Hi guys, Thanks for your help.
After reading your suggestions, i installed a new version of FreeRADIUS (FreeRADIUS 2.2.1). I haven't worked with the the patch yet (i'm going to do that later) but, just to show what i got with the new version 2.2.1 and changing the content of the simtriplets.dat 1. case : simtriplets.dat looks like following (imsi,rand,sres,kc) (3 different rand...) 1901700000000653,0123456789abcdef0123456789abcdef,0227bc86,44168f1de9259000 1901700000000653,0123456789abcdef0123456789abcde0,725bb218,25903c082654b400 1901700000000653,0123456789abcdef0123456789abcd18,ed404256,bc871da6ae8edc00 1901700000000653,0123456789abcdef0123456789abcd88,6695bd6e,58788a55e9052000 i got the same failure than before: after sending the 2nd access challenge, the server is waiting for the 3rd access request and doesn't get anything --> authentication failed . . . Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Ready to process requests. rad_recv: Access-Request packet from host 192.168.10.212 port 38803, id=29, length=238 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "1901700000000653" NAS-Port-Id = "ap_hotspot" NAS-Port-Type = Wireless-802.11 Acct-Session-Id = "8220000e" Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-20-00-00-00-00-00-0E" Calling-Station-Id = "A8-7E-33-3E-9C-5B" Called-Station-Id = "00-0C-42-64-41-9D:YANN" EAP-Message = 0x020100150131393031373030303030303030363533 Message-Authenticator = 0xcf4e5f6429686cc260b16bd23d82489f NAS-Identifier = "MT_Yann" NAS-IP-Address = 192.168.10.212 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} rlm_sim_files: authorized user/imsi 1901700000000653 rlm_sim_files: Adding EAP-Type: eap-sim ++[sim_files] returns ok ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "1901700000000653", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 21 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type sim [eap] Underlying EAP-Type set EAP ID to 108 ++[eap] returns handled Sending Access-Challenge of id 29 to 192.168.10.212 port 38803 EAP-Message = 0x016c0014120a00000f0200020001000011010100 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x870e2a6987623891aa6e49c2b1bcc9b6 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.10.212 port 50478, id=30, length=287 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "1901700000000653" State = 0x870e2a6987623891aa6e49c2b1bcc9b6 NAS-Port-Id = "ap_hotspot" NAS-Port-Type = Wireless-802.11 Acct-Session-Id = "8220000e" Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-20-00-00-00-00-00-0E" Calling-Station-Id = "A8-7E-33-3E-9C-5B" Called-Station-Id = "00-0C-42-64-41-9D:YANN" EAP-Message = 0x026c0034120a000007050000c27cfb1cfa7a257c9c89796e49bca230100100010e05001031393031373030303030303030363533 Message-Authenticator = 0xc691af8b618d9da88f9e289557530f6f NAS-Identifier = "MT_Yann" NAS-IP-Address = 192.168.10.212 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} rlm_sim_files: authorized user/imsi 1901700000000653 rlm_sim_files: Adding EAP-Type: eap-sim ++[sim_files] returns ok ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "1901700000000653", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 108 length 52 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/sim [eap] processing type sim +++> EAP-sim decoded packet: Service-Type = Framed-User Framed-MTU = 1400 User-Name = "1901700000000653" State = 0x870e2a6987623891aa6e49c2b1bcc9b6 NAS-Port-Id = "ap_hotspot" NAS-Port-Type = Wireless-802.11 Acct-Session-Id = "8220000e" Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-20-00-00-00-00-00-0E" Calling-Station-Id = "A8-7E-33-3E-9C-5B" Called-Station-Id = "00-0C-42-64-41-9D:YANN" EAP-Message = 0x026c0034120a000007050000c27cfb1cfa7a257c9c89796e49bca230100100010e05001031393031373030303030303030363533 Message-Authenticator = 0xc691af8b618d9da88f9e289557530f6f NAS-Identifier = "MT_Yann" NAS-IP-Address = 192.168.10.212 EAP-Type = SIM EAP-Sim-Subtype = Start EAP-Sim-NONCE_MT = 0x0000c27cfb1cfa7a257c9c89796e49bca230 EAP-Sim-SELECTED_VERSION = 0x0001 EAP-Sim-IDENTITY = 0x31393031373030303030303030363533 [eap] Underlying EAP-Type set EAP ID to 109 ++[eap] returns handled Sending Access-Challenge of id 30 to 192.168.10.212 port 50478 EAP-Message = 0x016d0050120b0000010d00000123456789abcdef0123456789abcdef0123456789abcdef0123456789abcde00123456789abcdef0123456789abcd180b0500000bffb0f7777b066616d98519e625a531 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x870e2a6986633891aa6e49c2b1bcc9b6 Finished request 1. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 29 with timestamp +17 Cleaning up request 1 ID 30 with timestamp +17 Ready to process requests. - - - - - - - - - - - - - - - - -- - - - - - - - - - - - 2. case : simtriplets.dat looks like following (imsi,rand,sres,kc) (3 times the same rand...) 1901700000000653,0123456789abcdef0123456789abcdef,0227bc86,44168f1de9259000 1901700000000653,0123456789abcdef0123456789abcdef,0227bc86,44168f1de9259000 1901700000000653,0123456789abcdef0123456789abcdef,0227bc86,44168f1de9259000 i got a failure (it's normal i think) but in this case, the client sent the third request, saying to stop the authentication process. So, in this case the client reacts of the second access challenge and in the first case (with diffrent data in the simtriplets.dat) it does't. . . . Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.10.212 port 49529, id=6, length=308 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "1901700000000...@wlan.mnc070.mcc901.3gppnetwork.org" NAS-Port-Id = "ap_hotspot" NAS-Port-Type = Wireless-802.11 Acct-Session-Id = "82400001" Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-40-00-00-00-00-00-01" Calling-Station-Id = "A8-7E-33-3E-9C-5B" Called-Station-Id = "00-0C-42-64-41-9D:YANN" EAP-Message = 0x02010038013139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f7267 Message-Authenticator = 0xb66e4f2652fec781e4c71b6dbd20b389 NAS-Identifier = "MT_Yann" NAS-IP-Address = 192.168.10.212 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "wlan.mnc070.mcc901.3gppnetwork.org" for User-Name = "1901700000000...@wlan.mnc070.mcc901.3gppnetwork.org" [suffix] Found realm "~.*.3gppnetwork.org$" [suffix] Adding Stripped-User-Name = "1901700000000653" [suffix] Adding Realm = "wlan.mnc070.mcc901.3gppnetwork.org" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok rlm_sim_files: authorized user/imsi 1901700000000653 rlm_sim_files: Adding EAP-Type: eap-sim ++[sim_files] returns ok [eap] EAP packet type response id 1 length 56 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type sim [eap] Underlying EAP-Type set EAP ID to 4 ++[eap] returns handled Sending Access-Challenge of id 6 to 192.168.10.212 port 49529 EAP-Message = 0x01040014120a00000f0200020001000011010100 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf69e9f4cf69a8d1d0990f37eaa6db462 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.10.212 port 34603, id=7, length=358 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "1901700000000...@wlan.mnc070.mcc901.3gppnetwork.org" State = 0xf69e9f4cf69a8d1d0990f37eaa6db462 NAS-Port-Id = "ap_hotspot" NAS-Port-Type = Wireless-802.11 Acct-Session-Id = "82400001" Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-40-00-00-00-00-00-01" Calling-Station-Id = "A8-7E-33-3E-9C-5B" Called-Station-Id = "00-0C-42-64-41-9D:YANN" EAP-Message = 0x02040058120a00000705000097d3fd9e1c4410fa64112b4b80057c3d100100010e0e00333139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f726700 Message-Authenticator = 0x741ccd1cadf88aea68338a49b9e65500 NAS-Identifier = "MT_Yann" NAS-IP-Address = 192.168.10.212 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "wlan.mnc070.mcc901.3gppnetwork.org" for User-Name = "1901700000000...@wlan.mnc070.mcc901.3gppnetwork.org" [suffix] Found realm "~.*.3gppnetwork.org$" [suffix] Adding Stripped-User-Name = "1901700000000653" [suffix] Adding Realm = "wlan.mnc070.mcc901.3gppnetwork.org" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok rlm_sim_files: authorized user/imsi 1901700000000653 rlm_sim_files: Adding EAP-Type: eap-sim ++[sim_files] returns ok [eap] EAP packet type response id 4 length 88 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/sim [eap] processing type sim +++> EAP-sim decoded packet: Service-Type = Framed-User Framed-MTU = 1400 User-Name = "1901700000000...@wlan.mnc070.mcc901.3gppnetwork.org" State = 0xf69e9f4cf69a8d1d0990f37eaa6db462 NAS-Port-Id = "ap_hotspot" NAS-Port-Type = Wireless-802.11 Acct-Session-Id = "82400001" Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-40-00-00-00-00-00-01" Calling-Station-Id = "A8-7E-33-3E-9C-5B" Called-Station-Id = "00-0C-42-64-41-9D:YANN" EAP-Message = 0x02040058120a00000705000097d3fd9e1c4410fa64112b4b80057c3d100100010e0e00333139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f726700 Message-Authenticator = 0x741ccd1cadf88aea68338a49b9e65500 NAS-Identifier = "MT_Yann" NAS-IP-Address = 192.168.10.212 Stripped-User-Name = "1901700000000653" Realm = "wlan.mnc070.mcc901.3gppnetwork.org" EAP-Type = SIM EAP-Sim-Subtype = Start EAP-Sim-NONCE_MT = 0x000097d3fd9e1c4410fa64112b4b80057c3d EAP-Sim-SELECTED_VERSION = 0x0001 EAP-Sim-IDENTITY = 0x3139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f7267 [eap] Underlying EAP-Type set EAP ID to 5 ++[eap] returns handled Sending Access-Challenge of id 7 to 192.168.10.212 port 34603 EAP-Message = 0x01050050120b0000010d00000123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0b050000095b748dc49685f14ee126dd201a6787 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf69e9f4cf79b8d1d0990f37eaa6db462 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.10.212 port 47748, id=8, length=282 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "1901700000000...@wlan.mnc070.mcc901.3gppnetwork.org" State = 0xf69e9f4cf79b8d1d0990f37eaa6db462 NAS-Port-Id = "ap_hotspot" NAS-Port-Type = Wireless-802.11 Acct-Session-Id = "82400001" Acct-Multi-Session-Id = "00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-40-00-00-00-00-00-01" Calling-Station-Id = "A8-7E-33-3E-9C-5B" Called-Station-Id = "00-0C-42-64-41-9D:YANN" EAP-Message = 0x0205000c120e000016010000 Message-Authenticator = 0x67afd2e2a3861afd4c460375757d1fdd NAS-Identifier = "MT_Yann" NAS-IP-Address = 192.168.10.212 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "wlan.mnc070.mcc901.3gppnetwork.org" for User-Name = "1901700000000...@wlan.mnc070.mcc901.3gppnetwork.org" [suffix] Found realm "~.*.3gppnetwork.org$" [suffix] Adding Stripped-User-Name = "1901700000000653" [suffix] Adding Realm = "wlan.mnc070.mcc901.3gppnetwork.org" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok rlm_sim_files: authorized user/imsi 1901700000000653 rlm_sim_files: Adding EAP-Type: eap-sim ++[sim_files] returns ok [eap] EAP packet type response id 5 length 12 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/sim [eap] processing type sim Client says error. Stopping! [eap] Handler failed in EAP/sim [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type REJECT # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 1901700000000...@wlan.mnc070.mcc901.3gppnetwork.org attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 192.168.10.212 port 47748, id=8, length=282 Waiting to send Access-Reject to client bips_bk port 47748 - ID: 8 Waking up in 0.6 seconds. rad_recv: Access-Request packet from host 192.168.10.212 port 47748, id=8, length=282 Waiting to send Access-Reject to client bips_bk port 47748 - ID: 8 Waking up in 0.3 seconds. Cleaning up request 0 ID 6 with timestamp +20 Cleaning up request 1 ID 7 with timestamp +20 Sending delayed reject for request 2 Sending Access-Reject of id 8 to 192.168.10.212 port 47748 EAP-Message = 0x04050004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. Cleaning up request 2 ID 8 with timestamp +24 Ready to process requests. - - - - - - - - - -- - - - - - - - - are there any extra requirements on the RAND number except that they must be 128 byte long ? I'm trying to make another fix with the patch now. Yann
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html