eap sim authorization problem

raptor raptor raptorspor at gmail.com
Thu May 30 17:26:33 CEST 2013 

Hi,

i have added simtriplets.dat and create file sim_files in
/freeradius/modules
and also i configure sim_files in authorize{} in  /sites-enabled/default
but i dont use suffix module

so my concern is how to solve this message :
"rlm_sim_files: insufficient number of challenges for imsi
imsi at wlan.mnc001.mcc510.3gppnetwork.org : 0 "
"[sim_files] returnnot found "

here is my log:

Ready to process requests.

rad_recv: Access-Request packet from host 192.168.1.1 port 2048, id=0,
length=215

                User-Name = "
1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org"

                NAS-IP-Address = 192.168.1.1

                Called-Station-Id = "48f8b315461a"

                Calling-Station-Id = "1814563e5189"

                NAS-Identifier = "48f8b315461a"

                NAS-Port = 38

                Framed-MTU = 1400

                NAS-Port-Type = Wireless-802.11

                EAP-Message =
0x02000038013135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267

                Message-Authenticator = 0x91af511bc958602ec652547f08683045

+- entering group authorize {...}

++[preprocess] returns ok

rlm_sim_files: insufficient number of challenges for imsi
1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org: 0

++[sim_files] returns notfound

[eap] EAP packet type response id 0 length 56

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[unix] returns notfound

[files] users: Matched entry
1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org at line 205

++[files] returns ok

++[expiration] returns noop

++[logintime] returns noop

Found Auth-Type = EAP

+- entering group authenticate {...}

[eap] EAP Identity

[eap] processing type sim

[eap] Underlying EAP-Type set EAP ID to 218

++[eap] returns handled

Sending Access-Challenge of id 0 to 192.168.1.1 port 2048

                EAP-Message = 0x01da0014120a00000f0200020001000011010100

                Message-Authenticator = 0x00000000000000000000000000000000

                State = 0x1e96d6021e4cc425cab980602ba77fc7

Finished request 0.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 192.168.1.1 port 2048, id=0,
length=265

Cleaning up request 0 ID 0 with timestamp +91

                User-Name = "
1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org"

                NAS-IP-Address = 192.168.1.1

                Called-Station-Id = "48f8b315461a"

                Calling-Station-Id = "1814563e5189"

                NAS-Identifier = "48f8b315461a"

                NAS-Port = 38

                Framed-MTU = 1400

                State = 0x1e96d6021e4cc425cab980602ba77fc7

                NAS-Port-Type = Wireless-802.11

                EAP-Message =
0x02da0058120a00000705000066bf4d6f1cf16dae34700d33b40a2cf2100100010e0e00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700

                Message-Authenticator = 0x46abb1e0d252ff580dd8d31e5a56ba46

+- entering group authorize {...}

++[preprocess] returns ok

rlm_sim_files: insufficient number of challenges for imsi
1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org: 0

++[sim_files] returns notfound

[eap] EAP packet type response id 218 length 88

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[unix] returns notfound

[files] users: Matched entry
1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org at line 205

++[files] returns ok

++[expiration] returns noop

++[logintime] returns noop

Found Auth-Type = EAP

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/sim

[eap] processing type sim

+++> EAP-sim decoded packet:

                User-Name = "
1510019760806391 at wlan.mnc001.mcc510.3gppnetwork.org"

                NAS-IP-Address = 192.168.1.1

                Called-Station-Id = "48f8b315461a"

                Calling-Station-Id = "1814563e5189"

                NAS-Identifier = "48f8b315461a"

                NAS-Port = 38

                Framed-MTU = 1400

                State = 0x1e96d6021e4cc425cab980602ba77fc7

                NAS-Port-Type = Wireless-802.11

                EAP-Message =
0x02da0058120a00000705000066bf4d6f1cf16dae34700d33b40a2cf2100100010e0e00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700

                Message-Authenticator = 0x46abb1e0d252ff580dd8d31e5a56ba46

                EAP-Type = SIM

                EAP-Sim-Subtype = Start

                EAP-Sim-NONCE_MT = 0x000066bf4d6f1cf16dae34700d33b40a2cf2

                EAP-Sim-SELECTED_VERSION = 0x0001

                EAP-Sim-IDENTITY =
0x00333135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f726700

[eap] Underlying EAP-Type set EAP ID to 219

++[eap] returns handled

Sending Access-Challenge of id 0 to 192.168.1.1 port 2048

                EAP-Message =
0x01db0050120b0000010d0000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f0b050000d0b87a34927435f51b0b4892462ced47

                Message-Authenticator = 0x00000000000000000000000000000000

                State = 0x1e96d6021f4dc425cab980602ba77fc7

Finished request 1.

Going to the next request

Waking up in 4.9 seconds.

Cleaning up request 1 ID 0 with timestamp +91

Ready to process requests.

thanx for your answer




On Thu, May 30, 2013 at 2:16 PM, Iliya Peregoudov <iperegudov at cboss.ru>wrote:

> You should designate realm wlan.mnc001.mcc510.**3gppnetwork.org<http://wlan.mnc001.mcc510.3gppnetwork.org>as locally served in raddb/proxy.conf:
>
> # raddb/proxy.conf
> realm wlan.mnc001.mcc510.**3gppnetwork.org<http://wlan.mnc001.mcc510.3gppnetwork.org>{
> }
>
> Then you should add authentication vectors to raddb/simtriplets.dat:
>
> # raddb/simtriplets.dat
> # 1<IMSI>,<RAND>,<SRES>,<KC>
> 1250991417456196,**cf92007bd3814afaa71a58bbe406b8**
> a0,6b7ace84,b54e3cad99ab2000
> ...
>
> At least 3 authentication vectors should be present for each IMSI.
>
> You can generate authentication vectors for your SIM card using smart card
> reader and agsm program (http://agsm.sourceforge.net/)**.
>
>
>
> On 30.05.2013 10:44, raptor raptor wrote:
>
>> Hi all,
>> i have read anything about my problem, but i dont get any idea to solve
>>
>> in FR i get message like this :
>>
>> "rlm_sim_files: insufficient number of challenges for imsi
>> imsi at wlan.mnc001.mcc510.**3gppnetwork.org<imsi at wlan.mnc001.mcc510.3gppnetwork.org>
>> <mailto:imsi at wlan.mnc001.**mcc510.3gppnetwork.org<imsi at wlan.mnc001.mcc510.3gppnetwork.org>>
>> : 0 "
>> "[sim_files] returnnot found "
>>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html <http://www.freeradius.org/list/users.html>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130530/64cb9ec7/attachment.html>

More information about the Freeradius-Users mailing list