Hello all, What am I missing in my current setup that I am getting such errors? Why is it that it can't find the triplets when in fact it's there?
Basically, the major changes I made on the configuration files are as follows: [ /usr/local/etc/raddb/radiusd.conf ] user = radiusd group = radiusd modules { sim_files { simtriplets = "/usr/local/etc/raddb/simtriplets.dat" } ... ... ... } [ /usr/local/etc/raddb/clients.conf ] client 172.17.1.0 { ipaddr = 172.17.1.0 netmask = 24 secret = qwerty shortname = eap-sim } [ /usr/local/etc/raddb/eap.conf ] eap { sim { } default_eap_type = sim ... ... ... } [ /usr/local/etc/raddb/sites-enabled/default ] authorize { ... ... ... sim_files eap { ok = return } ... ... ... } The contents of the /usr/local/etc/raddb/simtriplets.dat file has the format of "IMSI,RAND,SRES,KC" without the quotes: 354162120787078,C97024E532E340a1A1C4DE24DA001CA6,CBe30a81,988c8753D4197800 354162120787078,38E1F9E16B6E4ee6A785072241E8FF43,9Bcd3f54,F56fb487C1359c00 354162120787078,8254442AD6CB47a29ABC530391DDE402,7054a123,806894125A715800 354162120787078,7CA9CE3C148D43e09EBCC40D0AF8048B,A290d514,A2983885440dc400 354162120787078,391DDF50B644482fAE46F091B1D6AA1C,7968b608,875d2af9E883d800 354162120787078,E244EC5344CF4df1A83E54AB7E399670,F9122829,FB2763c02Cbfac00 I also tried in my testing to add 1 on every IMSI but with no luck. # sed -i 's/^/1/g' /usr/local/etc/raddb/simtriplets.dat And lastly, the rlm_eap_sim and rlm_sim_files modules are in place. # ls -l /usr/local/lib/*sim* lrwxrwxrwx 1 root root 14 Feb 13 21:19 /usr/local/lib/rlm_eap_sim-2.1.12.la -> rlm_eap_sim.la -rwxr-xr-x 1 root root 35972 Feb 13 21:19 /usr/local/lib/rlm_eap_sim-2.1.12.so -rw-r--r-- 1 root root 48340 Feb 13 21:19 /usr/local/lib/rlm_eap_sim.a -rwxr-xr-x 1 root root 932 Feb 13 21:19 /usr/local/lib/rlm_eap_sim.la lrwxrwxrwx 1 root root 21 Feb 13 21:19 /usr/local/lib/rlm_eap_sim.so -> rlm_eap_sim-2.1.12.so lrwxrwxrwx 1 root root 16 Feb 13 21:19 /usr/local/lib/rlm_sim_files-2.1.12.la -> rlm_sim_files.la -rwxr-xr-x 1 root root 35331 Feb 13 21:19 /usr/local/lib/rlm_sim_files-2.1.12.so -rw-r--r-- 1 root root 46534 Feb 13 21:19 /usr/local/lib/rlm_sim_files.a -rwxr-xr-x 1 root root 910 Feb 13 21:19 /usr/local/lib/rlm_sim_files.la lrwxrwxrwx 1 root root 23 Feb 13 21:19 /usr/local/lib/rlm_sim_files.so -> rlm_sim_files-2.1.12.so Can anyone from this community help me how to solve my problem? Thank you in advance. Regards, GNUbie On Tue, Feb 14, 2012 at 12:26 AM, GNUbie <gnu...@gmail.com> wrote: > Hello all, > > I configured manually ($ ./configure --with-modules="rlm_sim" > --with-modules="rlm_sim_files" && make) and installed (# make install) > the freeradius-server-2.1.12 from the upstream on the CentOS 5.7 > x86_64 machine. Then I configured the following configuration files: > > - /usr/local/etc/raddb/radiusd.conf > - /usr/local/etc/raddb/clients.conf > - /usr/local/etc/raddb/eap.conf > - /usr/local/etc/raddb/sites-enabled/default > > And lastly, I created the /usr/local/etc/raddb/simtriplets.dat with > six (6) triplets (just to make sure though AFAIK 3 is enough) for a > single IMSI. > > Then, I executed the command "# /usr/local/sbin/radiusd -X -d > /usr/local/etc/raddb" and tried testing directly from my iPhone4, I > got the below snippet of the stdout logs: > > - - - < s n i p > - - - > rad_recv: Access-Request packet from host 172.17.1.110 port 2048, > id=120, length=249 > User-Name = "3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org" > NAS-IP-Address = 172.17.1.110 > NAS-Port = 0 > Called-Station-Id = "0E-19-BE-80-71-00:eap-sim" > Calling-Station-Id = "5C-59-48-67-C7-A5" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 11Mbps 802.11b" > EAP-Message = > 0x0200003901336265383535616537613836303763376640776c616e2e6d6e633030312e6d63633532352e336770706e6574776f726b2e6f7267 > Message-Authenticator = 0xdef1645477a2ba0f9a9371f0a9eea8b7 > # Executing section authorize from file > /usr/local/etc/raddb/sites-enabled/default > +- entering group authorize {...} > ++[preprocess] returns ok > [auth_log] expand: > /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d > -> /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120213 > [auth_log] > /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d > expands to /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120213 > [auth_log] expand: %t -> Mon Feb 13 23:48:18 2012 > ++[auth_log] returns ok > ++[chap] returns noop > ++[mschap] returns noop > ++[digest] returns noop > [suffix] Looking up realm "wlan.mnc001.mcc525.3gppnetwork.org" for > User-Name = "3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org" > [suffix] No such realm "wlan.mnc001.mcc525.3gppnetwork.org" > ++[suffix] returns noop > rlm_sim_files: insufficient number of challenges for imsi > 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org: 0 > ++[sim_files] returns notfound > [eap] EAP packet type response id 0 length 57 > [eap] No EAP Start, assuming it's an on-going EAP conversation > ++[eap] returns updated > ++[files] returns noop > ++[expiration] returns noop > ++[logintime] returns noop > [pap] WARNING! No "known good" password found for the user. > Authentication may fail because of this. > ++[pap] returns noop > Found Auth-Type = EAP > # Executing group from file /usr/local/etc/raddb/sites-enabled/default > +- entering group authenticate {...} > [eap] EAP Identity > [eap] processing type sim > can not initiate sim, no RAND1 attribute > [eap] Default EAP type sim failed in initiate > [eap] Failed in EAP select > ++[eap] returns invalid > Failed to authenticate the user. > Login incorrect: > [3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org] (from client > eap-sim port 0 cli 5C-59-48-67-C7-A5) > Using Post-Auth-Type Reject > # Executing group from file /usr/local/etc/raddb/sites-enabled/default > +- entering group REJECT {...} > [attr_filter.access_reject] expand: %{User-Name} -> > 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org > attr_filter: Matched entry DEFAULT at line 11 > ++[attr_filter.access_reject] returns updated > Delaying reject of request 0 for 1 seconds > Going to the next request > Waking up in 0.9 seconds. > Sending delayed reject for request 0 > Sending Access-Reject of id 120 to 172.17.1.110 port 2048 > EAP-Message = 0x04000004 > Message-Authenticator = 0x00000000000000000000000000000000 > Waking up in 4.9 seconds. > Cleaning up request 0 ID 120 with timestamp +13 > Ready to process requests. > - - - < s n i p > - - - > > Based on the above logs, below are the (3) lines that I'm not sure how > to address them: > > [suffix] No such realm "wlan.mnc001.mcc525.3gppnetwork.org" > > rlm_sim_files: insufficient number of challenges for imsi > 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org: 0 > ++[sim_files] returns notfound > > [pap] WARNING! No "known good" password found for the user. > Authentication may fail because of this. > > [eap] processing type sim > can not initiate sim, no RAND1 attribute > [eap] Default EAP type sim failed in initiate > [eap] Failed in EAP select > ++[eap] returns invalid > Failed to authenticate the user. > Login incorrect: > [3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org] (from client > eap-sim port 0 cli 5C-59-48-67-C7-A5) > > Please advice on how am I going to proceed from here. Thank you in advance. > > Regards, > > GNUbie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html