Failed Authentication user on EAP-SIM,

Iman Rahmat iman.rahmat.hidayat at gmail.com
Mon Sep 8 16:47:31 CEST 2014


(SOLVE)

i put configuration like this

1510011642151135 at wlan.mnc001.mcc510.3gppnetwork.org     EAP-Type := SIM
        EAP-Sim-Rand1 = 0x634B1828FE9F4cd987EE44A54D25DD80,
        EAP-Sim-SRES1 = 0x0638e55f,
        EAP-Sim-KC1 = 0x15c22dc20A8ae000,
        EAP-Sim-Rand2 = 0xDD00F2D8D6FB4095B2BD8A2AE11FB600,
        EAP-Sim-SRES2 = 0x02ed2e94,
        EAP-Sim-KC2 = 0x536655a061778400,
        EAP-Sim-Rand2 = 0xA852B0E55BC741f5A8C5B6ABF1E81504,
        EAP-Sim-SRES2 = 0xF77daa16,
        EAP-Sim-KC2 = 0x71e9bd629Cee3000

The Log show this
rlm_sim_files: insufficient number of challenges for imsi
1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org: 0

And you see this log too

[eap] processing type sim
can not initiate sim, no RAND1 attribute
>From the RAND1 can't read from rlm_sim_files , because i write on
users file mnc001 change with mnc000

so you must change that with :

1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org     EAP-Type := SIM
        EAP-Sim-Rand1 = 0x634B1828FE9F4cd987EE44A54D25DD80,
        EAP-Sim-SRES1 = 0x0638e55f,
        EAP-Sim-KC1 = 0x15c22dc20A8ae000,
        EAP-Sim-Rand2 = 0xDD00F2D8D6FB4095B2BD8A2AE11FB600,
        EAP-Sim-SRES2 = 0x02ed2e94,
        EAP-Sim-KC2 = 0x536655a061778400,
        EAP-Sim-Rand2 = 0xA852B0E55BC741f5A8C5B6ABF1E81504,
        EAP-Sim-SRES2 = 0xF77daa16,
        EAP-Sim-KC2 = 0x71e9bd629Cee3000

WOW,,,, FAILED TOO, BUT THE MESSAGE DIFFERENT

LOG APPEAR
rlm_sim_files: insufficient number of challenges for imsi
1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org: 0 <---> this is
same.. but no problem because the different message of LOG its :
[eap] processing type sim
   eap-sim can not find sim-challenge3 <----> different
   can not initiate sim, missing attributes
 from this message , we know the sim-challange3 cant be read. Because
RAND3,SRES3, AND KC3 Dont write on Users files.. HAHHAHAHA TYPO...

SO FINAL CHANGE ITS

1510011642151135 at wlan.mnc001.mcc510.3gppnetwork.org     EAP-Type := SIM
        EAP-Sim-Rand1 = 0x634B1828FE9F4cd987EE44A54D25DD80,
        EAP-Sim-SRES1 = 0x0638e55f,
        EAP-Sim-KC1 = 0x15c22dc20A8ae000,
        EAP-Sim-Rand2 = 0xDD00F2D8D6FB4095B2BD8A2AE11FB600,
        EAP-Sim-SRES2 = 0x02ed2e94,
        EAP-Sim-KC2 = 0x536655a061778400,
        EAP-Sim-Rand3 = 0xA852B0E55BC741f5A8C5B6ABF1E81504,
        EAP-Sim-SRES3 = 0xF77daa16,
        EAP-Sim-KC3 = 0x71e9bd629Cee3000


AND CONNECTED, THANKS FOR EVERYONE WHO GIVE ME THE ADVICE AND HELP.

indeed  sometimes we need someone else to correct  our mistakes. The
man will never be perfect. thank you very much my friend, I can only
pray I hope you are in good health and is always  given in abundance.

THIS IS LOG OF SUCCESSFULL

rad_recv: Access-Request packet from host 111.111.111.195 port 55800,
id=56, length=254
User-Name = "1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org"
NAS-IP-Address = 111.111.111.195
NAS-Identifier = "24a43c7c6ae2"
NAS-Port = 0
Called-Station-Id = "26-A4-3C-7D-6A-E2:SuperWiFi-SIM_A"
Calling-Station-Id = "D4-97-0B-47-3F-10"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x02ec001c120b00000b0500008a3fb55d96159c743672996d4b57837a
State = 0xaa2b3666abc72410f629694487c8517c
Message-Authenticator = 0x470076d7d8eb5e312d290b18dff1d70f
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] Looking up realm "wlan.mnc000.mcc510.3gppnetwork.org" for
User-Name = "1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org"
[suffix] No such realm "wlan.mnc000.mcc510.3gppnetwork.org"
++[suffix] = noop
rlm_sim_files: insufficient number of challenges for imsi
1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org: 0
++[sim_files] = notfound
[eap] EAP packet type response id 236 length 28
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
[files] users: Matched entry
1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org at line 205
++[files] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/sim
[eap] processing type sim
MAC check succeed
[eap] Underlying EAP-Type set EAP ID to 237
[eap] Freeing handler
++[eap] = ok
+} # group authenticate = ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 56 to 111.111.111.195 port 55800
MS-MPPE-Recv-Key =
0x69ee128ecad5e1edba8e336bc1c6a9f8843f83d7d8c052e34f7033a60bfbb91e
MS-MPPE-Send-Key =
0xe7abe44f40dbce7cce6b2e093db05f23f39d01e5fb0458fd97f9312e86f33a3f
EAP-Message = 0x03ed0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org"
Finished request 2.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Accounting-Request packet from host 111.111.111.195 port
51808, id=57, length=213
Acct-Session-Id = "540D4EDB-00000005"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
User-Name = "1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org"
NAS-IP-Address = 111.111.111.195
NAS-Identifier = "24a43c7c6ae2"
NAS-Port = 0
Called-Station-Id = "26-A4-3C-7D-6A-E2:SuperWiFi-SIM_A"
Calling-Station-Id = "D4-97-0B-47-3F-10"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
# Executing section preacct from file /etc/freeradius/sites-enabled/default
+group preacct {
++[preprocess] = ok
[acct_unique] Hashing 'NAS-Port = 0,NAS-Identifier =
"24a43c7c6ae2",NAS-IP-Address = 111.111.111.195,Acct-Session-Id =
"540D4EDB-00000005",User-Name =
"1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org"'
[acct_unique] Acct-Unique-Session-ID = "d6d4b84652de2068".
++[acct_unique] = ok
[suffix] Looking up realm "wlan.mnc000.mcc510.3gppnetwork.org" for
User-Name = "1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org"
[suffix] No such realm "wlan.mnc000.mcc510.3gppnetwork.org"
++[suffix] = noop
++[files] = noop
+} # group preacct = ok
# Executing section accounting from file /etc/freeradius/sites-enabled/default
+group accounting {
[detail] expand: %{Packet-Src-IP-Address} -> 111.111.111.195
[detail] expand:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
-> /var/log/freeradius/radacct/111.111.111.195/detail-20140908
[detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/111.111.111.195/detail-20140908
[detail] expand: %t -> Mon Sep  8 21:45:00 2014
++[detail] = ok
++[exec] = noop
[attr_filter.accounting_response] expand: %{User-Name} ->
1510011642151135 at wlan.mnc000.mcc510.3gppnetwork.org
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] = updated
+} # group accounting = updated
Sending Accounting-Response of id 57 to 111.111.111.195 port 51808
Finished request 3.
Cleaning up request 3 ID 57 with timestamp +3
Going to the next request
Waking up in 4.3 seconds.
Cleaning up request 0 ID 54 with timestamp +2
Cleaning up request 1 ID 55 with timestamp +2
Waking up in 0.5 seconds.
Cleaning up request 2 ID 56 with timestamp +3
Ready to process requests.


More information about the Freeradius-Users mailing list