eap sim authorization problem
raptor raptor
raptorspor at gmail.com
Tue Jun 11 10:27:41 CEST 2013
Hi Iliya Peregoudov
thanx for your advice and your time
1.
when i change users entry, i get notification that access-accept has
succesfull
but unfortunately, when i restart the system cant access-accept and i must
change attribute in users from agsm program
here the log:
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1 port 2048, id=0,
length=215
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "48f8b315461a"
Calling-Station-Id = "1814563e5189"
NAS-Identifier = "48f8b315461a"
NAS-Port = 38
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x02000038013135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267
Message-Authenticator = 0x95014bdec4f49a1b5363bd5988ab5ddd
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org"
[suffix] Found realm "wlan.mnc001.mcc510.3gppnetwork.org"
[suffix] Adding Stripped-User-Name = "1510019760806391"
[suffix] Adding Realm = "wlan.mnc001.mcc510.3gppnetwork.org"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
rlm_sim_files: insufficient number of challenges for imsi 1510019760806391:
0
++[sim_files] returns notfound
[eap] EAP packet type response id 0 length 56
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 227
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type sim
[eap] Underlying EAP-Type set EAP ID to 81
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.1.1 port 2048
EAP-Message = 0x01510014120a00000f0200020001000011010100
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf0cf8a6cf09e98be2ec974e82cdf9f5b
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 2048, id=0,
length=265
Cleaning up request 0 ID 0 with timestamp +13
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "48f8b315461a"
Calling-Station-Id = "1814563e5189"
NAS-Identifier = "48f8b315461a"
NAS-Port = 38
Framed-MTU = 1400
State = 0xf0cf8a6cf09e98be2ec974e82cdf9f5b
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x02510058120a000007050000a3663d2e1ff07a1cb29d04fdb0047908100100010e0e00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700
Message-Authenticator = 0x6b683386c02724d0f0b7710f5ede4a93
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org"
[suffix] Found realm "wlan.mnc001.mcc510.3gppnetwork.org"
[suffix] Adding Stripped-User-Name = "1510019760806391"
[suffix] Adding Realm = "wlan.mnc001.mcc510.3gppnetwork.org"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
rlm_sim_files: insufficient number of challenges for imsi 1510019760806391:
0
++[sim_files] returns notfound
[eap] EAP packet type response id 81 length 88
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 227
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/sim
[eap] processing type sim
rlm_eap_sim: subtype= 10
start.
+++> EAP-sim decoded packet:
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "48f8b315461a"
Calling-Station-Id = "1814563e5189"
NAS-Identifier = "48f8b315461a"
NAS-Port = 38
Framed-MTU = 1400
State = 0xf0cf8a6cf09e98be2ec974e82cdf9f5b
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x02510058120a000007050000a3663d2e1ff07a1cb29d04fdb0047908100100010e0e00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700
Message-Authenticator = 0x6b683386c02724d0f0b7710f5ede4a93
Stripped-User-Name = "1510019760806391"
Realm = "wlan.mnc001.mcc510.3gppnetwork.org"
EAP-Type = SIM
EAP-Sim-Subtype = Start
EAP-Sim-NONCE_MT = 0x0000a3663d2e1ff07a1cb29d04fdb0047908
EAP-Sim-SELECTED_VERSION = 0x0001
EAP-Sim-IDENTITY =
0x00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700
[eap] Underlying EAP-Type set EAP ID to 82
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.1.1 port 2048
EAP-Message =
0x01520050120b0000010d0000307ca6eca31a4a549e879b2674f0feef90b5da4be8174863a276a439c7c2cec79bd7fc87248f4db6af4646a80b4baca50b0500003e86636bdab81ae6982ce83aa6f14ac7
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf0cf8a6cf19d98be2ec974e82cdf9f5b
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 2048, id=0,
length=205
Cleaning up request 1 ID 0 with timestamp +13
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "48f8b315461a"
Calling-Station-Id = "1814563e5189"
NAS-Identifier = "48f8b315461a"
NAS-Port = 38
Framed-MTU = 1400
State = 0xf0cf8a6cf19d98be2ec974e82cdf9f5b
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0252001c120b00000b050000bbff92fe6855f8aa9a62504e58070daa
Message-Authenticator = 0xf3712470b4c966857d76f6ff1f44415e
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org"
[suffix] Found realm "wlan.mnc001.mcc510.3gppnetwork.org"
[suffix] Adding Stripped-User-Name = "1510019760806391"
[suffix] Adding Realm = "wlan.mnc001.mcc510.3gppnetwork.org"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
rlm_sim_files: insufficient number of challenges for imsi 1510019760806391:
0
++[sim_files] returns notfound
[eap] EAP packet type response id 82 length 28
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 227
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/sim
[eap] processing type sim
rlm_eap_sim: subtype= 11
challenge.
MAC check succeed
[eap] Underlying EAP-Type set EAP ID to 83
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 0 to 192.168.1.1 port 2048
MS-MPPE-Recv-Key =
0xb1bd9cf479d08726b2277e72dd2b941613f870f149ebb11113b2cfb7de1b26d7
MS-MPPE-Send-Key =
0xa89a0b0b6d0d3b4d8d15314c00749f6135072e59c3c403afce10b0fb30c4386d
EAP-Message = 0x03530004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "1510019760806391"
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 2 ID 0 with timestamp +14
Ready to process requests.
2.
i've changed users entry as you suggest and i still get the same
notification
rlm_sim_files : isufficient number of challenges of challenges for imsi
thanx for your help
i'm really really appreciate it
best regards
On Tue, Jun 11, 2013 at 1:51 PM, Iliya Peregoudov <iperegudov at cboss.ru>wrote:
> On 11.06.2013 7:00, raptor raptor wrote:
>
>> i'm sorry i dont understand about LF UNIX line ending, could you show me
>> what should i do to simtriplets.dat format?
>> is there any mistake?
>>
>
> Run
>
> dos2unix simtriplets.dat
>
> in UNIX shell. This will ensure simtriplets.dat has UNIX line endings.
>
>
> i got that format in /src/tests/eapsim-03/users-**example.txt
>> what should i fill in Rand1 attribute?
>>
>
> I assume that your simtriplets.dat contains correct auth vectors (e.g.
> generated by SIM card and extracted using agsm program):
>
> 1510019760806391,**AAC0FAFDC47D4524AC9E2A3D51BDBA**
> 39,2A71bac3,7868589a75fdc000
> 1510019760806391,**BF9A9F6EEB36422895D010927D7697**
> 2C,F49dd880,3Afbcf2fA9b0a000
> 1510019760806391,**C63837CFECD348deB119C35CFECD48**
> 98,49312999,FD488938B6f2a000
>
> Equivalent users entry should look like:
>
> 1510019760806391 EAP-Type:=SIM
> EAP-Sim-Rand1:=**0xAAC0FAFDC47D4524AC9E2A3D51BD**BA39,
> EAP-Sim-SRES1:=0x2A71bac3,
> EAP-Sim-KC1:=**0x7868589a75fdc000,
> EAP-Sim-Rans2:=**0xBF9A9F6EEB36422895D010927D76**972C,
> EAP-Sim-SRES2:=0xF49dd880,
> EAP-Sim-KC2:=**0x3Afbcf2fA9b0a000,
> EAP-Sim-Rand3:=**0xC63837CFECD348deB119C35CFECD**4898,
> EAP-Sim-SRES3:=0x49312999,
> EAP-Sim-KC3:=**0xFD488938B6f2a000
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html <http://www.freeradius.org/list/users.html>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130611/294151c7/attachment-0001.html>
More information about the Freeradius-Users
mailing list