eap sim authorization problem
raptor raptor
raptorspor at gmail.com
Thu Jun 20 11:38:08 CEST 2013
Hi IIiya,
thanx for your quick response
here is my log debug
rad_recv: Access-Request packet from host 192.168.2.1 port 2048, id=0,
length=215
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
"
NAS-IP-Address = 192.168.2.1
Called-Station-Id = "48f8b315461a"
Calling-Station-Id = "1814563e5189"
NAS-Identifier = "48f8b315461a"
NAS-Port = 38
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x02000038013135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267
Message-Authenticator = 0x1e692ae9b93631a0f54bda0997d713f2
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org"
[suffix] No such realm "wlan.mnc001.mcc510.3gppnetwork.org"
++[suffix] returns noop
rlm_sim_files: authorized user/imsi
1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
[eap] EAP packet type response id 0 length 56
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry
1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org at line 1
++[files] returns ok
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type sim
[eap] Underlying EAP-Type set EAP ID to 116
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.1 port 2048
EAP-Message = 0x01740014120a00000f0200020001000011010100
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2e42338f2e362191820b0799859172e9
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.1 port 2048, id=0,
length=265
Cleaning up request 0 ID 0 with timestamp +10
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
"
NAS-IP-Address = 192.168.2.1
Called-Station-Id = "48f8b315461a"
Calling-Station-Id = "1814563e5189"
NAS-Identifier = "48f8b315461a"
NAS-Port = 38
Framed-MTU = 1400
State = 0x2e42338f2e362191820b0799859172e9
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x02740058120a000007050000c857b63e06e1bb7341a729ea36de8804100100010e0e00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700
Message-Authenticator = 0x4228372d93c4496516a4c62a6b0d1f84
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org"
[suffix] No such realm "wlan.mnc001.mcc510.3gppnetwork.org"
++[suffix] returns noop
rlm_sim_files: authorized user/imsi
1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
[eap] EAP packet type response id 116 length 88
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry
1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org at line 1
++[files] returns ok
[sql] User 1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/sim
[eap] processing type sim
+++> EAP-sim decoded packet:
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
"
NAS-IP-Address = 192.168.2.1
Called-Station-Id = "48f8b315461a"
Calling-Station-Id = "1814563e5189"
NAS-Identifier = "48f8b315461a"
NAS-Port = 38
Framed-MTU = 1400
State = 0x2e42338f2e362191820b0799859172e9
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x02740058120a000007050000c857b63e06e1bb7341a729ea36de8804100100010e0e00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700
Message-Authenticator = 0x4228372d93c4496516a4c62a6b0d1f84
EAP-Type = SIM
EAP-Sim-Subtype = Start
EAP-Sim-NONCE_MT = 0x0000c857b63e06e1bb7341a729ea36de8804
EAP-Sim-SELECTED_VERSION = 0x0001
EAP-Sim-IDENTITY =
0x3135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267
[eap] Underlying EAP-Type set EAP ID to 117
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.2.1 port 2048
EAP-Message =
0x01750050120b0000010d000033c0caad1ca74b91b8c4c597a497c951ec28a5ea58bf4f7d9a15fb267c80bc6cf51e6dc5eeb149028f5cba3779f2b9160b050000128bccbc8968ba6d16040402b139d839
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2e42338f2f372191820b0799859172e9
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.1 port 2048, id=0,
length=205
Cleaning up request 1 ID 0 with timestamp +10
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
"
NAS-IP-Address = 192.168.2.1
Called-Station-Id = "48f8b315461a"
Calling-Station-Id = "1814563e5189"
NAS-Identifier = "48f8b315461a"
NAS-Port = 38
Framed-MTU = 1400
State = 0x2e42338f2f372191820b0799859172e9
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0275001c120b00000b050000fe0ad02adb05fa535c5e7beaa8810f69
Message-Authenticator = 0x17809a1e9fcb50736607e844ac964694
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "wlan.mnc001.mcc510.3gppnetwork.org" for
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org"
[suffix] No such realm "wlan.mnc001.mcc510.3gppnetwork.org"
++[suffix] returns noop
rlm_sim_files: authorized user/imsi
1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
[eap] EAP packet type response id 117 length 28
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry
1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org at line 1
++[files] returns ok
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/sim
[eap] processing type sim
MAC check succeed
[eap] Underlying EAP-Type set EAP ID to 118
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 0 to 192.168.2.1 port 2048
MS-MPPE-Recv-Key =
0x9d0b6b0a9151822473399a9fed44e8f0d74df083532a7d437e436f60866252d8
MS-MPPE-Send-Key =
0xebf07da25ca3cd97267d1fc6a1ce18d68ad2737902f610284bdb45c6eed0cb7f
EAP-Message = 0x03760004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org
"
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 2 ID 0 with timestamp +11
Ready to process requests.
this is my log with 1 client
thanx very much for your help
best regards
On Thu, Jun 20, 2013 at 2:53 PM, Iliya Peregoudov <iperegudov at cboss.ru>wrote:
> On 20.06.2013 8:38, raptor raptor wrote:
>
>> i just try one client and success but when i use another client and it
>> fails
>>
>
> Post debug log if you want to diagnose authentication failure.
>
>
> is it correct if i add other client in users and simtriplets.dat?
>>
>
> Yes, you should add auth vectors for all your SIM cards into users file,
> one stanza for every SIM card.
>
> If you still get "insufficient number of challenges" message then your
> simtriplets.dat is not relevant. Just forget about it. Auth vectors from
> users file are sufficient.
>
> Freeradius is very flexible. There is no one single way of correctly
> configure it. But there are indefinite number of ways to misconfigure it.
> If you prefer not to diagnose authentication failures but insert random
> stuff into randomly selected configuration files it's unlikely you
> accidentally configure it correctly.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html <http://www.freeradius.org/list/users.html>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130620/e498a68e/attachment-0001.html>
More information about the Freeradius-Users
mailing list