Wireless authentication via EAP_SIM

昭成林 Fri, 10 Sep 2004 02:05:43 -0700

Hi guys,
Could you please check what is wrong with the eam or
eap sim?
I try to authenticate EAP SIM user, and wrore a
rlm_sim_map to replace rlm_sim_file.
I got the 3 triplets and add pair for 3 triplets.


But when I use eap_client with 802.1x AP, it fail
to authenticate my connection.
The Freeradius version is 1.0 pre3

Thanks and regards.

The message as following...


$ radiusd -Xxx
Fri Sep 10 16:33:51 2004 : Info: Starting - reading
configuration files ...
Fri Sep 10 16:33:51 2004 : Debug: reread_config: 
reading radiusd.conf
Fri Sep 10 16:33:51 2004 : Debug: Config:   including
file: /usr/local/etc/raddb/clients.conf
Fri Sep 10 16:33:51 2004 : Debug: Config:   including
file: /usr/local/etc/raddb/snmp.conf
Fri Sep 10 16:33:51 2004 : Debug: Config:   including
file: /usr/local/etc/raddb/sql.conf
Fri Sep 10 16:33:51 2004 : Debug:  main: prefix =
"/usr/local"
Fri Sep 10 16:33:51 2004 : Debug:  main: localstatedir
= "/usr/local/var"
Fri Sep 10 16:33:51 2004 : Debug:  main: logdir =
"/usr/local/var/log/radius"
Fri Sep 10 16:33:51 2004 : Debug:  main: libdir =
"/usr/local/lib"
Fri Sep 10 16:33:51 2004 : Debug:  main: radacctdir =
"/usr/local/var/log/radius/radacct"
Fri Sep 10 16:33:51 2004 : Debug:  main:
hostname_lookups = no
Fri Sep 10 16:33:51 2004 : Debug:  main: snmp = no
Fri Sep 10 16:33:51 2004 : Debug:  main:
max_request_time = 30
Fri Sep 10 16:33:51 2004 : Debug:  main: cleanup_delay
= 5
Fri Sep 10 16:33:51 2004 : Debug:  main: max_requests
= 1024
Fri Sep 10 16:33:51 2004 : Debug:  main:
delete_blocked_requests = 0
Fri Sep 10 16:33:51 2004 : Debug:  main: port = 0
Fri Sep 10 16:33:51 2004 : Debug:  main:
allow_core_dumps = no
Fri Sep 10 16:33:51 2004 : Debug:  main:
log_stripped_names = no
Fri Sep 10 16:33:51 2004 : Debug:  main: log_file =
"/usr/local/var/log/radius/radius.log"
Fri Sep 10 16:33:51 2004 : Debug:  main: log_auth =
yes
Fri Sep 10 16:33:51 2004 : Debug:  main:
log_auth_badpass = yes
Fri Sep 10 16:33:51 2004 : Debug:  main:
log_auth_goodpass = yes
Fri Sep 10 16:33:51 2004 : Debug:  main: pidfile =
"/usr/local/var/run/radiusd/radiusd.pid"
Fri Sep 10 16:33:51 2004 : Debug:  main: user =
"(null)"
Fri Sep 10 16:33:51 2004 : Debug:  main: group =
"(null)"
Fri Sep 10 16:33:51 2004 : Debug:  main: usercollide =
no
Fri Sep 10 16:33:51 2004 : Debug:  main: lower_user =
"no"
Fri Sep 10 16:33:51 2004 : Debug:  main: lower_pass =
"no"
Fri Sep 10 16:33:51 2004 : Debug:  main: nospace_user
= "no"
Fri Sep 10 16:33:51 2004 : Debug:  main: nospace_pass
= "no"
Fri Sep 10 16:33:51 2004 : Debug:  main: checkrad =
"/usr/local/sbin/checkrad"
Fri Sep 10 16:33:51 2004 : Debug:  main:
proxy_requests = yes
Fri Sep 10 16:33:51 2004 : Debug:  security:
max_attributes = 200
Fri Sep 10 16:33:51 2004 : Debug:  security:
reject_delay = 1
Fri Sep 10 16:33:51 2004 : Debug:  security:
status_server = no
Fri Sep 10 16:33:51 2004 : Debug:  main: debug_level =
0
Fri Sep 10 16:33:51 2004 : Debug: read_config_files: 
reading dictionary
Fri Sep 10 16:33:51 2004 : Debug: read_config_files: 
reading naslist
Fri Sep 10 16:33:51 2004 : Info: Using deprecated
naslist file.  Support for this will go away soon.
Fri Sep 10 16:33:51 2004 : Debug: read_config_files: 
reading clients
Fri Sep 10 16:33:51 2004 : Debug: read_config_files: 
reading realms
Fri Sep 10 16:33:51 2004 : Debug: radiusd:  entering
modules setup
Fri Sep 10 16:33:51 2004 : Debug: Module: Library
search path is /usr/local/lib
Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded expr
Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated
expr (expr)
Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded PAP
Fri Sep 10 16:33:51 2004 : Debug:  pap:
encryption_scheme = "crypt"
Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated
pap (pap)
Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded CHAP
Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated
chap (chap)
Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded
MS-CHAP
Fri Sep 10 16:33:51 2004 : Debug:  mschap: use_mppe =
yes
Fri Sep 10 16:33:51 2004 : Debug:  mschap:
require_encryption = no
Fri Sep 10 16:33:51 2004 : Debug:  mschap:
require_strong = no
Fri Sep 10 16:33:51 2004 : Debug:  mschap:
with_ntdomain_hack = no
Fri Sep 10 16:33:51 2004 : Debug:  mschap: passwd =
"(null)"
Fri Sep 10 16:33:51 2004 : Debug:  mschap: authtype =
"MS-CHAP"
Fri Sep 10 16:33:51 2004 : Debug:  mschap: ntlm_auth =
"(null)"
Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated
mschap (mschap)
Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded eap
Fri Sep 10 16:33:51 2004 : Debug: RLM_EAP
eap_instantiate
Fri Sep 10 16:33:51 2004 : Debug:  eap:
default_eap_type = "sim"
Fri Sep 10 16:33:51 2004 : Debug:  eap: timer_expire =
60
Fri Sep 10 16:33:51 2004 : Debug:  eap:
ignore_unknown_eap_types = no
Fri Sep 10 16:33:51 2004 : Debug:  eap:
cisco_accounting_username_bug = no
Fri Sep 10 16:33:51 2004 : Debug: EAP eaptype_load
Fri Sep 10 16:33:51 2004 : Debug: rlm_eap: Loaded and
initialized type md5
Fri Sep 10 16:33:51 2004 : Debug: EAP eaptype_load
Fri Sep 10 16:33:51 2004 : Debug: rlm_eap: Loaded and
initialized type leap
Fri Sep 10 16:33:51 2004 : Debug: EAP eaptype_load
Fri Sep 10 16:33:51 2004 : Debug: rlm_eap: Loaded and
initialized type sim
Fri Sep 10 16:33:51 2004 : Debug: STATE generate_key
Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated
eap (eap)
Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded
preprocess
Fri Sep 10 16:33:51 2004 : Debug:  preprocess:
huntgroups = "/usr/local/etc/raddb/huntgroups"
Fri Sep 10 16:33:51 2004 : Debug:  preprocess: hints =
"/usr/local/etc/raddb/hints"
Fri Sep 10 16:33:51 2004 : Debug:  preprocess:
with_ascend_hack = no
Fri Sep 10 16:33:51 2004 : Debug:  preprocess:
ascend_channels_per_line = 23
Fri Sep 10 16:33:51 2004 : Debug:  preprocess:
with_ntdomain_hack = no
Fri Sep 10 16:33:51 2004 : Debug:  preprocess:
with_specialix_jetstream_hack = no
Fri Sep 10 16:33:51 2004 : Debug:  preprocess:
with_cisco_vsa_hack = no
Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated
preprocess (preprocess)
Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded
sim_map
Fri Sep 10 16:33:51 2004 : Debug:  sim_map:
simtriplets = "/usr/local/etc/raddb/simtriplets.dat"
Fri Sep 10 16:33:51 2004 : Debug: SIM-MAP: instantiate
Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated
sim_map (sim_map)
Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded realm
Fri Sep 10 16:33:51 2004 : Debug:  realm: format =
"suffix"
Fri Sep 10 16:33:51 2004 : Debug:  realm: delimiter =
"@"
Fri Sep 10 16:33:51 2004 : Debug:  realm:
ignore_default = no
Fri Sep 10 16:33:51 2004 : Debug:  realm: ignore_null
= no
Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated
realm (suffix)
Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded
Acct-Unique-Session-Id
Fri Sep 10 16:33:51 2004 : Debug:  acct_unique: key =
"User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id"
Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated
acct_unique (acct_unique)
Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded
detail
Fri Sep 10 16:33:51 2004 : Debug:  detail: detailfile
=
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
Fri Sep 10 16:33:51 2004 : Debug:  detail: detailperm
= 384
Fri Sep 10 16:33:51 2004 : Debug:  detail: dirperm =
493
Fri Sep 10 16:33:51 2004 : Debug:  detail: locking =
no
Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated
detail (detail)
Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded
radutmp
Fri Sep 10 16:33:51 2004 : Debug:  radutmp: filename =
"/usr/local/var/log/radius/radutmp"
Fri Sep 10 16:33:51 2004 : Debug:  radutmp: username =
"%{User-Name}"
Fri Sep 10 16:33:51 2004 : Debug:  radutmp:
case_sensitive = yes
Fri Sep 10 16:33:51 2004 : Debug:  radutmp:
check_with_nas = yes
Fri Sep 10 16:33:51 2004 : Debug:  radutmp: perm = 384
Fri Sep 10 16:33:51 2004 : Debug:  radutmp: callerid =
yes
Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated
radutmp (radutmp)
Fri Sep 10 16:33:51 2004 : Debug:  detail: detailfile
=
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d"
Fri Sep 10 16:33:51 2004 : Debug:  detail: detailperm
= 384
Fri Sep 10 16:33:51 2004 : Debug:  detail: dirperm =
493
Fri Sep 10 16:33:51 2004 : Debug:  detail: locking =
no
Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated
detail (reply_log)
Fri Sep 10 16:33:51 2004 : Debug: Listening on
authentication *:1812
Fri Sep 10 16:33:51 2004 : Debug: Listening on
accounting *:1813
Fri Sep 10 16:33:51 2004 : Debug: Listening on proxy
*:1814
Fri Sep 10 16:33:51 2004 : Info: Ready to process
requests.

rad_recv: Access-Request packet from host
172.16.17.14:1027, id=43, length=163
        User-Name = "[EMAIL PROTECTED]"
        NAS-IP-Address = 172.16.17.14
        NAS-Identifier = "B-1000v2"
        Framed-MTU = 1496
        Called-Station-Id = "00-a0-c5-60-4b-bc:eap"
        Calling-Station-Id = "00-0b-cd-8c-71-3b"
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x0202001c013134363639373132303030313030313040646c74657374
        Message-Authenticator =
0x2658a3a937c5be10a6f79e2d3ebf11db
Fri Sep 10 16:34:02 2004 : Debug:   Processing the
authorize section of radiusd.conf
Fri Sep 10 16:34:02 2004 : Debug: modcall: entering
group authorize for request 0
Fri Sep 10 16:34:02 2004 : Debug:  
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 0
Fri Sep 10 16:34:02 2004 : Debug:  
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 0
Fri Sep 10 16:34:02 2004 : Debug:  
modcall[authorize]: module "preprocess" returns ok for
request 0
Fri Sep 10 16:34:02 2004 : Debug:  
modsingle[authorize]: calling chap (rlm_chap) for
request 0
Fri Sep 10 16:34:02 2004 : Debug:  
modsingle[authorize]: returned from chap (rlm_chap)
for request 0
Fri Sep 10 16:34:02 2004 : Debug:  
modcall[authorize]: module "chap" returns noop for
request 0
Fri Sep 10 16:34:02 2004 : Debug:  
modsingle[authorize]: calling sim_map (rlm_sim_map)
for request 0
Fri Sep 10 16:34:03 2004 : Debug: SIM-MAP: Finish
Inserted Map Session
Fri Sep 10 16:34:03 2004 : Debug: rlm_sim_map:
authorized user/imsi [EMAIL PROTECTED]
Fri Sep 10 16:34:03 2004 : Info: rlm_sim_map: Adding
EAP-Type: eap-sim
Fri Sep 10 16:34:03 2004 : Debug: rlm_sim_map: saw
config
        EAP-Type = SIM
Fri Sep 10 16:34:03 2004 : Debug: rlm_sim_map: saw
reply
        EAP-Sim-Rand1 =
0x5ec3a91eae2522xxxxxxxxxxxxxxxxxx
        EAP-Sim-KC1 = 0xfe121b2885xxxxxx
        EAP-Sim-SRES1 = 0xa2a5xxxx
        EAP-Sim-Rand2 =
0x4621aba16ad903xxxxxxxxxxxxxxxxxx
        EAP-Sim-KC2 = 0xc45f0bc41fxxxxxx
        EAP-Sim-SRES2 = 0x55b7xxxx
        EAP-Sim-Rand3 =
0xf157a872dbb5a9xxxxxxxxxxxxxxxxxx
        EAP-Sim-KC3 = 0x47d87ae7c2xxxxxx
        EAP-Sim-SRES3 = 0x5c34xxxx
Fri Sep 10 16:34:03 2004 : Debug: SIM-MAP: Ending Map
Authorize
Fri Sep 10 16:34:03 2004 : Debug:  
modsingle[authorize]: returned from sim_map
(rlm_sim_map) for request 0
Fri Sep 10 16:34:03 2004 : Debug:  
modcall[authorize]: module "sim_map" returns ok for
request 0
Fri Sep 10 16:34:03 2004 : Debug:  
modsingle[authorize]: calling eap (rlm_eap) for
request 0
Fri Sep 10 16:34:03 2004 : Debug: RLM_EAP
eap_authorize
Fri Sep 10 16:34:03 2004 : Debug: EAP eap_start
Fri Sep 10 16:34:03 2004 : Debug:   rlm_eap: EAP
packet type response id 2 length 28
Fri Sep 10 16:34:03 2004 : Debug:   rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Fri Sep 10 16:34:03 2004 : Debug:  
modsingle[authorize]: returned from eap (rlm_eap) for
request 0
Fri Sep 10 16:34:03 2004 : Debug:  
modcall[authorize]: module "eap" returns updated for
request 0
Fri Sep 10 16:34:03 2004 : Debug:  
modsingle[authorize]: calling suffix (rlm_realm) for
request 0
Fri Sep 10 16:34:03 2004 : Debug:     rlm_realm:
Looking up realm "dltest" for User-Name =
"[EMAIL PROTECTED]"
Fri Sep 10 16:34:03 2004 : Debug:     rlm_realm: No
such realm "dltest"
Fri Sep 10 16:34:03 2004 : Debug:  
modsingle[authorize]: returned from suffix (rlm_realm)
for request 0
Fri Sep 10 16:34:03 2004 : Debug:  
modcall[authorize]: module "suffix" returns noop for
request 0
Fri Sep 10 16:34:03 2004 : Debug:  
modsingle[authorize]: calling mschap (rlm_mschap) for
request 0
Fri Sep 10 16:34:03 2004 : Debug:  
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 0
Fri Sep 10 16:34:03 2004 : Debug:  
modcall[authorize]: module "mschap" returns noop for
request 0
Fri Sep 10 16:34:03 2004 : Debug: modcall: group
authorize returns updated for request 0
Fri Sep 10 16:34:03 2004 : Debug:  
rad_check_password:  Found Auth-Type EAP
Fri Sep 10 16:34:03 2004 : Debug: auth: type "EAP"
Fri Sep 10 16:34:03 2004 : Debug:   Processing the
authenticate section of radiusd.conf
Fri Sep 10 16:34:03 2004 : Debug: modcall: entering
group authenticate for request 0
Fri Sep 10 16:34:03 2004 : Debug:  
modsingle[authenticate]: calling eap (rlm_eap) for
request 0
Fri Sep 10 16:34:03 2004 : Debug: RLM_EAP
eap_authenticate
Fri Sep 10 16:34:03 2004 : Debug: EAP eap_handler
Fri Sep 10 16:34:03 2004 : Debug: EAP eap_validation
Fri Sep 10 16:34:03 2004 : Debug: EAP eap_identity
Fri Sep 10 16:34:03 2004 : Debug: EAP eap_buildds
Fri Sep 10 16:34:03 2004 : Debug: EAP eaptype_select
Fri Sep 10 16:34:03 2004 : Debug:   rlm_eap: EAP
Identity
Fri Sep 10 16:34:03 2004 : Debug: EAP eaptype_call
Fri Sep 10 16:34:03 2004 : Debug:   rlm_eap:
processing type sim
Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM
eap_sim_initiate
Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM
eap_sim_getchalans
Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM
eap_sim_getchalans
Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM
eap_sim_getchalans
Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM
eap_sim_stateenter
Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM
eap_sim_sendstart
Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM
eap_sim_compose
Fri Sep 10 16:34:03 2004 : Debug: EAP eap_compose
Fri Sep 10 16:34:03 2004 : Debug:   rlm_eap:
Underlying EAP-Type set EAP ID to 0
Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM
eap_wireformat
Fri Sep 10 16:34:03 2004 : Error: rlm_eap: reply code
0 is unknown, Rejecting the request.
Fri Sep 10 16:34:03 2004 : Debug:   rlm_eap: Freeing
handler
Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM
eap_sim_state_free
Fri Sep 10 16:34:03 2004 : Debug:  
modsingle[authenticate]: returned from eap (rlm_eap)
for request 0
Fri Sep 10 16:34:03 2004 : Debug:  
modcall[authenticate]: module "eap" returns reject for
request 0
Fri Sep 10 16:34:03 2004 : Debug: modcall: group
authenticate returns reject for request 0
Fri Sep 10 16:34:03 2004 : Debug: auth: Failed to
validate the user.
Fri Sep 10 16:34:03 2004 : Auth: Login incorrect:
[EMAIL PROTECTED]/<no User-Password attribute>]
(from client epassportgw port 0 cli 00-0b-cd-8c-71-3b)
Fri Sep 10 16:34:03 2004 : Debug: Delaying request 0
for 1 seconds
Fri Sep 10 16:34:03 2004 : Debug: Finished request 0
Fri Sep 10 16:34:03 2004 : Debug: Going to the next
request
Fri Sep 10 16:34:03 2004 : Debug: --- Walking the
entire request list ---
Fri Sep 10 16:34:03 2004 : Debug: Waking up in 1
seconds...
Fri Sep 10 16:34:04 2004 : Debug: --- Walking the
entire request list ---
Sending Access-Reject of id 43 to 172.16.17.14:1027
        EAP-Message =
0x0000001400000000000000000000000000000000
        Message-Authenticator =
0x00000000000000000000000000000000
Fri Sep 10 16:34:04 2004 : Debug: Waking up in 4
seconds...
Fri Sep 10 16:34:08 2004 : Debug: --- Walking the
entire request list ---
Fri Sep 10 16:34:08 2004 : Debug: Cleaning up request
0 ID 43 with timestamp 414166fa
Fri Sep 10 16:34:08 2004 : Debug: Nothing to do. 
Sleeping until we see a request.



_________________________________________________________
Do You Yahoo!?
登記免費的 @yahoo.com 中文電子郵件 @ http://chinese.mail.yahoo.com
Get your free @yahoo.com address at http://chinese.mail.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Wireless authentication via EAP_SIM

Reply via email to