eap sim authorization problem

raptor raptor raptorspor at gmail.com
Sun Jun 9 03:34:15 CEST 2013


simtriplets.dat format that i wite:

1<imsi>,<RAND>,<SRES>,<Kc>
1510019760806391,AAC0FAFDC47D4524AC9E2A3D51BDBA39,2A71bac3,7868589a75fdc000
1510019760806391,BF9A9F6EEB36422895D010927D76972C,F49dd880,3Afbcf2fA9b0a000
1510019760806391,C63837CFECD348deB119C35CFECD4898,49312999,FD488938B6f2a000

i add in users file:

DEFAULT   Auth-Type := EAP,  EAP-Type := SIM
      EAP-Sim-Rand1 = 0x101112131415161718191a1b1c1d1e1f,
      EAP-Sim-SRES1 = 0xd1d2d3d4,
      EAP-Sim-Rand2 = 0x202122232425262728292a2b2c2d2e2f,
      EAP-Sim-SRES2 = 0xe1e2e3e4,
      EAP-Sim-Rand3 = 0x303132333435363738393a3b3c3d3e3f,
      EAP-Sim-SRES3 = 0xf1f2f3f4,
      EAP-Sim-KC1 = 0xa0a1a2a3a4a5a6a7,
      EAP-Sim-KC2 = 0xb0b1b2b3b4b5b6b7,
      EAP-Sim-KC3 = 0xc0c1c2c3c4c5c6c7,
 i think number of RAND in simtriplets.dat is same in EAP-Sim-Rand1 (32
octet)
is my format wrong?


i'm using freeradius-server-2.1.9 and nokia e63
and i run freeradius so here the log:

Ready to process requests.

rad_recv: Access-Request packet from host 192.168.1.1 port 2048, id=0,
length=215

            User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
"

            NAS-IP-Address = 192.168.1.1

            Called-Station-Id = "48f8b315461a"

            Calling-Station-Id = "1814563e5189"

            NAS-Identifier = "48f8b315461a"

            NAS-Port = 38

            Framed-MTU = 1400

            NAS-Port-Type = Wireless-802.11

            EAP-Message =
0x02000038013135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267

            Message-Authenticator = 0xa01e03afe31bdb73b9c01a64096ec87a

+- entering group authorize {...}

++[preprocess] returns ok

[suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org"

[suffix] Found realm "wlan.mnc001.mcc510.3gppnetwork.org"

[suffix] Adding Stripped-User-Name = "1510019760806391"

[suffix] Adding Realm = "wlan.mnc001.mcc510.3gppnetwork.org"

[suffix] Authentication realm is LOCAL.

++[suffix] returns ok

rlm_sim_files: insufficient number of challenges for imsi 1510019760806391:
0

++[sim_files] returns notfound

[eap] EAP packet type response id 0 length 56

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[unix] returns notfound

[files] users: Matched entry DEFAULT at line 205

++[files] returns ok

++[expiration] returns noop

++[logintime] returns noop

Found Auth-Type = EAP

+- entering group authenticate {...}

[eap] EAP Identity

[eap] processing type sim

[eap] Underlying EAP-Type set EAP ID to 26

++[eap] returns handled

Sending Access-Challenge of id 0 to 192.168.1.1 port 2048

            EAP-Message = 0x011a0014120a00000f0200020001000011010100

            Message-Authenticator = 0x00000000000000000000000000000000

            State = 0x019a1a23018008ce78acd4b07bc4c4ac

Finished request 0.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 192.168.1.1 port 2048, id=0,
length=265

Cleaning up request 0 ID 0 with timestamp +227

            User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
"

            NAS-IP-Address = 192.168.1.1

            Called-Station-Id = "48f8b315461a"

            Calling-Station-Id = "1814563e5189"

            NAS-Identifier = "48f8b315461a"

            NAS-Port = 38

            Framed-MTU = 1400

            State = 0x019a1a23018008ce78acd4b07bc4c4ac

            NAS-Port-Type = Wireless-802.11

            EAP-Message =
0x021a0058120a00000705000043837c0b63fd6c4dc3fccbebc8439b04100100010e0e00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700

            Message-Authenticator = 0x441da87c8c81ad6b22b7596fba8b9098

+- entering group authorize {...}

++[preprocess] returns ok

[suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org"

[suffix] Found realm "wlan.mnc001.mcc510.3gppnetwork.org"

[suffix] Adding Stripped-User-Name = "1510019760806391"

[suffix] Adding Realm = "wlan.mnc001.mcc510.3gppnetwork.org"

[suffix] Authentication realm is LOCAL.

++[suffix] returns ok

rlm_sim_files: insufficient number of challenges for imsi 1510019760806391:
0

++[sim_files] returns notfound

[eap] EAP packet type response id 26 length 88

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[unix] returns notfound

[files] users: Matched entry DEFAULT at line 205

++[files] returns ok

++[expiration] returns noop

++[logintime] returns noop

Found Auth-Type = EAP

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/sim

[eap] processing type sim

rlm_eap_sim: subtype= 10

   start.

+++> EAP-sim decoded packet:

            User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
"

            NAS-IP-Address = 192.168.1.1

            Called-Station-Id = "48f8b315461a"

            Calling-Station-Id = "1814563e5189"

            NAS-Identifier = "48f8b315461a"

            NAS-Port = 38

            Framed-MTU = 1400

            State = 0x019a1a23018008ce78acd4b07bc4c4ac

            NAS-Port-Type = Wireless-802.11

            EAP-Message =
0x021a0058120a00000705000043837c0b63fd6c4dc3fccbebc8439b04100100010e0e00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700

            Message-Authenticator = 0x441da87c8c81ad6b22b7596fba8b9098

            Stripped-User-Name = "1510019760806391"

            Realm = "wlan.mnc001.mcc510.3gppnetwork.org"

            EAP-Type = SIM

            EAP-Sim-Subtype = Start

            EAP-Sim-NONCE_MT = 0x000043837c0b63fd6c4dc3fccbebc8439b04

            EAP-Sim-SELECTED_VERSION = 0x0001

            EAP-Sim-IDENTITY =
0x00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700

[eap] Underlying EAP-Type set EAP ID to 27

++[eap] returns handled

Sending Access-Challenge of id 0 to 192.168.1.1 port 2048

            EAP-Message =
0x011b0050120b0000010d0000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f0b050000fb675502a3304188312931054f33cd1f

            Message-Authenticator = 0x00000000000000000000000000000000

            State = 0x019a1a23008108ce78acd4b07bc4c4ac

Finished request 1.

Going to the next request

Waking up in 4.9 seconds.

Cleaning up request 1 ID 0 with timestamp +227

Ready to process requests.

rad_recv: Access-Request packet from host 192.168.1.1 port 2048, id=0,
length=215

            User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
"

            NAS-IP-Address = 192.168.1.1

            Called-Station-Id = "48f8b315461a"

            Calling-Station-Id = "1814563e5189"

            NAS-Identifier = "48f8b315461a"

            NAS-Port = 38

            Framed-MTU = 1400

            NAS-Port-Type = Wireless-802.11

            EAP-Message =
0x02000038013135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267

            Message-Authenticator = 0xfafe8eadeb1ae3d38fa8f19d05d593be

+- entering group authorize {...}

++[preprocess] returns ok

[suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org"

[suffix] Found realm "wlan.mnc001.mcc510.3gppnetwork.org"

[suffix] Adding Stripped-User-Name = "1510019760806391"

[suffix] Adding Realm = "wlan.mnc001.mcc510.3gppnetwork.org"

[suffix] Authentication realm is LOCAL.

++[suffix] returns ok

rlm_sim_files: insufficient number of challenges for imsi 1510019760806391:
0

++[sim_files] returns notfound

[eap] EAP packet type response id 0 length 56

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[unix] returns notfound

[files] users: Matched entry DEFAULT at line 205

++[files] returns ok

++[expiration] returns noop

++[logintime] returns noop

Found Auth-Type = EAP

+- entering group authenticate {...}

[eap] EAP Identity

[eap] processing type sim

[eap] Underlying EAP-Type set EAP ID to 82

++[eap] returns handled

Sending Access-Challenge of id 0 to 192.168.1.1 port 2048

            EAP-Message = 0x01520014120a00000f0200020001000011010100

            Message-Authenticator = 0x00000000000000000000000000000000

            State = 0xbae09375bab281899c287550956630d3

Finished request 2.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 192.168.1.1 port 2048, id=0,
length=265

Cleaning up request 2 ID 0 with timestamp +539

            User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
"

            NAS-IP-Address = 192.168.1.1

            Called-Station-Id = "48f8b315461a"

            Calling-Station-Id = "1814563e5189"

            NAS-Identifier = "48f8b315461a"

            NAS-Port = 38

            Framed-MTU = 1400

            State = 0xbae09375bab281899c287550956630d3

            NAS-Port-Type = Wireless-802.11

            EAP-Message =
0x02520058120a00000705000084dc530744f7039807a5ba5b36513d18100100010e0e00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700

            Message-Authenticator = 0x01b366d26fd7d24f8ad84fc3a12c0919

+- entering group authorize {...}

++[preprocess] returns ok

[suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org"

[suffix] Found realm "wlan.mnc001.mcc510.3gppnetwork.org"

[suffix] Adding Stripped-User-Name = "1510019760806391"

[suffix] Adding Realm = "wlan.mnc001.mcc510.3gppnetwork.org"

[suffix] Authentication realm is LOCAL.

++[suffix] returns ok

rlm_sim_files: insufficient number of challenges for imsi 1510019760806391:
0

++[sim_files] returns notfound

[eap] EAP packet type response id 82 length 88

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[unix] returns notfound

[files] users: Matched entry DEFAULT at line 205

++[files] returns ok

++[expiration] returns noop

++[logintime] returns noop

Found Auth-Type = EAP

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/sim

[eap] processing type sim

rlm_eap_sim: subtype= 10

   start.

+++> EAP-sim decoded packet:

            User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
"

            NAS-IP-Address = 192.168.1.1

            Called-Station-Id = "48f8b315461a"

            Calling-Station-Id = "1814563e5189"

            NAS-Identifier = "48f8b315461a"

            NAS-Port = 38

            Framed-MTU = 1400

            State = 0xbae09375bab281899c287550956630d3

            NAS-Port-Type = Wireless-802.11

            EAP-Message =
0x02520058120a00000705000084dc530744f7039807a5ba5b36513d18100100010e0e00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700

            Message-Authenticator = 0x01b366d26fd7d24f8ad84fc3a12c0919

            Stripped-User-Name = "1510019760806391"

            Realm = "wlan.mnc001.mcc510.3gppnetwork.org"

            EAP-Type = SIM

            EAP-Sim-Subtype = Start

            EAP-Sim-NONCE_MT = 0x000084dc530744f7039807a5ba5b36513d18

            EAP-Sim-SELECTED_VERSION = 0x0001

            EAP-Sim-IDENTITY =
0x00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700

[eap] Underlying EAP-Type set EAP ID to 83

++[eap] returns handled

Sending Access-Challenge of id 0 to 192.168.1.1 port 2048

            EAP-Message =
0x01530050120b0000010d0000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f0b050000eb630e1e2e57b50fb053ac8f6114a820

            Message-Authenticator = 0x00000000000000000000000000000000

            State = 0xbae09375bbb381899c287550956630d3

Finished request 3.

Going to the next request

Waking up in 4.9 seconds.

Cleaning up request 3 ID 0 with timestamp +539

Ready to process requests.


thank you for advice

best regard



On Mon, Jun 3, 2013 at 9:26 PM, Alan DeKok <aland at deployingradius.com>wrote:

> Iliya Peregoudov wrote:
> > Apparently there is an error in simtriplets.dat. Format is
> >
> > 1<IMSI>,<RAND>,<SRES>,<KC>
> >
> > <RAND>, <SRES>, and <KC> should be in hexadecimal digits, without 0x
> > prefix. An even number of hexadecimal digits should be in there.
>
>   The simtriplets.dat dile doesn't have "0x" prefixes in its examples
>
>   In any case, hitting an assertion because of a format error is stupid.
>  I've pushed a fix.  It will now complain about syntax errors instead.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130609/189653d6/attachment-0001.html>


More information about the Freeradius-Users mailing list