-IP-Address = 192.168.10.212
(0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(0) group authorize {
(0) - entering group authorize {...}
(0) [preprocess] = ok
(0) [chap] = noop
(0) auth_log : expand: %{Packet-Src-IP-Address} -> 192.168.10.212
(0) auth_log : expand: /var/log/radiusd/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/radiusd/radacct/192.168.10.212/auth-detail-20121108
(0) auth_log : /var/log/radiusd/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radiusd/radacct/192.168.10.212/auth-detail-20121108
(0) auth_log : expand: %t -> Thu Nov 8 14:20:05 2012
(0) [auth_log] = ok
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix : Looking up realm "wlan.mnc070.mcc901.3gppnetwork.org" for User-Name = "1901700000000653 at wlan.mnc070.mcc901.3gppnetwork.org"
(0) suffix : Found realm "~.*.3gppnetwork.org$"
(0) suffix : Adding Stripped-User-Name = "1901700000000653"
(0) suffix : Adding Realm = "wlan.mnc070.mcc901.3gppnetwork.org"
(0) suffix : Authentication realm is LOCAL.
(0) [suffix] = ok
rlm_sim_files: authorized user/imsi 1901700000000653
rlm_sim_files: Adding EAP-Type: eap-sim
(0) [sim_files] = ok
(0) eap : EAP packet type response id 1 length 56
(0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0) [eap] = ok
(0) Found Auth-Type = EAP
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0) group authenticate {
(0) - entering group authenticate {...}
(0) eap : EAP Identity
(0) eap : processing type sim
(0) eap : Underlying EAP-Type set EAP ID to 133
(0) [eap] = handled
Sending Access-Challenge of id 19 to 192.168.10.212 port 48077
EAP-Message = 0x01850014120a00000f0200020001000011010100
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x077b668807fe746db0e5f555c7ca40d2
(0) Finished request 0.
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 192.168.10.212 port 41383, id=20, length=358
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "1901700000000653 at wlan.mnc070.mcc901.3gppnetwork.org"
State = 0x077b668807fe746db0e5f555c7ca40d2
NAS-Port-Id = "ap_hotspot"
NAS-Port-Type = Wireless-802.11
Acct-Session-Id = "82500003"
Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-50-00-00-00-00-00-03"
Calling-Station-Id = "A8-7E-33-3E-9C-5B"
Called-Station-Id = "00-0C-42-64-41-9D:YANN"
EAP-Message = 0x02850058120a000007050000be65a474dc99300354fdd97e5176bbc5100100010e0e00333139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f726700
Message-Authenticator = 0x07c87b76cd6232ca08dc4529913d5cac
NAS-Identifier = "MT_Yann"
NAS-IP-Address = 192.168.10.212
(1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(1) group authorize {
(1) - entering group authorize {...}
(1) [preprocess] = ok
(1) [chap] = noop
(1) auth_log : expand: %{Packet-Src-IP-Address} -> 192.168.10.212
(1) auth_log : expand: /var/log/radiusd/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/radiusd/radacct/192.168.10.212/auth-detail-20121108
(1) auth_log : /var/log/radiusd/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radiusd/radacct/192.168.10.212/auth-detail-20121108
(1) auth_log : expand: %t -> Thu Nov 8 14:20:05 2012
(1) [auth_log] = ok
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix : Looking up realm "wlan.mnc070.mcc901.3gppnetwork.org" for User-Name = "1901700000000653 at wlan.mnc070.mcc901.3gppnetwork.org"
(1) suffix : Found realm "~.*.3gppnetwork.org$"
(1) suffix : Adding Stripped-User-Name = "1901700000000653"
(1) suffix : Adding Realm = "wlan.mnc070.mcc901.3gppnetwork.org"
(1) suffix : Authentication realm is LOCAL.
(1) [suffix] = ok
rlm_sim_files: authorized user/imsi 1901700000000653
rlm_sim_files: Adding EAP-Type: eap-sim
(1) [sim_files] = ok
(1) eap : EAP packet type response id 133 length 88
(1) eap : No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) [files] = noop
(1) [expiration] = noop
(1) [logintime] = noop
(1) pap : WARNING! No "known good" password found for the user. Authentication may fail because of this.
(1) [pap] = noop
(1) Found Auth-Type = EAP
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1) group authenticate {
(1) - entering group authenticate {...}
(1) eap : Request found, released from the list
(1) eap : EAP/sim
(1) eap : processing type sim
+++> EAP-sim decoded packet:
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "1901700000000653 at wlan.mnc070.mcc901.3gppnetwork.org"
State = 0x077b668807fe746db0e5f555c7ca40d2
NAS-Port-Id = "ap_hotspot"
NAS-Port-Type = Wireless-802.11
Acct-Session-Id = "82500003"
Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-50-00-00-00-00-00-03"
Calling-Station-Id = "A8-7E-33-3E-9C-5B"
Called-Station-Id = "00-0C-42-64-41-9D:YANN"
EAP-Message = 0x02850058120a000007050000be65a474dc99300354fdd97e5176bbc5100100010e0e00333139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f726700
Message-Authenticator = 0x07c87b76cd6232ca08dc4529913d5cac
NAS-Identifier = "MT_Yann"
NAS-IP-Address = 192.168.10.212
Stripped-User-Name = "1901700000000653"
Realm = "wlan.mnc070.mcc901.3gppnetwork.org"
EAP-Type = SIM
EAP-Sim-Subtype = Start
EAP-Sim-NONCE_MT = 0x0000be65a474dc99300354fdd97e5176bbc5
EAP-Sim-SELECTED_VERSION = 0x0001
EAP-Sim-IDENTITY = 0x3139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f7267
(1) eap : Underlying EAP-Type set EAP ID to 134
(1) [eap] = handled
Sending Access-Challenge of id 20 to 192.168.10.212 port 41383
EAP-Message = 0x01860050120b0000010d00000123456789abcdef0123456789abcdef658719018376aab4d2a5ccde7a21b6510123456789abcdef0123456789abcdff0b050000217a0ab3b008a413f570885bca13bbe8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x077b668806fd746db0e5f555c7ca40d2
(1) Finished request 1.
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
(0) Cleaning up request packet ID 19 with timestamp +14
(1) Cleaning up request packet ID 20 with timestamp +14
Ready to process requests.
Best regards
Yann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121108/158c0258/attachment.html>
More information about the Freeradius-Users
mailing list