Eap-Sim cannot initiate in Free Radius 3.0.6
Ankit Prajapati
prajapati.ankit85 at gmail.com
Tue Mar 3 05:26:19 CET 2015
Hi ,
Find logs captured from radius debug:
Tue Mar 3 09:49:19 2015 : Debug: (0) Received Access-Request Id 188 from
127.0.0.1:36625 to 127.0.0.1:1812 length 161
Tue Mar 3 09:49:19 2015 : Debug: (0) User-Name = '
1310260xxxxxxxxx at wlan.mnc260.mcc310.3gppnetwork.org'
Tue Mar 3 09:49:19 2015 : Debug: (0) NAS-IP-Address = 127.0.0.1
Tue Mar 3 09:49:19 2015 : Debug: (0) Message-Authenticator =
0x00de7e3a6321fba27f27713901f8ec76
Tue Mar 3 09:49:19 2015 : Debug: (0) NAS-Port = 0
Tue Mar 3 09:49:19 2015 : Debug: (0) EAP-Message =
0x02bb0038013133313032363035383033353332363240776c616e2e6d6e633236302e6d63633331302e336770706e6574776f726b2e6f7267
Tue Mar 3 09:49:19 2015 : Debug: (0) session-state: No State attribute
Tue Mar 3 09:49:19 2015 : Debug: (0) # Executing section authorize from
file /usr/local/etc/raddb/sites-enabled/default
Tue Mar 3 09:49:19 2015 : Debug: (0) authorize {
Tue Mar 3 09:49:19 2015 : Debug: (0) policy filter_username {
Tue Mar 3 09:49:19 2015 : Debug: (0) if (!&User-Name) {
Tue Mar 3 09:49:19 2015 : Debug: (0) if (!&User-Name) -> FALSE
Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ / /) {
Tue Mar 3 09:49:19 2015 : Debug: (0) No matches
Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ / /) -> FALSE
Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /@.*@/ ) {
Tue Mar 3 09:49:19 2015 : Debug: (0) No matches
Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /@.*@/ ) ->
FALSE
Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /\.\./ ) {
Tue Mar 3 09:49:19 2015 : Debug: (0) No matches
Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /\.\./ ) ->
FALSE
Tue Mar 3 09:49:19 2015 : Debug: (0) if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) {
Tue Mar 3 09:49:19 2015 : Debug: (0) No matches
Tue Mar 3 09:49:19 2015 : Debug: (0) Adding 1 matches
Tue Mar 3 09:49:19 2015 : Debug: (0) Clearing 1 matches
Tue Mar 3 09:49:19 2015 : Debug: (0) Adding 3 matches
Tue Mar 3 09:49:19 2015 : Debug: (0) if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /\.$/) {
Tue Mar 3 09:49:19 2015 : Debug: (0) Clearing 3 matches
Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /\.$/) ->
FALSE
Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /@\./) {
Tue Mar 3 09:49:19 2015 : Debug: (0) No matches
Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /@\./) ->
FALSE
Tue Mar 3 09:49:19 2015 : Debug: (0) } # policy filter_username =
notfound
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned
from preprocess (rlm_preprocess) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) [preprocess] = ok
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling
chap (rlm_chap) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned
from chap (rlm_chap) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) [chap] = noop
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling
mschap (rlm_mschap) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned
from mschap (rlm_mschap) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) [mschap] = noop
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling
digest (rlm_digest) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned
from digest (rlm_digest) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) [digest] = noop
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling
suffix (rlm_realm) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Checking for suffix after "@"
Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Looking up realm "
wlan.mnc260.mcc310.3gppnetwork.org" for User-Name = "
1310260580353262 at wlan.mnc260.mcc310.3gppnetwork.org"
Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Found realm "
wlan.mnc260.mcc310.3gppnetwork.org"
Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Adding Stripped-User-Name =
"1310260580353262"
Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Adding Realm = "
wlan.mnc260.mcc310.3gppnetwork.org"
Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Authentication realm is LOCAL
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned
from suffix (rlm_realm) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) [suffix] = ok
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling eap
(rlm_eap) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Peer sent code Response (2) ID
187 length 56
Tue Mar 3 09:49:19 2015 : Debug: (0) eap: EAP-Identity reply, returning
'ok' so we can short-circuit the rest of authorize
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned
from eap (rlm_eap) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) [eap] = ok
Tue Mar 3 09:49:19 2015 : Debug: (0) } # authorize = ok
Tue Mar 3 09:49:19 2015 : Debug: (0) Found Auth-Type = EAP
Tue Mar 3 09:49:19 2015 : Debug: (0) # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Tue Mar 3 09:49:19 2015 : Debug: (0) authenticate {
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authenticate]: calling
eap (rlm_eap) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Peer sent method Identity (1)
Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Calling eap_sim to process EAP
data
Tue Mar 3 09:49:19 2015 : ERROR: (0) eap_sim: ERROR: EAP-SIM-RAND1 not
found
Tue Mar 3 09:49:19 2015 : ERROR: (0) eap: ERROR: Failed starting EAP SIM
(18) session. EAP sub-module failed
Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Failed in EAP select
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authenticate]: returned
from eap (rlm_eap) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) [eap] = invalid
Tue Mar 3 09:49:19 2015 : Debug: (0) } # authenticate = invalid
Tue Mar 3 09:49:19 2015 : Debug: (0) Failed to authenticate the user
Tue Mar 3 09:49:19 2015 : Debug: (0) Using Post-Auth-Type Reject
Tue Mar 3 09:49:19 2015 : Debug: (0) # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Tue Mar 3 09:49:19 2015 : Debug: (0) Post-Auth-Type REJECT {
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]: calling
attr_filter.access_reject (rlm_attr_filter) for request 0
Tue Mar 3 09:49:19 2015 : Debug: %{User-Name}
Tue Mar 3 09:49:19 2015 : Debug: Parsed xlat tree:
Tue Mar 3 09:49:19 2015 : Debug: attribute --> User-Name
Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: EXPAND
%{User-Name}
Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: -->
1310260580353262 at wlan.mnc260.mcc310.3gppnetwork.org
Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: Matched
entry DEFAULT at line 11
Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject:
EAP-Message = 0x04bb0004 allowed by EAP-Message =* 0x
Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: Attribute
"EAP-Message" allowed by 1 rules, disallowed by 0 rules
Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject:
Message-Authenticator = 0x00000000000000000000000000000000 allowed by
Message-Authenticator =* 0x
Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: Attribute
"Message-Authenticator" allowed by 1 rules, disallowed by 0 rules
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]: returned
from attr_filter.access_reject (rlm_attr_filter) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) [attr_filter.access_reject] =
updated
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]: calling eap
(rlm_eap) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Reply already contained an
EAP-Message, not inserting EAP-Failure
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]: returned
from eap (rlm_eap) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) [eap] = noop
Tue Mar 3 09:49:19 2015 : Debug: (0) policy
remove_reply_message_if_eap {
Tue Mar 3 09:49:19 2015 : Debug: (0) if (&reply:EAP-Message &&
&reply:Reply-Message) {
Tue Mar 3 09:49:19 2015 : Debug: (0) if (&reply:EAP-Message &&
&reply:Reply-Message) -> FALSE
Tue Mar 3 09:49:19 2015 : Debug: (0) else {
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]: calling
noop (rlm_always) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]:
returned from noop (rlm_always) for request 0
Tue Mar 3 09:49:19 2015 : Debug: (0) [noop] = noop
Tue Mar 3 09:49:19 2015 : Debug: (0) } # else = noop
Tue Mar 3 09:49:19 2015 : Debug: (0) } # policy
remove_reply_message_if_eap = noop
Tue Mar 3 09:49:19 2015 : Debug: (0) } # Post-Auth-Type REJECT = updated
Tue Mar 3 09:49:19 2015 : Debug: (0) Delaying response for 1.000000 seconds
Tue Mar 3 09:49:19 2015 : Debug: Waking up in 0.3 seconds.
Tue Mar 3 09:49:19 2015 : Debug: Waking up in 0.6 seconds.
Tue Mar 3 09:49:20 2015 : Debug: (0) Sending delayed response
Tue Mar 3 09:49:20 2015 : Debug: (0) Sent Access-Reject Id 188 from
127.0.0.1:1812 to 127.0.0.1:36625 length 44
Tue Mar 3 09:49:20 2015 : Debug: (0) EAP-Message = 0x04bb0004
Tue Mar 3 09:49:20 2015 : Debug: (0) Message-Authenticator =
0x00000000000000000000000000000000
Tue Mar 3 09:49:20 2015 : Debug: Waking up in 3.9 seconds.
Tue Mar 3 09:49:24 2015 : Debug: (0) Cleaning up request packet ID 188
with timestamp +52
Tue Mar 3 09:49:24 2015 : Info: Ready to process requests
On Mon, Mar 2, 2015 at 12:54 PM, Iliya Peregoudov <iperegudov at cboss.ru>
wrote:
> On 28.02.2015 12:14, Ankit Prajapati wrote:
>
>> Can some one help me ?
>>
>
> Post radius -X debug from server start till Access-Reject sent.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
--
-Thanks
Ankit Prajapati
More information about the Freeradius-Users
mailing list