Dear All, I am trying to configure freeradius for EAP-SIM authentication, for that i compiled FreeRadius with "./configure --with-modules="rlm_sim" --with-modules="rlm_sim_files"". Freeradius is installed successfully as i have tested it using radtest, as suggested on Freeradius wikis. i have installed freeradius version 2.2.0 Now in order to test EAP-SIM, i have added the below block in eap.conf file after mschapv2 block, sim { }
I am trying to successfully run /src/tests/eapsim-03 example, i have copied the the below in users file, 1244070100000...@eapsim.foo Auth-Type := EAP, EAP-Type := SIM EAP-Sim-Rand1 = 0x101112131415161718191a1b1c1d1e1f, EAP-Sim-SRES1 = 0xd1d2d3d4, EAP-Sim-Rand2 = 0x202122232425262728292a2b2c2d2e2f, EAP-Sim-SRES2 = 0xe1e2e3e4, EAP-Sim-Rand3 = 0x303132333435363738393a3b3c3d3e3f, EAP-Sim-SRES3 = 0xf1f2f3f4, EAP-Sim-KC1 = 0xa0a1a2a3a4a5a6a7, EAP-Sim-KC2 = 0xb0b1b2b3b4b5b6b7, EAP-Sim-KC3 = 0xc0c1c2c3c4c5c6c7, 1232420100000015 Auth-Type := EAP, EAP-Type := SIM EAP-Sim-Rand1 = 0x30000000000000000000000000000000, EAP-Sim-SRES1 = 0x30112233, EAP-Sim-KC1 = 0x445566778899AABB, EAP-Sim-Rand2 = 0x31000000000000000000000000000000, EAP-Sim-SRES2 = 0x31112233, EAP-Sim-KC2 = 0x445566778899AABB, EAP-Sim-Rand3 = 0x32000000000000000000000000000000, EAP-Sim-SRES3 = 0x32112233, EAP-Sim-KC3 = 0x445566778899AABB, eapsim Auth-Type := EAP, EAP-Type := SIM EAP-Sim-Rand1 = 0xabcd1234abcd1234abcd1234abcd1234, EAP-Sim-SRES1 = 0x1234abcd, EAP-Sim-KC1 = 0x0011223344556677, EAP-Sim-Rand2 = 0xbcd1234abcd1234abcd1234abcd1234a, EAP-Sim-SRES2 = 0x234abcd1, EAP-Sim-KC2 = 0x1021324354657687, EAP-Sim-Rand3 = 0xcd1234abcd1234abcd1234abcd1234ab, EAP-Sim-SRES3 = 0x34abcd12, EAP-Sim-KC3 = 0x30415263748596a7 but when i try to run client.sh, it gets the following logs, Sending Access-Request packet to host 127.0.0.1 port 1812, id=64, length=0 User-Name = "eapsim" NAS-IP-Address = 209.87.252.247 EAP-Code = Response EAP-Type-Identity = 0x65617073696d Message-Authenticator = 0x30 NAS-Port = 0 EAP-Sim-Rand1 = 0xabcd1234abcd1234abcd1234abcd1234 EAP-Sim-Rand2 = 0xbcd1234abcd1234abcd1234abcd1234a EAP-Sim-Rand3 = 0xcd1234abcd1234abcd1234abcd1234ab EAP-Sim-SRES1 = 0x1234abcd EAP-Sim-SRES2 = 0x234abcd1 EAP-Sim-SRES3 = 0x34abcd12 EAP-Sim-KC1 = 0x0011223344556677 EAP-Sim-KC2 = 0x1021324354657687 EAP-Sim-KC3 = 0x30415263748596a7 EAP-Message = 0x023f000b0165617073696d Received Access-Challenge packet from host 127.0.0.1 port 1812, id=64, length=78 EAP-Message = 0x01f30014120a00000f0200020001000011010100 Message-Authenticator = 0x81ffe249ace5353152e1476e8f7f890b State = 0x9a9ec8169a6dda46839134a50c8e1d5d EAP-Id = 243 EAP-Code = Request EAP-Type-SIM = 0x0a00000f0200020001000011010100 Sending Access-Request packet to host 127.0.0.1 port 1812, id=65, length=71 User-Name = "eapsim" NAS-IP-Address = 209.87.252.247 EAP-Code = Response Message-Authenticator = 0x00000000000000000000000000000000 NAS-Port = 0 EAP-Sim-Rand1 = 0xabcd1234abcd1234abcd1234abcd1234 EAP-Sim-Rand2 = 0xbcd1234abcd1234abcd1234abcd1234a EAP-Sim-Rand3 = 0xcd1234abcd1234abcd1234abcd1234ab EAP-Sim-SRES1 = 0x1234abcd EAP-Sim-SRES2 = 0x234abcd1 EAP-Sim-SRES3 = 0x34abcd12 EAP-Sim-KC1 = 0x0011223344556677 EAP-Sim-KC2 = 0x1021324354657687 EAP-Sim-KC3 = 0x30415263748596a7 EAP-Sim-State = 1 EAP-Sim-Subtype = Start EAP-Sim-SELECTED_VERSION = 0x0001 EAP-Sim-NONCE_MT = 0x0000c9615ec963ada36f11bd4e81093a7271 EAP-Sim-IDENTITY = 0x000665617073696d EAP-Id = 243 EAP-Message = 0x02f3002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000 State = 0x9a9ec8169a6dda46839134a50c8e1d5d Received Access-Challenge packet from host 127.0.0.1 port 1812, id=65, length=138 EAP-Message = 0x01f40050120b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b050000cd1494bcf2173b38d26c31c3872b60f9 Message-Authenticator = 0x11986571b4665594edefbf3d811efbae State = 0x9a9ec8169b6ada46839134a50c8e1d5d EAP-Id = 244 EAP-Code = Request EAP-Type-SIM = 0x0b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b050000cd1494bcf2173b38d26c31c3872b60f9 Input was: identity: (len=6)65617073696d nonce_mt: c9615ec963ada36f11bd4e81093a7271 rand0: 00000000000000000000000000000000 rand1: 00000000000000000000000000000000 rand2: 00000000000000000000000000000000 sres0: 1234abcd sres1: 234abcd1 sres2: 34abcd12 Kc0: 0011223344556677 Kc1: 1021324354657687 Kc2: 30415263748596a7 versionlist[2]: 0001 select 00 01 Output mk: 8502e062_35537770_2c0a7c2c_9cfc9fc4_dc4d21d6 K_aut: b89dafa5_99422bee_db010d3a_6dcded9c K_encr: d8a6df78_25d9ad9d_2535083c_33a5c1c6 msk: f5feb9c1_9dbea4dd_cd94b140_17892e4b_f96327cc 84b16260_f0e6447b_b201018f_102b2217_bb6717c8 351115b9_a8248f46_aa33c120_f6e5979f_b27f1c98 69da98ed emsk: 8c1c04ef_4b345a29_50980817_563fc216_844d8e0d c2e4bc15_886523be_2e149835_ef850c3e_076722dc e27926e8_d01d1929_3da147a1_62833433_391b8a9a 20711dd2 calculated MAC (c412722f_ab82c18d_f5404f45_da872e93_cd950d07 did not match Sending Access-Request packet to host 127.0.0.1 port 1812, id=66, length=122 User-Name = "eapsim" NAS-IP-Address = 209.87.252.247 EAP-Code = Response Message-Authenticator = 0x00000000000000000000000000000000 NAS-Port = 0 EAP-Sim-Rand1 = 0xabcd1234abcd1234abcd1234abcd1234 EAP-Sim-Rand2 = 0xbcd1234abcd1234abcd1234abcd1234a EAP-Sim-Rand3 = 0xcd1234abcd1234abcd1234abcd1234ab EAP-Sim-SRES1 = 0x1234abcd EAP-Sim-SRES2 = 0x234abcd1 EAP-Sim-SRES3 = 0x34abcd12 EAP-Sim-KC1 = 0x0011223344556677 EAP-Sim-KC2 = 0x1021324354657687 EAP-Sim-KC3 = 0x30415263748596a7 EAP-Sim-State = 0 EAP-Sim-Subtype = Start EAP-Sim-SELECTED_VERSION = 0x0001 EAP-Sim-NONCE_MT = 0x0000c9615ec963ada36f11bd4e81093a7271 EAP-Sim-IDENTITY = 0x000665617073696d EAP-Id = 244 State = 0x9a9ec8169b6ada46839134a50c8e1d5d EAP-Message = 0x02f4002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000 Received Access-Challenge packet from host 127.0.0.1 port 1812, id=66, length=138 EAP-Message = 0x01f50050120b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b0500006a93d1ff0e02e0b507f2940ce8e59251 Message-Authenticator = 0x6c9b33feb4d0851ed9d2c72e94640cc2 State = 0x9a9ec816986bda46839134a50c8e1d5d EAP-Id = 245 EAP-Code = Request EAP-Type-SIM = 0x0b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b0500006a93d1ff0e02e0b507f2940ce8e59251 radeapclient: sim in state init message challenge is illegal. Reply dropped. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- This is the eapsim-in.txt file used in client.sh script User-Name = "eapsim" NAS-IP-Address = marajade.sandelman.ottawa.on.ca EAP-Code = Response EAP-Type-Identity = "eapsim" Message-Authenticator = 0 NAS-Port = 0 EAP-Sim-Rand1 = 0xabcd1234abcd1234abcd1234abcd1234 EAP-Sim-Rand2 = 0xbcd1234abcd1234abcd1234abcd1234a EAP-Sim-Rand3 = 0xcd1234abcd1234abcd1234abcd1234ab EAP-Sim-Sres1 = 0x1234abcd EAP-Sim-Sres2 = 0x234abcd1 EAP-Sim-Sres3 = 0x34abcd12 EAP-Sim-KC1 = 0x0011223344556677 EAP-Sim-KC2 = 0x1021324354657687 EAP-Sim-KC3 = 0x30415263748596a7 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- while on radius debugging console, it says rad_recv: Access-Request packet from host 127.0.0.1 port 29859, id=64, length=71 User-Name = "eapsim" NAS-IP-Address = 209.87.252.247 Message-Authenticator = 0xcdbcb987fbfe7846c70edb63de2af9bb NAS-Port = 0 EAP-Message = 0x023f000b0165617073696d # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eapsim", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop can not open /usr/local/etc/raddb/simtriplets.dat: No such file or directory ++[sim_files] returns notfound [eap] EAP packet type response id 63 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry eapsim at line 24 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type sim [eap] Underlying EAP-Type set EAP ID to 243 ++[eap] returns handled Sending Access-Challenge of id 64 to 127.0.0.1 port 29859 EAP-Message = 0x01f30014120a00000f0200020001000011010100 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9a9ec8169a6dda46839134a50c8e1d5d Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 29859, id=65, length=122 User-Name = "eapsim" NAS-IP-Address = 209.87.252.247 Message-Authenticator = 0xa62ac94a97d1f99105aef11ea7f7f802 NAS-Port = 0 EAP-Message = 0x02f3002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000 State = 0x9a9ec8169a6dda46839134a50c8e1d5d # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eapsim", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop can not open /usr/local/etc/raddb/simtriplets.dat: No such file or directory ++[sim_files] returns notfound [eap] EAP packet type response id 243 length 44 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry eapsim at line 24 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/sim [eap] processing type sim +++> EAP-sim decoded packet: User-Name = "eapsim" NAS-IP-Address = 209.87.252.247 Message-Authenticator = 0xa62ac94a97d1f99105aef11ea7f7f802 NAS-Port = 0 EAP-Message = 0x02f3002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000 State = 0x9a9ec8169a6dda46839134a50c8e1d5d EAP-Type = SIM EAP-Sim-Subtype = Start EAP-Sim-SELECTED_VERSION = 0x0001 EAP-Sim-NONCE_MT = 0x0000c9615ec963ada36f11bd4e81093a7271 EAP-Sim-IDENTITY = 0x000665617073696d0000 [eap] Underlying EAP-Type set EAP ID to 244 ++[eap] returns handled Sending Access-Challenge of id 65 to 127.0.0.1 port 29859 EAP-Message = 0x01f40050120b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b050000cd1494bcf2173b38d26c31c3872b60f9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9a9ec8169b6ada46839134a50c8e1d5d Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 29859, id=66, length=122 User-Name = "eapsim" NAS-IP-Address = 209.87.252.247 Message-Authenticator = 0x0066414e52eb81de434cb323e73182dc NAS-Port = 0 State = 0x9a9ec8169b6ada46839134a50c8e1d5d EAP-Message = 0x02f4002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "eapsim", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop can not open /usr/local/etc/raddb/simtriplets.dat: No such file or directory ++[sim_files] returns notfound [eap] EAP packet type response id 244 length 44 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry eapsim at line 24 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/sim [eap] processing type sim +++> EAP-sim decoded packet: User-Name = "eapsim" NAS-IP-Address = 209.87.252.247 Message-Authenticator = 0x0066414e52eb81de434cb323e73182dc NAS-Port = 0 State = 0x9a9ec8169b6ada46839134a50c8e1d5d EAP-Message = 0x02f4002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000 EAP-Type = SIM EAP-Sim-Subtype = Start EAP-Sim-SELECTED_VERSION = 0x0001 EAP-Sim-NONCE_MT = 0x0000c9615ec963ada36f11bd4e81093a7271 EAP-Sim-IDENTITY = 0x000665617073696d0000 [eap] Underlying EAP-Type set EAP ID to 245 ++[eap] returns handled Sending Access-Challenge of id 66 to 127.0.0.1 port 29859 EAP-Message = 0x01f50050120b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b0500006a93d1ff0e02e0b507f2940ce8e59251 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9a9ec816986bda46839134a50c8e1d5d Finished request 2. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 64 with timestamp +9 Cleaning up request 1 ID 65 with timestamp +9 Cleaning up request 2 ID 66 with timestamp +9 Ready to process requests. Can anybody help me to identify where i am going wrong, and what are the missing steps here. Thanks in Advance.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html