Hello all, I have tried inserting the value of the User-Name attribute I am getting from my Access-Request into the /usr/local/etc/raddb/simtriplets.dat file:
# sed -i 's/^/3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,/g' /usr/local/etc/raddb/simtriplets.dat and I ended up the below contents of my /usr/local/etc/raddb/simtriplets.dat file: 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,C97024E532E340a1A1C4DE24DA001CA6,CBe30a81,988c8753D4197800 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,38E1F9E16B6E4ee6A785072241E8FF43,9Bcd3f54,F56fb487C1359c00 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,8254442AD6CB47a29ABC530391DDE402,7054a123,806894125A715800 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,7CA9CE3C148D43e09EBCC40D0AF8048B,A290d514,A2983885440dc400 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,391DDF50B644482fAE46F091B1D6AA1C,7968b608,875d2af9E883d800 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,E244EC5344CF4df1A83E54AB7E399670,F9122829,FB2763c02Cbfac00 Then when I executed the command "# /usr/local/sbin/radiusd -X -d /usr/local/etc/raddb" and tested on my iPhone4, I got a different results in my stdout logs: - - - < s n i p > - - - rad_recv: Access-Request packet from host 172.17.1.110 port 2048, id=16, length=249 User-Name = "3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org" NAS-IP-Address = 172.17.1.110 NAS-Port = 0 Called-Station-Id = "0E-19-BE-80-71-00:eap-sim" Calling-Station-Id = "60-FA-CD-75-96-46" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200003901336133373066393230633432373538353340776c616e2e6d6e633030352e6d63633532352e336770706e6574776f726b2e6f7267 Message-Authenticator = 0x7bccc626cc4f91df718b039a143b7c64 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214 [auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214 [auth_log] expand: %t -> Tue Feb 14 14:12:42 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "wlan.mnc005.mcc525.3gppnetwork.org" for User-Name = "3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org" [suffix] No such realm "wlan.mnc005.mcc525.3gppnetwork.org" ++[suffix] returns noop rlm_sim_files: insufficient number of challenges for imsi 3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org: 0 ++[sim_files] returns notfound [eap] EAP packet type response id 0 length 57 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type sim can not initiate sim, no RAND1 attribute [eap] Default EAP type sim failed in initiate [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org] (from client eap-sim port 0 cli 60-FA-CD-75-96-46) Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 172.17.1.110 port 2048, id=17, length=249 User-Name = "3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org" NAS-IP-Address = 172.17.1.110 NAS-Port = 0 Called-Station-Id = "0E-19-BE-80-71-00:eap-sim" Calling-Station-Id = "5C-59-48-67-C7-A5" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200003901336265383535616537613836303763376640776c616e2e6d6e633030312e6d63633532352e336770706e6574776f726b2e6f7267 Message-Authenticator = 0xb65adf77dff68958fe2559c807599ea8 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214 [auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214 [auth_log] expand: %t -> Tue Feb 14 14:12:43 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "wlan.mnc001.mcc525.3gppnetwork.org" for User-Name = "3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org" [suffix] No such realm "wlan.mnc001.mcc525.3gppnetwork.org" ++[suffix] returns noop rlm_sim_files: authorized user/imsi 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org rlm_sim_files: Adding EAP-Type: eap-sim ++[sim_files] returns ok [eap] EAP packet type response id 0 length 57 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type sim eap-sim chal1 is not 8-bytes: 8 eap-sim chal2 is not 8-bytes: 8 eap-sim chal3 is not 8-bytes: 8 can not initiate sim, missing attributes [eap] Default EAP type sim failed in initiate [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org] (from client eap-sim port 0 cli 5C-59-48-67-C7-A5) Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Sending delayed reject for request 0 Sending Access-Reject of id 16 to 172.17.1.110 port 2048 EAP-Message = 0x04000004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 0.9 seconds. Sending delayed reject for request 1 Sending Access-Reject of id 17 to 172.17.1.110 port 2048 EAP-Message = 0x04000004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.0 seconds. Cleaning up request 0 ID 16 with timestamp +36 Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 172.17.1.110 port 2048, id=18, length=249 User-Name = "3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org" NAS-IP-Address = 172.17.1.110 NAS-Port = 0 Called-Station-Id = "0E-19-BE-80-71-00:eap-sim" Calling-Station-Id = "5C-59-48-67-C7-A5" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200003901336265383535616537613836303763376640776c616e2e6d6e633030312e6d63633532352e336770706e6574776f726b2e6f7267 Message-Authenticator = 0xcc735ddce45c3ef048dae4dca03cbba0 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214 [auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214 [auth_log] expand: %t -> Tue Feb 14 14:12:49 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "wlan.mnc001.mcc525.3gppnetwork.org" for User-Name = "3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org" [suffix] No such realm "wlan.mnc001.mcc525.3gppnetwork.org" ++[suffix] returns noop rlm_sim_files: authorized user/imsi 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org rlm_sim_files: Adding EAP-Type: eap-sim ++[sim_files] returns ok [eap] EAP packet type response id 0 length 57 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type sim eap-sim chal1 is not 8-bytes: 8 eap-sim chal2 is not 8-bytes: 8 eap-sim chal3 is not 8-bytes: 8 can not initiate sim, missing attributes [eap] Default EAP type sim failed in initiate [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org] (from client eap-sim port 0 cli 5C-59-48-67-C7-A5) Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.2 seconds. Cleaning up request 1 ID 17 with timestamp +37 Waking up in 0.7 seconds. rad_recv: Access-Request packet from host 172.17.1.110 port 2048, id=19, length=249 User-Name = "3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org" NAS-IP-Address = 172.17.1.110 NAS-Port = 0 Called-Station-Id = "0E-19-BE-80-71-00:eap-sim" Calling-Station-Id = "60-FA-CD-75-96-46" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200003901336133373066393230633432373538353340776c616e2e6d6e633030352e6d63633532352e336770706e6574776f726b2e6f7267 Message-Authenticator = 0x418901de84635c7925a56cfac38efb27 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214 [auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214 [auth_log] expand: %t -> Tue Feb 14 14:12:50 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "wlan.mnc005.mcc525.3gppnetwork.org" for User-Name = "3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org" [suffix] No such realm "wlan.mnc005.mcc525.3gppnetwork.org" ++[suffix] returns noop rlm_sim_files: insufficient number of challenges for imsi 3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org: 0 ++[sim_files] returns notfound [eap] EAP packet type response id 0 length 57 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type sim can not initiate sim, no RAND1 attribute [eap] Default EAP type sim failed in initiate [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org] (from client eap-sim port 0 cli 60-FA-CD-75-96-46) Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 3 for 1 seconds Going to the next request Waking up in 0.2 seconds. Sending delayed reject for request 2 Sending Access-Reject of id 18 to 172.17.1.110 port 2048 EAP-Message = 0x04000004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 0.7 seconds. Sending delayed reject for request 3 Sending Access-Reject of id 19 to 172.17.1.110 port 2048 EAP-Message = 0x04000004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.2 seconds. Cleaning up request 2 ID 18 with timestamp +43 Waking up in 0.7 seconds. Cleaning up request 3 ID 19 with timestamp +44 Ready to process requests. - - - < s n i p > - - - Lastly, do I need to have a MAP and/or HLR simulator on my system to test EAP-SIM authentication? Please advice on how am I going to move forward. Thank you in advance. Regards, GNUbie On Tue, Feb 14, 2012 at 8:49 AM, GNUbie <gnu...@gmail.com> wrote: > Hello all, > > What am I missing in my current setup that I am getting such errors? > Why is it that it can't find the triplets when in fact it's there? > > Basically, the major changes I made on the configuration files are as follows: > > [ /usr/local/etc/raddb/radiusd.conf ] > > user = radiusd > group = radiusd > > modules { > sim_files { > simtriplets = "/usr/local/etc/raddb/simtriplets.dat" > } > ... > ... > ... > } > > [ /usr/local/etc/raddb/clients.conf ] > > client 172.17.1.0 { > ipaddr = 172.17.1.0 > netmask = 24 > secret = qwerty > shortname = eap-sim > } > > [ /usr/local/etc/raddb/eap.conf ] > > eap { > sim { > } > default_eap_type = sim > ... > ... > ... > } > > [ /usr/local/etc/raddb/sites-enabled/default ] > > authorize { > ... > ... > ... > sim_files > eap { > ok = return > } > ... > ... > ... > } > > The contents of the /usr/local/etc/raddb/simtriplets.dat file has the > format of "IMSI,RAND,SRES,KC" without the quotes: > > 354162120787078,C97024E532E340a1A1C4DE24DA001CA6,CBe30a81,988c8753D4197800 > 354162120787078,38E1F9E16B6E4ee6A785072241E8FF43,9Bcd3f54,F56fb487C1359c00 > 354162120787078,8254442AD6CB47a29ABC530391DDE402,7054a123,806894125A715800 > 354162120787078,7CA9CE3C148D43e09EBCC40D0AF8048B,A290d514,A2983885440dc400 > 354162120787078,391DDF50B644482fAE46F091B1D6AA1C,7968b608,875d2af9E883d800 > 354162120787078,E244EC5344CF4df1A83E54AB7E399670,F9122829,FB2763c02Cbfac00 > > I also tried in my testing to add 1 on every IMSI but with no luck. > > # sed -i 's/^/1/g' /usr/local/etc/raddb/simtriplets.dat > > And lastly, the rlm_eap_sim and rlm_sim_files modules are in place. > > # ls -l /usr/local/lib/*sim* > lrwxrwxrwx 1 root root 14 Feb 13 21:19 > /usr/local/lib/rlm_eap_sim-2.1.12.la -> rlm_eap_sim.la > -rwxr-xr-x 1 root root 35972 Feb 13 21:19 /usr/local/lib/rlm_eap_sim-2.1.12.so > -rw-r--r-- 1 root root 48340 Feb 13 21:19 /usr/local/lib/rlm_eap_sim.a > -rwxr-xr-x 1 root root 932 Feb 13 21:19 /usr/local/lib/rlm_eap_sim.la > lrwxrwxrwx 1 root root 21 Feb 13 21:19 > /usr/local/lib/rlm_eap_sim.so -> rlm_eap_sim-2.1.12.so > lrwxrwxrwx 1 root root 16 Feb 13 21:19 > /usr/local/lib/rlm_sim_files-2.1.12.la -> rlm_sim_files.la > -rwxr-xr-x 1 root root 35331 Feb 13 21:19 > /usr/local/lib/rlm_sim_files-2.1.12.so > -rw-r--r-- 1 root root 46534 Feb 13 21:19 /usr/local/lib/rlm_sim_files.a > -rwxr-xr-x 1 root root 910 Feb 13 21:19 /usr/local/lib/rlm_sim_files.la > lrwxrwxrwx 1 root root 23 Feb 13 21:19 > /usr/local/lib/rlm_sim_files.so -> rlm_sim_files-2.1.12.so > > Can anyone from this community help me how to solve my problem? > > Thank you in advance. > > Regards, > > GNUbie > > > On Tue, Feb 14, 2012 at 12:26 AM, GNUbie <gnu...@gmail.com> wrote: >> Hello all, >> >> I configured manually ($ ./configure --with-modules="rlm_sim" >> --with-modules="rlm_sim_files" && make) and installed (# make install) >> the freeradius-server-2.1.12 from the upstream on the CentOS 5.7 >> x86_64 machine. Then I configured the following configuration files: >> >> - /usr/local/etc/raddb/radiusd.conf >> - /usr/local/etc/raddb/clients.conf >> - /usr/local/etc/raddb/eap.conf >> - /usr/local/etc/raddb/sites-enabled/default >> >> And lastly, I created the /usr/local/etc/raddb/simtriplets.dat with >> six (6) triplets (just to make sure though AFAIK 3 is enough) for a >> single IMSI. >> >> Then, I executed the command "# /usr/local/sbin/radiusd -X -d >> /usr/local/etc/raddb" and tried testing directly from my iPhone4, I >> got the below snippet of the stdout logs: >> >> - - - < s n i p > - - - >> rad_recv: Access-Request packet from host 172.17.1.110 port 2048, >> id=120, length=249 >> User-Name = "3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org" >> NAS-IP-Address = 172.17.1.110 >> NAS-Port = 0 >> Called-Station-Id = "0E-19-BE-80-71-00:eap-sim" >> Calling-Station-Id = "5C-59-48-67-C7-A5" >> Framed-MTU = 1400 >> NAS-Port-Type = Wireless-802.11 >> Connect-Info = "CONNECT 11Mbps 802.11b" >> EAP-Message = >> 0x0200003901336265383535616537613836303763376640776c616e2e6d6e633030312e6d63633532352e336770706e6574776f726b2e6f7267 >> Message-Authenticator = 0xdef1645477a2ba0f9a9371f0a9eea8b7 >> # Executing section authorize from file >> /usr/local/etc/raddb/sites-enabled/default >> +- entering group authorize {...} >> ++[preprocess] returns ok >> [auth_log] expand: >> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d >> -> /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120213 >> [auth_log] >> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d >> expands to >> /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120213 >> [auth_log] expand: %t -> Mon Feb 13 23:48:18 2012 >> ++[auth_log] returns ok >> ++[chap] returns noop >> ++[mschap] returns noop >> ++[digest] returns noop >> [suffix] Looking up realm "wlan.mnc001.mcc525.3gppnetwork.org" for >> User-Name = "3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org" >> [suffix] No such realm "wlan.mnc001.mcc525.3gppnetwork.org" >> ++[suffix] returns noop >> rlm_sim_files: insufficient number of challenges for imsi >> 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org: 0 >> ++[sim_files] returns notfound >> [eap] EAP packet type response id 0 length 57 >> [eap] No EAP Start, assuming it's an on-going EAP conversation >> ++[eap] returns updated >> ++[files] returns noop >> ++[expiration] returns noop >> ++[logintime] returns noop >> [pap] WARNING! No "known good" password found for the user. >> Authentication may fail because of this. >> ++[pap] returns noop >> Found Auth-Type = EAP >> # Executing group from file /usr/local/etc/raddb/sites-enabled/default >> +- entering group authenticate {...} >> [eap] EAP Identity >> [eap] processing type sim >> can not initiate sim, no RAND1 attribute >> [eap] Default EAP type sim failed in initiate >> [eap] Failed in EAP select >> ++[eap] returns invalid >> Failed to authenticate the user. >> Login incorrect: >> [3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org] (from client >> eap-sim port 0 cli 5C-59-48-67-C7-A5) >> Using Post-Auth-Type Reject >> # Executing group from file /usr/local/etc/raddb/sites-enabled/default >> +- entering group REJECT {...} >> [attr_filter.access_reject] expand: %{User-Name} -> >> 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org >> attr_filter: Matched entry DEFAULT at line 11 >> ++[attr_filter.access_reject] returns updated >> Delaying reject of request 0 for 1 seconds >> Going to the next request >> Waking up in 0.9 seconds. >> Sending delayed reject for request 0 >> Sending Access-Reject of id 120 to 172.17.1.110 port 2048 >> EAP-Message = 0x04000004 >> Message-Authenticator = 0x00000000000000000000000000000000 >> Waking up in 4.9 seconds. >> Cleaning up request 0 ID 120 with timestamp +13 >> Ready to process requests. >> - - - < s n i p > - - - >> >> Based on the above logs, below are the (3) lines that I'm not sure how >> to address them: >> >> [suffix] No such realm "wlan.mnc001.mcc525.3gppnetwork.org" >> >> rlm_sim_files: insufficient number of challenges for imsi >> 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org: 0 >> ++[sim_files] returns notfound >> >> [pap] WARNING! No "known good" password found for the user. >> Authentication may fail because of this. >> >> [eap] processing type sim >> can not initiate sim, no RAND1 attribute >> [eap] Default EAP type sim failed in initiate >> [eap] Failed in EAP select >> ++[eap] returns invalid >> Failed to authenticate the user. >> Login incorrect: >> [3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org] (from client >> eap-sim port 0 cli 5C-59-48-67-C7-A5) >> >> Please advice on how am I going to proceed from here. Thank you in advance. >> >> Regards, >> >> GNUbie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html